SYSTEM AND METHOD FOR REMOTE MONITORING AND CONTROL OF NETWORK DEVICES

US 20120317191A1
Filed: 08/20/2012
Published: 12/13/2012
Est. Priority Date: 03/01/2007
Status: Active Grant

First Claim

Patent Images

1. A method of operating a centralized server that is coupled over the Internet to a plurality of network traffic devices in local networks, the method comprising:

providing for remote management of the plurality of network traffic devices over the Internet from the centralized server, wherein the centralized server is outside of the local networks, wherein different ones of the network traffic devices are part of different ones of the local networks, wherein each of the network traffic devices provide a gateway for their local network to the Internet, wherein each of the network traffic devices can send messages from other nodes of their local networks over the Internet to the centralized server, wherein each of the local networks includes at least one client device that is one of a laptop computer, desktop computer, and a portable computing device, wherein the local networks are interfaced to the Internet, wherein the network traffic devices are behind network address translation devices (NATs) and have node IP addresses that are not publically routable from the Internet, wherein the node IP addresses are assigned such that none of the network traffic devices have the same node IP address, and wherein the providing includes,the centralized server listening for user datagram protocol (UDP) packets on a well-known IP address and UDP port, wherein each of the network traffic devices opens a UDP connection to the centralized server'"'"'s well-known IP address and UDP port;

exchanging, by the centralized server, Internet Protocol (IP) packets with the plurality of network traffic devices using IP over UDP encapsulation, wherein when travelling over the Internet the UDP headers used for the UDP encapsulation have as source and destination addresses the centralized server'"'"'s well-known IP address and the IP addresses of externally routable network devices behind which the network traffic devices are located, wherein IP headers of the IP packets encapsulated within the UDP headers have as source and destination addresses an agreed upon IP network address of the centralized server and the node IP addresses of the network traffic devices, wherein the exchanging includes, sending network configuration data to each of the network traffic devices, and receiving operational statistics from each of the network traffic devices.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A managed network provides unique network addresses that are assigned to nodes such that no two nodes will have the same address in the managed network and such that each node will always have the same network address regardless of changing its location or changing the network to which it is joined. The nodes, communicating together, comprise a mesh network. Remote management and control of the nodes is possible from the host server, which is located outside of the mesh network, even if a node is located behind a firewall or network address translator (NAT), because server management messages are encapsulated within headers so that a persistent connection between the node and the external host server is maintained once the node sends a message to the host.

33 Citations

View as Search Results

30 Claims

1. A method of operating a centralized server that is coupled over the Internet to a plurality of network traffic devices in local networks, the method comprising:
- providing for remote management of the plurality of network traffic devices over the Internet from the centralized server, wherein the centralized server is outside of the local networks, wherein different ones of the network traffic devices are part of different ones of the local networks, wherein each of the network traffic devices provide a gateway for their local network to the Internet, wherein each of the network traffic devices can send messages from other nodes of their local networks over the Internet to the centralized server, wherein each of the local networks includes at least one client device that is one of a laptop computer, desktop computer, and a portable computing device, wherein the local networks are interfaced to the Internet, wherein the network traffic devices are behind network address translation devices (NATs) and have node IP addresses that are not publically routable from the Internet, wherein the node IP addresses are assigned such that none of the network traffic devices have the same node IP address, and wherein the providing includes,the centralized server listening for user datagram protocol (UDP) packets on a well-known IP address and UDP port, wherein each of the network traffic devices opens a UDP connection to the centralized server'"'"'s well-known IP address and UDP port;
  
