Automatic configuration of IP tunnels
First Claim
1. In an organizational communication net based on the Internet Protocol (P) and deployed offer a plurality of Local-Area Networks (LANs) that are interconnected by a Wide-Area Network (WAN);
- each LAN is associated with at least one IP LAN address and connected to at least one host, the hosts being grouped into one or more subnets, each subnet sharing a unique network- or subnet address, which is within the range of a given organization-wide network address configuration;
the communication path between any host having any particular subnet address and any host having any other particular subnet address and connected to a different LAN is termed a tunnel—
a method for automatically compiling a dynamic traffic topology map (TTM) for each of a plurality of LANs, the method comprising the following steps executed with respect to any one of said LANs, constituting a local LAN;
(a) automatically detecting the respective subnet addresses of a local host and of a remote host between which any data packets flow, the addresses being a local subnet address and a remote subnet address, respectively;
(b) automatically obtaining a LAN address of a remote LAN that is connected to the host having said remote subnet address and associating the obtained LAN address with said remote subnet address;
(c) registering a tunnel for the combination of said local subnet address and said remote subnet address, if not presently registered, the registration including recording the local and remote subnet addresses and the remote LAN address obtained in step b;
(d) repeating steps a, b and c multiple times;
the totality of registered tunnels form the TTM.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and means for automatically detecting, for any site or LAN of an organizational net, all the external subnets within the net with which it, or any subnet within it, actively communicate through a WAN and compiling a configuration- or mapping table that lists address pairs of such detected subnets as corresponding active tunnels. The process, carried out by a special agent, includes intercepting data packets flowing in- or out of the LAN and extracting from each the local and remote subnet addresses. Further the table is to indicate, for each such tunnel, an IP address associated with the LAN to which the remote subnet is connected. Such an address is obtained by sending in inquiry message to the remote subnet, which is intercepted by the corresponding remote agent, and having the remote agent send a response message to the originating agent, from which the remote agent'"'"'s address is extracted. Other data may also be exchanged between the agents in the net, including data in the compiled tables. The data in the tables subsequently serve to classify data traffic as to the tunnel through which each data packet flows and as to services to be applied to these data.
140 Citations
34 Claims
-
1. In an organizational communication net based on the Internet Protocol (P) and deployed offer a plurality of Local-Area Networks (LANs) that are interconnected by a Wide-Area Network (WAN);
- each LAN is associated with at least one IP LAN address and connected to at least one host, the hosts being grouped into one or more subnets, each subnet sharing a unique network- or subnet address, which is within the range of a given organization-wide network address configuration;
the communication path between any host having any particular subnet address and any host having any other particular subnet address and connected to a different LAN is termed a tunnel—a method for automatically compiling a dynamic traffic topology map (TTM) for each of a plurality of LANs, the method comprising the following steps executed with respect to any one of said LANs, constituting a local LAN;
(a) automatically detecting the respective subnet addresses of a local host and of a remote host between which any data packets flow, the addresses being a local subnet address and a remote subnet address, respectively;
(b) automatically obtaining a LAN address of a remote LAN that is connected to the host having said remote subnet address and associating the obtained LAN address with said remote subnet address;
(c) registering a tunnel for the combination of said local subnet address and said remote subnet address, if not presently registered, the registration including recording the local and remote subnet addresses and the remote LAN address obtained in step b;
(d) repeating steps a, b and c multiple times;
the totality of registered tunnels form the TTM.- View Dependent Claims (2, 3, 4, 5, 6, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- each LAN is associated with at least one IP LAN address and connected to at least one host, the hosts being grouped into one or more subnets, each subnet sharing a unique network- or subnet address, which is within the range of a given organization-wide network address configuration;
-
7. The method of claim 45 wherein all steps of the method are performed at each of said network components by an agent residing therein and wherein a plurality of said agents cooperate in performing any of the steps.
