Methods, apparatus and data structures for segmenting customers using at least a portion of a layer 2 address header or bits in the place of a layer 2 address header
First Claim
1. A method for provisioning services to packets sourced from a number of client devices, the method comprising:
- a) accepting a packet sourced from one of the number of client devices, wherein the packet has had at least a part of a layer 2 header replaced with a unique bit string, wherein the layer 2 header is an Ethernet header, wherein when the unique bit string replaces the at least a part of the layer 2 header a modified header is generated, wherein a bit-size of the modified header is the same as that of the Ethernet header, and wherein the unique bit string is independent of any contents of the packet;
b) determining whether or not the packet is entitled to access a particular service using at least a portion of the unique bit string; and
c) if it is determined that the packet is entitled to access the particular service, then routing the packet.
2 Assignments
0 Petitions
Accused Products
Abstract
Limiting or controlling access to various services thereby performing a firewall function. An access router may permit or deny a packet based on at least a portion of a unique bit string (or context information) which replaced layer 2 header information (e.g., the layer 2 (e.g., MAC) address). Further, a particular quality of service may be indicated by at least a part of the unique bit string (or context information). The service provided to a group of customers, that group of customers being defined by at least a portion of the unique bit string (or context information), may be monitored. Multicast groups may be supported by checking at least a part of the unique bit string (or context information) to determine whether or not a customer associated with that port is permitted to join the multicast group.
-
Citations
30 Claims
-
1. A method for provisioning services to packets sourced from a number of client devices, the method comprising:
-
a) accepting a packet sourced from one of the number of client devices, wherein the packet has had at least a part of a layer 2 header replaced with a unique bit string, wherein the layer 2 header is an Ethernet header, wherein when the unique bit string replaces the at least a part of the layer 2 header a modified header is generated, wherein a bit-size of the modified header is the same as that of the Ethernet header, and wherein the unique bit string is independent of any contents of the packet;
b) determining whether or not the packet is entitled to access a particular service using at least a portion of the unique bit string; and
c) if it is determined that the packet is entitled to access the particular service, then routing the packet. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for providing various quality of service levels to packets sourced from a number of client devices, the method comprising:
-
a) accepting a packet sourced from one of the number of client devices, wherein the packet has had at least a part of a layer 2 header replaced with a unique bit string that is independent of any contents of the packet;
b) determining a service level to which the packet is entitled using at least a portion of the unique bit string, wherein the layer 2 header is an Ethernet header, wherein when the unique bit string replaces the at least a part of the layer 2 header a modified header is generated, and wherein a bit-size of the modified header is the same as that of the Ethernet header; and
c) forwarding the packet to a particular one of a plurality of queues associated with the service level determined. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A method for monitoring packets sourced from a group of client devices defining a subset of client devices, each of the packets having at least a part of a layer 2 header replaced with a unique bit string, the method comprising:
-
a) determining whether or not the packet belongs to the group of client devices using at least a portion of at least one of the unique bit string, wherein the layer 2 header is an Ethernet header, wherein when the unique bit string replaces the at least a part of the layer 2 header a modified header is generated, and wherein a bit-size of the modified header is the same as that of the Ethernet header; and
b) if it is determined that the packet does belong to the group of client devices, then i) copying the packet to generate a duplicate packet, and ii) forwarding the duplicate packet to a monitoring facility, wherein the monitoring facility monitors at least one of (A) service provided to a group of customers and (B) security. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
21. An apparatus for provisioning services to packets sourced from a number of client devices, each of the packets having at least a part of a layer 2 header replaced with a unique bit string, the apparatus comprising:
-
a) an access control list; and
b) an access controller, the access controller including i) means for determining whether or not the packet is entitled to access a particular service using A) contents of the access control list, and B) at least a portion of the unique bit string, wherein the layer 2 header is an Ethernet header, wherein when the unique bit string replaces the at least a part of the layer 2 header a modified header is generated, and wherein a bit-size of the modified header is the same as that of the Ethernet header, and ii) means for routing the packet if it is determined that the packet is entitled to access the particular service. - View Dependent Claims (22, 23)
-
-
24. An apparatus for providing various service levels to packets sourced from a number of client devices, each of the packets having at least a part of a layer 2 header replaced with a unique bit string that is independent of contents of the packets, the apparatus comprising:
-
a) a plurality of queues, each of the plurality of queues associated with a particular service level;
b) a service level list; and
c) a service level controller, the service level controller including i) means for determining a service level to which the packet is entitled using A) contents of the service level list, and B) at least a portion of the unique bit string, wherein the layer 2 header is an Ethernet header, wherein when the unique bit string replaces the at least a part of the layer 2 header a modified header is generated, and wherein a bit-size of the modified header is the same as that of the Ethernet header, and ii) means for forwarding the packet to the one of the plurality of queues associated with the quality of service level determined. - View Dependent Claims (25)
-
-
26. An apparatus for monitoring packets sourced from a group of client devices defining a subset of client devices, each of the packets having at least a part of a layer 2 header replaced with a unique bit string, the apparatus comprising:
-
a) a monitoring port for accepting packets of the group of client devices to be monitored;
b) means determining whether or not an accepted packet belongs to the group of client devices using at least a portion of the unique bit string, wherein the layer 2 header is an Ethernet header, wherein when the unique bit string replaces the at least a part of the layer 2 header a modified header is generated, and wherein a bit-size of the modified header is the same as that of the Ethernet header; and
c) means for i) copying the accepted packet to generate a duplicate packet, and ii) forwarding the duplicate packet to the monitoring port so that at least one of (A) service to a group of customers and (B) security, may be monitored, if it is determined that the packet was sourced by a client device belonging to the group of client devices. - View Dependent Claims (27, 28)
-
-
29. A method for provisioning services to packets sourced from a number of client devices, the method comprising:
-
a) accepting a packet sourced from one of the number of client devices;
b) replacing at least a part of a layer 2 header of the packet with a unique bit string that is independent of any contents of the packet;
c) determining whether or not the packet is entitled to access a particular service using at least a portion of the unique bit string; and
d) if it is determined that the packet is entitled to access the particular service, then routing the packet, wherein the layer 2 header is an Ethernet header, wherein when the unique bit string replaces the at least a part of the layer 2 header a modified header is generated, and wherein a bit-size of the modified header is the same as that of the Ethernet header.
-
-
30. A method for providing various quality of service levels to packets sourced from a number of client devices, the method comprising:
-
a) accepting a packet sourced from one of the number of client devices;
b) replacing at least a part of a layer 2 header of the packet with a unique bit string that is independent of any contents of the packet;
c) determining a service level to which the packet is entitled using at least a portion of the unique bit string; and
d) forwarding the packet to a queue associated with the service level determined, wherein the layer 2 header is an Ethernet header, wherein when the unique bit string replaces the at least a part of the layer 2 header a modified header is generated, and wherein a bit-size of the modified header is the same as that of the Ethernet header.
-
Specification