Providing services for multiple virtual private networks

US 7,853,714 B1
Filed: 01/29/2007
Issued: 12/14/2010
Est. Priority Date: 11/15/2002
Status: Active Grant

First Claim

Patent Images

1. A router comprising:

a plurality of virtual hosts executing on an operating system of the router;

a plurality of interfaces to receive data from multiple virtual private networks;

a control unit that maintains routing information that describes routes and next hops along each of the routes, wherein the control unit maintains a plurality of forwarding information bases that each includes forwarding information for a respective one of the virtual private networks, and wherein each of the forwarding information bases associates network destinations with the next hops for the virtual private networks,wherein the control unit dynamically instantiates one or more inbound logical interfaces to deliver virtual private network traffic from the control unit to the virtual hosts and one or more outbound logical interfaces to deliver the virtual private network traffic from the virtual hosts to the control unit,wherein the control unit destructs the dynamically instantiated logical interfaces after delivering the virtual private network traffic,wherein the control unit forwards the virtual private network traffic received from the virtual private networks to the virtual hosts in accordance with a respective one of the forwarding information bases, andwherein each of the virtual hosts operates as a network device within at least one of the virtual private networks to process the received virtual private network traffic and provide a service to another network device within the respective virtual private network.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network device provides services for multiple virtual private networks (VPNs) via one or more virtual hosts. For example, a router receives packets from multiple VPNs, and communicates the packets to a service card via a logical interface in accordance with a forwarding information base. A virtual host within the service card processes the packets and provides a service for the network device from which the packet was sent. The virtual host may, for example, provide print services for network devices within a corresponding VPN. The virtual host acts, in essence, as a print server within the corresponding VPN. In this manner, the router may eliminate the need for the customer associated with the VPN to maintain print servers within remote customer sites.

48 Citations

View as Search Results

14 Claims

1. A router comprising:
- a plurality of virtual hosts executing on an operating system of the router;
  
  a plurality of interfaces to receive data from multiple virtual private networks;
  
  a control unit that maintains routing information that describes routes and next hops along each of the routes, wherein the control unit maintains a plurality of forwarding information bases that each includes forwarding information for a respective one of the virtual private networks, and wherein each of the forwarding information bases associates network destinations with the next hops for the virtual private networks,wherein the control unit dynamically instantiates one or more inbound logical interfaces to deliver virtual private network traffic from the control unit to the virtual hosts and one or more outbound logical interfaces to deliver the virtual private network traffic from the virtual hosts to the control unit,wherein the control unit destructs the dynamically instantiated logical interfaces after delivering the virtual private network traffic,wherein the control unit forwards the virtual private network traffic received from the virtual private networks to the virtual hosts in accordance with a respective one of the forwarding information bases, andwherein each of the virtual hosts operates as a network device within at least one of the virtual private networks to process the received virtual private network traffic and provide a service to another network device within the respective virtual private network.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The router of claim 1, wherein one or more of the virtual hosts operate as source devices that originate virtual private network traffic.
  - 3. The router of claim 1, wherein one or more of the virtual hosts operate as destination devices for virtual private network traffic.
  - 4. The router of claim 1, wherein each of the virtual hosts maintains virtual private network data that contains information specific to the respective virtual private network.
  - 5. The router of claim 4, wherein the virtual private network data includes at least one of cryptographic information associated with the respective virtual private network, a radius server within the respective virtual private network for authentication, and domain name information for the respective virtual private network.
  - 6. The router of claim 1, wherein each of the virtual hosts is assigned an address from a subnet of addresses belonging to the respective virtual private network.
  - 7. The router of claim 1, wherein the service provided by the virtual hosts includes at least one of authentication services, network address translation (NAT) services, domain name system (DNS) services, print services, and file-sharing services.

8. A method comprising:
- maintaining a plurality of forwarding information bases within a router, wherein each of the forwarding information bases includes forwarding information for a respective one of a plurality of virtual private networks, and wherein each of the forwarding information bases associates network destinations with next hops for the virtual private networks;
  
  receiving, with the router, virtual private network traffic from the multiple virtual private networks;
  
  providing an operating environment within the router for a plurality of virtual hosts, wherein each of the virtual hosts operates as a network device within at least one of the virtual private networks;
  
  forwarding the virtual private network traffic to the virtual hosts within the router in accordance with the forwarding information bases, wherein forwarding the virtual private network traffic comprises dynamically instantiating one or more logical interfaces to send the virtual private network traffic to one of the virtual hosts and destructing the dynamically logical interfaces after sending the virtual private network traffic; and
  
  processing the virtual private network traffic via the virtual hosts to provide a service to another network device within the respective virtual private network via the virtual hosts.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method of claim 8, wherein each of the virtual hosts operating as a network device within at least one of the virtual private networks comprises each of the virtual hosts operating as a source device of virtual private network traffic within the respective virtual private network.
  - 10. The method of claim 8, wherein each of the virtual hosts operating as a network device within at least one of the virtual private networks comprises each of the virtual hosts operating as a destination device for virtual private network traffic within the respective virtual private network.
  - 11. The method of claim 8, further comprising associating each of the virtual hosts with an address from a subnet of addresses belonging to the respective virtual private network.
  - 12. The method of claim 8, wherein processing the virtual private network traffic via the virtual hosts to provide a service to another network device within the respective virtual private network comprises processing the virtual private network traffic via the virtual hosts to provide at least one of authentication services, network address translation (NAT) services, domain name system (DNS) services, print services, and file-sharing services.
  - 13. The method of claim 8, further comprising maintaining at least one of cryptographic information associated with the respective virtual private network, a radius server within the respective virtual private network for authentication, and domain name information for the respective virtual private network.

14. A non-transitory computer-readable medium comprising instructions that cause one or more processors to:
- maintain a plurality of forwarding information bases within a router, wherein each of the forwarding information bases includes forwarding information for a respective one of a plurality of virtual private networks, and wherein each of the forwarding information bases associates network destinations with next hops for the virtual private networks;
  
  provide an operating environment within the router for a plurality of virtual hosts, wherein each of the virtual hosts operates as a network device within at least one of the virtual private networks;
  
  dynamically instantiate one or more logical interfaces to forward virtual private network traffic to at least one of the virtual hosts within the router in accordance with the forwarding information bases;
  
  receive, with the router, the virtual private network traffic from the multiple virtual private networks;
  
  destruct the dynamically logical interfaces; and
  
  process the virtual private network traffic via the virtual hosts to provide a service to another network device within the respective virtual private network via the virtual hosts.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
Murphy, James, Lin, Steven, Moberg, Kenneth A., Greene, Spencer
Primary Examiner(s)
Hamza; Faruk

Application Number

US11/699,721
Time in Patent Office

1,415 Days
Field of Search

709/200, 709/223, 709/227, 709/238, 709/242, 709/245, 709/250, 370/351, 370/355, 370/392
US Class Current

709/238
CPC Class Codes

H04L 12/4675   Dynamic sharing of VLAN inf...

H04L 45/04   Interdomain routing, e.g. h...

H04L 45/60   Router architectures

Providing services for multiple virtual private networks

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

48 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Providing services for multiple virtual private networks

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links