Methods and apparatus for providing multiple policies for a virtual private network
First Claim
Patent Images
1. In a device, in a network, a method of providing policies to a first and second traffic partition in the network, the method comprising:
- providing a request for a first and second policy from a policy server;
receiving the first policy from the policy server, the first policy indicating processing to be applied to the first traffic partition passing through the device and the first policy defining a first encryption key and first address range within the network;
receiving the second policy from the policy server, the second policy indicating processing to be applied to the second traffic partition passing through the device and the second policy defining a second address range within the network;
configuring, for the first traffic partition within the device, the first policy within a first routing structure associated with the first traffic partition with the first address range;
configuring, for the second traffic partition within the device, the second policy within a second routing structure associated with the second traffic partition with the second address range, the second address range overlapping the first address range;
routing a first stream of traffic for the first routing structure in accordance with the first policy for the first routing structure; and
routing a second stream of traffic for the second routing structure in accordance with the second policy for the second routing structure.
1 Assignment
0 Petitions
Accused Products
Abstract
A system provides a request for a policy from a policy server, and receives the policy from the policy server. The policy indicates processing to be applied to a traffic partition passing through the device. The system configures the policy within a routing structure associated with the traffic partition for the policy in the device, and routes a stream of traffic for the routing structure in accordance with the policy for that routing structure.
72 Citations
18 Claims
-
1. In a device, in a network, a method of providing policies to a first and second traffic partition in the network, the method comprising:
-
providing a request for a first and second policy from a policy server; receiving the first policy from the policy server, the first policy indicating processing to be applied to the first traffic partition passing through the device and the first policy defining a first encryption key and first address range within the network; receiving the second policy from the policy server, the second policy indicating processing to be applied to the second traffic partition passing through the device and the second policy defining a second address range within the network; configuring, for the first traffic partition within the device, the first policy within a first routing structure associated with the first traffic partition with the first address range; configuring, for the second traffic partition within the device, the second policy within a second routing structure associated with the second traffic partition with the second address range, the second address range overlapping the first address range; routing a first stream of traffic for the first routing structure in accordance with the first policy for the first routing structure; and routing a second stream of traffic for the second routing structure in accordance with the second policy for the second routing structure. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. In a router, in a network, a method of providing a policy to a traffic partition that is a virtual private network, the policy defining security processing for the virtual private network on the network, the method comprising:
-
providing a request for the policy from a policy server dedicated to providing security processing for the virtual private network; Wherein, receiving the policy from the policy server, the policy indicating processing to be applied to the traffic partition passing through the router comprises; receiving the policy from the dedicated policy server, the policy indicating security processing to be applied to the virtual private network passing through the router; wherein configuring the policy within a routing structure associated with the traffic partition for the policy in the router comprises; configuring the policy within a virtual routing and forwarding instance associated with the virtual private network passing through the router; and wherein routing a stream of traffic for the routing structure in accordance with the policy for that routing structure comprises; routing a stream of traffic for the virtual routing and forwarding instance in accordance with the security processing for that virtual routing and forwarding instance.
-
-
10. A computerized device comprising:
-
a memory; a processor; a communications interface; an interconnection mechanism coupling the memory, the processor and the communications interface; wherein the memory is encoded with a policy providing application that when executed on the processor provides policies to a first and second traffic partition on the computerized device by performing the operations of; providing a request for a first and second policy from a policy server; receiving the first policy from the policy server, the first policy indicating processing to be applied to the first traffic partition passing through the device and the first policy defining a first encryption key and first address range within the network; receiving the second policy from the policy server, the second policy indicating processing to be applied to the second traffic partition passing through the device and the second policy defining a second address range within the network; configuring, for the first traffic partition within the device, the first policy within a first routing structure associated with the first traffic partition with the first address range; configuring, for the second traffic partition within the device, the second policy within a second routing structure associated with the second traffic partition with the second address range, the second address range overlapping the first address range; routing a first stream of traffic for the first routing structure in accordance with the first policy for the first routing structure; and routing a second stream of traffic for the second routing structure in accordance with the second policy for the second routing structure. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A router, in a network, wherein a policy to a traffic partition is a virtual private network, the policy defining security processing for the virtual private network on the network, the router configured to perform the operations of:
-
providing a request for a policy from a policy server dedicated to providing security processing for the virtual private network in the network, the virtual private network passing through the router; wherein when the router performs an operation of receiving the policy from the policy server, the policy indicating processing to be applied to the traffic partition passing through the router, the router performs the operation of; receiving the policy from the dedicated policy server, the policy indicating security processing to be applied to the virtual private network passing through the router; and wherein when the router performs the operation of configuring the policy within a routing structure associated with the traffic partition for the policy in the router, the router performs the operation of; configuring the policy within a virtual routing and forwarding instance associated with the virtual private network passing through the router; and wherein when the router performs the operation of routing a stream of traffic for the routing structure in accordance with the policy for that routing structure, the router performs the operation of; routing a steam of traffic for the virtual routing and forwarding instance in accordance with the security processing for that virtual routing and forwarding instance.
-
-
18. A computer readable medium encoded with computer programming logic that when executed on a process in a computerized device produces a policy providing process that provides policies by causing the computerized device to perform the operations of:
-
providing a request for a first and second policy from a policy server; receiving the first policy from the policy server, the first policy indicating processing to be applied to the first traffic partition passing through the device and the first policy defining a first encryption key and first address range within the network; receiving the second policy from the policy server, the second policy indicating processing to be applied to the second traffic partition passing through the device and the second policy defining a second encryption key and second address range within the network; configuring, for the first traffic partition within the device, the first policy within a first routing structure associated with the first traffic partition with the first address range; configuring, for the second traffic partition within the device, the second policy within a second routing structure associated with the second traffic partition with the second address range, the second address range overlapping the first address range; routing a first stream of traffic for the first routing structure in accordance with the first policy for the first routing structure; and routing a second stream of traffic for the second routing structure in accordance with the second policy for the second routing structure.
-
Specification