Broadband access for virtual private networks

US 10,313,306 B2
Filed: 09/13/2016
Issued: 06/04/2019
Est. Priority Date: 07/29/2003
Status: Expired due to Fees

First Claim

Patent Images

1. An apparatus comprising:

at least one circuit configured to receive an upper layer packet that includes data from a source device, a virtual private network (VPN) identification, a destination address, and a destination option type, wherein the VPN identification is a unique identification number assigned to the source device for marking the upper layer packet as belonging to a VPN to which the source device and a destination device belong, wherein the destination option type includes a value indicating to discard the upper layer packet on a condition that the apparatus does not recognize the destination option type;

the at least one circuit configured to authenticate the upper layer packet by comparing the VPN identification of the received upper layer packet to a customer VPN identification; and

the at least one circuit configured to determine whether the apparatus recognizes the destination option type of the upper layer packet, wherein the at least one circuit is configured to discard the upper layer packet on a condition that the apparatus does not recognize the destination option type, and wherein the at least one circuit is configured to decapsulate the upper layer packet into a lower layer packet and transmit the decapsulated packet to a destination on a condition that the apparatus recognizes the destination option type.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus receives an upper layer packet that includes data from a source device, a virtual private network (VPN) identification, a destination address, and a destination option type. The apparatus authenticates the upper layer packet by comparing the VPN identification of the received upper layer packet to a customer VPN identification. The apparatus determines whether the apparatus recognizes the destination option type of the upper layer packet. The apparatus discards the upper layer packet on a condition that the apparatus does not recognize the destination option type. The apparatus decapsulates the upper layer packet into a lower layer packet and transmits the decapsulated packet to a destination on a condition that the apparatus recognizes the destination option type.

Citations

19 Claims

1. An apparatus comprising:
- at least one circuit configured to receive an upper layer packet that includes data from a source device, a virtual private network (VPN) identification, a destination address, and a destination option type, wherein the VPN identification is a unique identification number assigned to the source device for marking the upper layer packet as belonging to a VPN to which the source device and a destination device belong, wherein the destination option type includes a value indicating to discard the upper layer packet on a condition that the apparatus does not recognize the destination option type;
  
  the at least one circuit configured to authenticate the upper layer packet by comparing the VPN identification of the received upper layer packet to a customer VPN identification; and
  
  the at least one circuit configured to determine whether the apparatus recognizes the destination option type of the upper layer packet, wherein the at least one circuit is configured to discard the upper layer packet on a condition that the apparatus does not recognize the destination option type, and wherein the at least one circuit is configured to decapsulate the upper layer packet into a lower layer packet and transmit the decapsulated packet to a destination on a condition that the apparatus recognizes the destination option type.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The apparatus of claim 1, wherein the apparatus is associated with a service provider.
  - 3. The apparatus of claim 2, wherein the at least one circuit is configured to receive the upper layer packet from an ingress edge device and wherein the ingress edge device is associated with the service provider.
  - 4. The apparatus of claim 1, wherein the VPN identification comprises at least four bytes.
  - 5. The apparatus of claim 1, wherein the VPN identification includes a VPN hop count.
  - 6. The apparatus of claim 1, wherein the apparatus is a router.
  - 7. The apparatus of claim 1, wherein the apparatus is a gateway.
  - 8. The apparatus of claim 1, wherein the upper layer packet is sent to multicast addresses determined by a service provider network and includes an address of the apparatus on a condition that the destination is not mapped specifically to the apparatus.
  - 9. The apparatus of claim 1, wherein the upper layer packet is sent to an address of the apparatus but not at other apparatus of a service provider network that the apparatus is associated with on a condition that the destination is mapped specifically to the apparatus.

10. A method, implemented by an apparatus, comprising:
- receiving an upper layer packet that includes data from a source device, a virtual private network (VPN) identification, a destination address, and a destination option type, wherein the VPN identification is a unique identification number assigned to the source device for marking the upper layer packet as belonging to a VPN to which the source device and a destination device belong, wherein the destination option type includes a value indicating to discard the upper layer packet on a condition that the apparatus does not recognize the destination option type;
  
  authenticating the upper layer packet by comparing the VPN identification of the received upper layer packet to a customer VPN identification; and
  
  determining whether the apparatus recognizes the destination option type of the upper layer packet, wherein the determining further comprises;
  
  discarding the upper layer packet on a condition that the apparatus does not recognize the destination option type; and
  
  decapsulating the upper layer packet into a lower layer packet and transmitting the decapsulated packet to a destination on a condition that the apparatus recognizes the destination option type.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The method of claim 10, wherein the apparatus is associated with a service provider.
  - 12. The method of claim 11, wherein the upper layer packet is received from an ingress edge device and wherein the ingress edge device is associated with the service provider.
  - 13. The method of claim 10, wherein the VPN identification comprises at least four bytes.
  - 14. The method of claim 10, wherein the VPN identification includes a VPN hop count.
  - 15. The method of claim 10, wherein the apparatus is a router.
  - 16. The method of claim 10, wherein the apparatus is a gateway.
  - 17. The method of claim 10, wherein the upper layer packet is sent to multicast addresses determined by a service provider network and includes an address of the apparatus on a condition that the destination is not mapped specifically to the apparatus.
  - 18. The method of claim 10, wherein the upper layer packet is sent to an address of the apparatus but not at other apparatus of a service provider network that the apparatus is associated with on a condition that the destination is mapped specifically to the apparatus.

19. A non-transitory computer-readable storage medium with stored instructions, wherein the stored instructions are executable by a processor of a computer, the instructions comprising:
- instructions to receive an upper layer packet that includes data from a source device, a virtual private network (VPN) identification, a destination address, and a destination option type, wherein the VPN identification is a unique identification number assigned to the source device for marking the upper layer packet as belonging to a VPN to which the source device and a destination device belong, wherein the destination option type includes a value indicating to discard the upper layer packet on a condition that the apparatus does not recognize the destination option type;
  
  instructions to authenticate the upper layer packet by comparing the VPN identification of the received upper layer packet to a customer VPN identification;
  
  instructions to determine whether the processor recognizes the destination option type of the upper layer packet;
  
  instructions to discard the upper layer packet on a condition that the processor does not recognize the destination option type; and
  
  instructions to decapsulate the upper layer packet into a lower layer packet and transmit the decapsulated packet to a destination on a condition that the processor recognizes the destination option type.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Marlow Technologies, Llc
Original Assignee
Marlow Technologies, Llc
Inventors
Chen, Weijing, Allen, Keith Joseph
Primary Examiner(s)
Waliullah, Mohammed

Application Number

US15/263,597
Publication Number

US 20160380974A1
Time in Patent Office

994 Days
Field of Search

726 6
US Class Current
CPC Class Codes

H04L 12/46   Interconnection of networks

H04L 12/4625   Single bridge functionality...

H04L 12/4633   Interconnection of networks...

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 45/74   Address processing for routing

H04L 49/354   for supporting virtual loca...

H04L 63/0236   Filtering by address, proto...

H04L 63/0272   Virtual private networks

H04L 63/08   for authentication of entit...

H04L 65/611   for multicast or broadcast ...

H04L 69/22   Parsing or analysis of headers

Broadband access for virtual private networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Broadband access for virtual private networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links