Domain isolation through virtual network machines
First Claim
Patent Images
1. A computer implemented method comprising:
- routing Internet Protocol (IP) packets within a first Internet Service Provider'"'"'s (ISP'"'"'s) domain from a single network device with a first database, the first database including addresses of the first ISP'"'"'s domain; and
routing IP packets within a second ISPs domain from the single network device with a second database, the second database being separate from the first database and including addresses of the second ISP'"'"'s domain.
4 Assignments
0 Petitions
Accused Products
Abstract
A computer implemented method in which Internet Protocol (IP) packets are routed within a first Internet Service Provider'"'"'s (ISP'"'"'s) domain from a single network device with a first database. The first database includes addresses of the first ISP. IP packets are also routed within a second ISP'"'"'s domain from single network device with a second database. The second database, which is separate from the first database, includes addresses of the second ISP.
-
Citations
81 Claims
-
1. A computer implemented method comprising:
-
routing Internet Protocol (IP) packets within a first Internet Service Provider'"'"'s (ISP'"'"'s) domain from a single network device with a first database, the first database including addresses of the first ISP'"'"'s domain; and
routing IP packets within a second ISPs domain from the single network device with a second database, the second database being separate from the first database and including addresses of the second ISP'"'"'s domain. - View Dependent Claims (2, 3, 4, 5, 6)
routing IP packets within a corporation'"'"'s domain from the single network device with a third database, the third database being separate from the first and second databases, wherein said third database includes addresses of the corporation'"'"'s domain.
-
-
5. The computer implemented method of claim 1 further comprising:
-
providing the corporation administrative control of the third database, but not the first and second databases;
providing the first ISP administrative control of the first database, but not the second and third databases; and
providing the second ISP administrative control of the second database, but not the first and third databases.
-
-
6. The method of claim 1 further comprising routing the packets within the first ISP'"'"'s domain with a global database that includes globally known addresses if the packets cannot be routed within the first ISP'"'"'s domain with the first database.
-
7. A memory having a set of one or more programs stored thereon to cause a single network device to perform operations comprising:
-
maintaining a first database separately from a second database in the single network device, the first database having addresses for a first Internet Service Provider'"'"'s (ISP'"'"'s) domain and the second database having addresses for a second ISP'"'"'s domain;
routing Internet Protocol (IP) packets within the first ISP'"'"'s domain from the single network device with the first database; and
routing IP packets within the second ISP'"'"'s domain from the single network device with the second database. - View Dependent Claims (8, 9, 10, 11)
maintaining a third database separately from the first and second databases, wherein the third database has addresses for a corporation'"'"'s domain; and
routing IP packets within the corporation'"'"'s domain with the third database from the single network device.
-
-
10. The computer implemented method of claim 9 further comprising:
-
providing the first ISP administrative control of the first database, but not the second or third databases;
providing the second ISP administrative control of the second database, but not the first or third databases; and
providing the corporation administrative control of the third database, but not the first or second databases.
-
-
11. The memory of claim 7 wherein the set of one or more programs cause the single network device to perform operations further comprising:
-
maintaining a third database separately from the first and second databases, wherein the third database has addresses of a backbone; and
routing IP packets within the first ISP'"'"'s domain with the third database if they cannot be routed with the first database.
-
-
12. A single network device comprising:
-
an electronic memory having a first database of network addresses of a first network domain that is administered by a first Internet Service Provider (ISP);
a second database of network addresses of a second network domain that is administered by a second ISP, the second database being isolated from the first database; and
a set of one or more processors to execute a set of instructions that cause the single network device to route a first set of packets of the first network domain with the first database and to route a second set of packets of the second network domain with the second database. - View Dependent Claims (13, 14, 15, 16, 17)
the electronic memory further having a third database to store network addresses of a third network domain that is administered by a corporation, the third database being isolated from the first and second databases; and
the set of processors to execute the set of installations to further cause the single network device to route a third set of packets of the third network domain with the third database.
-
-
17. The single network device of claim 12 further comprising:
-
the electronic memory having a third database of addresses of a network provider that is administered by the network provider, the third database being isolated from the first and second databases; and
the set of processors to execute the set of instructions that further cause the single network device to route the first set of packets with the third database if they cannot be routed with the first database.
-
-
18. A method comprising:
-
routing packets for a first set of subscribers with a fist virtual router, and routing packets for a second set of subscribers with a second virtual router, the first and second virtual routers being isolated from each other within a single network device, the first set of subscribers subscribing to a first Internet Service Provider (ISP) and the second set of subscribers subscribing to a second ISP;
providing administrative control of the first virtual router, which includes a first network database, used by the first virtual router to route packets, of network device addresses within the first ISP'"'"'s domain and control and policy information for the first ISP'"'"'s domain, to the first ISP; and
providing administrative control of the second virtual router, which includes a second network database, used by the second virtual router to route packets, of network device addresses within the second ISP'"'"'s domain and control and policy information for the second ISP'"'"'s domain, to the second ISP, wherein the first ISP does not have administrative control of the second network database and the second ISP does not have administrative control of the first network database. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
providing a network provider administrative control of a global virtual router including a global network database in the single network device.
