Internet protocol (IP) work group routing

US 5,751,971 A
Filed: 07/12/1995
Issued: 05/12/1998
Est. Priority Date: 07/12/1995
Status: Expired due to Term

First Claim

Patent Images

1. A method of routing datagrams from a source to a destination in an IP communications network including routers having multiple router interfaces connecting multiple physical networks, wherein the routers forward IP datagrams based upon IP addresses, the method comprising the steps of:

defining an IP work group by assigning multiple router interfaces connecting a given router to multiple host networks, a single IP work group address,forwarding IP datagrams through the routers based on the IP work group address; and

assigning a security level to the IP work group by identifying hosts as "free" in order to permit forwarding to/from any interface in the group or "secured" in order to permit forwarding to/from a designated interface in the groupwherein four levels of security are provided;

in a "low" security work group, a host with any physical address is free to reside on any interface in the group as long as its IP address does not lie within a specified host address range, but if it does fall in the rangers then it must reside on a designated interface for that range;

in a "medium" security work group, a host'"'"'s IP address must fall within a specified host address range for a designated interface, but unless a physical address is also specified, the physical address is not constrained;

in a "high" security work group, a host must have a specified host IP address for a designated interface and have a designated physical address; and

in a "none" security work group, a host are is free.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Apparatus and method wherein multiple router interfaces are assigned the same IP network address, creating an IP work group. This enhances host mobility by allowing, in one embodiment, a host to be relocated anywhere in the work group without requiring reconfiguration of the host. As a further option, host address ranges may be specified (i.e., locked) to designated interfaces of the work group, to enhance security by restricting the allowed host mobility within the work group. An additional advantage is a reduced consumption of network and subnet addresses, because now a single address is used for several physical networks.

360 Citations

31 Claims

1. A method of routing datagrams from a source to a destination in an IP communications network including routers having multiple router interfaces connecting multiple physical networks, wherein the routers forward IP datagrams based upon IP addresses, the method comprising the steps of:
- defining an IP work group by assigning multiple router interfaces connecting a given router to multiple host networks, a single IP work group address,forwarding IP datagrams through the routers based on the IP work group address; and
  
  assigning a security level to the IP work group by identifying hosts as "free" in order to permit forwarding to/from any interface in the group or "secured" in order to permit forwarding to/from a designated interface in the groupwherein four levels of security are provided;
  
  in a "low" security work group, a host with any physical address is free to reside on any interface in the group as long as its IP address does not lie within a specified host address range, but if it does fall in the rangers then it must reside on a designated interface for that range;
  
  in a "medium" security work group, a host'"'"'s IP address must fall within a specified host address range for a designated interface, but unless a physical address is also specified, the physical address is not constrained;
  
  in a "high" security work group, a host must have a specified host IP address for a designated interface and have a designated physical address; and
  
  in a "none" security work group, a host are is free.
- View Dependent Claims (2)
- - 2. The method of claim 1, wherein a range table is maintained with the specified host address ranges and their designated interfaces.

3. In a method of forwarding IP datagrams in a router based on IP address, wherein the router has multiple host network interface comprising;
- multiple physical interfaces connecting multiple host networks to the router, the improvement comprising;
  
  assigning a plurality of the multiple host network interfaces to an IP work group, the IP work group having a single IP work group address; and
  
  the router forwarding IP datagrams to the multiple host network interfaces based on the IP work group address, such that a host is attachable to any interface in the IP work group without requiring reconfiguration of the host IP address.
- View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16, 17, 22, 23, 24, 25)
- - 4. The method of claim 3, including assigning one or more of the multiple host network interfaces in the IP work group to a designated range of host IP addresses, and wherein forwarding of IP datagrams is restricted to hosts complying with the designated range.
  - 5. The method of claim 4, wherein select interfaces are assigned to the same host IP address range.
  - 6. The method of claim 5, wherein select interfaces are assigned to different host IP address ranges.
  - 7. The method of claim 6, wherein one security level identifies hosts as "free" in order to permit forwarding to/from any interface in the group, and another security level identifies hosts as "secured" in order to permit forwarding to/from one or more designated interfaces in the group.
  - 8. The method of claim 7, wherein the secured level includes a "low" security work group wherein a host with any physical address is free to reside on any interface as long as its IP address does not lie within a specified host address range, but if it does fall in the specified range then it must reside on a designated interface for that range.
  - 9. The method of any one of claims 7 and 8 wherein the secured level includes a "medium" security work group wherein a host'"'"'s IP address must fall within a specified host address range for a designated interface, but unless a physical address is also specified, the physical address is not constrained.
  - 10. The method of claim 9, wherein the secured level includes a "high" security work group wherein a host must have a specified host IP address for a designated interface and have a designated physical address.
  - 11. The method of claim 6, further comprising maintaining a count of known interfaces within the work group.
  - 12. The method of any one of claims 3 and 4, including assigning one or more of the multiple host network interfaces in the IP work group a designated range of host physical address(es), and wherein forwarding of IP datagrams is restricted to hosts complying with the designated range.
  - 14. The method of claim 4, including maintaining a host table of IP host addresses and their associated interfaces.
  - 15. The method of claim 14, further comprising reviewing the host table for duplicate IP host addresses and associated interfaces.
  - 16. The method of claim 4, further comprising monitoring the hosts heard on each interface and maintaining a host table of IP host addresses and associated interfaces on which each host is heard.
  - 17. The method of any one of claims 14 and 16, wherein the host table is maintained as a cache memory accessible by each of the multiple interfaces.
  - 22. The method of claim 4, further comprising:
    - maintaining a range table of host IP addresses and associated interfaces on which the hosts may reside; and
      
