METHOD AND SYSTEM FOR CONTROLLING THE ROUTING OF A DATA STREAM FROM A CLASS OF SERVICE THROUGH A MESHED AND
ENCRYPTED NETWORK
The present invention relates to a method and a system for controlling the routing of a data stream of a class of service, for example data of a multimedia service, through a meshed and encrypted network.
The expression "class of service" is conventionally used in the field of telecommunications network architectures in order to denote a classification of the types of data streams according to their application and to the minimum service required by this application. An application to which a class of service can be attributed is, for example but not exclusively, a telephony, videoconference, messaging or file download application. Any , type of communicating application executed in a communications network can be considered. The required service can be specified, notably but not uniquely, in terms of guaranteed data rate, packet loss rate on the link and latency. According to more or less important constraints'on the service, the applications can be classified by order of priority. The definition of classes of service is notably used for this purpose.
The invention applies to all systems which comprise, on the one hand, a plurality of local private networks, reserved for a group of users, and, on the other hand, to a public network or a transit network which makes it possible to interconnect the different private networks with each other. Remote users, located on separate private networks, communicate with each other by means of applications, for example real-time or not real-time multimedia applications. The data streams generated by these communications pass through the public network which comprises one or more routers whose function is

- 2 -
the routing and conveying of the streams from their source user to their destination.
Some critical systems require access to the private networks to be highly secure for reasons of confidentiality of the transmitted data. For this reason, encryption devices are used in order to encrypt the data transmitted from a private network in order to make it impossible for an unauthorized third party to use those data during their transfer via the public transit network.
Because of the use of these encryption devices, the
private local networks are totally separated from the
public transit network from which it is not possible to
access the data transmitted and notably to know the
type of application associated with these data.
J
The problem of controlling the transit network by the user then arises. "Control" is understood to mean the capability of transmitting a stream to a remote private local network, .through the transit network, with specified constraints depending on the type of application. These constraints correspond to a level of service that it is desired to guarantee for the transmission of a stream, in particular in terms of packet loss rate during the transmission", of end-to-end delay or of assured data rate. Control of the network also includes the supervision of the transit network in order to know at all times the available paths with their capacities in terms of data rate and those which, on the contrary, are defective.
Because of the introduction of encryption devices between the private networks and the transit network, the control of said transit network becomes problematic. In particular, when a direct path, within the transit network, is defective, the routers use

- 3 -
dynamic routing protocols which allocate a secondary path for the transmission of a data stream. The routers of the transit network cannot guarantee a specified quality of service since they do not know the transmitted application and its constraints, notably in terms of required data rate, this application having undergone an encryption step. Because of this, uncontrolled congestion problems can appear in the transit network .when a path is defective and the data streams presumed to fol'low this path are routed to other paths whose capacity is not known a priori.
The solutions of the prior art to the previously described problems are principally of two types.
A first set of solutions relates to the use of encryption devices which can be configured in order to transmit certain' signaling streams in clear. These streams can then be used for supervision of the transit network and for informing the users of the operational state of the network and, conversely, informing the routers of the type of application transmitted with their associated quality of service constraints.
Such solutions cannot be considered for very critical systems which necessitate a high level of security and consequently the complete encryption* of all the communications transmitted between the local private network and the public transit network.
A second set of solutions relates to the systems based on so-called transport mode encryption methods. These methods consist in encrypting only the useful part of the data packets, thus making it possible to identify the header of these packets in clear which notably contain the source and destination addresses and the type of application used. These solutions cannot be considered for the same reasons mentioned in the

- 4 -
preceding paragraph; the invention is positioned in the context of critical systems for which it is necessary to encrypt all of the information contained in a data stream coming from a local private network and sent to a private transit network.
The present invention proposes a solution, adapted to critical systems, making it possible to overcome the limitations of the prior solutions mentioned above. It makes it possible to guarantee the transmission of a data stream with constraints to be complied with as well as the supervision of the transit network whilst guaranteeing the total confidentiality of the data exchanged between the private and public networks.
For this purpose, the invention relates to a method for controlling the routing of a data stream belonging to a class of service 'through a meshed and encrypted network constituted by a plurality of local private networks interconnected with each other by means of a public transit network, each of said local private networks comprising at least one user terminal executing at least one application necessitating a control of routing, a routing control module for each of said applications and a device for encrypting the data generated by said application, said public transit network comprising at least one router connected to each local private network, said data generated by the application being transmitted in the form of packets comprising a header part and a useful part, said method being characterized in that it comprises at least the following steps:
o tagging each data packet with the value of its class of service, said tagging being inserted into a QoS field of the header of said packet, o configuring the encryption device to encrypt the entirety of said data packet, thus producing an encrypted packet, and to generate a new header

