Automatic configuration of IP tunnels

US 20030112808A1
Filed: 12/13/2001
Published: 06/19/2003
Est. Priority Date: 12/13/2001
Status: Abandoned Application

First Claim

Patent Images

1. In an organizational communication net based on the Internet Protocol (P) and deployed offer a plurality of Local-Area Networks (LANs) that are interconnected by a Wide-Area Network (WAN);

each LAN is associated with at least one IP LAN address and connected to at least one host, the hosts being grouped into one or more subnets, each subnet sharing a unique network- or subnet address, which is within the range of a given organization-wide network address configuration;

the communication path between any host having any particular subnet address and any host having any other particular subnet address and connected to a different LAN is termed a tunnel—

a method for automatically compiling a dynamic traffic topology map (TTM) for each of a plurality of LANs, the method comprising the following steps executed with respect to any one of said LANs, constituting a local LAN;

(a) automatically detecting the respective subnet addresses of a local host and of a remote host between which any data packets flow, the addresses being a local subnet address and a remote subnet address, respectively;

(b) automatically obtaining a LAN address of a remote LAN that is connected to the host having said remote subnet address and associating the obtained LAN address with said remote subnet address;

(c) registering a tunnel for the combination of said local subnet address and said remote subnet address, if not presently registered, the registration including recording the local and remote subnet addresses and the remote LAN address obtained in step b;

(d) repeating steps a, b and c multiple times;

the totality of registered tunnels form the TTM.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and means for automatically detecting, for any site or LAN of an organizational net, all the external subnets within the net with which it, or any subnet within it, actively communicate through a WAN and compiling a configuration- or mapping table that lists address pairs of such detected subnets as corresponding active tunnels. The process, carried out by a special agent, includes intercepting data packets flowing in- or out of the LAN and extracting from each the local and remote subnet addresses. Further the table is to indicate, for each such tunnel, an IP address associated with the LAN to which the remote subnet is connected. Such an address is obtained by sending in inquiry message to the remote subnet, which is intercepted by the corresponding remote agent, and having the remote agent send a response message to the originating agent, from which the remote agent'"'"'s address is extracted. Other data may also be exchanged between the agents in the net, including data in the compiled tables. The data in the tables subsequently serve to classify data traffic as to the tunnel through which each data packet flows and as to services to be applied to these data.

140 Citations

34 Claims

1. In an organizational communication net based on the Internet Protocol (P) and deployed offer a plurality of Local-Area Networks (LANs) that are interconnected by a Wide-Area Network (WAN);
- each LAN is associated with at least one IP LAN address and connected to at least one host, the hosts being grouped into one or more subnets, each subnet sharing a unique network- or subnet address, which is within the range of a given organization-wide network address configuration;
  
  the communication path between any host having any particular subnet address and any host having any other particular subnet address and connected to a different LAN is termed a tunnel—
  
  a method for automatically compiling a dynamic traffic topology map (TTM) for each of a plurality of LANs, the method comprising the following steps executed with respect to any one of said LANs, constituting a local LAN;
  
  (a) automatically detecting the respective subnet addresses of a local host and of a remote host between which any data packets flow, the addresses being a local subnet address and a remote subnet address, respectively;
  
  (b) automatically obtaining a LAN address of a remote LAN that is connected to the host having said remote subnet address and associating the obtained LAN address with said remote subnet address;
  
  (c) registering a tunnel for the combination of said local subnet address and said remote subnet address, if not presently registered, the registration including recording the local and remote subnet addresses and the remote LAN address obtained in step b;
  
  (d) repeating steps a, b and c multiple times;
  
  the totality of registered tunnels form the TTM.
- View Dependent Claims (2, 3, 4, 5, 6, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein step a includes:
    - (i) intercepting any of said packets and parsing it into a source IP address (SIP) and a destination IP address (DIP);
      
      (ii) comparing each of said addresses of step 1 with said given organization-wide address configuration and thereby extracting a corresponding subnet address;
      
      (iii) if the intercepted packet is outgoing, recording the subnet address extracted from the SIP as a local subnet address and that extracted from the DIP—
      
      as a remote subnet address; and
      
      if the intercepted packet is incoming, recording the subnet address extracted from the DIP as a local subnet address and that extracted from the SIP—
      
      as a remote subnet address.
  - 3. The method of claim 2, wherein substep i includes extracting from the intercepted packet also layer-2 encapsulation mapping, is step b includes associating also the extracted layer-2 encapsulation mapping with said remote subnet address, and in step c said registration also includes recording the associated layer-2 encapsulation mapping.
  - 4. The method of claim 1, wherein step b includes:
    - (iv) sending from a network component associated with the local LAN, constituting a local component, an inquiry message addressed to any host having said remote subnet address, the message including a local LAN address, which is the LAN address of said local component;
      
