Filtering Network Packets in Multiple Forwarding Information Base Systems
First Claim
1. A method for routing communication, comprising:
- receiving a request for a communication session from an application running on a user device, wherein the user device includes two or more perimeters, a binding interface, and an Internet Protocol (IP) security (IPsec) interface;
determining a binding interface for the communication session based on a forwarding information base (FIB) and a destination for the communication session, the binding interface shared with the two or perimeters;
determining that a virtual private network (VPN) tunnel is currently established through the IPsec interface and the binding interface; and
determining whether to filter the communication session based on which of the two or more perimeters of the user device includes the binding interface and which of the two or more perimeters of the user device includes the IPsec interface.
4 Assignments
0 Petitions
Accused Products
Abstract
In some implementations, a method for routing communication includes determining a binding interface for a communication session based on a forwarding information base (FIB) and a destination for the communication session. The communication session is from an application running on user equipment (UE), and the binding interface is included in a virtual private network (VPN) tunnel established through an Internet Protocol (IP) security (IPsec) interface. Whether to filter the communication session is determined based on which perimeter of the UE includes the binding interface and which perimeter of the UE includes the IPsec interface.
36 Citations
20 Claims
-
1. A method for routing communication, comprising:
-
receiving a request for a communication session from an application running on a user device, wherein the user device includes two or more perimeters, a binding interface, and an Internet Protocol (IP) security (IPsec) interface; determining a binding interface for the communication session based on a forwarding information base (FIB) and a destination for the communication session, the binding interface shared with the two or perimeters; determining that a virtual private network (VPN) tunnel is currently established through the IPsec interface and the binding interface; and determining whether to filter the communication session based on which of the two or more perimeters of the user device includes the binding interface and which of the two or more perimeters of the user device includes the IPsec interface. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer program product encoded on a tangible, non-transitory storage medium, the product comprising computer readable instructions for causing one or more processors to perform operations comprising:
-
receiving a request for a communication session from an application running on a user device, wherein the user device includes two or more perimeters, a binding interface, and an Internet Protocol (IP) security (IPsec) interface; determining a binding interface for the communication session based on a forwarding information base (FIB) and a destination for the communication session, the binding interface shared with the two or perimeters; determining that a virtual private network (VPN) tunnel is currently established through the IPsec interface and the binding interface; and determining whether to filter the communication session based on which of the two or more perimeters of the user device includes the binding interface and which of the two or more perimeters of the user device includes the IPsec interface. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A user device for routing a communication, comprising:
-
memory that stores a plurality of FIBs including a FIB and an application, wherein each FIB in the plurality of FIBs identifies routes and interfaces for communicating messages; and one or more processors configured to; receive a request for a communication session from an application running on the user device, wherein the user device includes two or more perimeters, a binding interface, and an Internet Protocol (IP) security (IPsec) interface; determine a binding interface for the communication session based on the FIB and a destination for the communication session, the binding interface shared with the two or perimeters; determining that a virtual private network (VPN) tunnel is currently established through the IPsec interface and the binding interface; and determine whether to filter the communication session based on which of the two or more perimeters of the user device includes the binding interface and which of the two or more perimeters of the user device includes the IPsec interface. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification