Network packet inspection and forwarding
First Claim
1. A multi-protocol label switching/virtual private network racket inspection and forwarding network, comprising:
- a first router, said first router being a provider edge multi-protocol label switching capable router, said first router including a firewall service module configured for inspection of only virtual private network data packets and two or more virtual routers connected to said firewall service module;
two or more second routers, each second router of said two or more second routers being a provider edge multi-protocol label switching capable router, each second router of said two or more second routers connected to a respective virtual router of said first router through a network path of a multi-protocol label switching network; and
a third router, said third router being a provider edge multi-protocol label switching capable router, said third router connected to at least two of said two or more second routers by said respective network paths of said multi-protocol label switching network, bypassing said first router.
5 Assignments
0 Petitions
Accused Products
Abstract
A network, method, and a method of providing a service for packet inspection and forwarding using multi-protocol label switching for a virtual private network in a public network. The network includes a first router, the first router being a provider edge multi-protocol label switching capable router, the first router including a firewall service module for inspection of packets, the firewall service module connected to one or more virtual private networks; one or more second routers, each second router of the one or more second routers being provider edge multi-protocol label switching capable routers, each second router connected to a private virtual network of the one or more virtual private networks; and a network connecting the first router to the one or more second routers.
27 Citations
29 Claims
-
1. A multi-protocol label switching/virtual private network racket inspection and forwarding network, comprising:
-
a first router, said first router being a provider edge multi-protocol label switching capable router, said first router including a firewall service module configured for inspection of only virtual private network data packets and two or more virtual routers connected to said firewall service module; two or more second routers, each second router of said two or more second routers being a provider edge multi-protocol label switching capable router, each second router of said two or more second routers connected to a respective virtual router of said first router through a network path of a multi-protocol label switching network; and a third router, said third router being a provider edge multi-protocol label switching capable router, said third router connected to at least two of said two or more second routers by said respective network paths of said multi-protocol label switching network, bypassing said first router. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of providing multi-protocol label switching/virtual private network packet inspection and forwarding, comprising:
-
providing a first router, said first router being a provider edge multi-protocol label switching capable router, said first router including a firewall service module configured for inspection of only virtual private network data packets and two or more virtual routers connected to said firewall service module; providing two or more second routers, each second router of said two or more second routers being a provider edge multi-protocol label switching capable router, each second router of said two or more second routers connected to a respective virtual router of said first router through a network path of a multi-protocol label switching network; receiving a private network data packet on said first router;
inspecting said private network data packet in said firewall service module against a security policy and rejecting said packet if said packet fails to conform with said security policy;forwarding said private network data packet over said network to at least one second router of said one or more second routers; and connecting a third router to a respective router of said one or more second routers, said third router being a provider edge router multi-protocol label switching capable router, said third router connected to one or more second routers of said two or more second routers by said respective network paths of said multi-protocol label switching network, bypassing said first router. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A method of providing a service to a customer over a network, the service comprising:
-
providing a network connecting a first router to two or more second routers, said first router containing two or more virtual routers connected to a firewall service module configured to inspect only virtual private network data packets, said first router and each second router of said one or more second routers being provider edge multi-protocol label switching capable routers; connecting each second router of said two or more second routers to respective virtual routers of said first router by network paths of a multi-protocol labeling switching virtual network; receiving a private network packet on said first router from said customer; inspecting said private network data packet in said firewall service module against a customer security policy and rejecting said packet if said packet fails to conform to said security policy; forwarding said data packet over said network to at least one second router of said one or more second routers; providing a respective connection between each second router of said two or more second routers a corresponding third router of two or more third routers, each third router of said two or more third routers being a client edge router; and connecting a third router to a respective router of said one or more second routers, said third router being a provider edge router multi-protocol label switching capable router, said third router connected to one or more second routers of said two or more second routers by said respective network paths of said multi-protocol label switching network, bypassing said first router. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
-
Specification