Service selection gateway (SSG) allowing access of same services to a group of hosts

US 7,194,541 B1
Filed: 03/22/2002
Issued: 03/20/2007
Est. Priority Date: 03/22/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method of enabling a plurality of hosts to access a plurality of services provided by corresponding plurality of servers at corresponding destination addresses, said method being implemented in a service selection gateway (SSG) operating as a switch, said plurality of hosts and said plurality of servers being separated by a network, said SSG providing connectivity between said plurality of hosts and said servers via said network, said method comprising:

receiving data representing a corresponding subset of services each of said plurality of hosts is permitted to access, said data indicating that a first host is permitted to access a first subset of services, each of said subset of services being contained in said plurality of services and said first host being contained in said plurality of hosts;

receiving a packet from said first host contained in said plurality of hosts, said packet containing a destination address identifying a service sought to be accessed;

determining whether said packet is destined to one of said first subset of services by examining said destination address; and

forwarding said packet on said network to a server providing said one of said subset of services if said packet is destined to one of said first subset of services, said server being contained in said plurality of servers,wherein said SSG is physically separate from said plurality of servers.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A service selection gateway (SSG) which enables a service provider to conveniently provide access of the same services to a group of hosts. The service provider may specify the specific services each group of hosts is permitted to access, and the SSG forwards packets from the hosts only to the corresponding specified services. In an embodiment implemented substantially in the form of software, the access information (specifying the server addresses which can be accessed from each group of hosts) is stored in the form of data structures in which the same copy of access information is shared by many (all) hosts in the corresponding group.

Citations

39 Claims

1. A method of enabling a plurality of hosts to access a plurality of services provided by corresponding plurality of servers at corresponding destination addresses, said method being implemented in a service selection gateway (SSG) operating as a switch, said plurality of hosts and said plurality of servers being separated by a network, said SSG providing connectivity between said plurality of hosts and said servers via said network, said method comprising:
- receiving data representing a corresponding subset of services each of said plurality of hosts is permitted to access, said data indicating that a first host is permitted to access a first subset of services, each of said subset of services being contained in said plurality of services and said first host being contained in said plurality of hosts;
  
  receiving a packet from said first host contained in said plurality of hosts, said packet containing a destination address identifying a service sought to be accessed;
  
  determining whether said packet is destined to one of said first subset of services by examining said destination address; and
  
  forwarding said packet on said network to a server providing said one of said subset of services if said packet is destined to one of said first subset of services, said server being contained in said plurality of servers,wherein said SSG is physically separate from said plurality of servers.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising storing said data representing said subset of services in a memory in the form of access information which is examined by said determining.
  - 3. The method of claim 2, wherein said access information comprises a group data structure containing a plurality of addresses identifying said plurality of hosts, a plurality of service data structures with each of said plurality of service data structure containing addresses of servers providing a corresponding service, and a plurality of connection data structures indicating that said plurality of hosts identified by said group data structure are permitted to access said subset of services, wherein said determining comprises:
    - making a determination whether a source address of said packet is contained in said plurality of addresses of said group data structure;
      
      using said plurality of connection data structures to determine said plurality of service data structures; and
      
      examining said plurality of service data structures to determine whether said destination address is contained in said plurality of service data structures.
  - 4. The method of claim 3, wherein said plurality of hosts comprises a subgroup of hosts requiring access to a different set of services than said plurality of hosts, wherein said method further comprises:
    - maintaining another group data structure for said subgroup, wherein said another group data structure stores data representing a plurality of addresses identifying said subgroup of hosts, wherein said making comprises determining one of said another group data structure and said group data structure according to a longest matching prefix.
  - 5. The method of claim 1, further comprising retrieving a service network address in response to said receiving data, wherein said service network address corresponds to a service network providing one of said subset of network services.
  - 6. The method of claim 1, further comprises:
    - receiving another packet from a first service network providing a service;
      
      determining whether said another packet is destined to one of said plurality of hosts; and
      
      forwarding said another packet only if said another packet is destined to one of said plurality of hosts.
  - 7. The method of claim 6, wherein each of said packet and said another packet comprises an IP packet.