      (v) intercepting said inquiry message by a network component associated with the LAN to which said any host is connected, it being a remote component, and extracting said local LAN address from said inquiry message;
      
      (vi) sending a response message from said remote component, addressed to said local component and including a remote LAN address, which is the LAN address of said remote component;
      
      (vii) receiving said response message at said local component and extracting therefrom said remote LAN address.
  - 5. The method of claim 4, wherein said inquiry message also includes one or more local subnet addresses and substep v further includes having said local subnet addresses extracted from the intercepted message and associated with the extracted local LAN address.
  - 6. The method of claim 4, wherein said response message also includes one or more remote subnet addresses and substep vii further includes having said remote subnet addresses extracted from the received message and associated with the extracted remote LAN address.
  - 8. The method of claim 1, wherein the only data input from outside the system is said address configuration, the data being identically fed with respect to all LANs within the net.
  - 9. The method of claim 1, further including identifying each registered tunnel with a unique index.
  - 10. The method of claim 1, further including transmitting any of the registered tunnel data to any other network component.
  - 11. The method of claim 10, wherein said any other component is operative to provide one or more services to any tunnel or to data packets flowing through it
  - 12. The method of claim 1, further including:
    - associating with each registered tunnel one or more specific services applicable to it or to data packets flowing through it.
  - 13. The method of claim 12, further including:
    - recording in any entry in the TTM the identities of services associated with the corresponding tunnel.
  - 14. The method of claim 12, further including:
    - periodically or upon command, applying to any registered tunnel any of its associated services that is applicable to it.
  - 15. The method of claim 12, further including:
    - classifying each packet flowing in or out of a LAN as to the tunnel in which it flows and applying to the packet any of the services that are associated with that tunnel.
  - 16. The method of claim 1, further including:
    - deleting from the TTM any tunnel through which no data packets have flowed over a preceding period of a given duration.
  - 17. The method of claim 1, wherein the TIM is in a format that allows data stored therein to be retrieved by any authorized agent in the net.

7. The method of claim 45 wherein all steps of the method are performed at each of said network components by an agent residing therein and wherein a plurality of said agents cooperate in performing any of the steps.

18. For an organizational communication net, based on the Internet Protocol (IP) and deployed over a plurality of Local-Area Networks (LANs) that are interconnected by a Wide-Area Network (WAN);
- each LAN is associated with at least one IP LAN address and connected to at least one host, the hosts being grouped into one or more subnets, each subnet sharing a unique network- or subnet address, which is within the range of a given organization-wide network address configuration;
  
  the communication path between any host having any particular subnet address and any host having any other particular subnet address and connected to a different LAN constitutes a tunnel and, furthermore, a tunnel over which any data packets have flowed over a given period of time constitutes an active tunnel—
  
  a network component, connected to, or communicative with, any one or more of the LANs, each constituting a local LAN, the network component comprising a traffic topology mapping agent (TTMA) and one or more traffic topology maps (TTM), each TTM associated with a respective local LAN, wherein;
  
  each TTM is a table structured as indexed entries, each entry corresponding to an active tunnel and including a local subnet address, a remote subnet address and a remote LAN address with which said remote subnet address is associated; and
  
  the TTMA is a network agent operative to register active tunnels in each of said TTMs and, with respect to any of said tunnels to be registered, to—
  
  automatically detect a subnet address of any host connected to the corresponding local LAN and a subnet address of any host connected to any other LAN, between which hosts any data packets flow, and record the two detected addresses in the respective entry of the corresponding TTM, as the local subnet address and the remote subnet address, respectively; and
  
