Filtering data packets at a network gateway working as a service-based policy (sblp) enforcement point

US 20060104284A1
Filed: 11/07/2003
Published: 05/18/2006
Est. Priority Date: 11/11/2002
Status: Active Grant

First Claim

Patent Images

1. A method of filtering data packets at a network gateway, the data packets having a header including a destination address and an extension header, the method comprising selectively blocking ones of the data packets where neither the destination address nor the extension header matches a predetermined address criterion.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention concerning a method of filtering data packets being transmitted from a source code node to a destination node via a network gateway during a packet data communication session. Filtering is carried out at said network gateway (GGSN). The destination node or the source node having a first network address during a first period of the session and a second different address during a subsequent second period of the session. The data packets having a header including a destination address and an extension header which is used for transmitting further address information during said second period, the method comprising selectively blocking ones of the data packets where neither the destination address nor the extension header matches a predetermined address criterion.

39 Citations

View as Search Results

22 Claims

1. A method of filtering data packets at a network gateway, the data packets having a header including a destination address and an extension header, the method comprising selectively blocking ones of the data packets where neither the destination address nor the extension header matches a predetermined address criterion.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the address criterion is applied only to packets transmitted from a source node to a destination node during a corresponding packet data communication session.
  - 3. The method of claim 2, wherein the destination node has a first network address during a first period of the packet data communication session and a second, different network address during a second, subsequent period of the data communication session, and the source node transmits packets having the first network address as the destination address during the first period, and transmits packets having the second network address as the destination address and the first network address in the extension header during the second period.
  - 4. The method of claim 3, wherein the destination node converts packets received during the second period by replacing the second network address with the first network address before decoding the payload of the packets.
  - 5. The method of claim 4, wherein the extension header is a Routing Header Type 2 extension header.
  - 6. The method of claim 3, wherein the destination node roams from a first network including the first network address to a second network including the second network address between the first and second periods.
  - 7. The method of claim 2, wherein the source node has a first network address during a first period of the packet data communication session and a second, different network address during a second, subsequent period of the data communication session, the packets include a source address, and the source node transmits, during the first period, packets having the first network address as the source address and the address of the destination node as the destination address and transmits, during the second period, packets having the second network address as the source address, the address of the destination node in the extension header and, as the destination address, the address of a forwarding agent which forwards the packets to the destination node.
  - 8. The method of claim 7, wherein a payload of the packets transmitted by the source node during the second period contains the address of the destination node.
  - 9. The method of claim 7, wherein the source node roams from a first network including the first network address to a second network including the second network address between the first and second periods.
  - 10. The method of claim 3, wherein one or more intermediate nodes, through which the packets are routed between the source node and the destination node, read information in the extension header.
  - 11. The method of claim 10, wherein the extension header is a Hop-by-Hop Options extension header.

12. A method of filtering data packets at a network gateway, the data packets having a header including a destination address, the method comprising selectively blocking ones of the data packets where the destination address does not meet a destination address criterion or a forwarding agent criterion which defines an address of at least one forwarding agent which forwards packets addressed to the forwarding agent to a destination node at a network address specified in the payload of the packet.
- View Dependent Claims (13, 14)
- - 13. The method of claim 12, wherein the at least one forwarding agent blocks packets for which the network address does not meet the destination address criterion.
  - 14. The method of claim 12, wherein the forwarding agent criterion is variable so as to include or exclude an address of the at least one forwarding agent

15. A method of transmitting data packets in a source node of a packet data network, comprising establishing a packet data communication session with a destination node at a first network address via a network gateway such that the gateway applies a filter to the data packets of the communication session based on a destination address of the data packets, receiving an indication of a second network address of the destination node during the session, and transmitting subsequent packets within the session addressed to the second network address and containing the first network address in an extension header for containing information to be read by intermediate nodes between the source node and the destination node.

16. A method of applying a destination address based filter at a network gateway to a packet data session between a source node and a destination node, wherein the destination node roams from a home address in a home network to a care-of address in a foreign network and sends a binding update to the source node so that the source node addresses subsequent packets in the session to the care-of address and places the home address in an extension header of the subsequent packets, the method comprising applying the destination address-based packet filter to the extension header of the subsequent packets.
- View Dependent Claims (17, 18)
- - 17. The method of claim 16, wherein the extension header is used by the destination node to restore the home address as the destination address of the subsequent packets.
  - 18. The method of claim 16, wherein the extension header is read by intermediate nodes between the source node and the destination node.

19. A method of applying a destination address based packet filter at a network gateway to a packet data session between a source node and a destination node, wherein the source node roams from a home address in a home network to a care-of address in a foreign network having said network gateway, and sets up a reverse tunnel to a home agent in the home network for forwarding packets to the destination node, the source node places the address of the destination node in an extension header of packets sent from the foreign network, and the network gateway applies the destination address filter to the extension header of the packets.

20. A computer readable medium including a program for executing a method of filtering data packets at a network gateway, the data packets having a header including a destination address and an extension header, the method comprising selectively blocking ones of the data packets where neither the destination address nor the extension header matches a predetermined address criterion.

21. An apparatus configured to filter data packets at a network gateway, the data packets having a header including a destination address and an extension header, wherein the apparatus is configured to selectively block ones of the data packets when neither the destination address nor the extension header matches a predetermined address criterion.

22. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
3G Licensing S.A. (Fineur International S.A.)
Original Assignee
Orange S.A.
Inventors
Chen, Xiaobao

Granted Patent

US 7,554,949 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/395.300
CPC Class Codes

H04L 63/0227   Filtering policies mail mes...

H04L 63/0236   Filtering by address, proto...

H04L 63/0263   Rule management

H04L 63/0272   Virtual private networks

H04L 63/10   for controlling access to d...

H04L 69/16   Implementation or adaptatio...

H04L 69/161   Implementation details of T...

H04L 69/167   Adaptation for transition b...

H04L 69/22   Parsing or analysis of headers

H04W 12/037   of the control plane, e.g. ...

H04W 28/06   Optimizing the usage of the...

H04W 8/26   Network addressing or numbe...

H04W 80/04   Network layer protocols, e....

H04W 88/16   Gateway arrangements

Filtering data packets at a network gateway working as a service-based policy (sblp) enforcement point

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

39 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Filtering data packets at a network gateway working as a service-based policy (sblp) enforcement point

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links