Network packet inspection and forwarding

US 7,660,265 B2
Filed: 10/27/2006
Issued: 02/09/2010
Est. Priority Date: 10/27/2006
Status: Active Grant

First Claim

Patent Images

1. A multi-protocol label switching/virtual private network racket inspection and forwarding network, comprising:

a first router, said first router being a provider edge multi-protocol label switching capable router, said first router including a firewall service module configured for inspection of only virtual private network data packets and two or more virtual routers connected to said firewall service module;

two or more second routers, each second router of said two or more second routers being a provider edge multi-protocol label switching capable router, each second router of said two or more second routers connected to a respective virtual router of said first router through a network path of a multi-protocol label switching network; and

a third router, said third router being a provider edge multi-protocol label switching capable router, said third router connected to at least two of said two or more second routers by said respective network paths of said multi-protocol label switching network, bypassing said first router.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network, method, and a method of providing a service for packet inspection and forwarding using multi-protocol label switching for a virtual private network in a public network. The network includes a first router, the first router being a provider edge multi-protocol label switching capable router, the first router including a firewall service module for inspection of packets, the firewall service module connected to one or more virtual private networks; one or more second routers, each second router of the one or more second routers being provider edge multi-protocol label switching capable routers, each second router connected to a private virtual network of the one or more virtual private networks; and a network connecting the first router to the one or more second routers.

27 Citations

View as Search Results

29 Claims

1. A multi-protocol label switching/virtual private network racket inspection and forwarding network, comprising:
- a first router, said first router being a provider edge multi-protocol label switching capable router, said first router including a firewall service module configured for inspection of only virtual private network data packets and two or more virtual routers connected to said firewall service module;
  
  two or more second routers, each second router of said two or more second routers being a provider edge multi-protocol label switching capable router, each second router of said two or more second routers connected to a respective virtual router of said first router through a network path of a multi-protocol label switching network; and
  
  a third router, said third router being a provider edge multi-protocol label switching capable router, said third router connected to at least two of said two or more second routers by said respective network paths of said multi-protocol label switching network, bypassing said first router.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The network of claim 1, said first router further including:
    - a respective virtual private network interface connected between each virtual private network of said two or more virtual private networks and said respective virtual routers.
  - 3. The network of claim 1, said first router further including:
    - an additional virtual router connected only to said firewall service module.
  - 4. The network of claim 1, wherein said multi-protocol label switching network comprises electrically conductive wires, optical cables, multi-protocol label switching capable provider routers, wireless connections or combinations thereof.
  - 5. The network of claim 1, further including:
    - two or more third routers, each third router of said two or more third routers being a client edge router, each third router of said two or more third routers connected between a respective private network and a respective second router of said two or more second routers.
  - 6. The network of claim 5, wherein routers of said third routers are independently connected to routers of said second routers by electrically conductive wires, optical cables, wireless connections or combinations thereof.
  - 7. The network of claim 1, further including:
    - two or more fourth routers, each fourth router of said two or more fourth routers being a provider edge multi-protocol label switching capable router, each fourth router of said two or more fourth routers connected to a respective second router of said two or more second routers; and
      
      two or more fifth routers, each fifth router of said two or more fifth routers being a client edge multi-protocol label switching capable router connected to said third router.
  - 8. The network of claim 7, further including:
    - a private network connecting at least one of said fourth routers to one of said fifth routers.
  - 9. The network of claim 7, further including:
    - independently connecting routers of said fifth routers to routers of said second routers by electrically conductive wires, optical cables, wireless connections or combinations thereof; and
      
      independently connecting routers of said fifth routers to said third router by electrically conductive wires, optical cables, wireless connections or combinations thereof.
  - 10. The network of claim 1, wherein said first router and each second router of said two or more second routers are configured to transmit and receive virtual private network packets and not public data packets.

11. A method of providing multi-protocol label switching/virtual private network packet inspection and forwarding, comprising:
- providing a first router, said first router being a provider edge multi-protocol label switching capable router, said first router including a firewall service module configured for inspection of only virtual private network data packets and two or more virtual routers connected to said firewall service module;
  
  providing two or more second routers, each second router of said two or more second routers being a provider edge multi-protocol label switching capable router, each second router of said two or more second routers connected to a respective virtual router of said first router through a network path of a multi-protocol label switching network;
  
  receiving a private network data packet on said first router;
  
  inspecting said private network data packet in said firewall service module against a security policy and rejecting said packet if said packet fails to conform with said security policy;
  
  forwarding said private network data packet over said network to at least one second router of said one or more second routers; and
  
  connecting a third router to a respective router of said one or more second routers, said third router being a provider edge router multi-protocol label switching capable router, said third router connected to one or more second routers of said two or more second routers by said respective network paths of said multi-protocol label switching network, bypassing said first router.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 12. The method of claim 11, wherein said first router further includes:
    - a respective virtual private network interface connected between each respective virtual private networks of said two or more virtual private networks and said respective virtual routers; and
      
      said method further including;
      
      configuring, on said firewall service module, static routes to said virtual private network interfaces.
  - 13. The method of claim 11, further including:
    - defining, on said firewall service module, one or more dynamic routing processes to said virtual routers.
  - 14. The method of claim 11, wherein said first router further includes:
    - a respective virtual private network interface connected between each respective virtual private networks of said two or more virtual private networks and said respective virtual routers; and
      