  exchanging, by the centralized server, Internet Protocol (IP) packets with the plurality of network traffic devices using IP over UDP encapsulation, wherein when travelling over the Internet the UDP headers used for the UDP encapsulation have as source and destination addresses the centralized server'"'"'s well-known IP address and the IP addresses of externally routable network devices behind which the network traffic devices are located, wherein IP headers of the IP packets encapsulated within the UDP headers have as source and destination addresses an agreed upon IP network address of the centralized server and the node IP addresses of the network traffic devices, wherein the exchanging includes, sending network configuration data to each of the network traffic devices, and receiving operational statistics from each of the network traffic devices.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 2. The method of claim 1, wherein the providing further comprises:
    - initially receiving from each of the network traffic devices a UDP message that is sent to the centralized server'"'"'s well-known IP address and that is to establish a connection between that network traffic device and the centralized server.
  - 3. The method of claim 2, wherein a payload of each of the UDP messages sent to establish the connection between the network traffic devices and the centralized server includes the node IP address of the sending network traffic device and an authentication secret to authenticate that network traffic device.
  - 4. The method of claim 3, wherein the UDP messages sent to establish the connections between the network traffic devices and the centralized server do not encapsulate IP packets.
  - 5. The method of claim 1, wherein the exchanging including the centralized server querying the network traffic devices for the operational statistics rather than having the network traffic devices proactively reporting the operational statistics at regular intervals.
  - 6. The method of claim 1, wherein the network traffic devices are routers.
  - 7. The method of claim 1, wherein each of the local networks is a wireless mesh network.
  - 8. The method of claim 1, wherein at least one of the local networks includes a plurality of network traffic devices that are wireless access points, that are behind the network traffic device providing the gateway for that local network, and that communicate over a wireless network communications protocol to form a wireless mesh network with the network traffic device providing the gateway.
  - 9. The method of claim 8, wherein each of the plurality network traffic devices that are access points also have node IP addresses that are not publically routable from the Internet, wherein the node IP addresses are assigned such that none of the network traffic devices have the same node IP address.
  - 10. The method of claim 9, wherein the providing further comprises:
    - providing for remote management over the Internet from the centralized server of the network traffic devices that are wireless access points.
  - 11. The method of claim 10, wherein the providing for remote management over the Internet from the centralized server of the network traffic devices that are wireless access points further comprises:
    - also exchanging, by the centralized server, Internet Protocol (IP) packets with the plurality of network traffic devices that are access points using IP over UDP encapsulation, wherein each of the network traffic devices that are access points also open a UDP connection to the centralized server'"'"'s well-known IP address and UDP port, wherein IP headers of the IP packets encapsulated within the UDP headers have as source and destination addresses the agreed upon IP network address of the centralized server and the node IP addresses of the network traffic devices that are access points, wherein the exchanging includes,sending network configuration data to each of the network traffic devices that are access points; and
      
      receiving operational statistics from each of the network traffic devices that are access points.
  - 12. The method of claim 1, wherein the exchanging further comprises:
    - wrapping the IP packets in a header and then sending the encapsulated packets inside the UDP datagrams to the network traffic devices.
  - 13. The method of claim 1, wherein each of the IP packets sent from the network traffic devices to the centralized server using IP over UDP encapsulation is characterized by appending an mtunnel header to the IP packet and sending it as a UDP datagram, wherein the mtunnel header includes an IP address field and an authentication secret field, wherein the authentication secret field is to authenticate the one of the network traffic devices sending that particular IP packet.
  - 14. The method of claim 1, wherein the node IP addresses are assigned such that each network traffic device will always have the same node IP address regardless of changing its location or changing the local network to which it is joined.
  - 15. The method of claim 14, wherein the node IP address of each network traffic device is generated based on a media access control (MAC) address of the respective network traffic device.
  - 16. The method of claim 1, wherein the providing further comprises:
    - keeping, by the centralized server, a mapping of how to reach each of the network traffic devices responsive to receiving periodic messages from each of the network traffic devices.
  - 17. The method of claim 16, wherein the providing further comprises:
    - ensuring, by the centralized server sending acknowledgement messages to the periodic messages, that the NATs located along network paths from the centralized server back to the network traffic devices will maintain state that will allow future incoming packet from the centralized server to be delivered to the network traffic devices.
  - 18. The method of claim 1, wherein the exchanging provides an address space bridge between the network traffic devices and any software running on the centralized server.
  - 19. The method of claim 18, wherein the providing further comprises:
    - executing, by the centralized server, network management, report generation, and accounting software applications programs.
  - 20. The method of claim 1, wherein the providing further comprises:
    - providing management tools, by the centralized server over an Internet connection, to assist a network owner.
  - 21. The method of claim 20, wherein the providing management tools further includes providing a user interface accessible through a Web browser.
  - 22. The method of claim 1, wherein the providing further comprises:
    - periodically receiving from each of the network traffic devices a hello packet.
  - 23. The method of claim 1, wherein the providing further comprises ensuring that the NATs located along network paths from the centralized server back to the network traffic devices will maintain state that will allow future incoming packet from the centralized server to be delivered to the network traffic devices.
  - 24. The method of claim 1, wherein the sending network configuration data includes sending to at least one of the network traffic devices at least a portion of at least one of a script and an application that is to be installed by the network traffic devices and that when executed by the network traffic devices cause them to perform monitoring and control functions.

25. A non-transitory computer readable medium containing machine instructions that when executed by a centralized server, which is coupled over the Internet to a plurality of network traffic devices in local networks, cause the centralized server to perform a method, the method comprising:
- providing for remote management of the plurality of network traffic devices over the Internet from the centralized server, wherein the centralized server is outside of the local networks, wherein different ones of the network traffic devices are part of different ones of the local networks, wherein each of the network traffic devices provide a gateway for their local network to the Internet, wherein each of the network traffic devices can send messages from other nodes of their local networks over the Internet to the centralized server, wherein each of the local networks includes at least one client device that is one of a laptop computer, desktop computer, and a portable computing device, wherein the local networks are interfaced to the Internet, wherein the network traffic devices are behind network address translation devices (NATs) and have node IP addresses that are not publically routable from the Internet, wherein the node IP addresses are assigned such that none of the network traffic devices have the same node IP address, and wherein the providing includes,the centralized server listening for user datagram protocol (UDP) packets on a well-known IP address and UDP port, wherein each of the network traffic devices opens a UDP connection to the centralized server'"'"'s well-known IP address and UDP port; and
  