8. A method of enabling a group administrator to control services accessed by a plurality of hosts, said services being provided by corresponding plurality of servers at corresponding destination addresses, said plurality of hosts and said plurality of servers being separated by a network, said method being performed in a subscriber edge service manager, said method comprising:
- receiving from said group administrator data representing a corresponding subset of services each of said plurality of hosts is permitted to access; and
  
  in response to said receiving, causing a service selection gateway (SSG) to be configured to permit each of said plurality of hosts to access said corresponding subset of services, wherein said subset of services are comprised in a plurality of services accessible using said SSG, and wherein said SSG operates as a switch and provides connectivity between said plurality of hosts and said servers via a network and wherein said SSG is physically separate from said plurality of servers,and wherein said SSG is physically separate from said plurality of servers.
- View Dependent Claims (9, 10, 11)
- - 9. The method of claim 8, further comprising:
    - enabling authentication of said group administrator; and
      
      enabling said group administrator to specify said corresponding subset of services associated with each of said plurality of hosts.
  - 10. The method of claim 9, wherein said enabling authentication comprises interfacing with an authentication server.
  - 11. The method of claim 9, wherein said enabling said group administrator comprises receiving a web page containing authentication information from said group administrator.

12. A service selection gateway (SSG) enabling a plurality of hosts to access a plurality of services provided by corresponding plurality of servers at corresponding destination addresses, said SSG operating as a switch, said plurality of hosts and said plurality of servers being separated by a network, said SSG providing connectivity between said plurality of hosts and said servers via said network, said SSG comprising:
- means for receiving data representing a corresponding subset of services each of said plurality of hosts is permitted to access, said data indicating that a first host is permitted to access a first subset of services, each of said subset of services being contained in said plurality of services and said first host being contained in said plurality of hosts;
  
  means for receiving a packet from said first host contained in said plurality of hosts, said packet containing a destination address identifying a service sought to be accessed;
  
  means for determining whether said packet is destined to one of said first subset of services by examining said destination address; and
  
  means for forwarding said packet on said network to a server providing said one of said subset of services if said packet is destined to one of said first subset of services, said server being contained in said plurality of servers,wherein said SSG is physically separate from said plurality of servers.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The SSG of claim 12, further comprising:
    - means for retrieving a service network address in response to receiving said data, wherein said service network address corresponds to a service network providing one of said subset of network services; and
      
      means for storing said data representing said subset of services in a memory in the form of a access information which is examined by said means for determining.
  - 14. The SSG of claim 13, wherein said access information comprises a group data structure containing a plurality of addresses identifying said plurality of hosts, a plurality of service data structures with each of said plurality of service data structure containing addresses of servers providing a corresponding service, and a plurality of connection data structures indicating that said plurality of hosts identified by said group data structure are permitted to access said subset of services, wherein said means for determining comprises:
    - means for making a determination whether a source address of said packet is contained in said plurality of addresses of said group data structure;
      
      means for using said plurality of connection data structures to determine said plurality of service data structures; and
      
      means for examining said plurality of service data structures to determine whether said destination address is in contained in said plurality of service data structures.
  - 15. The SSG of claim 14, wherein said plurality of hosts comprises a subgroup of hosts requiring access to a different set of services than said plurality of hosts, wherein said SSG further comprises:
    - means for maintaining another group data structure for said subgroup, wherein said another group data structure stores data representing a plurality of addresses identifying said subgroup of hosts, wherein said means for making determines one of said another group data structure and said group data structure according to a longest matching prefix.
  - 16. The SSG of claim 12, further comprises:
    - means for receiving another packet from a first service network providing a service;
      
      means for determining whether said another packet is destined to one of said plurality of hosts; and
      
      means for forwarding said another packet only if said another packet is destined to one of said plurality of hosts.

