VARIOUS METHODS AND APPARATUSES FOR ACCESSING NETWORKED DEVICES WITHOUT ACCESSIBLE ADDRESSES VIA VIRTUAL IP ADDRESSES

US 20100235481A1
Filed: 10/24/2008
Published: 09/16/2010
Est. Priority Date: 10/24/2007
Status: Abandoned Application

First Claim

Patent Images

1. An apparatus, comprising:

a first Distributed Services Controller (DSC) having a first conduit manager to create a first outgoing TCP/IP stream connection associated with a first virtual IP address to a device service manager (DSM), which in turn relays communication traffic from the first outgoing TCP/IP stream connection to a second DSC, which has a second conduit manager to create a second direct outgoing TCP/IP stream connection associated with a second virtual IP address to the DSM, where the first DSC resides in a first local network and the second DSC resides in a second local network distinct from the first local network and the DSM resides in a wide area network external to both the first and second DSC, wherein both the first and second DSCs establish the outgoing TCP/IP stream connections to the DSM by periodically authenticating itself to the DSM and then keeping that connection open for future bi-directional communication on the outgoing TCP/IP stream connection, and wherein an IP redirector in the DSM receives communication traffic from the first established TCP/IP stream connection from the first DSC and then routes the communication traffic down the second established TCP/IP stream connection to the second DSC based on Virtual IP address mapping occurring in the registry of the DSM.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, apparatus, and system are described for accessing networked devices without accessible network addresses via Virtual IP (VIP) addresses. The system consists of a first Device Services Controller (DSC), featuring a Host Controller component that can make available a virtual network interface and corresponding virtual IP address (VIP) and having a first conduit manager to create a first outgoing TCP/IP conduit connection to a device service manager (DSM). When networking traffic arrives at the virtual networking interface with the associated VIP, the Host Controller component automatically processes and forwards that traffic to the DSM. The DSM processes and relays traffic from the first outgoing TCP/IP conduitconnection to a second DSC, which has a Device Controller component and a second conduit manager to create a second direct outgoing TCP/IP conduit connection to the DSM. An IP redirector in the DSM receives communication traffic from the first established TCP/IP conduit connection from the first DSC and then routes the communication traffic down the second established TCP/IP conduit connection to the second DSC based on a Virtual IP address to real IP address mapping stored in the registry of the DSM. The Host Controller component processes and delivers the network traffic from the DSM to the appropriate local networked device and if appropriate send back any return traffic back to the DSM, which will return it to the first DSC for delivery to the originating network device, Using this mechanism, it is possible for two networked devices on separate networks to communicate even if there does not exist a route to the network address of the target device.

63 Citations

View as Search Results

20 Claims

1. An apparatus, comprising:
- a first Distributed Services Controller (DSC) having a first conduit manager to create a first outgoing TCP/IP stream connection associated with a first virtual IP address to a device service manager (DSM), which in turn relays communication traffic from the first outgoing TCP/IP stream connection to a second DSC, which has a second conduit manager to create a second direct outgoing TCP/IP stream connection associated with a second virtual IP address to the DSM, where the first DSC resides in a first local network and the second DSC resides in a second local network distinct from the first local network and the DSM resides in a wide area network external to both the first and second DSC, wherein both the first and second DSCs establish the outgoing TCP/IP stream connections to the DSM by periodically authenticating itself to the DSM and then keeping that connection open for future bi-directional communication on the outgoing TCP/IP stream connection, and wherein an IP redirector in the DSM receives communication traffic from the first established TCP/IP stream connection from the first DSC and then routes the communication traffic down the second established TCP/IP stream connection to the second DSC based on Virtual IP address mapping occurring in the registry of the DSM.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The apparatus of claim 1, wherein the second DSC receives communication traffic on the first virtual IP address and routes that communication traffic onto a destination device also connected to the second local network that the second DSC is part of, and the first DSC has a discovery manager configured to detect and register local devices on the same local network, the first conduit manager configured to initiate and control of the outgoing TCP/IP stream connection to the DSM, and a tunnel manager configured to multiplex and de-multiplex TCP/IP connections to detected and designated visible devices on the second local network.
  - 3. The apparatus of claim 1, wherein an initial DSC configuration is loaded into a configuration file of the first DSC using a secure configuration file via a portable computer readable medium eliminating a need for a user interface on the first DSC device, and once power is applied to the first DSC, a conduit manager of the first DSC establishes the first outgoing TCP/IP stream connection and then all other needed configuration information is downloaded over the first outgoing TCP/IP stream connection from the DSM to the first DSC.
  - 4. The apparatus of claim 1, further comprising:
    - a network access module in the DSM configured to create a pairing of
      
