Rule-based routing to resources through a network

US 20060143703A1
Filed: 10/14/2005
Published: 06/29/2006
Est. Priority Date: 12/10/2003
Status: Active Grant

First Claim

Patent Images

1. A method of creating redirection rules for routing resource access requests from a computer to a network, comprising:

creating an inclusion redirection rule for at least one existing resource definition defining a resource;

receiving exclusion input with an exclusion resource definition defining at least one exclusion resource; and

creating an exclusion redirection rule for the at least one exclusion resource.

View all claims

24 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for determining which resource access requests are handled locally at a remote computer, and which resource access requests are routed or “redirected” through a virtual private network. One or more routing or “redirection” rules are downloaded from a redirection rule server to a remote computer. When the node of the virtual private network running on the remote computer receives a resource access request, it compares the identified resource with the rules. Based upon how the identified resource matches one or more rules, the node will determine whether the resource access request is redirected through the virtual private network or handled locally (e.g., retrieved locally from another network). A single set of redirection rules can be distributed to and employed by a variety of different virtual private network communication techniques.

205 Citations

25 Claims

1. A method of creating redirection rules for routing resource access requests from a computer to a network, comprising:
- creating an inclusion redirection rule for at least one existing resource definition defining a resource;
  
  receiving exclusion input with an exclusion resource definition defining at least one exclusion resource; and
  
  creating an exclusion redirection rule for the at least one exclusion resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method recited in claim 1, further comprising combining the inclusion redirection rule with the exclusion redirection rule into a redirection rule list.
  - 3. The method recited in claim 1, wherein the existing resource definition is maintained by a policy server for controlling access to the resource defined in the at least one existing resource definition.
  - 4. The method recited in claim 1, further comprising receiving input with a second resource definition;
    - and creating a second inclusion redirection rule for the second resource definition.
  - 5. The method recited in claim 1, wherein the existing resource definition includes an Internet protocol (IP) address for the resource.
  - 6. The method recited in claim 1, wherein the existing resource definition includes a name for the resource.
  - 7. The method recited in claim 6, wherein the name is a domain name.
  - 8. The method recited in claim 6, wherein the name is a host name.
  - 9. The method recited in claim 1, wherein the existing resource definition includes a universal resource locator (URL) address for the resource.
  - 10. The method recited in claim 1, wherein the existing resource definition includes an Internet protocol (IP) address for the resource.
  - 11. The method recited in claim 1, wherein the exclusion resource definition includes a name for the exclusion resource.
  - 12. The method recited in claim 11, wherein the name is a domain name.
  - 13. The method recited in claim 11, wherein the name is a host name.
  - 14. The method recited in claim 1, wherein the exclusion resource definition includes a universal resource locator (URL) address for the exclusion resource.

15. An apparatus for creating a redirection rule list, comprising:
- a policy server that maintains a plurality of resource definitions, each resource definition defining a resource, and a rule redirection server that stores an inclusion redirection rule for each resource in a redirection rule list.
- View Dependent Claims (16, 17, 18)
- - 16. The apparatus for creating a redirection rule list recited in claim 15, wherein the policy server maintains at least one exclusion resource definition defining an exclusion resource, and the rule redirection server stores an exclusion redirection rule for the exclusion resource in the redirection rule list.
  - 17. The apparatus for creating a redirection rule list recited in claim 15, wherein the policy server receives input with at least one exclusion resource definition.
  - 18. The apparatus for creating a redirection rule list recited in claim 15, wherein the rule redirection server provides the redirection rule list to at least one client in a virtual private network.

19. A method of routing resource access requests to a network, comprising:
- establishing a first virtual private network between a network and a first client, such that the first client uses a first connection method to establish a secure connection with the network;
  
  establishing a second virtual private network between the network and a second client, such that the second client uses a second connection method to establish a secure connection with the network that is different from the first connection method;
  
  creating a redirection rule list including a plurality of inclusion redirection rules, each inclusion redirection rule being associated with a resource; and
  
  providing the redirection rule list to both the first client and the second client for routing resource access requests.
- View Dependent Claims (20, 21)
- - 20. The method of routing resource access requests to a network recited in claim 19, wherein the redirection rule list further includes at least one exclusion redirection rule associated with an exclusion resource, and further comprising providing the at least one exclusion redirection rule with the redirection rule list to both the first client and the second client for routing resource access requests.
  - 21. The method of routing resource access requests to a network recited in claim 19, wherein the first connection method is selected from the group consisting of:
    - employing a local forward Web server to establish a virtual private network connection with the network, employing a local circuit proxy to establish a virtual private network connection with the network, employing a local IP tunnel adaptor to establish a virtual private network connection with the network, and employing a network based implementation of a reverse web proxy to establish a virtual private network connection with the network.

22. A method of routing resource access requests based upon a resource name, comprising receiving an name service reply for a resource;
- extracting a name for the resource from the name service reply;
  
  determining if the resource name matches a redirection rule;
  
  if the resource name matches a redirection rule, then deriving routing information for the resource from the name service reply; and
  
  mapping the name against the derived routing information in a look aside table.
- View Dependent Claims (23, 24, 25)
- - 23. The method of routing resource access requests based upon a resource name recited in claim 22, further comprising:
    - receiving a resource access request that identifies a requested resource by name;
      
      determining if the name of the requested resource is in the look aside table;
      
      if the name of the requested resource is in the look aside table, then obtaining the routing information mapped to the name of the requested resource from the look aside table; and
      
      routing the resource access request using the obtained routing information.
  - 24. The method of routing resource access requests based upon a resource name recited in claim 23, further comprising routing the resource access request using the obtained routing information by providing the obtained routing information to a system routing table.
  - 25. The method of routing resource access requests based upon a resource name recited in claim 22, wherein the name service reply is a domain name service reply or a WINS reply.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Aventail LLC
Original Assignee
Aventail LLC
Inventors
Hopen, Chris, Sauve, Bryan, Hoover, Paul, Perry, Bill

Granted Patent

US 8,590,032 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/15
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 45/14   Routing performance; Theore...

H04L 47/70   Admission control; Resource...

H04L 61/5007   Internet protocol [IP] addr...

H04L 63/0272   Virtual private networks

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/10   for controlling access to d...

H04L 63/101   Access control lists [ACL]

H04L 67/63   Routing a service request d...

Rule-based routing to resources through a network

First Claim

24 Assignments

0 Petitions

Accused Products

Abstract

205 Citations

25 Claims

Specification

Use Cases

Quick Links

Others

Rule-based routing to resources through a network

First Claim

24 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

205 Citations

25 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others