METHODS AND SYSTEMS FOR IDENTIFYING DATA SESSIONS AT A VPN GATEWAY
First Claim
1. A method for identifying Internet Protocol (IP) data sessions at a VPN gateway comprising:
- receiving encapsulating packets, wherein the encapsulating packets encapsulate IP packets;
identifying a corresponding VPN connection;
decapsulating encapsulating packets to retrieve IP packets;
performing deep packet inspection (DPI) on the IP packets to identify one or more data sessions the IP packets belong to; and
updating a DPI database based, at least in part, on the one or more data sessions.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems for identifying Internet Protocol (IP) data sessions at a VPN gateway. The VPN gateway receives encapsulating packets, wherein the encapsulating packets encapsulate IP packets. A corresponding VPN connection through which the encapsulating packets are received is identified. The VPN gateway decapsulates the encapsulating packets to retrieve the IP packets and performs deep packet inspection (DPI) on the IP packets in order to identify one or more data sessions that the IP packets belong to. A DPI database is updated accordingly, based on, at least in part, the one or more data sessions.
20 Citations
22 Claims
-
1. A method for identifying Internet Protocol (IP) data sessions at a VPN gateway comprising:
-
receiving encapsulating packets, wherein the encapsulating packets encapsulate IP packets; identifying a corresponding VPN connection; decapsulating encapsulating packets to retrieve IP packets; performing deep packet inspection (DPI) on the IP packets to identify one or more data sessions the IP packets belong to; and updating a DPI database based, at least in part, on the one or more data sessions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. According to the method of 1,
wherein the VPN gateway is a VPN hub, wherein the VPN hub establishes one or more VPN connections with one or more other VPN gateways respectively.
-
11. According to the method of 10,
wherein the one or more VPN connection can be an aggregated VPN connection.
-
12. A VPN gateway for identifying Internet Protocol (IP) data sessions, comprising:
-
at least one network interface; at least one processing unit; at least one main memory; at least one secondary storage storing program instructions executable by the at least one processing unit for; receiving encapsulating packets, wherein the encapsulating packets encapsulate IP packets; identifying a corresponding VPN connection; decapsulating encapsulating packets to retrieve IP packets; performing deep packet inspection (DPI) on the IP packets to identify one or more data sessions the IP packets belong to; and updating a DPI database based, at least in part, on the one or more data sessions. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. According to the method of 12,
wherein the VPN gateway is a VPN hub, wherein the VPN hub establishes one or more VPN connections with one or more other VPN gateways respectively.
-
22. According to the method of 21,
wherein the one or more VPN connection can be an aggregated VPN connection.
Specification