  —
  
  automatically obtain a LAN address associated with said other LAN and record the obtained LAN address in the respective entry of the corresponding TTM.
- View Dependent Claims (19, 20, 21, 22, 23)
- - 19. The network component of claim 18, wherein detecting subnet addresses includes:
    - intercepting any of said data packets and parsing it into a source IP address (SIP) and a destination IP address (DIP); and
      
      comparing each of said pair of addresses with said given organization-wide address configuration and thereby extracting a corresponding subnet address;
  - 20. The network component of claim 18, wherein said obtaining a LAN address includes:
    - sending an inquiry message addressed to any host having said remote subnet address, the message including a LAN address of the respective local LAN; and
      
      receiving a response message, containing a LAN address associated with said other LAN, and extracting said LAN address from said response message.
  - 21. The network component of claim 20, wherein the TTMA is further operative to automatically—
    - intercept an inquiry message addressed to a host connected to any local LAN, the message including the LAN address of any other LAN, and extract said address from the message; and
      
      send a response message, addressed to said other LAN and including the LAN address of said local LAN.
  - 22. The network component of claim 18, wherein each TTM is in a format that allows data stored therein to be retrieved by any authorized agent in the net
  - 23. For use in he network component of claim 18, a traffic topology mapping agent (COMA), operative to register active tunnels in any of said TTMs and, with respect to any of said tunnels to be registered, to—
    - automatically detect a subnet address of any host connected to the corresponding local LAN and a subnet address of any host connected to any other LAN, between which hosts any data packets flow, and record the two detected addresses in the respective entry of said any TTM, as the local subnet address and the remote subnet address, respectively; and
      
      —
      
      automatically obtain a LAN address associated with said other LAN and record the obtained LAN address in the respective entry of said any TTM.

24. In an organizational communication net, deployed over a plurality of Local-Area Networks (LANs) that are interconnected by a Wide-Area Network (WAN);
- each LAN is associated with at least one IP LAN address and connected to at least one host, the hosts being grouped into one or more subnets, each subnet sharing a unique network address, termed subnet address, which is within the range of a given organization-wide network address configuration;
  
  the communication path between any particular subnet at any one LAN and any particular subnet at another LAN is termed a tunnel—
  
  a method for classifying, by tunnels, IP data packets flowing into and/or out of any one LAN, to be considered a local LAN, from and/or to other LANs, to be considered remote LANs, the method comprising;
  
  (a) providing structure for a traffic topology map (TTM), associated with the local LAN, in which tunnels may be registered, the structure including an entry corresponding to each registered tunnel, each entry including a local subnet address, which is the address of a subnet in the local LAN, and a remote subnet address, which is the address of a subnet in the remote LAN;
  
  (b) intercepting any of said packets and extracting therefrom a local subnet address and a remote subnet address;
  
  (c) comparing said extracted pair of addresses with corresponding pairs in any tunnels registered in the TTM;
  
  (d) if said comparison results in a match, associating the packet with the corresponding tunnel;
  
  (e) if said comparison results in no match, registering said extracted pair in the TTM as a new tunnel.
- View Dependent Claims (25, 26, 27, 28, 29)
- - 25. The method of claim 24, wherein step b includes:
    - (i) parsing the intercepted packet into a source IP address (SIP) and a destination IP address (DIP);
      
      (ii) comparing each of said addresses of substep i with said given organization-wide address configuration and thereby extracting a corresponding subnet address;
      
      (iii) if the intercepted packet is outgoing, regarding the subnet address extracted from the SIP as a local subnet address and that extracted from the DIP—
      
      as a remote subnet address; and
      
      if the intercepted packet is incoming, regarding the subnet address extracted from the DIP as a local subnet address and that extracted from the SIP—
      
      as a remote subnet address.
  - 26. The method of claim 24, fewer comprising:
    - (f) for any registered tunnel, automatically obtaining a LAN address associated with a remote LAN that corresponds to the respective remote subnet address and recording the obtained LAN address in association with the tunnel.
  - 27. The method of claim 26, wherein in step f said obtaining includes:
    - (iv) sending an inquiry message addressed to any host having said remote subnet address, the message including a local LAN address;
      
      (v) having said inquiry message intercepted and having said local LAN address extracted therefrom;
      
      (vi) sending a response message, addressed to said local LAN address and including a remote LAN address;
      
      (vii) receiving said response message and extracting therefrom said remote LAN address.
  - 28. The method of claim 24, further including identifying each registered tunnel with a unique index and wherein step d further includes transmitting the index identifying said tunnel to any component or agent associated with the local LAN.
  - 29. Be method of claim 24, further including:
    - associating with each registered tunnel one or more;
      
      services applicable to it or to data packets flowing through it and wherein step d further includes applying to the packet any service associated with said tunnel.