  exchanging, by the centralized server, Internet Protocol (IP) packets with the plurality of network traffic devices using IP over UDP encapsulation, wherein when travelling over the Internet the UDP headers used for the UDP encapsulation have as source and destination addresses the centralized server'"'"'s well-known IP address and the IP addresses of externally routable network devices behind which the network traffic devices are located, wherein IP headers of the IP packets encapsulated within the UDP headers have as source and destination addresses an agreed upon IP network address of the centralized server and the node IP addresses of the network traffic devices, wherein the exchanging includes, sending network configuration data to each of the network traffic devices, and receiving operational statistics from each of the network traffic devices.
- View Dependent Claims (26, 27)
- - 26. The non-transitory computer readable medium of claim 25, wherein the providing further comprises:
    - initially receiving from each of the network traffic devices a UDP message that is sent to the centralized server'"'"'s well-known IP address and that is to establish a connection between that network traffic device and the centralized server.
  - 27. The non-transitory computer readable medium of claim 26, wherein a payload of each of the UDP messages sent to establish the connection between the network traffic devices and the centralized server includes the node IP address of the sending network traffic device and an authentication secret to authenticate that network traffic device.

28. A system for managing over the Internet a plurality of network traffic devices in local networks, comprising:
- a plurality of network traffic devices associated with a plurality of local networks, wherein different ones of the network traffic devices are part of different ones of the local networks, wherein each of the network traffic devices provide a gateway for their local network to the Internet, wherein each of the local networks includes at least one client device that is one of a laptop computer, desktop computer, and a portable computing device, wherein the local networks are interfaced to the Internet; and
  
  a centralized server to provide for remote management of the plurality of network traffic devices over the Internet, wherein the centralized server is outside of the local networks, wherein each of the network traffic devices can send messages from other nodes of their local networks over the Internet to the centralized server,wherein the network traffic devices are behind network address translation devices (NATs) and have node IP addresses that are not publically routable from the Internet, wherein the node IP addresses are assigned such that none of the network traffic devices have the same node IP address, and wherein the providing includes,wherein the centralized server is to listen for user datagram protocol (UDP) packets on a well-known IP address and UDP port, wherein each of the network traffic devices opens a UDP connection to the centralized server'"'"'s well-known IP address and UDP port,wherein the centralized server is to exchange Internet Protocol (IP) packets with the plurality of network traffic devices using IP over UDP encapsulation, wherein when travelling over the Internet the UDP headers used for the UDP encapsulation have as source and destination addresses the centralized server'"'"'s well-known IP address and the IP addresses of externally routable network devices behind which the network traffic devices are located, wherein IP headers of the IP packets encapsulated within the UDP headers have as source and destination addresses an agreed upon IP network address of the centralized server and the node IP addresses of the network traffic devices, wherein the exchanging of the IP packets with the plurality of network traffic devices includes, sending network configuration data to each of the network traffic devices, and receiving operational statistics from each of the network traffic devices.
- View Dependent Claims (29, 30)
- - 29. The system of claim 28, wherein the centralized server initially receives from each of the network traffic devices a UDP message that is sent to the centralized server'"'"'s well-known IP address and that is to establish a connection between that network traffic device and the centralized server.
  - 30. The system of claim 29, wherein a payload of each of the UDP messages sent to establish the connection between the network traffic devices and the centralized server includes the node IP address of the sending network traffic device and an authentication secret to authenticate that network traffic device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Meraki Incorporated (Cisco Systems, Inc.)
Inventors
Biswas, Sanjit, Bicket, John

Granted Patent

US 8,527,662 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/203
CPC Class Codes

H04L 2101/622   Layer-2 addresses, e.g. med...

H04L 41/0246   Exchanging or transporting ...

H04L 41/026   using e-messaging for trans...

H04L 41/04   Network management architec...

H04L 41/0803   Configuration setting

H04L 41/22   comprising specially adapte...

H04L 41/34   Signalling channels for net...

H04L 61/5014   using dynamic host configur...

H04L 61/5092   by self-assignment, e.g. pi...

H04W 48/16   Discovering, processing acc...

H04W 8/005   Discovery of network device...

H04W 8/26   Network addressing or numbe...

H04W 84/12   WLAN [Wireless Local Area N...

H04W 88/08   Access point devices

H04W 88/16   Gateway arrangements

SYSTEM AND METHOD FOR REMOTE MONITORING AND CONTROL OF NETWORK DEVICES

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

33 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR REMOTE MONITORING AND CONTROL OF NETWORK DEVICES

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links