Point-to-multi-point/non-broadcasting multi-access VPN tunnels
First Claim
Patent Images
1. A network device, comprising:
- a memory to store at least one data table; and
a processing unit to;
establish a virtual private network (VPN) tunnel to a destination,determine a next hop for the VPN tunnel,insert an identifier associated with the next hop, and an address range associated with the destination, into the at least one data table,insert a tunnel identifier corresponding to the established VPN tunnel into the at least one data table, andassociate one or more security parameters, used to encrypt traffic sent via the VPN tunnel, with the tunnel identifier.
1 Assignment
0 Petitions
Accused Products
Abstract
A system establishes a virtual private network (VPN) tunnel to a destination and determines a next hop for the VPN tunnel. The system inserts the next hop, and an address associated with the destination, into an entry of a first table. The system inserts the next hop, and a tunnel identifier corresponding to the established VPN tunnel, into an entry of a second table. The system associates one or more security parameters, used to encrypt traffic sent via the VPN tunnel, with the tunnel identifier.
-
Citations
39 Claims
-
1. A network device, comprising:
-
a memory to store at least one data table; and a processing unit to; establish a virtual private network (VPN) tunnel to a destination, determine a next hop for the VPN tunnel, insert an identifier associated with the next hop, and an address range associated with the destination, into the at least one data table, insert a tunnel identifier corresponding to the established VPN tunnel into the at least one data table, and associate one or more security parameters, used to encrypt traffic sent via the VPN tunnel, with the tunnel identifier. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method, performed by a processor, the method comprising:
-
establishing, by the processor, a virtual private network (VPN) tunnel to a destination; determining, by the processor, a next hop for the VPN tunnel; inserting, by the processor, an identifier associated with the next hop, and an address range associated with the destination, into an entry of a first table; inserting, by the processor, the identifier associated with the next hop, and a tunnel identifier corresponding to the established VPN tunnel, into an entry of a second table; and associating, by the processor, one or more security parameters, used to encrypt traffic sent via the VPN tunnel, with the tunnel identifier. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
-
-
15. A system, comprising:
-
a memory to store a first data table and a second data table; a processing unit to; establish a virtual private network (VPN) tunnel to a destination, determine a next hop for the VPN tunnel, insert an identifier associated with the next hop, and an address range associated with the destination, into an entry of the first data table, insert the identifier associated with the next hop, and a tunnel identifier corresponding to the established VPN tunnel, into an entry of the second data table, and associate one or more security parameters, used to encrypt traffic sent via the VPN tunnel, with the tunnel identifier. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
-
-
23. A method, performed by a device, comprising:
-
receiving, at a processor of the device, a data unit; performing, by the processor, a route lookup to retrieve a next hop identifier from a routing table that corresponds to a destination of the data unit; retrieving, by the processor, a tunnel identifier from a second table using the retrieved next hop identifier; forwarding, by the processor, the data unit via a tunnel corresponding to the tunnel identifier, where the tunnel comprises a virtual private network (VPN) tunnel; and encrypting the data unit using security parameters associated with the tunnel identifier. - View Dependent Claims (24, 25, 26, 27, 28, 29)
-
-
30. A system, comprising:
-
a memory to store a first table and a second table; an interface to; receive a data unit; and a processing unit to; perform a route lookup to retrieve a next hop identifier from the first table that corresponds to a destination of the data unit, retrieve a virtual private network (VPN) tunnel identifier from the second table using the retrieved next hop identifier, forward the data unit via a VPN tunnel corresponding to the VPN tunnel identifier, and encrypt the data unit using security parameters associated with the VPN tunnel identifier. - View Dependent Claims (31, 32, 33, 34, 35, 36)
-
-
37. A system, comprising:
-
means for establishing a virtual private network (VPN) tunnel to a destination; means for determining a next hop for the VPN tunnel; means for inserting an identifier associated with the next hop, and an address range associated with the destination, into a first entry of a first table; means for inserting the identifier associated with the next hop, and a tunnel identifier corresponding to the established VPN tunnel, into a second entry of a second table; and means for associating one or more security parameters, used to encrypt traffic sent via the VPN tunnel, with the tunnel identifier.
-
-
38. A network device, comprising:
-
a data structure that comprises; a first data table comprising an identifier associated with a first next hop along a first virtual private network (VPN) tunnel to a first destination indexed to an address range associated with the first destination, and a second data table comprising a first tunnel identifier, corresponding to the first VPN tunnel, indexed to the identifier associated with the first next hop; and a processor to; retrieve the first tunnel identifier from the second table, and forward a data unit via a VPN tunnel corresponding to the first tunnel identifier. - View Dependent Claims (39)
-
Specification