Filtering data packets at a network gateway working as a service-based policy (sblp) enforcement point
First Claim
1. A method of filtering data packets at a network gateway, the data packets having a header including a destination address and an extension header, the method comprising selectively blocking ones of the data packets where neither the destination address nor the extension header matches a predetermined address criterion.
5 Assignments
0 Petitions
Accused Products
Abstract
The invention concerning a method of filtering data packets being transmitted from a source code node to a destination node via a network gateway during a packet data communication session. Filtering is carried out at said network gateway (GGSN). The destination node or the source node having a first network address during a first period of the session and a second different address during a subsequent second period of the session. The data packets having a header including a destination address and an extension header which is used for transmitting further address information during said second period, the method comprising selectively blocking ones of the data packets where neither the destination address nor the extension header matches a predetermined address criterion.
39 Citations
22 Claims
- 1. A method of filtering data packets at a network gateway, the data packets having a header including a destination address and an extension header, the method comprising selectively blocking ones of the data packets where neither the destination address nor the extension header matches a predetermined address criterion.
- 12. A method of filtering data packets at a network gateway, the data packets having a header including a destination address, the method comprising selectively blocking ones of the data packets where the destination address does not meet a destination address criterion or a forwarding agent criterion which defines an address of at least one forwarding agent which forwards packets addressed to the forwarding agent to a destination node at a network address specified in the payload of the packet.
-
15. A method of transmitting data packets in a source node of a packet data network, comprising establishing a packet data communication session with a destination node at a first network address via a network gateway such that the gateway applies a filter to the data packets of the communication session based on a destination address of the data packets, receiving an indication of a second network address of the destination node during the session, and transmitting subsequent packets within the session addressed to the second network address and containing the first network address in an extension header for containing information to be read by intermediate nodes between the source node and the destination node.
- 16. A method of applying a destination address based filter at a network gateway to a packet data session between a source node and a destination node, wherein the destination node roams from a home address in a home network to a care-of address in a foreign network and sends a binding update to the source node so that the source node addresses subsequent packets in the session to the care-of address and places the home address in an extension header of the subsequent packets, the method comprising applying the destination address-based packet filter to the extension header of the subsequent packets.
-
19. A method of applying a destination address based packet filter at a network gateway to a packet data session between a source node and a destination node, wherein the source node roams from a home address in a home network to a care-of address in a foreign network having said network gateway, and sets up a reverse tunnel to a home agent in the home network for forwarding packets to the destination node, the source node places the address of the destination node in an extension header of packets sent from the foreign network, and the network gateway applies the destination address filter to the extension header of the packets.
-
20. A computer readable medium including a program for executing a method of filtering data packets at a network gateway, the data packets having a header including a destination address and an extension header, the method comprising selectively blocking ones of the data packets where neither the destination address nor the extension header matches a predetermined address criterion.
-
21. An apparatus configured to filter data packets at a network gateway, the data packets having a header including a destination address and an extension header, wherein the apparatus is configured to selectively block ones of the data packets when neither the destination address nor the extension header matches a predetermined address criterion.
-
22. (canceled)
Specification