           1) each DSC'"'"'s unique identifier and the virtual IP address from the local network assigned with the DSC, the network access module is also configured to create a pairing of
      
           2) a unique identifier of a local DSC and a real IP address of a host console network device associated with the unique identifier of the first DSC on the first local area network, as well as a pairing of
      
           3) a real IP address of a destination network device and a unique identifier of a destination DSC on a second local area network, and the DSM then stores these pairings in the registry of the DSM, wherein a request is sent to the first DSC to find out what virtual IP addresses are available in the first local network, and the first DSC finds out what virtual IP addresses are available in its local network and then reports those available virtual IP addresses to the DSM.
  - 5. The apparatus of claim 1, further comprising:
    - a firewall protecting the second local area network, wherein a host console initiating the communication traffic to a remote target device in the second network connects to the first DSC on the first local LAN, in which a tunnel manager program in the first DSC multiplexes traffic onto the first outgoing TCP/IP stream connection and forwards the communication traffic to the DSM, andthe DSM maps the first outgoing TCP/IP stream connection to a corresponding virtual IP address and port associated with the second DSC, where the IP redirector of the DSM determines an intended target device address to a target device in a subset of equipment in a second network and information associated with the second DSC in the second network by consulting a routing table that stores at least real IP addresses, virtual IP addresses, routes to the subset of equipment, and then forwards packets to the second DSC through the second outgoing TCP/IP stream connection established with that DSC.
  - 6. The apparatus of claim 1, wherein a tunnel manager program in the first DSC adds onto a header of the communication traffic, information that includes 1) that the communication traffic is coming from the first DSC and 2) identifying information on the originating device in the first local network by including both the source device and port originally sending the communication traffic, and then forwarding the communication traffic to the DSM for routing over the Internet.
  - 7. The apparatus of claim 1, wherein the DSM has a virtual IP address routing table in the DSM'"'"'s registry that stores at least real IP addresses of each DSC and the network devices on that local area network, which are designated as visible by a user of the local area network, the virtual IP addresses, and routes to devices, where the DSM uses the information in the virtual IP address routing table to map a virtual IP address assigned by the DSM to a real IP address associated with a given DSC to establish the route, and the DSM determines an appropriate virtual IP address route by referencing the virtual IP address routing table, and then forwards the communication traffic to the second DSC for delivery to the target device.
  - 8. The apparatus of claim 7, wherein the DSM determines the appropriate VIP route by referencing the VIP Routing Table and seeing that the target device'"'"'s real IP address is associated with the second DSC'"'"'s unique ID and that a unique ID of the second DSC is associated with a given virtual IP address.
  - 9. The apparatus of claim 1, wherein the first DSC in the first local network has a tunnel manager that in multiplexer mode maps all associated network devices in the first local network to domain names, and a network access module in the DSM is configured to maintain a pool of virtual IP addresses for use by the first DSC when mapping an IP address to a domain name.
  - 10. The apparatus of claim 1, wherein the first DSC obtains available virtual IP addresses using a local automatic address server, and then copies the available virtual IP addresses back to an association manager in the DSM, which updates a virtual IP routing table in the DSM.
  - 11. The apparatus of claim 1, wherein the second DSC in demultiplexer mode accepts a tunnel request from the DSM and forwards the communication traffic on to associated devices in the second local area network, and the second DSC periodically calls the DSM to see if any traffic is pending for the associated devices in the network hosting the second device controller, and the second DSC demultiplexes the communication traffic received on the second outgoing communication tunnel with the DSM, reads virtual IP address pair information inserted into a header of the communication traffic, and then delivers the communication traffic to the target device.
  - 12. The apparatus of claim 1, wherein a tunnel manager is configured for the first DSC to be able to initiate a TCP or UDP connection to an end target device in the second local network protected by an intervening firewall and without knowing the real IP address of the end target device, where the DSM assigns the first virtual IP address to the first DSC by either a DHCP address configuration or from a static pool of virtual IP addresses available to the first DSC.
  - 13. The apparatus of claim 12, wherein the first DSC initiates the first TCP/IP stream connection by querying a designated DNS name for the end target device and the virtual IP address returned is supplied by the DSM from the pool of local virtual IP addresses available to the first DSC.

