System, method and computer program product for communicating with a private network

US 20060245414A1
Filed: 12/20/2004
Published: 11/02/2006
Est. Priority Date: 12/20/2004
Status: Active Grant

First Claim

Patent Images

1. A method for communicating with a private network, comprising:

intercepting a request from an application of a client for initiating a communication with a node coupled to a private network before the request can be received by a transport layer of the client;

sending the request to an interface unit coupled to the private network via an established network connection over a public network, wherein the interface unit attempts to establish a communication link with the node over the private network after receiving the request;

receiving a unique connection identifier from the interface unit via the established network connection over the public network if the interface unit is able to establish a communication link with the node, wherein the connection identifier is associated with the communication link established over the private network between the interface unit and the node;

intercepting a communication from the application of the client directed at the node before the communication can be received by the transport layer of the client; and

sending the communication from the application with the connection identifier to the interface unit through the established network connection over the public network, wherein after receipt of the communication with the connection identifier, the interface unit uses the connection identifier to identify the associated communication link and send the communication from the application to the node via the associated communication link.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and computer program product for communicating with a private network are described. An application of a client is monitored for communications intended for a node coupled to a private network. A communication from the monitored application of the client that is intended for the node may then be intercepted before the communication can be received by the transport layer of the client, the intercepted communication may then be sent with a connection identifier to an interface unit coupled to the private network via an established network connection over a public network. The connection identifier also associated with a communication link that is established over the private network between the interface unit and the node. The interface unit uses the connection identifier that is received with the communication to identify the associated communication link over the private network. The interface unit may then send the communication (without the connection identifier) to the node via the identified associated communication link.

79 Citations

View as Search Results

44 Claims

1. A method for communicating with a private network, comprising:
- intercepting a request from an application of a client for initiating a communication with a node coupled to a private network before the request can be received by a transport layer of the client;
  
  sending the request to an interface unit coupled to the private network via an established network connection over a public network, wherein the interface unit attempts to establish a communication link with the node over the private network after receiving the request;
  
  receiving a unique connection identifier from the interface unit via the established network connection over the public network if the interface unit is able to establish a communication link with the node, wherein the connection identifier is associated with the communication link established over the private network between the interface unit and the node;
  
  intercepting a communication from the application of the client directed at the node before the communication can be received by the transport layer of the client; and
  
  sending the communication from the application with the connection identifier to the interface unit through the established network connection over the public network, wherein after receipt of the communication with the connection identifier, the interface unit uses the connection identifier to identify the associated communication link and send the communication from the application to the node via the associated communication link.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 2. The method of claim 1, further comprising receiving from the interface unit via the established network a communication from the node with the connection identifier, and providing the communication from the node to the application.
  - 3. The method claim 2, wherein the communication from the node was received by the interface unit via communication link over the private network, wherein the interface unit included the connection identifier associated with the communication link with the communication from the node prior to transmission over the established network connection.
  - 4. The method of claim 1, further comprising intercepting a termination request for terminating the communication with the node from the application of the client before the request is received by a transport layer of the client;
    - sending the termination request with the connection identifier to the interface unit via the established network connection; and
      
      notifying the application that communication with the node has been terminated after receiving a response from the interface unit via the established network connection that indicates that the communication link with the node has been terminated.
  - 5. The method of claim 4, wherein the response from the interface unit includes the connection identifier.
  - 6. The method of claim 5, wherein the interface unit, after receiving the termination request with the connection identifier, uses the connection identifier to identify the communication link with the node, closes the identified communication link to the node, and transmits via the established network connection the response via the established network connection.
  - 7. The method of claim 1, further comprising determining whether the established network connection has been established with the interface unit.
  - 8. The method of claim 1, wherein at least one of the request and the communication from the application of the client comprises a TCP operation.
  - 9. The method of claim 1, wherein the pre-established network connection comprises a TCP tunnel.
  - 10. The method of claim 1, wherein the pre-established network connection is encrypted.
  - 11. The method of claim 10, wherein the pre-established network connection is encrypted utilizing SSL.
  - 12. The method of claim 1, wherein the communication link between the interface unit and the node over the private network comprises a TCP/IP connection.
  - 13. The method of claim 1, wherein the communication from the application is transmitted over the pre-established network connection encapsulated a single packet.
  - 14. The method of claim 13, wherein the connection identifier is included in the packet.
  - 15. The method of claim 1, wherein the application is monitored for the issuance of TCP operations to the network layer of the client.
  - 16. The method of claim 1, wherein the interface unit establishes a unique communication link with the node over the private network and assigns a corresponding unique connection identifier for each request that is intercepted from the application of the client and sent to the interface unit over the established network connection over the pubic network.
  - 17. The method of claim 1, wherein one or more subsequent requests from the application to establish a new connection with the node that are intercepted and sent to the interface unit via the established network connection are associated with the connection identifier so that subsequent intercepted communications from the application directed to the new connections are send to the node via the same communication link.
  - 18. The method of claim 1, wherein the communication link is selected from a group of one or more pre-established communication links between the interface unit and the node over the private network.
  - 19. The method of claim 1, further comprising establishing a network connection over the public network with an additional interface unit coupled to the private network.
  - 20. The method of claim 1, wherein the connection identifier is generated using information based on at least one of a network address of the node.
  - 21. The method of claim 1, wherein the connection identifier is generated by the interface unit from a four tuple of a private side IP address and port of the interface unit and an IP address and port of the node.
  - 22. The method of claim 1, wherein the request from the application is identified for interception by one or more of a source port, a source IP address, a destination port, and a destination IP address.
  - 23. The method of claim 1, wherein communications from the application that are not directed to the node are permitted to be received by the network layer of the client.
  - 24. The method of claim 1, further comprising intercepting a second request from an application of a client for initiating a second communication with the private network before the second request can be received by a transport layer of the client, establishing a second network connection with the interface unit over the public network, and sending the second request to the interface unit via the second established network connection.
  - 25. The method of claim 1, further comprising intercepting a second request from an application of a client for initiating a second communication with the private network before the second request can be received by a transport layer of the client, sending the second request to the interface unit via the established network connection.
  - 26. The method of claim 1, wherein the established network connection is selected from a group of one or more pre-established network connections with the interface unit over the public network.