      prior to forwarding a datagram, accessing the range table to validate at least one of a source host and a destination host.
  - 23. The method of claim 3, including assigning one or more of the multiple host network interfaces in the IP work group to a designated level of security, and wherein forwarding of IP datagrams is restricted to compliance with the designated level of security.
  - 24. The method of claim 3, wherein if an IP datagram contains source and destination host addresses within the same IP work group, forwarding the IP datagram without performing header and address validation.
  - 25. The method of claim 3, further including configuring a forwarding information base (FIB) with a route for the IP work group.

13. The method of claim, wherein the designated range is for a single physical address.

26. In a router for forwarding IP datagrams based on IP address, wherein the router has multiple host network interface comprising multiple physical interfaces connecting multiple host networks to the router, the improvement comprising:
- means for assigning a plurality of the multiple host network interfaces to an IP work group, the IP work group having a single IP work group address; and
  
  means for forwarding IP datagrams to the multiple host network interfaces based on the IP work group address, such that a host is attachable to any interface in the IP work group without requiring reconfiguration of the host IP address.
- View Dependent Claims (18, 19, 20, 21, 27, 28, 29, 30, 31)
- - 18. The method of claim 27, further comprising:
    - providing a work group forwarding agent for each IP work group.
  - 19. The method of claim 18, further comprising:
    - maintaining a host table of IP host addresses and their associated interfaces; and
      
      wherein the work group forwarding agent, prior to forwarding an IP datagram, accesses the host table for the associated interface.
  - 20. The method of claim 19, wherein:
    - the work group forwarding agent sends ARP requests to all interfaces in the work group to resolve an unknown host physical address.
  - 21. The method of claim 20, further comprising:
    - providing an ARP forwarding agent at each interface in the work group, for accessing the host table.
  - 27. The router of claim 26, including means for assigning one or more of the multiple host network interfaces in the IP work group to a designated range of host IP addresses, and wherein forwarding of IP datagrams by the forwarding means is restricted to hosts complying with the designated range.
  - 28. The router of claim 27, wherein the assigning means assigns select interfaces to the same host IP address range.
  - 29. The router of claim 28, wherein the assigning means assigns select interfaces to different host IP address ranges.
  - 30. The router of any one of claims 26 and 27, including means for assigning one or more of the multiple host network interfaces in the IP work group a designated range of host physical address(es), and wherein forwarding of IP datagrams by the forwarding means is restricted to hosts complying with the designated range.
  - 31. The router of claim 26, including means for assigning one or more of the multiple host network interfaces in the IP work group to a designated level of security, and wherein forwarding of IP datagrams by the forwarding means is restricted to compliance with the designated level of security.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Enterasys Networks Incorporated (Extreme Networks, Inc.)
Original Assignee
Cabletron Systems Incorporated (Extreme Networks, Inc.)
Inventors
Dobbins, Kurt A., Cullerot, David L., Haggerty, William T., Negus, Stephen H.
Primary Examiner(s)
Geckil, Mehmet B.

Application Number

US08/501,324
Time in Patent Office

1,035 Days
Field of Search

395/200.15, 395/200.68, 395/200.75, 395/200.79, 395/200.8, 370/85.13, 370/351, 370/401, 370/409
US Class Current

709/238
CPC Class Codes

H04L 12/46   Interconnection of networks

H04L 12/4625   Single bridge functionality...

H04L 2101/677   Multiple interfaces, e.g. m...

H04L 61/00   Network arrangements, proto...

H04L 61/25   of the same type

H04L 61/5069   for group communication, mu...

H04L 63/0236   Filtering by address, proto...

H04L 69/16   Implementation or adaptatio...

H04L 69/161   Implementation details of T...

H04L 69/165   Combined use of TCP and UDP...

H04L 9/40   Network security protocols

Internet protocol (IP) work group routing

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

360 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Internet protocol (IP) work group routing

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

360 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links