Method for establishing IPSEC tunnels
First Claim
Patent Images
1. A method for establishing network tunnels comprising:
- identifying a transport action in response to packet parameters;
pushing at least one said transport action onto a pending stack;
identifying a tunnel action in response to said packet parameters;
pushing at least one said tunnel action onto said pending stack; and
setting up at least one tunnel in response to said pending stack, said tunnel action stored at top of said pending stack being performed first and said tunnel action stored at bottom of said pending stack being performed last.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and a system for establishing network tunnels are disclosed. In one embodiment, a transport action is identified in response to packet parameters. Once the transport action is determined, the transport action is pushed onto a pending stack. When a tunnel action is, subsequently, identified in response to the packet parameters, the tunnel action is also pushed onto the pending stack. Upon completion of rule evaluation, at least one tunnel is established according to a tunnel action stored in the pending stack. The action stored at the top of the pending stack is performed first and the action stored at the bottom of the pending stack is performed last.
-
Citations
21 Claims
-
1. A method for establishing network tunnels comprising:
-
identifying a transport action in response to packet parameters;
pushing at least one said transport action onto a pending stack;
identifying a tunnel action in response to said packet parameters;
pushing at least one said tunnel action onto said pending stack; and
setting up at least one tunnel in response to said pending stack, said tunnel action stored at top of said pending stack being performed first and said tunnel action stored at bottom of said pending stack being performed last. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
receiving a packet over a network;
identifying transport rules in response to said packet; and
identifying tunnel rules in response to said packet.
-
-
3. The method of claim 2, wherein said receiving a data packet includes identifying a TCP/IP (“
- Transmission Control Protocol/Internet Protocol”
) data packet and parsing TCP/IP fields of protocol, source addresses, and destination addresses.
- Transmission Control Protocol/Internet Protocol”
-
4. The method of claim 1 further comprising:
-
popping an action from said pending stack; and
pushing said action onto a completed stack when said action is performed successfully.
-
-
5. The method of claim 1 further comprising:
-
popping an action from a completed stack action when said tunnel has failed to establish; and
tearing down at least one tunnel in response to said action.
-
-
6. The method of claim 5 further comprising continuing to tear down tunnels until said completed stack becomes empty.
-
7. The method of claim 1, wherein said identifying transport actions from transport rules further includes defining an IPSEC transport rule in response to source address, destination address, and protocol of each packet.
-
8. The method of claim 1, wherein said identifying tunnel actions from tunnel rules further includes defining an IPSEC tunnel rule in response to source address, destination address, and protocol of said packet.
-
9. The method of claim 8, wherein said defining said IPSEC tunnel rule further includes identifying virtual private network (“
- VPN”
) for tunnel connections.
- VPN”
-
10. An article of manufacture for establishing network tunnels to improve network security, the article of manufacture comprising a machine readable medium having machine readable program code embodied in the medium, the program code comprising:
-
identifying transport actions from transport rules;
pushing at least one said transport action onto a pending stack;
identifying tunnel actions from tunnel rules;
pushing at least one tunnel action onto said pending stack; and
setting up at least one tunnel in response to said pending stack, said tunnel action stored at top of said pending stack being performed first and said tunnel action stored at bottom of said pending stack being performed last. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
popping an action from said pending stack; and
pushing said action onto a completed stack when said tunnel action is performed successfully.
-
-
12. The article of manufacture of claim 10 further comprising:
-
obtaining an action from said completed stack after a tunnel has failed to establish; and
removing at least one tunnel in response to said action.
-
-
13. The article of manufacture of claim 10 further comprising continuing to remove tunnels until said completed stack becomes empty.
-
14. The article of manufacture of claim 10, wherein said network tunnels are IPSEC tunnels.
-
15. The article of manufacture of claim 10, wherein said identifying transport actions from transport rules further includes defining an IPSEC transport rule in response to source address, destination address, and protocol of each packet.
-
16. The article of manufacture of claim 10, wherein said identifying tunnel actions from tunnel rules further includes defining an IPSEC tunnel rule in response to source address, destination address, and protocol of each packet.
-
17. The article of manufacture of claim 10, wherein said defining said IPSEC tunnel rule further includes identifying intermediate virtual private network (“
- VPN”
).
- VPN”
-
18. An apparatus for establishing network tunnels comprising:
-
means for identifying transport actions from transport rules;
means for pushing at least one said transport action onto a pending stack;
means for identifying tunnel actions from tunnel rules;
means for pushing at least one tunnel action onto said pending stack; and
means for setting up at least one tunnel in response to said pending stack, said tunnel action stored at top of said pending stack being performed first and said tunnel action stored at bottom of said pending stack being performed last. - View Dependent Claims (19, 20)
means for obtaining an action from said pending stack; and
means for storing said action onto a completed stack when said action is performed successfully.
-
-
20. An apparatus of claim 18 further comprising:
- means for obtaining an action from said completed stack after a tunnel has failed to establish; and
means for removing at least one tunnel in response to said tunnel action.
- means for obtaining an action from said completed stack after a tunnel has failed to establish; and
-
21. An apparatus of claim further comprising means for continuing to remove tunnels until said completed stack becomes empty.
Specification