Broadband access for virtual private networks
First Claim
1. An apparatus comprising:
- at least one circuit configured to receive an upper layer packet that includes data from a source device, a virtual private network (VPN) identification, a destination address, and a destination option type, wherein the VPN identification is a unique identification number assigned to the source device for marking the upper layer packet as belonging to a VPN to which the source device and a destination device belong, wherein the destination option type includes a value indicating to discard the upper layer packet on a condition that the apparatus does not recognize the destination option type;
the at least one circuit configured to authenticate the upper layer packet by comparing the VPN identification of the received upper layer packet to a customer VPN identification; and
the at least one circuit configured to determine whether the apparatus recognizes the destination option type of the upper layer packet, wherein the at least one circuit is configured to discard the upper layer packet on a condition that the apparatus does not recognize the destination option type, and wherein the at least one circuit is configured to decapsulate the upper layer packet into a lower layer packet and transmit the decapsulated packet to a destination on a condition that the apparatus recognizes the destination option type.
1 Assignment
0 Petitions
Accused Products
Abstract
An apparatus receives an upper layer packet that includes data from a source device, a virtual private network (VPN) identification, a destination address, and a destination option type. The apparatus authenticates the upper layer packet by comparing the VPN identification of the received upper layer packet to a customer VPN identification. The apparatus determines whether the apparatus recognizes the destination option type of the upper layer packet. The apparatus discards the upper layer packet on a condition that the apparatus does not recognize the destination option type. The apparatus decapsulates the upper layer packet into a lower layer packet and transmits the decapsulated packet to a destination on a condition that the apparatus recognizes the destination option type.
-
Citations
19 Claims
-
1. An apparatus comprising:
-
at least one circuit configured to receive an upper layer packet that includes data from a source device, a virtual private network (VPN) identification, a destination address, and a destination option type, wherein the VPN identification is a unique identification number assigned to the source device for marking the upper layer packet as belonging to a VPN to which the source device and a destination device belong, wherein the destination option type includes a value indicating to discard the upper layer packet on a condition that the apparatus does not recognize the destination option type; the at least one circuit configured to authenticate the upper layer packet by comparing the VPN identification of the received upper layer packet to a customer VPN identification; and the at least one circuit configured to determine whether the apparatus recognizes the destination option type of the upper layer packet, wherein the at least one circuit is configured to discard the upper layer packet on a condition that the apparatus does not recognize the destination option type, and wherein the at least one circuit is configured to decapsulate the upper layer packet into a lower layer packet and transmit the decapsulated packet to a destination on a condition that the apparatus recognizes the destination option type. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method, implemented by an apparatus, comprising:
-
receiving an upper layer packet that includes data from a source device, a virtual private network (VPN) identification, a destination address, and a destination option type, wherein the VPN identification is a unique identification number assigned to the source device for marking the upper layer packet as belonging to a VPN to which the source device and a destination device belong, wherein the destination option type includes a value indicating to discard the upper layer packet on a condition that the apparatus does not recognize the destination option type; authenticating the upper layer packet by comparing the VPN identification of the received upper layer packet to a customer VPN identification; and determining whether the apparatus recognizes the destination option type of the upper layer packet, wherein the determining further comprises; discarding the upper layer packet on a condition that the apparatus does not recognize the destination option type; and decapsulating the upper layer packet into a lower layer packet and transmitting the decapsulated packet to a destination on a condition that the apparatus recognizes the destination option type. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A non-transitory computer-readable storage medium with stored instructions, wherein the stored instructions are executable by a processor of a computer, the instructions comprising:
-
instructions to receive an upper layer packet that includes data from a source device, a virtual private network (VPN) identification, a destination address, and a destination option type, wherein the VPN identification is a unique identification number assigned to the source device for marking the upper layer packet as belonging to a VPN to which the source device and a destination device belong, wherein the destination option type includes a value indicating to discard the upper layer packet on a condition that the apparatus does not recognize the destination option type; instructions to authenticate the upper layer packet by comparing the VPN identification of the received upper layer packet to a customer VPN identification; instructions to determine whether the processor recognizes the destination option type of the upper layer packet; instructions to discard the upper layer packet on a condition that the processor does not recognize the destination option type; and instructions to decapsulate the upper layer packet into a lower layer packet and transmit the decapsulated packet to a destination on a condition that the processor recognizes the destination option type.
-
Specification