27. A system for communicating with a private network, comprising:
- logic that intercepts a request from an application of a client for initiating a communication with a node coupled to a private network before the request can be received by a transport layer of the client;
  
  logic that sends the request to an interface unit coupled to the private network via an established network connection over a public network, wherein the interface unit attempts to establish a communication link with the node over the private network after receiving the request;
  
  logic that receives a unique connection identifier from the interface unit via the established network connection over the public network if the interface unit is able to establish a communication link with the node, wherein the connection identifier is associated with the communication link established over the private network between the interface unit and the node;
  
  logic that intercepts a communication from the application of the client directed at the node before the communication can be received by the transport layer of the client; and
  
  logic that sends the communication from the application with the connection identifier to the interface unit through the established network connection over the public network, wherein after receipt of the communication with the connection identifier, the interface unit uses the connection identifier to identify the associated communication link and sends the communication from the application to the node via the associated communication link.

28. A computer program product for communicating with a private network, comprising:
- computer code that intercepts a request from an application of a client for initiating a communication with a node coupled to a private network before the request is received by a transport layer of the client;
  
  computer code that sends the request to an interface unit coupled to the private network via an established network connection over a public network, wherein the interface unit attempts to establish a communication link with the node over the private network after receiving the request;
  
  computer code that receives a unique connection identifier from the interface unit via the established network connection over the public network if the interface unit is able to establish a communication link with the node, wherein the connection identifier is associated with the communication link established over the private network between the interface unit and the node;
  
  computer code that intercepts a communication from the application of the client directed at the node before the communication is received by the transport layer of the client; and
  
  computer code that sends the communication from the application with the connection identifier to the interface unit through the established network connection over the public network, wherein after receipt of the communication with the connection identifier, the interface unit uses the connection identifier to identify the associated communication link and sends the communication from the application to the node via the associated communication link.

29. A method of communicating with a private network, comprising:
- monitoring an application of a client for communications intended for a node coupled to a private network;
  
  intercepting a communication from the monitored application of the client intended for the node before the communication is received by the transport layer of the client; and
  
  sending the communication with a connection identifier to an interface unit coupled to the private network via an established network connection over a public network, wherein the connection identifier is associated with a communication link established over the private network between the interface unit and the node, wherein the interface unit uses the connection identifier received with the communication to identify the associated communication link over the private network and then sends the subsequent communication without the connection identifier to the node via the associated communication link.

30. A method of communicating with a private network, comprising:
- monitoring an application of a client for TCP operations to a network layer of the client for communicating with a node coupled to a private network;
  
  intercepting the TCP operations from the monitored application of the client intended for the node before the TCP operations are received by the transport layer of the client; and
  
  sending each TCP operation in a packet with a connection identifier to an interface unit coupled to the private network via a TCP tunnel over a public network, wherein the connection identifier is associated with a TCP connection established over the private network between the interface unit and the node, wherein for each packet, the interface unit extracts the TCP operation and connection identifier from the packet and uses the connection identifier received in the packet to identify the associated TCP connection over the private network and forwards the TCP operation without the connection identifier to the node via the identified associated TCP connection.

