Maintaining secrecy of assigned unique local addresses for IPV6 nodes within a prescribed site during access of a wide area network
First Claim
1. An IPv6 node comprising:
- an in-site address acquisition resource configured for acquiring a unique in-site IPv6 address for communication with at least an IPv6 gateway node within a prescribed site, the unique in-site IPv6 address being reachable only by nodes within the prescribed site, the unique in-site IPv6 address having a first address prefix that is not advertised outside of the prescribed site;
an extra-site address acquisition resource configured for obtaining from within the prescribed site a unique extra-site IPv6 address having a second address prefix that is distinct from the first address prefix, wherein the second address prefix is advertised inside and outside the prescribed site; and
a packet transmit/receive resource configured for sending a first packet to a correspondent node outside of the prescribed site based on;
first generating the first packet, the first packet having a first header with a destination address field specifying an address of the correspondent node and a source address field specifying the extra-site IPv6 address, andsecond generating a second packet including the first packet and a second header for reception and removal by the IPv6 gateway node, the second header having a destination address field specifying an IPv6 address of the IPv6 gateway node and a source address field specifying the in-site IPv6 address,the packet transmit/receive resource including a secure tunnel interface configured for outputting the second packet, having the first and second headers, to the IPv6 gateway node via a secure connection established between the IPv6 node and the IPv6 gateway node, for transfer of the first packet by the IPv6 gateway node outside of the prescribed site for delivery to the correspondent node.
1 Assignment
0 Petitions
Accused Products
Abstract
A network includes network nodes and a gateway. Each network node has a corresponding unique in-site IPv6 address for communication within a prescribed site, each in-site IPv6 address having a first IPv6 address prefix that is not advertised outside of the prescribed site. Network nodes can obtain from within the prescribed site a unique extra-site IPv6 address for mobile or extra-site communications. The extra-site IPv6 address has a second IPv6 address prefix, distinct from the first IPv6 address prefix, advertised by the gateway to the prescribed site and the wide area network. The gateway establishes a secure connection (e.g., tunnel) with each corresponding IPv6 node using its corresponding extra-site IPv6 address, and creates a corresponding binding cache entry specifying the corresponding extra-site IPv6 address and in-site IPv6 address. Hence, the gateway provides wide area network access while maintaining secrecy of the in-site IPv6 addresses.
-
Citations
20 Claims
-
1. An IPv6 node comprising:
-
an in-site address acquisition resource configured for acquiring a unique in-site IPv6 address for communication with at least an IPv6 gateway node within a prescribed site, the unique in-site IPv6 address being reachable only by nodes within the prescribed site, the unique in-site IPv6 address having a first address prefix that is not advertised outside of the prescribed site; an extra-site address acquisition resource configured for obtaining from within the prescribed site a unique extra-site IPv6 address having a second address prefix that is distinct from the first address prefix, wherein the second address prefix is advertised inside and outside the prescribed site; and a packet transmit/receive resource configured for sending a first packet to a correspondent node outside of the prescribed site based on; first generating the first packet, the first packet having a first header with a destination address field specifying an address of the correspondent node and a source address field specifying the extra-site IPv6 address, and second generating a second packet including the first packet and a second header for reception and removal by the IPv6 gateway node, the second header having a destination address field specifying an IPv6 address of the IPv6 gateway node and a source address field specifying the in-site IPv6 address, the packet transmit/receive resource including a secure tunnel interface configured for outputting the second packet, having the first and second headers, to the IPv6 gateway node via a secure connection established between the IPv6 node and the IPv6 gateway node, for transfer of the first packet by the IPv6 gateway node outside of the prescribed site for delivery to the correspondent node. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. An IPv6 gateway configured for providing connectivity between a prescribed site and a wide area network, the IPv6 gateway comprising:
-
an advertising resource configured for advertising only within the prescribed site that a first IPv6 address prefix is reachable via the IPv6 gateway, the first IPv6 address prefix not advertised outside of the prescribed site, and advertising to the prescribed site and the wide area network that a second IPv6 address prefix is reachable via the IPv6 gateway; a secure tunnel generation resource configured for establishing a secure connection with a first IPv6 node within the prescribed site, based on the first IPv6 node having a unique in-site IPv6 address that includes the first IPv6 address prefix; an ingress interface configured for receiving from the first IPv6 node, via the secure connection, a first packet having a source address field specifying the in-site IPv6 address, a destination address field specifying an IPv6 address of the IPv6 gateway, and a second packet; a packet forwarding resource configured for forwarding the second packet to a destination node in response to the destination address field of the first packet specifying the IPv6 address of the IPv6 gateway and based on recovering the second packet from the first packet, the second packet having a source address field specifying a unique extra-site IPv6 address having the second IPv6 address prefix and a destination address field specifying an IPv6 address of the destination node, the second packet output by the IPv6 gateway without the in-site IPv6 address of the first IPv6 node; and a binding cache resource configured for creating a binding cache entry specifying that the extra-site IPv6 address of the first IPv6 node is reachable via the in-site IPv6 address of the first IPv6 node. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification