METHOD AND SYSTEM OF ESTABLISHING A VIRTUAL PRIVATE NETWORK IN A CLOUD SERVICE FOR BRANCH NETWORKING

US 20160315912A1
Filed: 04/12/2016
Published: 10/27/2016
Est. Priority Date: 04/13/2015
Status: Active Grant

First Claim

Patent Images

1. A computerized system useful for implementing a virtual private network (VPN) comprising:

an edge device that automatically establishes an Internet Protocol Security (IPsec) tunnel alongside an unsecure Multipath Protocol (MP) tunnel with a gateway device in the Internet in preparation for a transmission of a secure traffic communication, wherein the edge device has a list of local subnets, and wherein the edge device sends the list of local subnets to the gateway during an initial MP tunnel establishment handshake message exchange between the edge device and the gateway device, wherein each subnet includes an indication of whether the subnet is reachable over the VPN;

a gateway device that automatically establishes the IPsec tunnel alongside the unsecure MP tunnel with the edge device;

an enterprise datacenter server that comprises an orchestrator module that receives a toggle the VPN command and enables the VPN on the orchestrator, and wherein the orchestrator informs the edge device the list of subnets is accessible over the VPN causing the edge device to update the gateway device with a new list of subnets of the edge device that accessible over the VPN.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one aspect, a computerized system useful for implementing a virtual private network (VPN) including an edge device that automatically establishes an Internet Protocol Security (IPsec) tunnel alongside an unsecure Multipath Protocol (MP) tunnel with a gateway device in preparation for a transmission of a secure traffic communication. The edge device has a list of local subnets. The edge device sends the list of local subnets to the gateway during an initial MP tunnel establishment handshake message exchange between the edge device and the gateway device. Each subnet includes an indication of whether the subnet is reachable over the VPN. A gateway device that automatically establishes the IPsec tunnel alongside the unsecure MP tunnel with the edge device. An enterprise datacenter server that comprises an orchestrator module that receives a toggle the VPN command and enables the VPN on the orchestrator. The orchestrator informs the edge device the list of subnets is accessible over the VPN causing the edge device to update the gateway device with a new list of subnets of the edge device that accessible over the VPN.

Citations

10 Claims

1. A computerized system useful for implementing a virtual private network (VPN) comprising:
- an edge device that automatically establishes an Internet Protocol Security (IPsec) tunnel alongside an unsecure Multipath Protocol (MP) tunnel with a gateway device in the Internet in preparation for a transmission of a secure traffic communication, wherein the edge device has a list of local subnets, and wherein the edge device sends the list of local subnets to the gateway during an initial MP tunnel establishment handshake message exchange between the edge device and the gateway device, wherein each subnet includes an indication of whether the subnet is reachable over the VPN;
  
  a gateway device that automatically establishes the IPsec tunnel alongside the unsecure MP tunnel with the edge device;
  
  an enterprise datacenter server that comprises an orchestrator module that receives a toggle the VPN command and enables the VPN on the orchestrator, and wherein the orchestrator informs the edge device the list of subnets is accessible over the VPN causing the edge device to update the gateway device with a new list of subnets of the edge device that accessible over the VPN.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computerized system of claim 1, wherein the VPN is disabled on the orchestrator, the orchestrator informs the edge device that the new list of subnets of the edge device accessible over the VPN are no longer reachable over VPN.
  - 3. The computerized system of claim 2, wherein the edge device updates the gateway that the new list of subnets of the edge device accessible over the VPN are no longer reachable over VPN.
  - 4. The computerized system of claim 1, wherein a routing protocol is implemented between the edge device and the gateway device.
  - 5. The computerized system of claim 4, wherein the routing protocol relays a state information of the edge device to a plurality of other gateway peers that are one hop away from the gateway, and wherein the plurality of other gateway peers are listed in a virtual routing and forwarding (VRF) table.
  - 6. The computerized system of claim 5 further comprising:
    - a second edge device, wherein the second edge devices establishes a separate IPsec tunnel alongside a separate unsecure Muitipath Protocol (MP) tunnel with the gateway device in preparation for a separate transmission of a secure traffic communication, wherein the second edge device comprises a second list of subnets accessible over the VPN, wherein the second edge device informs the gateway of the second list of subnets of the second edge device accessible over the VPN.
  - 7. The computerized system of claim 6, wherein the gateway informs the plurality of gateway peers of the new list of subnets of the edge device accessible over the VPN and the second list of subnets of the second edge device accessible over the VPN.
  - 8. The computerized system of claim 7, wherein the gateway device automatically establishes the IPsec tunnel alongside the unsecure MP tunnel with the edge device irrespective of whether or not the VPN has been enabled on the edge device.
  - 9. The computerized system of claim 8, wherein the edge device comprises an entry point into an enterprise core network, wherein the second edge device comprises a virtual machine located in a customer premises.
  - 10. The computerized system of claim 9, wherein the gateway device is implemented in a cloud-computing platform.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nicira Incorporated (Broadcom, Inc.)
Original Assignee
Ajit Ramachandra Mayya, Parag Pritam Thakore, Stephen Craig Connors, Steven Michael Woo, Sunil Mukundan, Thomas Harold Speeter
Inventors
MAYYA, AJIT RAMACHANDRA, CONNORS, STEPHEN CRAIG, WOO, STEVEN MICHAEL, MUKUNDAN, SUNIL, SPEETER, THOMAS HAROLD, THAKORE, PARAG PRITAM

Granted Patent

US 10,135,789 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06N 20/00   Machine learning

H04L 12/4633   Interconnection of networks...

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 12/66   Arrangements for connecting...

H04L 45/42   Centralised routing

H04L 49/35   Switches specially adapted ...

H04L 63/0272   Virtual private networks

H04L 63/0281   Proxies

H04L 63/029   Firewall traversal, e.g. tu...

H04L 67/10   in which an application is ...

METHOD AND SYSTEM OF ESTABLISHING A VIRTUAL PRIVATE NETWORK IN A CLOUD SERVICE FOR BRANCH NETWORKING

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM OF ESTABLISHING A VIRTUAL PRIVATE NETWORK IN A CLOUD SERVICE FOR BRANCH NETWORKING

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links