31. A method for communicating with a private network, comprising:
- establishing a network connection over a public network with an agent residing on a client, wherein the client has an application residing thereon that issues a request for initiating a communication with a node coupled to a private network, wherein the agent intercepts the request from the application before the request can be received by a transport layer of the client;
  
  receiving the intercepted request from the agent via the established connection establishing a communication link with the node over the private network;
  
  associating a connection identifier with the established communication link; and
  
  sending a notification to the agent that indicates the communication link with the node has been established, the notification including the connection identifier.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
- - 32. The method of claim 31, further comprising receiving a packet from the agent via the established network connection, wherein the packet includes the communication identifier and a communication from the application to the node that was intercepted by the agent before the communication could be received by the network layer of the client.
  - 33. The method of claim 32, further comprising extracting the communication and the connection identifier from the received packet, and using the connection identifier to identify associated communication link, and sending the communication extracted from the packet to the node via the identified communication link over the private network.
  - 34. The method of claim 31, further comprising receiving via the communication link over the private network a packet containing a communication from the node directed to the application of the client, extracting the communication from the node from the packet, sending the communication from the node and the connection identifier associated with the communication line in a packet via the established network connection over the pubic network to the agent, wherein the agent extracts the communication from the packet sent via the established network connection and provides it to the application of the client.
  - 35. The method of claim 31, wherein the network connection over the public network comprises a TCP tunnel.
  - 36. The method of claim 31, wherein the established network connection is encrypted.
  - 37. The method of claim 31, further comprising establishing a unique communication link with the node over the private network and assigning a corresponding unique connection identifier for each intercepted request received from the agent via the established network connection over the public network.
  - 38. The method of claim 31, wherein one or more subsequent requests from the application to establish a new connection with the node are intercepted by the agent and received from the agent via the established network connection are associated with the connection identifier so that subsequent intercepted communications from the application directed to the new connections are send to the node via the same communication link.
  - 39. The method of claim 31, further comprising maintaining a group of one or more pre- established communication links with the node over the private network, each pre-established communication link being associated with a corresponding unique connection identifier, and wherein the communication link is selected from a group of one or more pre-established communication links with the node over the private network.
  - 40. The method of claim 31, further comprising generating the connection identifier using information based on at least one of a network address of the node.
  - 41. The method of claim 31, further comprising generating the connection identifier from a four tuple of a private side IP address and port of the interface unit and an IP address and port of the node.

42. A system for communicating with a private network, comprising:
- logic that establishes a network connection over a public network with an agent residing on a client, wherein the client has an application residing thereon that issues a request for initiating a communication with a node coupled to a private network, wherein the agent intercepts the request from the application before the request can be received by a transport layer of the client;
  
  logic that receives the intercepted request from the agent via the established connection logic that establishes a communication link with the node over the private network;
  
  logic that associates a connection identifier with the established communication link; and
  
  logic that sends a notification to the agent that indicates the communication link with the node has been established, the notification including the connection identifier.

43. A computer program product for communicating with a private network, comprising:
- computer code that establishes a network connection over a public network with an agent residing on a client, wherein the client has an application residing thereon that issues a request for initiating a communication with a node coupled to a private network, wherein the agent intercepts the request from the application before the request can be received by a transport layer of the client;
  
  computer code that receives the intercepted request from the agent via the established connection;
  
  computer code that establishes a communication link with the node over the private network;
  
  computer code that associates a connection identifier with the established communication link; and
  
  computer code that sends a notification to the agent that indicates the communication link with the node has been established, the notification including the connection identifier.

44. A communication system, comprising:
- a private network;
  
  a node coupled to the private network;
  
  a public network;
  
  an interface unit coupled to the public network and the private network;
  
  a client having an application, wherein the application issues a request for initiating a communication with the node;
  
  an agent residing on the client, wherein the agent establishes a network connection with the interface unit over the public network, wherein the agent intercepts the request from the application before the request can be received by a transport layer of the client, wherein the agent sends the request to the interface unit via the established network connection;
  
  wherein the interface unit attempts to establish a communication link with the node over the private network after receiving the request;
  
  wherein the interface unit establishes a communication link with the node over the private network in response to receiving the intercepted request from the agent, wherein the interface unit associates a connection identifier with the established communication link and sends a notification to the agent that indicates the communication link with the node has been established, wherein the notification includes the connection identifier;
  
  wherein the agent notifies the application that a connection has been established with the node after receiving the notification from the interface unit; and
  
  wherein the agent intercepts a subsequent communication from the application of the client directed at the node before the subsequent communication can be received by the transport layer of the client and sends the subsequent communication with the connection identifier to the interface unit through the established network connection over the public network, wherein after receipt of the subsequent communication with the connection identifier from the agent, the interface unit uses the connection identifier to identify the associated communication link and send the subsequent communication to the node via the associated communication link.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vmware LLC (Broadcom, Inc.)
Original Assignee
NeoAccel, Inc. (Broadcom, Inc.)
Inventors
Masuraker, Uday, Agrawal, Ritesh, Susai, Michel

Granted Patent

US 8,250,214 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/352
CPC Class Codes

H04L 63/0272 Virtual private networks

H04L 67/14 Session management for real...

System, method and computer program product for communicating with a private network

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

79 Citations

44 Claims

Specification

Solutions

Use Cases

Quick Links

System, method and computer program product for communicating with a private network

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

79 Citations

44 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links