Automatic configuration of source address filters within a network device

US 8,078,758 B1
Filed: 06/05/2003
Issued: 12/13/2011
Est. Priority Date: 06/05/2003
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, with a first network device, a routing communication from a second network device in accordance with a routing communication protocol, wherein the routing communication specifies at least one selected route along which the second network device forwards outbound data and at least one non-selected network route along which the second network device does not forward outbound data;

setting a source address filter within the first network device with a source address to permit the first network device to forward inbound data originating from a source along the non-selected route and corresponding to the source address in response to the received routing communication;

receiving the inbound data originating from the source along the non-selected route from the second network device;

applying the source address filter to compare a source address defined within the inbound data originating from the source along the non-selected route to the source address set within the source address filter;

forwarding the inbound data in accordance with routing information of the first network device only when the source address defined within the inbound data originating from the source along the non-selected route matches the source address set within the source address filter; and

dropping the inbound data when the source address defined within the inbound data originating from the source along the non-selected route does not match the source address set within the source address filter.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are described for automatically setting source address filters within a network device. For example, an apparatus, such as a router, comprises a network interface card to receive routing information from a network device. The routing information specifies at least one unselected network route to a network destination, and includes a tag associated with the unselected route to indicate that the network device does not forward outbound data along the unselected route. The apparatus further comprises a control unit to automatically set a filter to receive inbound data from the network destination specified by the non-selected route. The control unit may automatically set, for example, a source address filter.

151 Citations

14 Claims

1. A method comprising:
- receiving, with a first network device, a routing communication from a second network device in accordance with a routing communication protocol, wherein the routing communication specifies at least one selected route along which the second network device forwards outbound data and at least one non-selected network route along which the second network device does not forward outbound data;
  
  setting a source address filter within the first network device with a source address to permit the first network device to forward inbound data originating from a source along the non-selected route and corresponding to the source address in response to the received routing communication;
  
  receiving the inbound data originating from the source along the non-selected route from the second network device;
  
  applying the source address filter to compare a source address defined within the inbound data originating from the source along the non-selected route to the source address set within the source address filter;
  
  forwarding the inbound data in accordance with routing information of the first network device only when the source address defined within the inbound data originating from the source along the non-selected route matches the source address set within the source address filter; and
  
  dropping the inbound data when the source address defined within the inbound data originating from the source along the non-selected route does not match the source address set within the source address filter.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein receiving a routing communication in accordance with a routing communication protocol comprises receiving information in accordance with one of a Border Gateway Protocol (BGP), Routing Information Protocol (RIP), Interior Gateway Protocol (IGP), Intermediate System to Intermediate System (IS-IS) protocol, and Open Shortest Path First (OSPF) protocol.
  - 3. The method of claim 1, wherein the data comprises one of a packet and a cell.
  - 4. The method of claim 1, wherein the first network device comprises a router.
  - 5. The method of claim 1, further comprising setting the source address filter with a source address corresponding to a second source located along the selected route to permit the first network device to forward inbound data originating from the second source located along the selected route.
  - 6. The method of claim 1, wherein the routing communication protocol is the Border Gateway Protocol (BGP).

7. An apparatus comprising:
- a network interface card to receive a routing communication from a network device in accordance with a routing communication protocol, wherein the routing communication specifies at least one selected route, at least one non-selected network route, and a tag associated with the non-selected route to indicate that the network device does not forward outbound data along the non-selected route; and
  
  a control unit to set a source address filter with a source address to permit the control unit to forward inbound data originating from a source along the non-selected route and corresponding to the source address in response to the received routing communication,wherein the network interface card receives the inbound data originating from the source along the non-selected route from the network device,wherein the control unit applies the source address filter to compare a source address defined within the inbound data originating from the source along the non-selected route to the source address set within the source address filter,wherein the control unit forwards the inbound data only when the source address defined within the inbound data matches the source address set within the source address filter, andwherein the control unit drops the inbound data when the source address defined within the inbound data originating from the source along the non-selected route does not match the source address set within the source address filter.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The apparatus of claim 7, wherein the control unit executes a routing process that processes the routing communication in accordance with the routing communication protocol, wherein the routing protocol includes one of a Border Gateway Protocol (BGP), a Routing Information Protocol (RIP), an Interior Gateway Protocol (IGP), a Intermediate System to Intermediate System (IS-IS) protocol, and an Open Shortest Path First (OSPF) protocol.
  - 9. The apparatus of claim 7, wherein the control unit sets the source address filter with a source address corresponding to a second source located along the selected route to permit the first network device to forward inbound data originating from the second source located along the selected route.
  - 10. The apparatus of claim 7, wherein the apparatus comprises a router and the inbound data comprises a packet.
  - 11. The apparatus of claim 7, wherein the inbound data comprises an asynchronous transfer mode (ATM) cell.

12. A non-transitory computer-readable medium comprising instructions to cause a processor to:
- receive from a network device a routing communication in accordance with a routing communication protocol, wherein the routing communication specifies at least one selected route along which the network device forwards outbound data and at least one non-selected network route along which the network device does not forward outbound data;
  
  set a source address filter with a source address to permit forwarding inbound data originating from a source along the non-selected route and corresponding to the source address in response to the received communicationreceiving the inbound data originating from the source along the non-selected route from the network device;
  
  apply the source address filter to compare a source address defined within the inbound data originating from the source along the non-selected route to the source address set within the source address filter;
  
  forward the inbound data only when the source address defined within the inbound data originating from the source along the non-selected route matches the source address set within the source address filter; and
  
  drop the inbound data when the source address defined within the inbound data originating from the source along the non-selected route does not match the source address set within the source address filter.
- View Dependent Claims (13)
- - 13. The non-transitory computer-readable medium of claim 12, further comprising instructions to cause the processor to filter the inbound data based on a comparison between the source address and source addresses of inbound data.

14. A system comprising:
- a first autonomous system having a first router; and
  
  a second autonomous system having a second router,wherein the first router sends a routing communication to the second router that specifies at least one selected route along which the first router forwards outbound packets and at least one non-selected network route along which the first router does not forward outbound packets and having at least one source of inbound packets,wherein the second router automatically configures a source address filter to permit the second router to forward the inbound packets originating from the source of the non-selected route in response to the advertised routing information,wherein the second router applies the source address filter to compare a source address defined within the inbound packets originating from the source of the non-selected route to the source address filter,wherein the second router forwards the inbound packets only when the source address defined within the inbound data originating from the source of the non-selected route matches the source address filter, andwherein the second router drops the inbound data when the source address defined within the inbound data originating from the source of the non-selected route does not match the source address set within the source address filter.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
Callon, Ross W
Primary Examiner(s)
WINDER, PATRICE L

Application Number

US10/455,189
Time in Patent Office

3,113 Days
Field of Search

709/220
US Class Current

709/242
CPC Class Codes

H04L 45/00   Routing or path finding of ...

H04L 45/04   Interdomain routing, e.g. h...

H04L 45/72   Routing based on the source...

Automatic configuration of source address filters within a network device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

151 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Automatic configuration of source address filters within a network device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

151 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links