-
18. For an organizational communication net, based on the Internet Protocol (IP) and deployed over a plurality of Local-Area Networks (LANs) that are interconnected by a Wide-Area Network (WAN);
- each LAN is associated with at least one IP LAN address and connected to at least one host, the hosts being grouped into one or more subnets, each subnet sharing a unique network- or subnet address, which is within the range of a given organization-wide network address configuration;
the communication path between any host having any particular subnet address and any host having any other particular subnet address and connected to a different LAN constitutes a tunnel and, furthermore, a tunnel over which any data packets have flowed over a given period of time constitutes an active tunnel—a network component, connected to, or communicative with, any one or more of the LANs, each constituting a local LAN, the network component comprising a traffic topology mapping agent (TTMA) and one or more traffic topology maps (TTM), each TTM associated with a respective local LAN, wherein;
each TTM is a table structured as indexed entries, each entry corresponding to an active tunnel and including a local subnet address, a remote subnet address and a remote LAN address with which said remote subnet address is associated; and
the TTMA is a network agent operative to register active tunnels in each of said TTMs and, with respect to any of said tunnels to be registered, to— automatically detect a subnet address of any host connected to the corresponding local LAN and a subnet address of any host connected to any other LAN, between which hosts any data packets flow, and record the two detected addresses in the respective entry of the corresponding TTM, as the local subnet address and the remote subnet address, respectively; and
—automatically obtain a LAN address associated with said other LAN and record the obtained LAN address in the respective entry of the corresponding TTM. - View Dependent Claims (19, 20, 21, 22, 23)
- each LAN is associated with at least one IP LAN address and connected to at least one host, the hosts being grouped into one or more subnets, each subnet sharing a unique network- or subnet address, which is within the range of a given organization-wide network address configuration;
-
24. In an organizational communication net, deployed over a plurality of Local-Area Networks (LANs) that are interconnected by a Wide-Area Network (WAN);
- each LAN is associated with at least one IP LAN address and connected to at least one host, the hosts being grouped into one or more subnets, each subnet sharing a unique network address, termed subnet address, which is within the range of a given organization-wide network address configuration;
the communication path between any particular subnet at any one LAN and any particular subnet at another LAN is termed a tunnel—a method for classifying, by tunnels, IP data packets flowing into and/or out of any one LAN, to be considered a local LAN, from and/or to other LANs, to be considered remote LANs, the method comprising;
(a) providing structure for a traffic topology map (TTM), associated with the local LAN, in which tunnels may be registered, the structure including an entry corresponding to each registered tunnel, each entry including a local subnet address, which is the address of a subnet in the local LAN, and a remote subnet address, which is the address of a subnet in the remote LAN;
(b) intercepting any of said packets and extracting therefrom a local subnet address and a remote subnet address;
(c) comparing said extracted pair of addresses with corresponding pairs in any tunnels registered in the TTM;
(d) if said comparison results in a match, associating the packet with the corresponding tunnel;
(e) if said comparison results in no match, registering said extracted pair in the TTM as a new tunnel. - View Dependent Claims (25, 26, 27, 28, 29)
- each LAN is associated with at least one IP LAN address and connected to at least one host, the hosts being grouped into one or more subnets, each subnet sharing a unique network address, termed subnet address, which is within the range of a given organization-wide network address configuration;
-
30. At a Local-Area Network (LAN) that forms part of an organizational communication net, based on the Internet Protocol (IP), and is connected to at least one host, the hosts being grouped into one or more subnets, each subnet sharing a unique network address, to be termed subnet address, which is within the range of a given organization-wide IP network address configuration—
a method for automatically registering local subnets, based on communication traffic into and/or out of the LAN, the method comprising;
(a) intercepting a packet flowing into, or out of, the LAN and parsing it into a source IP address (SIP) and a destination IP address (DIP);
(b) comparing each of said addresses of step a with said given organization-wide address configuration and thereby extracting a corresponding subnet address;
(c) if said intercepted packet is outgoing, recording the subnet address extracted from the SIP as a local subnet address and if said intercepted packet is incoming, recording the subnet address extracted from the DIP as a local subnet address.
-
31. In an organizational communication net, based on the Internet Protocol (IP) and deployed over a plurality of Local-Area Networks (LANs) that are interconnected by a Wide-Area Network (WAN);
- each LAN is associated with at least one IP LAN address and is connected to at least one host, the hosts being grouped into one or more subnets, each subnet sharing a pique network address, to be termed subnet address;
there are registered in association with any LAN, constituting a local LAN, one or more remote subnet addresses, which are addresses of respective subnets in other LANs, constituting remote LANs—a method for automatically obtaining, for any remote subnet address registered in association with a local LAN, a LAN address associated with the remote LAN that is connected to the respective subnet, the obtained address to be associated with said registered subnet address, the method comprising;
(a) sending from a network component associated with the local LAN, constituting a local component, an inquiry message addressed to any host having said remote subnet address, the message including a local LAN address, which is the LAN address of said local component;
(b) intercepting said inquiry message by a network component associated with the LAN to which said any host is connected, it being a remote component, and extracting said local LAN address from said inquiry message;
(c) sending a response message from said remote component, addressed to said local component and including a remote LAN address, which is the LAN address of said remote component;
(d) receiving said response message at the local component and extracting therefrom said remote LAN address.
- each LAN is associated with at least one IP LAN address and is connected to at least one host, the hosts being grouped into one or more subnets, each subnet sharing a pique network address, to be termed subnet address;
-
32. In an organizational communication net, based on the Internet Protocol (IP) and deployed over a plurality of Local-Area Networks (LANs) that are interconnected by a Wide-Area Network (WAN);
- each LAN is connected to at least one host, the hosts being grouped into one or more subnets, each subnet sharing a unique network- or subnet address, which is within the range of a given organization-wide network address configuration;
the communication path between any host having any particular subnet address and any host having any other particular subnet address and connected to a different LAN is termed a tunnel a method for automatically compiling, with respect to any LAN, considered as a local LAN, a traffic topology map (TTM) of active tunnels between local hosts, connected to the local LAN, and remote hosts, connected to remote LANs, the method comprising,;
(d) automatically detecting a subnet addresses of any local host and of any remote host between which any data packet flows, the addresses being a local subnet address and a remote subnet address, respectively;
(e) registering a tunnel for the combination of a local subnet address and a remote subnet address detected in step a, if not presently registered;
(f) repeating steps a and b multiple times;
the totality of registered tunnels form the TTM. - View Dependent Claims (33, 34)
- each LAN is connected to at least one host, the hosts being grouped into one or more subnets, each subnet sharing a unique network- or subnet address, which is within the range of a given organization-wide network address configuration;
Specification