14. A method, comprising:
- establishing a first outgoing TCP/IP stream connection to a central device from a local device;
  
  establishing a second outgoing TCP/IP stream connection to the central device from a remote device, where the local device resides in a first local network, the remote device resides in a second local network distinct from the first local network, and the central device resides in a wide area network external to both the local and remote device, where both the local and remote device create their own outgoing TCP/IP stream connection to the central device by periodically authenticating themselves to the central device and then keeping that connection open for future bi-directional communication on the outgoing TCP/IP stream connection;
  
  assigning a first virtual IP address to the local device and a second virtual IP address to the remote device;
  
  receiving communication traffic from the first established TCP/IP stream connection from the local device associated with the first virtual IP address and then routing the communication traffic down the second established TCP/IP stream connection to the remote device associated with the second virtual IP address based on virtual IP address mapping occurring in a registry of the central device; and
  
  decoding the communication traffic and forwarding the communication traffic to a network device on the second local network from the remote device.
- View Dependent Claims (15, 16, 17)
- - 15. The method of claim 14, further comprising:
    - detecting and registering local devices on the second local network;
      
      multiplexing and de-multiplexing TCP/IP connections to detected and designated visible devices on the second local network; and
      
      adding onto a header of the communication traffic, information that includes
      
      1) that the communication traffic is coming from the first DSC and
      
      2) identifying information on the originating device in the first local network by including both the source device and port originally sending the communication traffic.
  - 16. The method of claim 15, wherein an initial DSC configuration is loaded into a configuration file of the first DSC using a secure configuration file via a portable computer readable medium eliminating a need for a user interface on the first DSC device, and once power is applied to the first DSC, a conduit manager of the first DSC establishes the first outgoing TCP/IP stream connection and then all other needed configuration information is downloaded over the first outgoing TCP/IP stream connection from the DSM to the first DSC.
  - 17. The method of claim 15, further comprising:
    - creating a pairing of the local device'"'"'s unique identifier and the virtual IP address from the local network assigned with the local device;
      
      creating a pairing of a unique identifier of a local device and a real IP address of associated with the unique identifier of DSC;
      
      creating a pairing of a real IP address of a destination network device and a unique identifier of the remote device on a second local area network;
      
      storing these pairings in a registry of the central device; and
      
      requesting the local device to find out what virtual IP addresses are available in the first local network, and then reporting those available virtual IP addresses to the central device.

18. An system, comprising:
- a first and a second DSC that each have a conduit manager to create a direct communication tunnel to a DSM, where the first DSC resides in a first local network and the second DSC resides in a second local network distinct from the first local network and the DSM resides in a wide area network external to both the first and second DSC, wherein both the first and second DSC each creates its own direct communication tunnel to the DSM by periodically authenticating itself to the DSM and establishing an outgoing TCP/IP stream connection to the DSM and then keeps that connection open for future bi-directional communication on the outgoing TCP/IP stream connection; and
  
  an IP redirector in the DSM receives communication traffic from a first established TCP/IP stream connection from the first DSC and then routes the communication traffic down a second established TCP/IP stream connection to the second DSC based on Virtual IP address mapping occurring in the registry of the DSM, wherein the second DSC decodes the communication traffic and forwards the communication traffic to a network device on the second local network.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18, wherein the DSM has a virtual IP address routing table in the DSM'"'"'s registry that stores at least real IP addresses of each DSC, the network devices on that local area network, which are designated as visible by a user of the local area network, the virtual IP addresses, routes to devices, where the DSM uses the information in the virtual IP address routing table to map a virtual IP address assigned by the DSM to a real IP address associated with a given DSC to establish the route and the DSM determines an appropriate virtual IP address route by referencing the virtual IP address routing table, and then forwards the communication traffic to the second DSC for delivery to the target device.
  - 20. The system of claim 19, wherein the DSM determines the appropriate VIP route by referencing the VIP Routing Table and seeing that the target device'"'"'s real IP address is associated with the second DSC'"'"'s unique ID and that a unique ID of the second DSC is associated with a given virtual IP address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lantronix Incorporated
Original Assignee
Lantronix Incorporated
Inventors
Deutsch, Jonathan Peter, Sung, Danny Te-An

Application Number

US12/306,042
Publication Number

US 20100235481A1
Time in Patent Office

Days
Field of Search
US Class Current

709/222
CPC Class Codes

H04L 41/0806   for initial configuration o...

H04L 61/2514   between local and global IP...

H04L 61/2517   using port numbers

H04L 61/2528   Translation at a proxy

H04L 63/029   Firewall traversal, e.g. tu...

H04L 67/34   involving the movement of s...

VARIOUS METHODS AND APPARATUSES FOR ACCESSING NETWORKED DEVICES WITHOUT ACCESSIBLE ADDRESSES VIA VIRTUAL IP ADDRESSES

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

63 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

VARIOUS METHODS AND APPARATUSES FOR ACCESSING NETWORKED DEVICES WITHOUT ACCESSIBLE ADDRESSES VIA VIRTUAL IP ADDRESSES

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

63 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links