Interactive control of network devices
First Claim
1. An apparatus comprising:
- a first networking means (52) for receiving a flow of data (60) from a network (20, 22), processing said data and delivering processed said data (60) to said network (20, 22);
a second networking means (54) for inspecting received said data (60) and for making decisions in respect of received said data (60);
said first networking means (52) being coupled to said second networking means (54) by a plurality of tunnels (56, 58, 70);
a flow of data (60) received by said first networking means (52) being passed to said second networking means (54) through a first one of said plurality of tunnels (56, 58, 70) and redirected to said first networking means by a second one of said plurality of tunnels (56, 58, 70);
said second networking means (54) exercising operational control of said first networking means (52) by sending messages to said first networking means (52) through a third one of said plurality of tunnels (56, 58, 70) and receiving replies from said first networking means (52) through a fourth one of said plurality of tunnels (56, 58, 70); and
said messages including instructions to start, stop and “
boot”
said first networking means and to start, stop and otherwise direct said flow of data (60) through said first networking means.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and apparatus are disclosed for establishing interfaces or “tunnels” between networking devices, so one device can control the other and vice versa. Such devices may be general purpose processors (GPP) and ethernet web switches. A first device receives data packets as they flow across a network. A second device can access packets only if they flow through the first device. The second device can only send packets to the network if they flow through the first device. In a preferred embodiment, the first device is optimized for high-speed data transfer and the second device for data inspection and flow decision making. Each tunnel carries related types of packets in one direction between “partnered” devices. Data tunnels pass network data packets. Control tunnels carry messages to control the operation of a first device by a second. Messages stop, start or otherwise direct the flow of data through the first device. A Broadcast tunnel enables several network devices to interact. The second device contains logic that receives the data packets, processes them and sends them back to the first device. The second device can processing includes data inspection. and decision making based on the packet contents. A preferred embodiment blocks viruses including blocking intentional “Denial Of Service” schemes.
148 Citations
21 Claims
-
1. An apparatus comprising:
-
a first networking means (52) for receiving a flow of data (60) from a network (20, 22), processing said data and delivering processed said data (60) to said network (20, 22);
a second networking means (54) for inspecting received said data (60) and for making decisions in respect of received said data (60);
said first networking means (52) being coupled to said second networking means (54) by a plurality of tunnels (56, 58, 70);
a flow of data (60) received by said first networking means (52) being passed to said second networking means (54) through a first one of said plurality of tunnels (56, 58, 70) and redirected to said first networking means by a second one of said plurality of tunnels (56, 58, 70);
said second networking means (54) exercising operational control of said first networking means (52) by sending messages to said first networking means (52) through a third one of said plurality of tunnels (56, 58, 70) and receiving replies from said first networking means (52) through a fourth one of said plurality of tunnels (56, 58, 70); and
said messages including instructions to start, stop and “
boot”
said first networking means and to start, stop and otherwise direct said flow of data (60) through said first networking means. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
Specification
-
- Resources
-
Current AssigneeNortel Networks Limited (Nortel Networks Corporation)
-
Original AssigneeNortel Networks Limited (Nortel Networks Corporation)
-
InventorsErvin, Marcus Wayne III, Mellencamp, Rob, Gram, Charles Andrew
-
Application NumberUS09/908,503Publication NumberTime in Patent OfficeDaysField of SearchUS Class Current370/229CPC Class CodesH04L 12/4633 Interconnection of networks...H04L 41/00 Arrangements for maintenanc...H04L 63/0218 Distributed architectures, ...H04L 63/145 the attack involving the pr...H04L 63/1458 Denial of Service