      an additional virtual router connected only to said firewall service module; and
      
      said method further including;
      
      configuring, on said firewall service module, static routes to said virtual private network interfaces.
  - 15. The method of claim 11, wherein said first router further includes:
    - an additional virtual router connected to said firewall service module; and
      
      said method further including;
      
      defining, on said firewall service module, one or more dynamic routing processes to said additional virtual router.
  - 16. The method of claim 11, further including:
    - providing two or more third routers, each third router of said two or more third routers being a client edge multi-protocol label switching capable router, each third router of said two or more third routers connected between a respective private network and a respective each second router of said two or more second routers.
  - 17. The method of claim 16, further including:
    - independently connecting routers of said third routers to routers of said second routers by electrically conductive wires, optical cables, wireless connections or combinations thereof.
  - 18. The method of claim 11, further including:
    - connecting and bypassing said first router, by said respective network paths of said multi-protocol label switching network, two or more fourth routers to a respective router of said one or more second routers, each fourth router of said two or more fourth routers being a provider edge router; and
      
      connecting two or more fifth routers to said third router, each fifth router of said two or more fifth routers being a client edge router.
  - 19. The method of claim 18, further including:
    - connecting at least one of said fourth routers to said one of said fifth routers using a private network.
  - 20. The method of claim 18, further including:
    - independently connecting routers of said fifth routers to routers of said second routers by electrically conductive wires, optical cables, wireless connections or combinations thereof andindependently connecting routers of said fifth routers to said third router by electrically conductive wires, optical cables, wireless connections or combinations thereof.
  - 21. The method of claim 11, further including:
    - configuring said first router and each second router of said two or more second routers to transmit and receive virtual private network packets and not public data packets.

22. A method of providing a service to a customer over a network, the service comprising:
- providing a network connecting a first router to two or more second routers, said first router containing two or more virtual routers connected to a firewall service module configured to inspect only virtual private network data packets, said first router and each second router of said one or more second routers being provider edge multi-protocol label switching capable routers;
  
  connecting each second router of said two or more second routers to respective virtual routers of said first router by network paths of a multi-protocol labeling switching virtual network;
  
  receiving a private network packet on said first router from said customer;
  
  inspecting said private network data packet in said firewall service module against a customer security policy and rejecting said packet if said packet fails to conform to said security policy;
  
  forwarding said data packet over said network to at least one second router of said one or more second routers;
  
  providing a respective connection between each second router of said two or more second routers a corresponding third router of two or more third routers, each third router of said two or more third routers being a client edge router; and
  
  connecting a third router to a respective router of said one or more second routers, said third router being a provider edge router multi-protocol label switching capable router, said third router connected to one or more second routers of said two or more second routers by said respective network paths of said multi-protocol label switching network, bypassing said first router.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
- - 23. The method of claim 22, wherein said first router further includes:
    - a respective virtual private network interface connected between each respective virtual private networks of said two or more virtual private networks and said respective virtual routers; and
      
      said method further including;
      
      configuring, on said firewall service module, static routes to said virtual private network interfaces.
  - 24. The method of claim 22, further including:
    - defining, on said firewall service module, one or more dynamic routing processes to said virtual routers.
  - 25. The method of claim 22, wherein said first router further includes:
    - a respective virtual private network interface connected between each respective virtual private networks of said two or more virtual private networks and said respective virtual routers; and
      
      an additional virtual router connected only to said firewall service module; and
      
      said method further including;
      
      defining, on said firewall service module, one or more dynamic routing processes to said virtual routers.
  - 26. The method of claim 22, wherein said first router further includes:
    - an additional virtual router connected to said firewall service module; and
      
      said method further including;
      
      defining, on said firewall service module, one or more dynamic routing processes to said additional virtual router.
  - 27. The method of claim 22, further including:
    - providing two or more third routers, each third router of said two or more third routers being a client edge multi-protocol label switching capable router, each third router of said two or more third routers connected between a respective private network and a respective each second router of said two or more second routers.
  - 28. The method of claim 22 further including:
    - connecting and bypassing said first router, by said respective network paths of said multi-protocol label switching network, two or more fourth routers to a respective router of said one or more second routers, each fourth router of said two or more fourth routers being a provider edge router; and
      
      connecting two or more fifth routers to said third router, each fifth router of said two or more fifth routers being a client edge router.
  - 29. The method of claim 28, further including:
    - connecting at least one of said fourth routers to said one of said fifth routers using a private network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
X Corp. (f/k/a Twitter, Inc.) (X Holdings Corp.)
Original Assignee
International Business Machines Corporation
Inventors
Kreuk, Volkert N M
Primary Examiner(s)
Sheikh; Ayaz R
Assistant Examiner(s)
Hsiung; Hai-Chang

Application Number

US11/553,495
Publication Number

US 20080148386A1
Time in Patent Office

1,201 Days
Field of Search

370/401, 370/254, 370/392
US Class Current

370/254
CPC Class Codes

H04L 63/0272 Virtual private networks

Network packet inspection and forwarding

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

27 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Network packet inspection and forwarding

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links