Methods, apparatus and data structures for segmenting customers using at least a portion of a layer 2 address header or bits in the place of a layer 2 address header
First Claim
1. A method for provisioning services to packets sourced from a number of client customer devices, the method comprising:
- a) accepting, by communications system, a packet sourced from one of a number of client customer devices, wherein the packet has had at least a part of a layer 2 header, generated by the source client customer device, replaced with a unique bit string that is independent of any contents of the packet, wherein the at least a portion of the unique bit string corresponds to a virtual private network-INDEX;
b) determining, by the communications system, whether or not the packet is entitled to access a particular service using at least a portion of the unique bit string; and
c) if it is determined that the packet is entitled to access the particular service, then routing, by the communications system, the packet, otherwise denying, by the communications system, the packet access to the particular service.
2 Assignments
0 Petitions
Accused Products
Abstract
Limiting or controlling access to various services thereby performing a firewall function. An access router may permit or deny a packet based on at least a portion of a unique bit string (or context information) which replaced layer 2 header information (e.g., the layer 2 (e.g., MAC) address). Further, a particular quality of service may be indicated by at least a part of the unique bit string (or context information). The service provided to a group of customers, that group of customers being defined by at least a portion of the unique bit string (or context information), may be monitored. Multicast groups may be supported by checking at least a part of the unique bit string (or context information) to determine whether or not a customer associated with that port is permitted to join the multicast group.
97 Citations
17 Claims
-
1. A method for provisioning services to packets sourced from a number of client customer devices, the method comprising:
-
a) accepting, by communications system, a packet sourced from one of a number of client customer devices, wherein the packet has had at least a part of a layer 2 header, generated by the source client customer device, replaced with a unique bit string that is independent of any contents of the packet, wherein the at least a portion of the unique bit string corresponds to a virtual private network-INDEX; b) determining, by the communications system, whether or not the packet is entitled to access a particular service using at least a portion of the unique bit string; and c) if it is determined that the packet is entitled to access the particular service, then routing, by the communications system, the packet, otherwise denying, by the communications system, the packet access to the particular service. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for providing various quality of service levels to packets sourced from a number of client customer devices, the method comprising:
-
a) accepting, by the communications system, a packet sourced from one or a number of client customer devices, wherein the packet has had at least a part of a layer 2 header, generated by the source client customer device, replaced with a unique bit string that is independent of any contents of the packet, wherein the at least a portion of the unique bit string corresponds to a virtual private network-INDEX; b) determining, by the communications system, a service level to which the packet is entitled using the unique bit string; and c) forwarding, by the communications system, the packet to a particular one of a plurality of queues associated with the service level determined. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A method for monitoring packets sourced from a group of client customer devices defining a subset of client customer devices, each of the packets having at least a part of a layer 2 header, generated by the source client customer device, replaced with a unique bit string, the method comprising:
-
a) determining, by the communications system, whether or not the packet belongs to the group of client customer devices using at least a portion of the unique bit string, wherein the at least a portion of the unique bit string corresponds to a virtual private network-INDEX; and b) if it is determined that the packet does belong to the group of client customer devices, then i) copying, by the communications system, the packet to generate a duplicate packet, and ii) forwarding, by the communications system, the duplicate packet to a monitoring facility, wherein the monitoring facility monitors at least one of (A) service provided to a group of customers, and (B) security. - View Dependent Claims (14, 15, 16, 17)
-
Specification