17. A service selection gateway (SSG) enabling a group administrator to control services accessed by a plurality of hosts, said services being provided by corresponding plurality of servers at corresponding destination addresses, said plurality of hosts and said plurality of servers being separated by a network, said SSG comprising:
- means for receiving from said group administrator data representing a corresponding subset of services each of said plurality of hosts is permitted to access; and
  
  means for causing a service selection gateway (SSG) to be configured to permit each of said plurality of hosts to access said corresponding subset of services in response to receiving said data, wherein said subset of services are comprised in a plurality of services accessible using said SSG, and wherein said SSG operates as a switch and provides connectivity between said plurality of hosts and said servers via a network and wherein said SSG is physically separate from said plurality of servers.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The SSG of claim 17, further comprising:
    - means for enabling authentication of said group administrator; and
      
      means for enabling said group administrator to specify said subset of services associated with said plurality of hosts.
  - 19. The SSG of claim 18, wherein said means for enabling authentication interfaces with an authentication server to authenticate said group administrator.
  - 20. The SSG of claim 18, wherein said means for enabling said group administrator receives a web page containing authentication information from said group administrator.
  - 21. The SSG of claim 18, wherein said means for receiving receives said data in the form of IP packets.

22. A computer readable medium carrying one or more sequences of instructions for causing a subscriber edge service manager (SESM) to enable a group administrator to control services accessed by a plurality of hosts, said services being provided by corresponding plurality of servers at corresponding destination addresses, said plurality of hosts and said plurality of servers being separated by a network wherein execution of said one or more sequences of instructions by one or more processors contained in said SESM causes said one or more processors to perform the actions of:
- receiving from said group administrator data representing a corresponding subset of services each of said plurality of hosts is permitted to access, said data indicating that a first host is permitted to access a first subset of services; and
  
  in response to said receiving, causing a service selection gateway (SSG) to be configured to permit each of said plurality of hosts to access said corresponding subset of services, wherein said subset of services are comprised in a plurality of services accessible using said SSG, and wherein said SSG operates as a switch and provides connectivity between said plurality of hosts and said servers via a network and wherein said SSG is physically separate from said plurality of servers,and wherein said SSG is physically separate from said plurality of servers.
- View Dependent Claims (23, 24, 25)
- - 23. The computer readable medium of claim 22, further comprising:
    - enabling authentication of said group administrator; and
      
      enabling said group administrator to specify said subset of services associated with said plurality of hosts.
  - 24. The computer readable medium of claim 23, wherein said enabling authentication comprises interfacing with an authentication server.
  - 25. The computer readable medium of claim 23, wherein said enabling said group administrator comprises receiving a web page containing authentication information from said group administrator.

26. A service selection gateway (SSG) enabling a plurality of hosts to access a plurality of services provided by corresponding plurality of servers at corresponding destination addresses, said SSG operating as a switch, said plurality of hosts and said plurality of servers being separated by a network, said SSG operating as a switch to provide connectivity between said plurality of hosts and said servers via said network, said SSG comprising:
- an interface receiving data representing a corresponding subset of services each of said plurality of hosts is permitted to access, said data indicating that a first host is permitted to access a first subset of services, each of said subset of services being contained in said plurality of services, said interface then receiving a packet from said first host; and
  
  a forwarding logic forwarding said packet on said network if said packet is destined to one of said first subset of services,wherein said forwarding logic and said interface are physically separate from said plurality of servers.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 35, 36, 37, 38)
- - 27. The SSG of claim 26, further comprising:
    - a memory;
      
      a set up logic coupled to said interface, said set up logic examining said data and determining a service network address of each of said subset of services, said set up logic further receiving a plurality of host addresses of said plurality of hosts; and
      
