Methods and apparatus for tunnel stitching in a network
First Claim
1. A method comprising:
- receiving a key exchange request message originating from a source node in a first type of network, the key exchange request message including a request to create a secured connection using encryption keys;
in response to receiving the key exchange request message, utilizing a unique identifier in the key exchange request message to identify a virtual private network associated with the second type of network; and
in lieu of responding to the key exchange request message and providing encryption key information to the source node, utilizing a corresponding forwarding table associated with the virtual private network identified by the unique identifier for purposes forwarding the key exchange request message to a destination in the second type of network to establish the secured connection.
1 Assignment
0 Petitions
Accused Products
Abstract
An edge router (disposed between a packet-switched network and a label-switching network) is configured to receive an IKE message originating from a client on the Internet (e.g., packet-switched network) attempting to set up a tunnel. Upon receipt of the IKE message, the edge router utilizes a unique identifier in the IKE message to identify a virtual private network in the label-switching network. In lieu of terminating an IPSec tunnel at the edge router and performing a respective key exchange with the client, the edge router identifies a corresponding forwarding table associated with the virtual private network (identified by the unique identifier in the IKE message) and, based on the corresponding forwarding table, forwards the IKE message to a destination reachable via the label-switching network. The destination (e.g., a key server in a corresponding VPN) communicates with the client through the edge router to set up the tunnel.
93 Citations
25 Claims
-
1. A method comprising:
-
receiving a key exchange request message originating from a source node in a first type of network, the key exchange request message including a request to create a secured connection using encryption keys;
in response to receiving the key exchange request message, utilizing a unique identifier in the key exchange request message to identify a virtual private network associated with the second type of network; and
in lieu of responding to the key exchange request message and providing encryption key information to the source node, utilizing a corresponding forwarding table associated with the virtual private network identified by the unique identifier for purposes forwarding the key exchange request message to a destination in the second type of network to establish the secured connection. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method comprising:
-
receiving a key exchange request message from a source node in a first type of network, the key exchange request message being transmitted by the source node to initiate communications with an edge router between the first type of network and a second type of network for purposes of creating a secured connection using encryption keys; and
in lieu of terminating the secured connection at the edge router, utilizing a forwarding table maintained by the edge router to forward the key exchange request message to a destination node in the second type of network for purposes of enabling a key exchange between the source node and the destination node through the edge router.
-
-
14. A data communication device supporting data flows between a first type of network and a second type of network, the data communication device being configured to:
- i) receive a key exchange request message originating from a source node in the first type of network, ii) utilize a unique identifier in the key exchange request message to identify a virtual private network associated with the second type of network; and
iii) identify a corresponding forwarding table associated with the virtual private network identified by the unique identifier, and iv) in lieu of responding to the key exchange request message and providing encryption key information, forward the key exchange request message to a destination in the second type of network to create a secured connection between the source node in the first type of network and the destination in the second type of network using encryption keys. - View Dependent Claims (15, 16, 17, 18, 19, 20)
- i) receive a key exchange request message originating from a source node in the first type of network, ii) utilize a unique identifier in the key exchange request message to identify a virtual private network associated with the second type of network; and
-
21. A computer program product including a computer-readable medium having instructions stored thereon for processing data information, such that the instructions, when carried out by a processing device, enable the processing device to perform the steps of:
-
receiving a key exchange request message originating from a source node in a first type of network, the key exchange request message including a request to create a secured connection between the source node in the first type of network and a destination in a second type of network;
in response to receiving the key exchange request message, utilizing a unique identifier in the request key exchange request message to identify a virtual private network associated with the second type of network; and
in lieu of responding to the key exchange request message and providing encryption key information to the source node, utilizing a corresponding forwarding table associated with the virtual private network identified by the unique identifier for purposes forwarding the key exchange request message to the destination in the second type of network. - View Dependent Claims (22, 23)
-
-
24. A computer system comprising:
-
a processor;
a memory unit that stores instructions associated with an application executed by the processor; and
an interconnect coupling the processor and the memory unit, enabling the computer system to execute the application and perform operations of;
receiving a key exchange request message originating from a source node in a first type of network, the key exchange request message including a request to create a secured connection between the source node in the first type of network and a destination in a second type of network;
in response to receiving the key exchange request message, utilizing a unique identifier in the key exchange request message to identify a virtual private network associated with the second type of network; and
in lieu of responding to the key exchange request message and providing encryption key information to the source node, utilizing a corresponding forwarding table associated with the virtual private network identified by the unique identifier for purposes forwarding the key exchange request message to the destination in the second type of network.
-
-
25. A computer readable medium having computer readable code thereon, the computer-readable medium comprising:
instructions for transmitting a key exchange request message originating from a source node in a first type of network to a data communication device, the data communication device configured to;
receive the key exchange request message originating from the source node;
in response to receiving the key exchange request message, utilize a unique identifier in the key exchange request message to identify a virtual private network associated with a virtual private network in a second type of network; and
in lieu of responding to the key exchange request message and providing encryption key information to the source node, utilize a corresponding forwarding table associated with the virtual private network identified by the unique identifier for purposes forwarding the key exchange request message to a destination node of the virtual private network and support establishment of a secured connection between the source node and the destination node.
Specification