Apparatus and methods for allocating addresses in a network

US 7,792,993 B1
Filed: 08/19/2004
Issued: 09/07/2010
Est. Priority Date: 03/27/2000
Status: Active Grant

First Claim

Patent Images

1. A method for assigning addresses to requesting computer systems comprising:

receiving, under a dynamic address assignment protocol, a broadcast discovery message as a request for an IP address from a computer system coupled to a first subnetwork of a local area network, wherein the broadcast discovery message includes clear data and encrypted data;

determining if the computer system is registered to a local domain by verifying the identity of the computer system from the request for an IP address using the clear data and encrypted data;

assigning a local address on the first subnetwork if the computer system is registered to the local domain, the local address operable for access to the local area network; and

if the computer system is not registered to the local domain;

designating the computer system as a guest computer system;

assigning a guest address on the first subnetwork operable for selective transport on predetermined portions of the local area network; and

propagating assignments of addresses to communications devices operable to selectively route traffic to at least one guest address path, which includes;

identifying a second subnetwork, the second subnetwork including restricted nodes;

defining tunnel routes as selected routes separate from the second subnetwork; and

routing guest traffic on the tunnel routes.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An address assignment mechanism allows an address server to receive requests for network addresses from computer systems. Based on an identity of the requesting computer system, the address server selects an address for use from local addresses or guest addresses. If the address server identifies the requesting computer system as a guest computer system, then a guest address selected from a set of guest addresses is assigned and provided to that computer system, whereas if the address server identifies the requesting computer system a local computer system then the address server selects and assigns a local address (from the set of local addresses) to the requesting local computer system. Data communications devices selectively route data portions sent from computer systems depending upon if those data portions contain guest addresses or not. Selective transport therefore restricts access to certain parts of the network if the data portion contains a guest address.

32 Citations

View as Search Results

18 Claims

1. A method for assigning addresses to requesting computer systems comprising:
- receiving, under a dynamic address assignment protocol, a broadcast discovery message as a request for an IP address from a computer system coupled to a first subnetwork of a local area network, wherein the broadcast discovery message includes clear data and encrypted data;
  
  determining if the computer system is registered to a local domain by verifying the identity of the computer system from the request for an IP address using the clear data and encrypted data;
  
  assigning a local address on the first subnetwork if the computer system is registered to the local domain, the local address operable for access to the local area network; and
  
  if the computer system is not registered to the local domain;
  
  designating the computer system as a guest computer system;
  
  assigning a guest address on the first subnetwork operable for selective transport on predetermined portions of the local area network; and
  
  propagating assignments of addresses to communications devices operable to selectively route traffic to at least one guest address path, which includes;
  
  identifying a second subnetwork, the second subnetwork including restricted nodes;
  
  defining tunnel routes as selected routes separate from the second subnetwork; and
  
  routing guest traffic on the tunnel routes.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 further comprising:
    - maintaining a bank of guest addresses operable for guest address allocation for transporting guest traffic;
      
      maintaining a bank of local addresses operable for local address allocation for transporting local traffic; and
      
      selecting one of either an address from the bank of guest addresses and an address from the bank of guest addresses for selectively assigning to the requesting computer system.
  - 3. The method of claim 2 further comprising:
    - identifying a set of local routing paths interconnecting predetermined subnetworks;
      
      determining guest address paths distinct from the local routing paths; and
      
      routing the guest traffic only on the guest address paths.
  - 4. The method of claim 3 wherein the guest traffic further comprises message traffic having a guest address in at least one of the source and destination fields.
  - 5. The method of claim 2 wherein determining the identity of the requesting computer system further includes:
    - determining a subnetwork which the requesting computer system has become coupled toverifying the domain of the requesting computing system by authenticating a credential provided by the requesting computer system.
  - 6. The method of claim 1 wherein the request for an IP address from the computer system comprises at least one of a hostname, key encryption data, a network domain and a previously assigned address.
  - 7. The method as in claim 1, further comprising:
    - wherein propagating assignments of addresses to communications device includes propagating assignments of addresses to at least one router;
      
      wherein routing guest traffic on the tunnel routes includes;
      
      at the at least one router;
      
      receiving at least one data packet at the least one router;
      
      detecting a source of the data packet as corresponding to the guest computer system based on a guest address assigned to the guest computer system; and
      
      in response to detecting the guest address, determining transport of the first packet via the tunnel routes such that the at least one data packet avoids transport via the subnetwork of restricted nodes to a destination described by the at least one data packet.
  - 8. The method of claim 1 wherein the clear data and encrypted data is included in an option field of the broadcast discovery message.
  - 9. The method of claim 1 wherein the clear data and encrypted data comprise at least one of a hostname, a domain name, or a username.
  - 10. The method of claim 9 wherein the encrypted data is doubly encrypted using an encryption key of the computer system and an encryption key of an address server.