      a configuration logic receiving said service network address and said plurality of host addresses, said configuration logic storing said service network address associated with said plurality of host addresses in said memory,wherein said forwarding logic determines whether said packet is destined to one of said subset of services by examining said memory.
  - 28. The SSG of claim 27, wherein said interface comprises an input/output interface.
  - 29. The SSG of claim 27, wherein said forwarding logic examines a destination address contained in said packet to determine whether said destination address corresponds to an address of a server providing one of said subset of services.
  - 30. The SSG of claim 29, wherein said configuration logic stores said data representing said subset of services in said memory in the form of a access information which is examined by said forwarding logic.
  - 31. The SSG of claim 30, wherein said access information comprises a group data structure containing a plurality of addresses identifying said plurality of hosts, a plurality of service data structures with each of said plurality of service data structure containing addresses of servers providing a corresponding service, and a plurality of connection data structures indicating that said plurality of hosts identified by said group data structure are permitted to access said subset of services,wherein said forwarding logic determines whether a source address of said packet is contained in said plurality of addresses of said group data structure, uses said plurality of connection data structures to determine said plurality of service data structures, and examines said plurality of service data structures to determine whether said destination address is contained in said plurality of service data structures.
  - 32. The SSG of claim 31, wherein said plurality of hosts comprises a subgroup of hosts requiring access to a different set of services than said plurality of hosts, wherein said configuration logic maintains another group data structure for said subgroup, wherein said another group data structure stores data representing a plurality of addresses identifying said subgroup of hosts, wherein said forwarding logic determines one of said another group data structure and said group data structure according to a longest matching prefix.
  - 33. The SSG of claim 31, wherein said packet comprises an internet protocol (IP) packet.
  - 35. The computer readable medium of claim 33, further comprising storing said data representing said subset of services in a memory in the form of an access information which is examined by said determining.
  - 36. The computer readable medium of claim 35, wherein said access information comprises a group data structure containing a plurality of addresses identifying said plurality of hosts, a plurality of service data structures with each of said plurality of service data structure containing addresses of servers providing a corresponding service, and a plurality of connection data structures indicating that said plurality of hosts identified by said group data structure are permitted to access said subset of services, wherein said determining comprises:
    - making a determination whether a source address of said packet is contained in said plurality of addresses of said group data structure;
      
      using said plurality of connection data structures to determine said plurality of service data structures; and
      
      examining said plurality of service data structures to determine whether said destination address is contained in said plurality of service data structures.
  - 37. The computer readable medium of claim 36, wherein said plurality of hosts comprises a subgroup of hosts requiring access to a different set of services than said plurality of hosts, wherein said computer readable medium further comprises:
    - maintaining another group data structure for said subgroup, wherein said another group data structure stores data representing a plurality of addresses identifying said subgroup of hosts, wherein said making comprises determining one of said another group data structure and said group data structure according to a longest matching prefix.
  - 38. The computer readable medium of claim 36, further comprising retrieving a service network address in response to said receiving data, wherein said service network address is of a service network providing one of said subset of network services.

34. A computer readable medium carrying one or more sequences of instructions for causing a service selection gateway (SSG) to enable a plurality of hosts to access a plurality of services, said plurality of services being provided by corresponding plurality of servers at corresponding destination addresses, said SSG operating as a switch, said plurality of hosts and said plurality of servers being separated by a network, said SSG providing connectivity between said plurality of hosts and said servers via said network, wherein execution of said one or more sequences of instructions by one or more processors contained in said SSG causes said one or more processors to perform the actions of:
- receiving data representing a corresponding subset of services each of said plurality of hosts is permitted to access, said data indicating that a first host is permitted to access a first subset of services, each of said subset of services being contained in said plurality of services and said first host being contained in said plurality of hosts;
  
  receiving a packet from said first host contained in said plurality of hosts, said packet containing a destination address identifying a service sought to be accessed;
  
  determining whether said packet is destined to one of said first subset of services by examining said destination address; and
  
  forwarding said packet on said network to a server providing said one of said subset of services if said packet is destined to one of said first subset of services, said server being contained in said plurality of servers,wherein said SSG is physically separate from said plurality of servers.
- View Dependent Claims (39)
- - 39. The computer readable medium of claim 34, further comprises:
    - receiving another packet from a first service network providing a service;
      
      determining whether said another packet is destined to one of said plurality of hosts; and
      
      forwarding said another packet only if said another packet is destined to one of said plurality of hosts.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Phadnis, Amit S., Ravindranath, Vinodh Kumar
Primary Examiner(s)
MARTIN, CIARA A
Assistant Examiner(s)
MARTIN, CIARA A

Application Number

US10/102,695
Time in Patent Office

1,824 Days
Field of Search

709201-253
US Class Current

709/225
CPC Class Codes

H04L 67/63 Routing a service request d...

Service selection gateway (SSG) allowing access of same services to a group of hosts

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

39 Claims

Specification

Solutions

Use Cases

Quick Links

Service selection gateway (SSG) allowing access of same services to a group of hosts

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

39 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links