-
-
22. The method of claim 18 further comprising:
-
routing packets for a third set of subscribers with a third virtual router; and
providing administrative control of the third virtual router, which includes a third network database of network device addresses within a corporation'"'"'s domain and control and policy information for the corporation'"'"'s domain, wherein the corporation has administrative control of the third virtual router but not the first and second virtual routers.
-
-
23. The method of claim 22 further comprising providing a network provider access to the first, second and third network databases and a global network database, said global network database being in said single network device.
-
24. The method of claim 18 wherein the packets are layer 3 packet.
-
25. The method of claim 18 further comprising:
connecting the first and second set of subscribers to the single network device in accordance with an a authorization, authentication and accosting protocol.
-
26. An electronic memory encoded with a set of instructions, which when executed on a single network device, cause said single network device to perform operations comprising:
-
creating a plurality of collections of processes and mechanisms for implementing router functionality, each of the plurality of collections of processes and mechanisms operating on a different network database including addresses and control and policy information;
separately storing the network database of each of the plurality of collections of processes and mechanisms; and
each of the plurality of collections of processes and mechanisms routing packets within a different administrative domain with its network database and in accordance with its control and policy information. - View Dependent Claims (27, 28, 29, 30)
-
-
31. A single network device comprising:
-
plurality of virtual network machines that are individually isolated, each of the plurality of virtual network machines to route packets within a different administrative domain with a network address database for the different administrative domain, and control and policy information for the different administrative domain;
a first port to transmit and receive said packets to and from subscribers; and
a second port to transmit and receive said packets to and from the Internet. - View Dependent Claims (32, 33, 34)
-
-
35. A single network device comprising:
-
communication hardware;
a set of one or more processors coupled with the communication hardware; and
an electronic memory coupled with the communication hardware and the set of processors, the electronic memory encoded with a set of instructions to cause the set of processors to, host a first virtual router that includes a first network database of network device addresses within a first Internet Service Provider'"'"'s (ISP'"'"'s) domain and control and policy information for the first ISP'"'"'s domain, and host a second virtual router, isolated from the first virtual router, that includes a second network database of network device addresses within a second ISP'"'"'s domain and control and policy information for the second ISP'"'"'s domain, route packets for a first set of subscribers with the communication hardware and the first virtual router, wherein the first set of subscribers subscribe to the first ISP, route packets for a second set of subscribers with the communication hardware and the second virtual router, wherein the second set of subscribers subscribe to the second ISP, provide the first ISP administrative control of the first virtual router but not the second virtual router, and provide the second ISP administrative control of the second virtual router, but not the first virtual router. - View Dependent Claims (36, 37, 38, 39)
the electronic memory to host a third virtual router that includes a third network database of network device addresses within a corporation'"'"'s domain and control and policy information for the corporation'"'"'s domain, and the set of instructions to further cause the set of processors to, route packets for a third set of subscribers with the communication hardware and the third virtual router, and provide the corporation administrative control of the third virtual router, but not the first and second virtual routers.
-
-
38. The single network device of claim 35, wherein the set of instructions further cause the set of processors to switch packets for a third set of subscribers with the communication hardware and the first virtual router.
-
39. The single network device of claim 35 wherein the packets are layer 3 packets.
-
40. A network comprising:
-
a set of one or more networks;
a set of one or more end stations communicating, for a first set of one or more subscribers of a first Internet Service Provider (ISP) and for a second set of one or more subscribers of a second ISP, packets;
a single network access device coupled between the set of networks and the set of end stations, the single network access device having, communication hardware;
an electronic memory coupled with the communication hardware, the electronic memory having stored therein, a first network database, controllable for administration by the first ISP but not the second ISP, including network device addresses and control and policy information for the first ISP, a second network database, controllable for administration by the second ISP but not the first ISP, including network device addresses and control and policy information for the second ISP, wherein the fast network database and the second network database are isolated from each other; and
a set of one or more processors, coupled with the communication hardware and the electronic memory, routing said packets being communicated for the first set of subscribers with the communication hardware and a first virtual router that includes the first network database, and routing said packets being communicated for the second set of subscribers with the communication hardware and a second virtual router that includes the second network database. - View Dependent Claims (41, 42, 43, 44)
the set of one or more networks including a virtual network of a corporation;
the set of end stations communicating, for a third set of one or more subscribers of the corporation, packets;
the electronic memory having stored therein a third network database, controllable for administration by the corporation but not the first ISP nor the second ISP, including network device addresses and control and policy information for the corporation; and
the set of processors routing said packets being communicated for the third set of subscribers with the communication hardware and a third virtual router that includes the third network database.
-
-
43. The network of claim 40 further comprising the set of processors switching packets for a third set of one or more subscribers with the communication hardware and the first virtual router.
