METHODS, APPARATUS AND DATA STRUCTURES FOR SEGMENTING CUSTOMERS USING AT LEAST A PORTION OF A LAYER 2 ADDRESS HEADER OR BITS IN THE PLACE OF A LAYER 2 ADDRESS HEADER
First Claim
1. A method for provisioning services to packets sourced from a number of client customer devices, the method comprising:
- a) accepting a packet sourced from one of a number of client customer devices, wherein the packet has had at least a part of a layer 2 header, generated by the source client customer device, replaced with a unique bit string that is independent of any contents of the packet;
b) determining whether or not the packet is entitled to access a particular service using at least a portion of the unique bit string; and
c) if it is determined that the packet is entitled to access the particular service, then routing the packet, otherwise denying the packet access to the particular service.
2 Assignments
0 Petitions
Accused Products
Abstract
Limiting or controlling access to various services thereby performing a firewall function. An access router may permit or deny a packet based on at least a portion of a unique bit string (or context information) which replaced layer 2 header information (e.g., the layer 2 (e.g., MAC) address). Further, a particular quality of service may be indicated by at least a part of the unique bit string (or context information). The service provided to a group of customers, that group of customers being defined by at least a portion of the unique bit string (or context information), may be monitored. Multicast groups may be supported by checking at least a part of the unique bit string (or context information) to determine whether or not a customer associated with that port is permitted to join the multicast group.
-
Citations
17 Claims
-
1. A method for provisioning services to packets sourced from a number of client customer devices, the method comprising:
-
a) accepting a packet sourced from one of a number of client customer devices, wherein the packet has had at least a part of a layer 2 header, generated by the source client customer device, replaced with a unique bit string that is independent of any contents of the packet; b) determining whether or not the packet is entitled to access a particular service using at least a portion of the unique bit string; and c) if it is determined that the packet is entitled to access the particular service, then routing the packet, otherwise denying the packet access to the particular service. - View Dependent Claims (2, 3, 10, 14, 15)
-
-
4. A method for providing various quality of service levels to packets sourced from a number of client customer devices, the method comprising:
-
a) accepting a packet sourced from one or a number of client customer devices, wherein the packet has had at least a part of a layer 2 header, generated by the source client customer device, replaced with a unique bit string that is independent of any contents of the packet; b) determining a service level to which the packet is entitled using the unique bit string; and c) forwarding the packet to a particular one of a plurality of queues associated with the service level determined. - View Dependent Claims (5, 6, 11, 16, 17)
-
-
7. A method for monitoring packets sourced from a group of client customer devices defining a subset of client customer devices, each of the packets having at least a part of a layer 2 header, generated by the source client customer device, replaced with a unique bit string, the method comprising:
-
a) determining whether or not the packet belongs to the group of client customer devices using at least a portion of the unique bit string; and b) if it is determined that the packet does belong to the group of client customer devices, then i) copying the packet to generate a duplicate packet, and ii) forwarding the duplicate packet to a monitoring facility, wherein the monitoring facility monitors at least one of (A) service provided to a group of customers, and (B) security. - View Dependent Claims (8, 9, 12, 13)
-
Specification