Apparatus, method, and computer program product for building virtual networks

US 20040078471A1
Filed: 09/02/2003
Published: 04/22/2004
Est. Priority Date: 10/18/2002
Status: Abandoned Application

First Claim

Patent Images

1. A network system, comprising:

a global area network coupled to one or more virtual network hosting servers;

a first computing system coupled to said one or more servers though a first firewall; and

a second computing system coupled to said one or more servers through a second firewall wherein a virtual network including said computing systems is formed such that said computing systems communicate with each other through a direct logical connection.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is a system, method and computer program product for building virtual networks for TCP/IP networking. The system includes a global area network coupled to one or more virtual network hosting servers; and a first computing system coupled to the one or more servers though a first firewall, wherein a virtual network including the first computing system is formed with a second computing system coupled to the one or more servers through a second firewall such that the computing systems communicate with each other through a direct logical connection. The method for forming a virtual network includes a) establishing a physical connection between a first computing system through a first firewall to a virtual network hosting server coupled to a global area network; b) communicating with a second computing system physically connected to the virtual network hosting server through a second firewall, wherein the communicating step includes communicating through a direct logical connection between the computing systems. The computer program product having a computer readable medium carrying program instructions for forming a virtual network when executed using two or more computing systems each coupled to a global area network through a firewall, the executed program instructions executing a method, the method including a) establishing a physical connection between a first computing system through a first firewall to a virtual network hosting server coupled to a global area network; b) establishing a physical connection between a second computing system through a second firewall to the virtual network hosting server; and c) establishing a logical connection between the computing systems to form the virtual network.

Citations

26 Claims

1. A network system, comprising:
- a global area network coupled to one or more virtual network hosting servers;
  
  a first computing system coupled to said one or more servers though a first firewall; and
  
  a second computing system coupled to said one or more servers through a second firewall wherein a virtual network including said computing systems is formed such that said computing systems communicate with each other through a direct logical connection.
- View Dependent Claims (2, 3, 4)
- - 2. The network system of claim 1 wherein said virtual network uses a physical layer connection between said one or more servers and each computing system.
  - 3. The network system of claim 2 wherein said physical layer is established using an HTTP CONNECT command.
  - 4. The network system of claim 1 wherein said physical layer connection includes connections to a virtual network object formed in said server.

5. A communication system using a global area network having a virtual network hosting server, comprising:
- a plurality of computing systems coupled to the virtual network hosting server using the global area network; and
  
  a plurality of firewalls, one for each computing system, for filtering network communication between a computing system and the global area network wherein a virtual network including said computing systems is formed such that said computing systems communicate with each other through a direct logical connection.

6. A virtual network formation method, the method comprising:
- a) establishing a physical connection between a first computing system through a first firewall to a virtual network hosting server coupled to a global area network;
  
  b) establishing a physical connection between a second computing system through a second firewall to said virtual network hosting server; and
  
  c) establishing a logical connection between said computing systems to form the virtual network.
- View Dependent Claims (7, 8)
- - 7. The method of claim 6 wherein one of said establishing step a) and establishing step b) include:
    - d) issuing a TCP connect request from said computing system to said server;
      
      e) responding to said TCP connect request from said server to said computing system;
      
      f) exchanging connection handshake data from said computing system to said server;
      
      g) exchanging connection handshake data from said server to said computing system; and
      
      h) exchanging data between said computing system and said server.
  - 8. The method of claim 6 further comprising an HTTP proxy server coupled to said first computing system in front of said first firewall wherein said establishing step a) includes:
    - d) issuing a proxy connect request from said first computing system to said proxy server;
      
      e) issuing a TCP connect request from said proxy server to said server;
      
      f) responding to said TCP connect request from said server to said proxy server;
      
      h) responding to said TCP connect request from said proxy server to said first computing system;
      
      g) exchanging connection handshake data from said computing system to said server through said proxy server;
      
      g) exchanging connection handshake data from said server to said computing system through said proxy server; and
      
      h) exchanging data between said computing system and said server through said proxy server.

9. A computer program product comprising a computer readable medium carrying program instructions for forming a virtual network when executed using two or more computing systems each coupled to a global area network through a firewall, the executed program instructions executing a method, the method comprising:
- a) establishing a physical connection between a first computing system through a first firewall to a virtual network hosting server coupled to a global area network;
  
  b) establishing a physical connection between a second computing system through a second firewall to said virtual network hosting server; and
  
  c) establishing a logical connection between said computing systems to form the virtual network.

10. A virtual network communication system for a first computer system coupled to a global area network, comprising:
- a network application operable using a processor of the first computer system, said network application coupled to a networking API;
  
  a network adapter operable using said processor, for exchanging communication protocol signals between the global area network and a network subsystem, said network subsystem coupled to said networking API;
  
  a virtual network client runtime operable using said processor of the first computer system, said network client runtime coupled to said network API; and
  
  a virtual network adapter, operable using said processor, coupled to said runtime and to said network system.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The virtual network communication system of claim 10 wherein said virtual network adapter is created dynamically during operation of the first computer system.
  - 12. The virtual network communication system of claim 11 wherein said virtual network adapter is assigned its own physical adapter address.
  - 13. The virtual network communication system of claim 11 wherein said virtual network adapter is statically configured with a pseudo physical address.
  - 14. The virtual network communications system of claim 13 wherein said virtual network adapter has an address that matches an address of a second virtual network adapter of a second computer system logically connected to said virtual network adapter of the first computer system through a virtual network hosting server.
  - 15. The virtual network communications system of claim 14 wherein the first computer system includes a modified address resolution protocol (ARP) process.
  - 16. The virtual network communications system of claim 15 wherein said modified ARP process returns one of said pseudo physical address and a dynamically assigned physical address depending upon a source of an ARP request for a physical address request of the first computer system.