-
44. The network of claim 40 wherein the packets are layer 3 packets.
-
45. An electronic memory encoded with a set of instructions, which when executed on a single network device, cause said single network device to perform operations comprising:
-
routing packets for a first set of subscribers with a first virtual router, and routing packets for a second set of subscribers with a second virtual router, the first and second virtual routers being isolated from each other within the single network device, the first set of subscribers subscribing to a first Internet Service Provider (ISP) and the second set of subscribers subscribing to a second ISP;
providing administrative control of the first virtual router, which includes a first network database of network device addresses within the first ISP'"'"'s domain and control and policy information for the first ISP'"'"'s domain, to the first ISP; and
providing administrative control of the second virtual router, which includes a second network database of network device addresses within the second ISP'"'"'s domain and control and policy information for the second ISP'"'"'s domain, to the second ISP, wherein the first ISP does not have administrative control of the second network database and the second ISP does not have administrative control of the first network database. - View Dependent Claims (46, 47, 48)
routing packets for the first and second set of subscribers with a third virtual router, the third virtual routing including a global network database.
-
-
47. The electronic memory of claim 45 wherein the operations further comprise:
-
routing packets for a third set of subscribers with a third virtual router, the third virtual router being isolated from the first and second virtual router within the single network device; and
providing a corporation administrative control of the third virtual router, which includes a third network database of network device addresses of the corporation and control and policy information for the corporation, wherein the corporation has administrative control of the third virtual router but not the first and second virtual routers.
-
-
48. The electronic memory of claim 45, wherein the operations further comprise:
switching packets for a third set of one or more subscribers with the first virtual router.
-
49. A method in a single network device comprising:
-
creating a plurality of collections of processes and mechanisms for implementing router functionality, each of the plurality of collections of processes and mechanisms operating on a different network database including addresses and control and policy information;
separately storing the network database of each of the plurality of collections of processes and mechanisms; and
each of the plurality of collections of processes and mechanisms routing packets within a different administrative domain with its network database and in accordance with its control and policy information. - View Dependent Claims (50, 51, 52, 53, 54)
-
-
55. A single network device comprising:
-
a set of one or more processors; and
an electronic memory coupled with the set of processors, the electronic memory having a set of instructions to cause the set of processors to, create a plurality of collections of processes and mechanisms, each of the plurality of collections of processes and mechanisms to operate on a different network database including control and policy information, and to route packets within a different administrative domain with its network database and in accordance with its control and policy information, and separately store the different network database of each of the plurality of collections of processes and mechanisms. - View Dependent Claims (56, 57, 58, 59, 60)
-
-
61. A network comprising:
-
a set of one or more networks;
a set of one or more end stations communicating packets with the set of networks; and
a single network device coupled between the set of networks and the set of end stations, the single network device having a plurality of collections of processes and mechanisms, each of the plurality of collections of processes and mechanisms, operating on a different network database including addresses and control and policy information, wherein the network database operated on by each of the collection of processes and mechanisms is stored separately, and routing packets within a different administrative domain with its network database and in accordance with its control and policy information. - View Dependent Claims (62, 63, 64, 65)
-
-
66. A network comprising:
-
a set or one or more networks;
a set of one or more end stations communicating packets with the set of networks, and a single network device coupled between the set of networks and the set of end stations, the single network device having, a first virtual network machine transmitting certain of said packets for a first subscriber in accordance with a first network database of a first administrative domain, the first database having addressing and policy information of the first administrative domain, and a second virtual network machine, which is isolated from the first virtual network machine, transmitting certain packets for a second subscriber in accordance with a second network database, the second network database having addressing and policy information for a second administrative domain. - View Dependent Claims (67, 68, 69, 70, 71)
-
-
72. A single network device comprising:
-
a first set of one or more ports to receive IP packets from a first and second set of one or more subscribers;
a second set of one or more ports to transmit IP packets over a first network domain;
a machine-readable medium having stored therein a set of instructions to cause the single network device to, instantiate a first and second virtual router, which are virtually-independent but share a set of physical resources within the single network device, the first virtual router to route within a second network domain, which is layered upon the first network domain, WP packets from the first set of subscribers using a first network database that includes IP addresses, control and policy information defined for the second network domain, and the second virtual router to route within a third network domain, which is layered upon the first network domain and shares the first network domain'"'"'s physical resources with the second network domain, IP packets from the second set of subscribers using a second network database that includes IP addresses and control and policy information defined for the third network domain, maintain separation between the first and second network databases so as to avoid management of inter-domain policies, wherein avoidance of inter-domain policies eases administrative tasks, provide for independent administration of the first and second network databases, wherein independent administration maintains administrative integrity of the first and second network databases. - View Dependent Claims (73, 74, 75, 76)
-
-
77. A single network device comprising:
-
a first set of one or more ports to receive IP packets from subscribers;
a second set of one or more ports to transmit IP packets over a first network domain;
a machine-readable medium having stored therein a set of instructions to cause the single network device to, instantiate different virtual routers for different network domains, which are layered upon the first network domain, using separate unshared inter-domain policy free, independently administrable network databases, wherein each of the separate unshared inter-domain policy free, independently administrable network databases includes IP addresses, control and policy information defined for its one of the different network domains, and route IP packets of different ones of the subscribers using those of the virtual routers for the different ones of the network domains to which those subscribers currently belong. - View Dependent Claims (78, 79, 80, 81)
-
Specification