System and method for delivering security services
First Claim
Patent Images
1. A method comprising:
- providing a first service processing switch at a first point-of-presence (POP) associated with a first site of a first subscriber of a service provider and a first site of a second subscriber of the service provider;
providing a second service processing switch at a second POP associated with a second site of the first subscriber and a second site of the second subscriber, wherein the first service processing switch and the second service processing switch are communicatively coupled via a network;
logically connecting a plurality of processors of the first service processing switch into a packet-passing ring configuration;
logically connecting a plurality of processors of the second service processing switch into a packet-passing ring configuration;
establishing a first set of virtual routers on the plurality of processors of the first service processing switch;
establishing a second set of virtual routers on the plurality of processors of the second service processing switch;
providing the first subscriber with a first set of customized application layer services and the second subscriber with a second set of customized application layer services and providing subscriber resource isolation bypartitioning the first set of virtual routers and the second set of virtual routers between the first subscriber and the second subscriber including (i) allocating and configuring a first partition, comprising a first subset of the first set of virtual routers and a first subset of the second set of virtual routers, to the first subscriber and (ii) allocating and configuring a second partition, comprising a second subset of the first set of virtual routers and a second subset of the second set of virtual routers, to the second subscriber,providing the first subscriber with a first virtual private network (VPN) communicatively coupling the first site of the first subscriber with the second site of the first subscriber by establishing a first secure tunnel through the network between virtual routers of the first partition, andproviding the second subscriber with a second virtual private network (VPN) communicatively coupling the first site of the second subscriber with the second site of the second subscriber by establishing a second secure tunnel through the network between virtual routers of the second partition; and
providing changeable provisioning of processing capacity between the first subscriber and the second subscriber by programmatically dynamically reallocating resources of the first service processing switch or the second service processing switch between the first partition and the second partition based on comparative processing demands of the first set of customized application layer services and the second set of customized application layer services.
2 Assignments
0 Petitions
Accused Products
Abstract
A flexible, scalable hardware and software platform that allows a service provider to easily provide internet services, virtual private network services, firewall services, etc., to a plurality of customers. One aspect provides a method and system for delivering security services. This includes connecting a plurality of processors in a ring configuration within a first processing system, establishing a secure connection between the processors in the ring configuration across an internet protocol (IP) connection to a second processing system to form a tunnel, and providing both router services and host services for a customer using the plurality of processors in the ring configuration and using the second processing system.
143 Citations
9 Claims
-
1. A method comprising:
-
providing a first service processing switch at a first point-of-presence (POP) associated with a first site of a first subscriber of a service provider and a first site of a second subscriber of the service provider; providing a second service processing switch at a second POP associated with a second site of the first subscriber and a second site of the second subscriber, wherein the first service processing switch and the second service processing switch are communicatively coupled via a network; logically connecting a plurality of processors of the first service processing switch into a packet-passing ring configuration; logically connecting a plurality of processors of the second service processing switch into a packet-passing ring configuration; establishing a first set of virtual routers on the plurality of processors of the first service processing switch; establishing a second set of virtual routers on the plurality of processors of the second service processing switch; providing the first subscriber with a first set of customized application layer services and the second subscriber with a second set of customized application layer services and providing subscriber resource isolation by partitioning the first set of virtual routers and the second set of virtual routers between the first subscriber and the second subscriber including (i) allocating and configuring a first partition, comprising a first subset of the first set of virtual routers and a first subset of the second set of virtual routers, to the first subscriber and (ii) allocating and configuring a second partition, comprising a second subset of the first set of virtual routers and a second subset of the second set of virtual routers, to the second subscriber, providing the first subscriber with a first virtual private network (VPN) communicatively coupling the first site of the first subscriber with the second site of the first subscriber by establishing a first secure tunnel through the network between virtual routers of the first partition, and providing the second subscriber with a second virtual private network (VPN) communicatively coupling the first site of the second subscriber with the second site of the second subscriber by establishing a second secure tunnel through the network between virtual routers of the second partition; and providing changeable provisioning of processing capacity between the first subscriber and the second subscriber by programmatically dynamically reallocating resources of the first service processing switch or the second service processing switch between the first partition and the second partition based on comparative processing demands of the first set of customized application layer services and the second set of customized application layer services. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeFortinet Inc.
-
Original AssigneeFortinet Inc.
-
InventorsMatthews, Abraham R.
-
Primary Examiner(s)Flynn, Nathan J.
-
Assistant Examiner(s)Shin, Kyung H
-
Application NumberUS09/661,637Time in Patent Office2,967 DaysField of Search713/152, 709/224, 709/223, 709/226, 709/229, 370/404, 370/395.21US Class Current709/224CPC Class CodesH04L 63/0272 Virtual private networksH04L 9/40 Network security protocols