17. An address resolution protocol (ARP) request response process for a virtual network adapter provided in a first computer system, the method comprising:
- a) responding to the ARP request with a pseudo physical address of the virtual network adapter when the ARP request is sent from the first computer system; and
  
  b) responding to the ARP request with a dynamically assigned physical address of the virtual network adapter when the ARP request is not sent from the first computer system.

18. A network system, comprising:
- a global area network coupled to one or more virtual network hosting servers; and
  
  a first computing system coupled to said one or more servers though a first firewall wherein a virtual network including said first computing system is formed with a second computing system coupled to said one or more servers through a second firewall such that said computing systems communicate with each other through a direct logical connection.

19. A method for forming a virtual network, the method comprising:
- a) establishing a physical connection between a first computing system through a first firewall to a virtual network hosting server coupled to a global area network;
  
  b) communicating with a second computing system physically connected to said virtual network hosting server through a second firewall wherein said communicating step includes communicating through a direct logical connection between said computing systems.

20. A method for forming a virtual network, the method comprising:
- a) establishing a physical connection between a virtual network hosting server coupled to a global area network and each of a plurality of computing systems separated from said global area network by a plurality of firewalls, each one of said plurality of firewalls associated with a corresponding one of each of said plurality of computing systems; and
  
  b) communicating between each computing system of said plurality of computing systems using a direct logical connection between them to form a virtual network of said plurality of computing systems.

21. A subnet localization method for each of a plurality of computing systems, each computing system physically coupled to a virtual network hosting server through a firewall and having a virtual network adapter, the plurality of computing systems and the hosting server defining a virtual network having a direct logical connection between the computing systems, the method comprising:
- a) configuring TCP/IP settings for each virtual adapter including a combination of a common network ID and a host ID portion except for one or more virtual adapters having a conflict;
  
  b) configuring TCP/IP settings for each of said conflicted one or more virtual adapters including a combination of an alternate network ID and a host ID portion; and
  
  c) performing a connection-based address translation of IP packets passing through said virtual adapters wherein all the computing systems are logically connected together into a single virtual network.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The subnet localization method of claim 21 wherein said address translation step c) for an IP packet coming into one of the virtual adapters comprises:
    - c1) testing whether a network ID in a source address portion of the IP packet matches a network ID of the one virtual adapter; and
      
      c2) changing said network ID in said source address portion to match said network ID of said one virtual adapter when said testing step c1) is false;
      
      c3) updating packet checksums for the IP packet when said testing step c1) is false; and
      
      c4) creating a mapping entry based upon a source IP and a source port when said testing step c1) is false.
  - 23. The subnet localization method of claim 21 wherein said address translation step c) for an IP packet coming into one of the virtual adapters comprises:
    - c1) testing whether a network ID in a destination address portion of the IP packet matches a network ID of the one virtual adapter; and
      
      c2) changing said network ID in said destination address portion to match said network ID of said one virtual adapter when said testing step c1) is false; and
      
      c3) updating packet checksums for the IP packet when said testing step c1) is false.
  - 24. The subnet localization method of claim 21 wherein said address translation step c) for an IP packet transmitted from one of the virtual adapters comprises:
    - c1) testing whether a mapping entry exists for the destination address and the destination port;
      
      c2) testing whether a network ID in a source address portion of the IP packet matches a network ID of the one virtual adapter when the testing step at c1) is true;
      
      c3) changing said network ID in said source address portion to match a network ID of said mapping entry when said testing step c1) is true and said testing step c2) is false; and
      
      c3) updating packet checksums for the IP packet when said testing step c1) is true and said testing step c2) is false.
  - 25. The subnet localization method of claim 21 wherein said address translation step c) for an IP packet transmitted from one of the virtual adapters comprises:
    - c1) testing whether a mapping entry exists for the destination address and the destination port;
      
      c2) testing whether a network ID in a destination address portion of the IP packet matches a network ID of the one virtual adapter when the testing step at c1) is true;
      
      c3) changing said network ID in said destination address portion to match a network ID of said mapping entry when said testing step c1) is true and said testing step c2) is false; and
      
      c3) updating packet checksums for the IP packet when said testing step c1) is true and said testing step c2) is false.

26. A domain name service (DNS) handling method for a computer system of a virtual network, the computer system having a virtual adapter, the method comprising:
- a) testing, at the computer system, whether a name request at a name space for the computer system is defined for the virtual network;
  
  b) returning a dynamically assigned IP address of the virtual adapter responsive to said name request when the testing step a) is true; and
  
  c) forwarding said name request to a default domain name resolver (DNR) for the computer system when the testing step a) is false.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Collatus Corporation
Original Assignee
Collatus Corporation
Inventors
Yang, Guanghong

Application Number

US10/653,638
Publication Number

US 20040078471A1
Time in Patent Office

Days
Field of Search
US Class Current

709/227
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/029   Firewall traversal, e.g. tu...

H04L 67/14   Session management for real...

H04L 69/329   in the application layer [O...

Apparatus, method, and computer program product for building virtual networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus, method, and computer program product for building virtual networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links