11. A data communications device for assigning addresses to requesting computer systems comprising:
- a network interface to receive, under a dynamic address assignment protocol, a broadcast discovery message as a request for an IP address from a requesting computer system coupled to a local area network, wherein the broadcast discovery message includes clear data and encrypted data;
  
  an address server to assign a local address if the requesting computer system is registered to a local domain and if the requesting computer system is not registered to the local domain by verifying the identity of the requesting computer system from the request for an IP address using the clear data and encrypted data, further configured to;
  
  —
  
  designate the requesting computer system as a guest computer system; and
  
  assign a guest address operable for selective transport on a first subnetwork of the local area network, the address server to employ the network interface to propagate assignments of addresses to communications devices to selectively route traffic to at least one guest address path, the address server further configured to;
  
  identify a second subnetwork of restricted nodes;
  
  define tunnel routes as selected routes separate from the second subnetwork; and
  
  route guest traffic on the tunnel routes.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The data communications device of claim 11 further comprising:
    - a bank of guest addresses operable for guest address allocation for transporting guest traffic;
      
      a bank of local addresses operable for local address allocation for transporting local traffic, the address server further configured to select one of either an address from the bank of guest addresses and an address from the bank of guest addresses for selectively assigning to the requesting computer system.
  - 13. The data communications device of claim 12 wherein the address server is further configured to:
    - identify a set of local routing paths interconnecting predetermined subnetworks within the network;
      
      determine guest address paths distinct from the local routing paths; and
      
      route the guest traffic only on the guest address paths.
  - 14. The data communications device of claim 13 wherein the guest traffic further comprises message traffic having a guest address in at least one of the source and destination fields.
  - 15. The data communications device of claim 12 wherein the address server is operable to:
    - determine the first subnetwork which the requesting computer system has become coupled to; and
      
      verify the domain of the requesting computing system by authenticating a credential provided by the requesting computer system.
  - 16. The data communications device of claim 11 wherein the request for an IP address from the requesting computer system comprises at least one of a hostname, key encryption data, a network domain and a previously assigned address.

17. A computer program product having a computer readable medium operable to store computer program logic embodied in computer program code encoded thereon for assigning addresses to requesting computer systems comprising:
- computer program code for receiving, under a dynamic address assignment protocol, a broadcast discovery message as a request for an IP address from a computer system coupled to a first subnetwork of a local area network, wherein the broadcast discovery message includes clear data and encrypted data;
  
  computer program code for determining if the computer system is registered to a local domain by verifying the identity of the computer system from the request for an IP address using the clear data and encrypted data;
  
  computer code for assigning a local address on the first subnetwork if the computer system is registered to the local domain, the local address operable for access to the local area network;
  
  computer code for designating the computer system as a guest computer system and assigning guest addresses on the first subnetwork operable for selective transport on predetermined portions of the network, if the computer system is not registered to the local domain;
  
  computer code for propagating assignments of addresses to communications devices operable to selectively route traffic to at least one guest address path, which includes;
  
  computer code for identifying a second subnetwork, the second subnetwork including of restricted nodes;
  
  computer code for defining tunnel routes as selected routes separate from the subnetwork; and
  
  computer code for routing guest traffic on the tunnel routes.

18. A data communications device for assigning addresses to requesting computer systems comprising:
- means for receiving, under a dynamic address assignment protocol, a broadcast discovery message as a request for an IP address from a computer system coupled to a first subnetwork of a local area network, wherein the broadcast discovery message includes clear data and encrypted data;
  
  means for determining if the computer system is registered to a local domain by verifying the identity of the computer system from the request for an IP address using the clear data and encrypted data;
  
  means for assigning a local address on the first subnetwork if the computer system is registered to the local domain, the local address operable for access to the local area network; and
  
  means for selectively assigning a guest address on the first subnetwork operable for selective transport on predetermined portions of the network, if the computer system is not registered to the local domain;
  
  means for propagating assignments of addresses to communications devices operable to selectively route traffic to at least one guest address path, which includes;
  
  means for identifying a second subnetwork, the second subnetwork including of restricted nodes;
  
  means for defining tunnel routes as selected routes separate from the second subnetwork; and
  
  means for routing guest traffic on the tunnel routes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Waclawsky, John G., Hopprich, John, Hiller, Dean
Primary Examiner(s)
BARQADLE, YASIN M

Application Number

US10/921,663
Time in Patent Office

2,210 Days
Field of Search

709238-240, 709/245, 709/203, 709217-219
US Class Current

709/245
CPC Class Codes

H04L 61/5014   using dynamic host configur...

H04L 61/5061   Pools of addresses

H04L 63/0442   wherein the sending and rec...

H04L 63/08   for authentication of entit...

Apparatus and methods for allocating addresses in a network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

32 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and methods for allocating addresses in a network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links