System and method for implementing a virtual backbone on a common network infrastructure
First Claim
1. A network system configured to carry data, comprising:
- a plurality of networks, each network having at least one network device configured to transmit and receive data and having a network security policy;
a plurality of network control points, each network control point having at least one network control point device, wherein each of the plurality of network control points is connected to at least one of the plurality of networks, and wherein at least one of the network control point devices is configured to enforce the network security policy of the network that is connected to the network control point device; and
a virtual backbone configured to connect the plurality of network control points to one another.
2 Assignments
0 Petitions
Accused Products
Abstract
A secure network system is provided which includes a plurality of networks where each network has at least one network device configured to transmit and receive data and has a network security policy. The secure network further includes a plurality of network control points where each network control point has at least one network control point device. Each of the plurality of network control points is connected to at least one of the plurality of networks. All network control point devices are configured to enforce the network security policy for the network to which it is connected. The secure network further includes a virtual backbone configured to connect the plurality of network control points to one another. The virtual backbone does not enforce any network security policy with respect to data being transmitted across the virtual backbone, except for source address integrity at the point the networks connect to a NCP.
-
Citations
36 Claims
-
1. A network system configured to carry data, comprising:
-
a plurality of networks, each network having at least one network device configured to transmit and receive data and having a network security policy;
a plurality of network control points, each network control point having at least one network control point device, wherein each of the plurality of network control points is connected to at least one of the plurality of networks, and wherein at least one of the network control point devices is configured to enforce the network security policy of the network that is connected to the network control point device; and
a virtual backbone configured to connect the plurality of network control points to one another. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A network system configured to carry data, comprising:
-
a virtual backbone;
a plurality of network control points, each network control point having at least one network control point device, which is connected to the virtual backbone and configured to enforce a network security policy of a known network;
a plurality of known networks, each known network is connected to at least one of the plurality of network control point devices and has a network security policy; and
a plurality of unknown networks, each unknown network is connected to at least one of the plurality of network control point devices, and having no network security policy. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A network system configured to carry data, comprising:
-
first and second known networks;
first and second virtual backbones, each virtual backbone having an address registry, which includes addresses corresponding to network devices in the first and second known networks;
a first network control point configured to connect the first known network to the first virtual backbone and configured to enforce a network security policy of the first known network;
a second network control point configured to connect the second known network to the second virtual backbone and configured to enforce a network security policy of the second known network;
a third network control point configured to connect to the first virtual backbone and configured to enforce source address integrity for the first and second virtual backbones; and
a fourth network control point configured to be coupled to the third network control point and the second virtual backbone and configured to enforce source address integrity for the first and second virtual backbones. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
Specification