Dynamic system and method for virtual private network (VPN) application level content routing using dual-proxy method

US 7,852,861 B2
Filed: 12/14/2006
Issued: 12/14/2010
Est. Priority Date: 12/14/2006
Status: Active Grant

First Claim

Patent Images

1. A method of application level content routing using a Dynamic VPN (DVPN) dual-proxy mechanism comprising:

establishing a virtual private network (VPN) Control Tunnel between a first virtual private network node and a second network node;

providing at least one client on the first virtual private network node a list of available resources hosted on the second virtual private network node;

initiating a request by the at least one client for at least one resource from the list of available resources hosted on the second virtual private network node as though the at least one resource is local to the at least one client and without exposing actual IP addresses of the list of available resources on the second virtual private network node to the at least one client;

routing the request to the at least one resource through the VPN Control Tunnel and establishing a VPN Session Tunnel between the first virtual private network node and the second virtual private network node;

responding to the request by the at least one resource on the second virtual private network node as though the request is initiated locally on the second virtual private network node and without exposing an actual IP address of the at least one client on the first virtual private network node to the at least one resource; and

routing the response from the second virtual private network node back to the at least one client on the first virtual private network node through the VPN Session Tunnel.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of application level content routing using a (Dynamic VPN) dual-proxy mechanism that provides a client access to resources on a remote network without exposing each other'"'"'s actual IP addresses and network topologies. The method includes providing a client a list of available resources on a remote network; initiating a request by the client for at least one resource from the list of available resources hosted on the remote network as though the at least one resource is local to the client; routing the request to the at least remote resource through a secure connection between the client and the remote network; responding to the request by the at least remote resource as though the request is initiated locally on the remote network; and routing the response from the remote network back to the client through the secure connection.

102 Citations

View as Search Results

26 Claims

1. A method of application level content routing using a Dynamic VPN (DVPN) dual-proxy mechanism comprising:
- establishing a virtual private network (VPN) Control Tunnel between a first virtual private network node and a second network node;
  
  providing at least one client on the first virtual private network node a list of available resources hosted on the second virtual private network node;
  
  initiating a request by the at least one client for at least one resource from the list of available resources hosted on the second virtual private network node as though the at least one resource is local to the at least one client and without exposing actual IP addresses of the list of available resources on the second virtual private network node to the at least one client;
  
  routing the request to the at least one resource through the VPN Control Tunnel and establishing a VPN Session Tunnel between the first virtual private network node and the second virtual private network node;
  
  responding to the request by the at least one resource on the second virtual private network node as though the request is initiated locally on the second virtual private network node and without exposing an actual IP address of the at least one client on the first virtual private network node to the at least one resource; and
  
  routing the response from the second virtual private network node back to the at least one client on the first virtual private network node through the VPN Session Tunnel.
- View Dependent Claims (2, 3, 4, 5, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 25, 26)
- - 2. The method of claim 1, wherein the VPN Control Tunnel and the VPN Session Tunnel between the at least one client and the at least one resource is established between a first virtual private network gateway on the first virtual private network node and a second virtual private network gateway on the second virtual private network node.
  - 3. The method of claim 1, further comprising a first DVPN proxy server on the first virtual private network node and a second DVPN proxy server on the second virtual private network node.
  - 4. The method of claim 3, wherein the first and second DVPN proxy servers are independent servers.
  - 5. The method of claim 3, wherein the first and second DVPN proxy servers are independent servers on an associated virtual private network gateway.
  - 10. The method of claim 3, wherein the first DVPN proxy server acts as a virtual resource which is on the second virtual private network node, for the at least one client on the first private virtual network node after provisioning, and further wherein the first DVPN proxy server can receive the request to access the at least one resource from the at least client using a local IP address on the first private virtual network node.
  - 11. The method of claim 3, wherein the initial request is communicated via the virtual private network (VPN) Control Tunnel from the first DVPN proxy server to the second DVPN proxy server.
  - 12. The method of claim 3, wherein the second DVPN proxy server has a local IP address on the second virtual private network node for the at least one client on the first virtual private network node, and wherein the local IP address on the second virtual private network node of the at least one client is obtained using an IP pool of addresses configured on a second virtual private network gateway on the second virtual private network node or a DHCP server on the second virtual private network node.
  - 13. The method of claim 3, wherein the second DVPN proxy server initiates the request on behalf of the at least one client to the at least one resource on the second private network node.
  - 14. The method of claim 3, wherein the first and the second DVPN proxy servers establish the virtual private network (VPN) Session Tunnel after processing the initial request from the at least one client to the at least one resource between the first and the second DVPN proxy servers via the virtual private network (VPN) Control Tunnel.
  - 15. The method of claim 3, wherein the first and the second DVPN proxy servers route data exchange between the at least one client and the at least one resource via the virtual private network (VPN) Session Tunnel using an unique session identifier which is created based on a client name, a resource name and an IP addresses on the second virtual private network node.
  - 16. The method of claim 3, wherein the first and the second DVPN proxy servers close and remove the virtual private network (VPN) Session Tunnel when the at least one client and the at least one resource finish their data exchange.
  - 17. The method of claim 1, further comprising an authentication and authorization system, wherein the authentication and authorization system authenticates and authorizes each access request.
  - 18. The method of claim 3, wherein the first and second DVPN proxy servers create a plurality of virtual private network Session Tunnels from an initial virtual private network Session Tunnel to support application protocols that use a plurality of IP (Internet Protocol) ports.
  - 19. The method of claim 3, wherein the first and the second DVPN proxy servers perform content re-write to map embedded IP addresses and port numbers on the first and second virtual private network nodes to support an application protocol.
  - 20. The method of claim 1, wherein the at least one client accesses the at least one resource through a plurality of intermediate virtual private network nodes with a DVPN proxy server in each of the plurality of intermediate virtual private network nodes.
  - 21. The method of claim 1, wherein the at least one client comprises a plurality of clients on the first network node, and wherein the plurality of clients access a plurality of resources on the second virtual private network node.
  - 22. The method of claim 1, wherein the second virtual private network node is configured to host a plurality of local resources, which are accessible by at least one client on the first virtual private network node.
  - 23. The method of claim 1, wherein the at least one resource is routed through the VPN Session Tunnel without disclosing a network topology of the at least one client and/or the at least one resource.
  - 25. The method of claim 1, further comprising hosting the at least one resource on a third virtual private network node, and wherein the second virtual private network node performs proxy forwarding for communications between the at least one client and the at least one resource hosted on the third virtual private network node, and without disclosing a network topology of either the second or third virtual private network node to the at least one client.
  - 26. The method of claim 1, further comprising establishing a virtual private network (VPN) Control Tunnel and at least one VPN Session Tunnel between the second and a third virtual private network nodes.