- 5 -
associated with said encrypted packet and comprising at least one recopy of said QoS field, o configuring the routers to delete the packets having a specified QoS field value and not coming from or sent to the local private network to which the router is directly connected.
The invention also relates to a system for controlling the routing of a data stream belonging to a class of service through a meshed and encrypted network constituted by a plurality of local private networks interconnected with each other by means of a public transit network, each of said local private networks comprising at least one user terminal executing at least one application necessitating a control of routing and a device for encrypting the data generated by said application, said public transit network comprising at lealst one router connected to each local . private network, said data generated by said application being transmitted in the form of packets comprising a header part and a useful part, said system being characterized in that:
o each local private network furthermore comprises a routing control module for each of said applications, which executes at least a step of tagging each data packet with the value of its class of service, said tagging bein*g inserted into a QoS field of the header of said packet, o each encryption device is configured to encrypt the entirety of said data packet thus producing an encrypted packet, .and to generate a new header associated with said encrypted packet and comprising at least one recopy of said QoS field, o each router (103a, 103b, 103c) is configured to delete the packets having a specified QoS field value and not coming from or sent to the local private network (A, B, ' C) to which said router (103a, 103b, 103c) is directly connected.

- 6 -
In a variant embodiment of the invention, said meshed network is an IP network and said QoS field is the DSCP field of the IP header.
In a variant embodiment of the invention, the QoS field value for which the packets are filtered is determined such that the quality of service of the class of service associated with said value is compatible, with the transmission resources of the link used by said packets if they are not filtered, said quality of service being defined at least by one of the following quality of service parameters: a required minimum data rate, a required minimum percentage of the bandwidth, a minimum latency for the routing of the packets to their destination, a minimum packet loss rate.
The invention als'o relates to the use of the method or of the system described above for the supervision or hypervision of said public transit network from one of the local private networks, characterized in that the loss of connectivity of a path of said public transit network is detected by means of the transmission, by said routing control module, of a control message to a remote local private network.
Other features and advantages of the pr'esent invention will become more apparent on reading the following description with reference to the appended drawings in which:
figure 1 shows a diagram of an example system of the prior art comprising several private local networks interconnected with a transit network via encryption devices,
figure 2 is an illustration of the implementation of the method according to the invention for the system shown in figure 1.

- 7 -
The following examples are described in the context of a communications network of the IP (Internet Protocol) type but this feature should not be interpreted as being limitative; its purpose, on the contrary, is to facilitate the understanding of the invention by means of a precise illustration. It is understood that the invention applies equally to any type of communications network within which data streams are exchanged in the form of packets, comprising a useful data part and a header part, said header comprising signaling information associated with said packet.
Figure 1 is a diagrammatic representation of a system comprising several private local networks A, B, C, each being constituted by at least one user terminal 101a, 101b, 101c. The three private local networks A, B, C are interconnected with each other by means of a transit network 'T which comprises, for each private local network, a router 103a, 103b, 103c which provides the static or dynamic routing functions within the transit network T in order to convey the data streams coming from a user terminal located in a local network to another user terminal located in a remote local network. In order to secure the information and to guarantee confidentiality of the transmissions between the different private local networks A, B, C, encryption devices 102a, 102b, 102c* are disposed between each private local network and the associated router in order to encrypt the entirety of the data. A data stream, for example a voice stream on IP or a videoconference stream is transmitted from a terminal 101a, to be sent to the terminal 101c, in the form of IP packets comprising a header and a useful part. Each IP packet is totally encrypted by the encryption device 102a which then produces a new encrypted IP packet comprising, on the one hand, the initial encrypted packet to which is added a specific IP header in which are entered the source address of the encryption device

- 8 -
102a and the address of the destination encryption device 102c for the encrypted packet. The new IP packet obtained at the output of the encryption device 102a no longer contains in clear either the source address of the user terminal 101a or the items of information associated with the application used. The data streams thus generated are then transmitted, via a primary path 104a, in the transit network T and conveyed to the destination encryption device 102c associated with a destination local network C. On reception of the encrypted IP packets, the encryption device 102c, similar to the one used on transmission, decrypts said packets and transmits them to the user terminal 101c.
When the primary path 104a is defective, the routing protocol implemented by the router 103a determines a secondary path 104b, 104c which makes it possible to convey the data Stream to its destination C by passing through an intermediate router 103b. The choice of this secondary path and the redirection of the data stream to this path is carried out without a priori knowledge of the type of application carried and of its constraints in terms of required quality of service and also without knowing the capacity and the resources available on this secondary path 104b, 104c. The use of routing protocols without a priori knowledge of the type of application and of the required associated quality of service can result in congestion phenomena on the secondary path 104b, 104c which perhaps does not have sufficient resources for accepting traffic in addition to that which it is already nominally supporting. Moreover, for applications necessitating a high level of security, it is necessary for the path which the data stream will use to be controlled, a priori, without leaving this decision to the routers situated in the public network.

- 9 -
Figure 2 shows the application of the method according to the invention for the example described previously with reference to figure 1. The same system is shown with the addition, for each private local network A, B, C, of at least one control module 201a, 201b, 201c whose function is to determine the route taken by each data stream belonging to each class of service. This module is associated with each type of application used such as a voice application on IP, videoconference, instantaneous text messaging or any other communicating application. It knows the capacity of the physical links 104a, 104b, 104c constituting the transit network T and notably the data rate available on each of these links. It also knows the data rate required by the application with which it is associated. The routing control module 201a, 201b, 201c determines on the basis of these items of information the maximum number of point to point dommunications which each link of the transit network can support. For example, if the link 104a has an available data rate for a voice service on IP equal to 2 Megabits/s and a voice application on IP requires a useful data rate of 500 Kilobits/s in order to function correctly, it is possible to use four simultaneous communications on this link 104a and to guarantee a minimum quality of service for each of these communications.
When the link 104a of the transit network T is defective, the module 201a can no longer guarantee this quality of service because the data stream will be redirected, by the router 103a, to a secondary link 104b irrespective of its content.
The method of the invention therefore consists, firstly, in allocating a class of service for a specified type of application with which is associated a required minimum data rate or a minimum percentage of the bandwidth. Similarly, a minimum delay required for

- 10 -
the conveying of the packets to their destination, as well as a minimum loss rate can be associated with this class.
Secondly, the routing control module tags each data packet with its class of service information in order to allow the differentiation of the packets according to the required levels of service. This tagging is carried out by using a field of the header of the packet. Preferably, this*field is encoded at most over one 8-bit byte. In the case of an IP network, this field is the DSCP (Differentiated Services Code Point) field notably described in the RFC 2474 standard of the lEFT (Internet Engineering Task Force) standardization organization. This field is referred to hereafter as the QoS field, it being understood that the use of the DSCP protocol is only one example embodiment of the i-nvention and "is in no way limitative.
Thirdly, the encryption devices 102a, 102b, 102c are configured to recopy in clear the QoS field of the header of the data coming from the private network in the header of the encrypted packets sent to the transit network in order that this QoS field is not encrypted, the rest of the packet being fully encrypted. The encrypted data packets transmitted to the routers 103a, 103b, 103c therefore contain an indication, in clear, of the class of service associated with the packet.
Fourthly, the routers 103a, 103b, 103c are configured to filter the packets according to the value of the QoS field.
The filtering is carried out such that the packets comprising a specified QoS field are transmitted to their destination only if the corresponding data stream is coming from or sent to the private network directly connected to the router. This filtering therefore

- 11 -
prohibits the routing of a packet comprising a specified QoS field within the public transit network.
If a data stream is thus filtered by a router, this information returns to the routing control management module 201a which can apply applicative routing rules. In particular, this module determines, on the basis of, on the one hand, available data rate, delay and packet loss rate characteristics of each of the links . 104a, 104b, 104c of the transii; network T and, on the other hand, quality of service constraints of the application, routing rules adapted to the state of the network. For example, if the module 201a is informed of the loss of connectivity of the link 104a, it decides to redirect the data stream to the secondary path 104b, 104c only if this secondary path makes it possible to guarantee the quality of service required for the application. '
The method according to the invention also applies to supervision or hypervision of the transit network applications. By ^sending control messages, for example ICMP (Internet Control Message Protocol) messages through the transit network T, the user can, despite the encryption of the data, determine if a link of said network is defective. In order to do this, it suffices to associate with these control messages a class of service whose value is given by the QoS field, which is systematically filtered by a router of the transit network according to the previously described principle. Thus, the router never conveys the packets carrying these control messages through a patK"which is not the nominal path determined by the routing control module. If the control messages do not return to the application which transmitted them, then this signifies that the associated path is defective. By applying this principle for all of the local private networks, it is possible to monitor the whole of the transit network

