Providing services for multiple virtual private networks

US 7,185,106 B1
Filed: 11/15/2002
Issued: 02/27/2007
Est. Priority Date: 11/15/2002
Status: Active Grant

First Claim

Patent Images

1. A router comprising:

a plurality of interfaces to receive data from multiple virtual private networks;

a service card to provide an operating environment for one or more virtual hosts; and

a control unit that maintains a forwarding information base that associates network destinations with next hops within a network;

wherein the forwarding information base designates the service card as a next hop to the router within the network,wherein the control unit forwards virtual private network (VPN) traffic received from the network to the service card as specified in accordance with the forwarding information base, andwherein each virtual host operates as a network device within one of the virtual private networks to process the received data and provide a service to another network device within the respective virtual private network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network device provides services for multiple virtual private networks (VPNs) via one or more virtual hosts. For example, a router receives packets from multiple VPNs, and communicates the packets to a service card via a logical interface in accordance with a forwarding information base. A virtual host within the service card processes the packets and provides a service for the network device from which the packet was sent. The virtual host may, for example, provide print services for network devices within a corresponding VPN. The virtual host acts, in essence, as a print server within the corresponding VPN. In this manner, the router may eliminate the need for the customer associated with the VPN to maintain print servers within remote customer sites.

79 Citations

View as Search Results

29 Claims

1. A router comprising:
- a plurality of interfaces to receive data from multiple virtual private networks;
  
  a service card to provide an operating environment for one or more virtual hosts; and
  
  a control unit that maintains a forwarding information base that associates network destinations with next hops within a network;
  
  wherein the forwarding information base designates the service card as a next hop to the router within the network,wherein the control unit forwards virtual private network (VPN) traffic received from the network to the service card as specified in accordance with the forwarding information base, andwherein each virtual host operates as a network device within one of the virtual private networks to process the received data and provide a service to another network device within the respective virtual private network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The router of claim 1, wherein each virtual host is assigned an address from a subnet of addresses belonging to the respective virtual private network.
  - 3. The router of claim 1, wherein operating as an independent network device within one of the virtual private networks includes operating as a source device for virtual private network traffic.
  - 4. The router of claim 1, wherein operating as a network device within one of the virtual private networks includes operating as a destination device for virtual private network traffic.
  - 5. The router of claim 1, further comprising:
    - an inbound logical interface to deliver data to the service card; and
      
      an outbound logical interface to deliver data from the service card.
  - 6. The router of claim 5, wherein each virtual host corresponds to at least one inbound logical interface and outbound logical interface.
  - 7. The router of claim 1, wherein each of the virtual hosts maintains virtual private network data that contains information specific to the respective virtual private network.
  - 8. The router of claim 7, wherein the virtual private network data includes at least one of cryptographic information associated with the virtual private network, an output logical interface associated with the virtual private network, a forwarding information base associated with the virtual private network, a radius server within the virtual private network for authentication, domain name information for the virtual private network.
  - 9. The router of claim 1, further comprising a forwarding information base for each of the virtual private networks.
  - 10. The router of claim 1, further comprising a chassis having a plurality of slots to receive and couple the interfaces and the service card to the control unit of the network device.
  - 11. The router of claim 1, wherein the services provided by the virtual hosts includes at least one of authentication services, network address translation (NAT) services, domain name system (DNS) services, print services, and file-sharing services.
  - 12. The router of claim 1, wherein the plurality of interfaces is a plurality of interface cards.

13. A method comprising:
- receiving virtual private network traffic from multiple virtual private networks;
  
  providing an operating environment within a service card for one or more virtual hosts, wherein each of the virtual hosts operates as a network device within one of the virtual private networks;
  
  forwarding the virtual private network traffic to the virtual hosts in accordance with one or more forwarding information bases that associate network destinations with next hops in a network, wherein the forwarding information bases designate the service card as a next hop within the network; and
  
  processing the virtual private network traffic via the virtual hosts to provide a service to another network device within the respective virtual private network via the virtual hosts.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
- - 14. The method of claim 13, further comprising assigning each of the virtual hosts an address from a subnet of addresses belonging to the respective virtual private network.
  - 15. The method of claim 13, wherein each virtual host operating as a network device within one of the virtual private networks includes each virtual host operating as a source device for virtual private network traffic.
  - 16. The method of claim 13, wherein each virtual host operating as a network device within one of the virtual private networks includes each virtual host operating as a destination device for virtual private network traffic.
  - 17. The method of claim 13, further comprising:
    - maintaining one of the forwarding information bases for each of the virtual private networks; and
      
      forwarding the virtual private network traffic in accordance with the forwarding information bases.
  - 18. The method of claim 13, further comprising communicating with the service card using logical interfaces.
  - 19. The method of claim 18, wherein the virtual private network traffic from each of the virtual private networks is uniquely associated with one of the logical interfaces.
  - 20. The method of claim 18, further comprising dynamically instantiating at least one of the logical interfaces to the service card to service the virtual private networks.
  - 21. The method of claim 20, further comprising destructing at least one of the logical interfaces.

22. A computer-readable medium comprising instructions to cause a processor to:
- receive virtual private network traffic from multiple virtual private networks;
  
  provide an operating environment within a service card for one or more virtual hosts, wherein each of the virtual hosts operates as a network device within one of the virtual private networks;
  
  forwarding the virtual private network traffic to the virtual hosts in accordance with one or more forwarding information bases that associate network destinations with next hops in a network, wherein the forwarding information bases designate the service card as a next hop, within the network; and
  
  process the virtual private network traffic via the virtual hosts to provide a service to another network device within the respective virtual private network via the virtual hosts.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
- - 23. The computer-readable medium of claim 22, further comprising instructions to cause the processor to assign each of the virtual hosts an address from a subnet of addresses belonging to the respective virtual private network.
  - 24. The computer-readable medium of claim 22, further comprising instructions to cause a processor to:
    - maintain a forwarding information base for each of the virtual private networks; and
      
      forward the virtual private network traffic in accordance with the forwarding information bases.
  - 25. The computer-readable medium of claim 22, further comprising instructions to cause a processor to communicate with the service card using a logical interface.
  - 26. The computer-readable medium of claim 25, further comprising instructions to cause the processor to dynamically instantiate the logical interface to the service card to service the virtual private networks.
  - 27. The computer-readable medium of claim 26, further comprising instructions to cause a processor to destruct the logical interface.
  - 28. The computer-readable medium of claim 22, further comprising instructions that cause the processor to operate one or more of the virtual hosts within the service card as a source device for virtual private network traffic.
  - 29. The computer-readable medium of claim 22, further comprising instructions that cause the processor to operate one or more of the virtual hosts within the service card as a destination device for virtual private network traffic.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
Murphy, James, Lin, Steven, Greene, Spencer, Moberg, Kenneth A
Primary Examiner(s)
Najjar; Saleh
Assistant Examiner(s)
Hamza; Faruk

Application Number

US10/298,696
Time in Patent Office

1,565 Days
Field of Search

709217-219, 709227-229, 709/203, 709/223, 709/242, 709/245, 709/238, 370/351, 370/355, 370/356, 370/397, 370/395.31
US Class Current

709/238
CPC Class Codes

H04L 12/4675   Dynamic sharing of VLAN inf...

H04L 45/04   Interdomain routing, e.g. h...

H04L 45/60   Router architectures

Providing services for multiple virtual private networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

79 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Providing services for multiple virtual private networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

79 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links