SYSTEM, METHOD AND APPARATUS THAT EMPLOY VIRTUAL PRIVATE NETWORKS TO RESIST IP QOS DENIAL OF SERVICE ATTACKS
First Claim
1. A system comprising:
- at least one first boundary router configured to provide a Virtual Private Network (VPN) that supports quality of service levels, and interfaces an access network via a Customer Premise Equipment (CPE) edge router and a physical access link; and
at least one second boundary router coupled to a public network;
wherein the access network connects to the at least one first boundary router, and wherein the at least first boundary router and the at least one second boundary router are connected by a separate logical connection to prevent denial of service attacks on the physical access link originating from sources outside the VPN.
5 Assignments
0 Petitions
Accused Products
Abstract
An approach provides a communication network that supports one or more network-based Virtual Private Networks (VPNs) to resist Denial of Service (DoS) attacks. A first boundary router is configured to provide a Virtual Private Network (VPN) that supports quality of service levels, and interfaces an access network via a Customer Premise Equipment (CPE) edge router and a physical access link. A second boundary router is coupled to a public network. The access network connects to the first boundary router, and wherein the first boundary router and the second boundary router are connected by a separate logical connection to prevent denial of service attacks on the physical access link originating from sources outside the VPN.
77 Citations
18 Claims
-
1. A system comprising:
-
at least one first boundary router configured to provide a Virtual Private Network (VPN) that supports quality of service levels, and interfaces an access network via a Customer Premise Equipment (CPE) edge router and a physical access link; and at least one second boundary router coupled to a public network; wherein the access network connects to the at least one first boundary router, and wherein the at least first boundary router and the at least one second boundary router are connected by a separate logical connection to prevent denial of service attacks on the physical access link originating from sources outside the VPN. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method comprising:
-
interfacing a virtual private network (VPN) to a respective access network via a Customer Premise Equipment (CPE) edge router and a physical access link; connecting each of the access networks only to at least one first boundary router within the VPN; and connecting the at least one first boundary router to at least one second boundary router within a public network by a logical connection separate from the physical access link, such that denial of service attacks on the physical access link originating from sources outside the VPN can be prevented. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
Specification