6. A method of application level content routing using a Dynamic VPN (DVPN) dual-proxy mechanism comprising a first DVPN proxy server on a first virtual private network node and a second DVPN proxy server on a second virtual private network node, the method comprising:
- establishing a virtual private network (VPN) Control Tunnel between the first virtual private network node and the second virtual private network node;
  
  providing at least one client on the first virtual private network node a list of available resources hosted on the second virtual private network node;
  
  initiating a request by the at least one client for at least one resource from the list of available resources hosted on the second virtual private network node as though the at least one resource is local to the at least one client and without exposing actual IP addresses of the list of available resources on the second virtual private network node to the at least one client, and wherein the at least one resource on the second virtual private network node is provisioned to the first DVPN proxy server, and a local IP address and/or a local name on the first virtual private network node is assigned to the at least one resource;
  
  routing the request to the at least one resource through the VPN Control Tunnel and establishing a VPN Session Tunnel between the first virtual private network node and the second virtual private network node;
  
  responding to the request by the at least one resource on the second virtual private network node as though the request is initiated locally on the second virtual private network node and without exposing an actual IP address of the at least one client on the first virtual private network node to the at least one resource; and
  
  routing the response from the second virtual private network node back to the at least one client on the first virtual private network node through the VPN Session Tunnel.
- View Dependent Claims (7, 8, 9)
- - 7. The method of claim 6, wherein the local IP address on the first node of the at least one resource is obtained using an IP pool of addresses configured on a first virtual private network gateway on the first virtual private network node.
  - 8. The method of claim 6, wherein the local IP address on the first node of the at least one resource is obtained using a DHCP server on the first virtual private network node.
  - 9. The method of claim 6, wherein a domain name system (DNS) server is used to provide the at least one client with the local IP address on the first virtual private network node when the at least one client is requesting the at least one resource by name.

24. A method of application level content routing using a Dynamic VPN (DVPN) dual-proxy mechanism comprising:
- establishing a virtual private network (VPN) Control Tunnel between a first virtual private network node and a second network node;
  
  providing at least one client on the first virtual private network node a list of available resources hosted on the second virtual private network node;
  
  initiating a request by the at least one client for at least one resource from the list of available resources hosted on the second virtual private network node as though the at least one resource is local to the at least one client and without disclosing a network topology of the list of available resources on the second virtual private network node to the at least one client;
  
  routing the request to the at least one resource through the VPN Control Tunnel and establishing a VPN Session Tunnel between the first virtual private network node and the second virtual private network node;
  
  responding to the request by the at least one resource on the second virtual private network node as though the request is initiated locally on the second virtual private network node and without disclosing a network topology of the at least one client on the first virtual private network node to the at least one resource; and
  
  routing the response from the second virtual private network node back to the at least one client on the first virtual private network node through the VPN Session Tunnel.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Array Networks Incorporated (Hitachi, Ltd.)
Original Assignee
Array Networks Incorporated (Hitachi, Ltd.)
Inventors
Wu, Michael, Yen, Leemay, Chang, Arthur, Hsu, Nai-Ting
Primary Examiner(s)
Ton; Dang T
Assistant Examiner(s)
LEE, KEVIN H

Application Number

US11/639,561
Publication Number

US 20080144625A1
Time in Patent Office

1,461 Days
Field of Search

370/254, 370/401, 370/395.53, 726/2, 726/15, 726/17, 726/27, 726/14, 726/12, 726/13
US Class Current

370/401
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 45/04   Interdomain routing, e.g. h...

H04L 45/306   Route determination based o...

Dynamic system and method for virtual private network (VPN) application level content routing using dual-proxy method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

102 Citations

26 Claims

Specification

Use Cases

Quick Links

Others

Dynamic system and method for virtual private network (VPN) application level content routing using dual-proxy method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

102 Citations

26 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others