- 12 -
and thus to update the applicative routing tables of the routing control modules.
The invention notably has the advantage of allowing a control of the streams transmitted through the transit network whilst guaranteeing maximum confidentiality of the data by means of complete encryption of the content of the transmitted packets.

- 13 -CLAIMS
1. A method for controlling the routing of a data
stream belonging to a class of service through a meshed
and encrypted network constituted by a plurality of
local private networks (A, B, C) interconnected with
each other by means of a public transit network (T) ,
each of said local private networks (A, B, C)
comprising at least one user terminal (101a, .101b,
101c) executing at least'one communicating application,
a routing control module (201a, 201b, 201c) for each of
said applications and a device (102a, 102b, 102c) for
encrypting the data generated by said application, said
public transit network (T) comprising at least one
router (103a, 103b, 103c) connected to each local
private- network A, B, C) , said data generated by the
application being transmitted in the form of packets
comprising a headter part and a useful part, said method
being characterized in that it comprises at least the
following steps:
o tagging each data packet with the value of its class of service, said tagging being inserted into a QoS field of the header, of said packet,
o configuring the encryption device {102a, 102b, 102c) to encrypt the entirety of said data packet, thus producing an encrypted packet, and to generate a new header associa-ffed with said encrypted packet and comprising at least one recopy of said QoS field,
o configuring the routers (103a, 103b, 103c) to delete the packets having a specified QoS field value and not coming from or sent to the local private network (A, B, C) to which the router is directly connected.
2. A system for controlling the routing of a data
stream belonging to a class of service through a meshed
and encrypted network constituted by a plurality of

- 14 -
local private networks (A, B, C) interconnected with each other by means of a public transit network (T) , each of said local private networks (A, B, C) comprising at least one user terminal (101a, 101b, 101c) executing at least one communicating application and a device {102a, 102b, 102c) for encrypting the data generated by said application, said public transit network (T) comprising at least one router (103a, 103b, 103c) connected ,to each local private network (A, B, C), said data generated by said application being transmitted in the form of packets comprising a header part and a useful part, said system being characterized in that:
o each local private network (A, B, C) furthermore comprises a routing control module (201a, 201b, 201c) for each of said applications, which executes at least a step of tagging each data packet with^ the value of its class of service, said tagging being inserted into a QoS field of the header of said packet, o each encryption device (102a, 102b, 102c) is configured to encrypt the entirety of said data packet, thus producing an encrypted packet, and to generate a new header associated with said encrypted packet and comprising at least one recopy of said QoS field, o each router (103a, 103b, 103c) is' configured to delete the packets having a specified QoS field value and not coming from or sent to the local private network (A, B, C) to which said router (103a, 103b, 103c) is directly connected.
3. The method as claimed in claim 1, or the system as claimed in claim 2, characterized in that said meshed network is an IP network and said QoS field is the DSCP field of the IP header.

- 15 -
4. The method as cllaimed in one of claims, 1 or 3 or system as claimed in one of claims 2 or 3, characterized in that the QoS field value for which the packets are filtered is determined such that the quality of service of the class of service associated with said value is compatible with 'the transmission resources of the link used by said packets if they are not filtered, said quality of service being defined at least --by one .of the, following quality of service -parameters: a required* minimum data rate, a required minimum percentage of the bandwidth, a minimum latency for the routing of the packets to their destination, a minimum packet loss rate.
, 5. The use of the method or system according to one of the preceding claims for the supervision or hypervision of said public transit network (T) from one of the local priv-ate networks (A), characterized- in that the loss of connectivity of a path of said public transit. . network (T) is detected by means of the transmission, . by said routing control module (201a), of a control message to a remote local private network (B, C).
Dated this 12/03/2012 HA vd;.f^l^Yl
ATTORNEt FOR THE APPLIC1ANT[S]