30. At a Local-Area Network (LAN) that forms part of an organizational communication net, based on the Internet Protocol (IP), and is connected to at least one host, the hosts being grouped into one or more subnets, each subnet sharing a unique network address, to be termed subnet address, which is within the range of a given organization-wide IP network address configuration—
- a method for automatically registering local subnets, based on communication traffic into and/or out of the LAN, the method comprising;
  
  (a) intercepting a packet flowing into, or out of, the LAN and parsing it into a source IP address (SIP) and a destination IP address (DIP);
  
  (b) comparing each of said addresses of step a with said given organization-wide address configuration and thereby extracting a corresponding subnet address;
  
  (c) if said intercepted packet is outgoing, recording the subnet address extracted from the SIP as a local subnet address and if said intercepted packet is incoming, recording the subnet address extracted from the DIP as a local subnet address.

31. In an organizational communication net, based on the Internet Protocol (IP) and deployed over a plurality of Local-Area Networks (LANs) that are interconnected by a Wide-Area Network (WAN);
- each LAN is associated with at least one IP LAN address and is connected to at least one host, the hosts being grouped into one or more subnets, each subnet sharing a pique network address, to be termed subnet address;
  
  there are registered in association with any LAN, constituting a local LAN, one or more remote subnet addresses, which are addresses of respective subnets in other LANs, constituting remote LANs—
  
  a method for automatically obtaining, for any remote subnet address registered in association with a local LAN, a LAN address associated with the remote LAN that is connected to the respective subnet, the obtained address to be associated with said registered subnet address, the method comprising;
  
  (a) sending from a network component associated with the local LAN, constituting a local component, an inquiry message addressed to any host having said remote subnet address, the message including a local LAN address, which is the LAN address of said local component;
  
  (b) intercepting said inquiry message by a network component associated with the LAN to which said any host is connected, it being a remote component, and extracting said local LAN address from said inquiry message;
  
  (c) sending a response message from said remote component, addressed to said local component and including a remote LAN address, which is the LAN address of said remote component;
  
  (d) receiving said response message at the local component and extracting therefrom said remote LAN address.

32. In an organizational communication net, based on the Internet Protocol (IP) and deployed over a plurality of Local-Area Networks (LANs) that are interconnected by a Wide-Area Network (WAN);
- each LAN is connected to at least one host, the hosts being grouped into one or more subnets, each subnet sharing a unique network- or subnet address, which is within the range of a given organization-wide network address configuration;
  
  the communication path between any host having any particular subnet address and any host having any other particular subnet address and connected to a different LAN is termed a tunnel a method for automatically compiling, with respect to any LAN, considered as a local LAN, a traffic topology map (TTM) of active tunnels between local hosts, connected to the local LAN, and remote hosts, connected to remote LANs, the method comprising,;
  
  (d) automatically detecting a subnet addresses of any local host and of any remote host between which any data packet flows, the addresses being a local subnet address and a remote subnet address, respectively;
  
  (e) registering a tunnel for the combination of a local subnet address and a remote subnet address detected in step a, if not presently registered;
  
  (f) repeating steps a and b multiple times;
  
  the totality of registered tunnels form the TTM.
- View Dependent Claims (33, 34)
- - 33. The method of claim 32, wherein step a includes:
    - (i) intercepting a packet flowing out of, or into, the local LAN and parsing it into a source IP address (SIP) and a destination IP address (DIP);
      
      (ii) comparing each of said addresses of step i with said given organization-wide address configuration and thereby extracting a corresponding subnet address;
      
      (iii) if said intercepted packet is outgoing, recording the subnet address extracted from the SIP as a local subnet address and that extracted from the DIP—
      
      as a remote subnet address; and
      
      if said intercepted packet is incoming, recording the subnet address extracted from the DIP as a local subnet address and that extracted from the DIP—
      
      as a remote subnet address.
  - 34. The method of claim 32, wherein the only data input from outside the system is said address configuration, the data being identically fed with respect to all LANs within the net.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Allot Communications Limited
Original Assignee
Net Reality Ltd.
Inventors
Solomon, Ronen

Application Number

US10/013,835
Publication Number

US 20030112808A1
Time in Patent Office

Days
Field of Search
US Class Current

370/400
CPC Class Codes

H04L 12/4633   Interconnection of networks...

H04L 2101/604   Address structures or formats

H04L 45/02   Topology update or discovery

H04L 61/00   Network arrangements, proto...

H04L 69/16   Implementation or adaptatio...

H04L 69/168   specially adapted for link ...

H04L 9/40   Network security protocols

Automatic configuration of IP tunnels

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

140 Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

Automatic configuration of IP tunnels

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

140 Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links