Neighbor discovery proxy with distributed packet inspection scheme
First Claim
Patent Images
1. A system, comprising:
- a processing device configured to;
receive a packet encapsulated with a plurality of protocol layers including at least a first IPv6 layer and a second Ethernet layer that encapsulates the first IPv6 layer, the second Ethernet layer of the received packet including an Ethertype field containing a standard bit value that denotes, according to the Ethernet protocol, an IPv6 packet in a payload of the Ethernet frame;
inspect the received packet to determine whether the received packet is a neighbor discovery message, wherein the first IPv6 layer of the protocol layers is analyzed during the inspection;
if the received packet is not a neighbor discovery message according to the inspection, then forward the packet with the standard bit value in the Ethertype field;
if the received packet is a neighbor discovery message according to the inspection, then replace the standard bit value in the Ethertype field to a new non-standard bit value according to a distributed inspection scheme between the processing device and a remote device; and
forward the packet having the new non-standard bit value in the Ethertype field.
1 Assignment
0 Petitions
Accused Products
Abstract
A network device is to receive traffic including neighbor discovery messages from requesting customer devices, and can detect the neighbor discovery messages within the traffic according to a distributed inspection scheme that includes the network device and a remote component. The network device is to then examine the neighbor discovery messages to determine if the neighbor discovery message should be forwarded to other of the customer devices, and respond to the requesting customer devices.
-
Citations
18 Claims
-
1. A system, comprising:
-
a processing device configured to; receive a packet encapsulated with a plurality of protocol layers including at least a first IPv6 layer and a second Ethernet layer that encapsulates the first IPv6 layer, the second Ethernet layer of the received packet including an Ethertype field containing a standard bit value that denotes, according to the Ethernet protocol, an IPv6 packet in a payload of the Ethernet frame; inspect the received packet to determine whether the received packet is a neighbor discovery message, wherein the first IPv6 layer of the protocol layers is analyzed during the inspection; if the received packet is not a neighbor discovery message according to the inspection, then forward the packet with the standard bit value in the Ethertype field; if the received packet is a neighbor discovery message according to the inspection, then replace the standard bit value in the Ethertype field to a new non-standard bit value according to a distributed inspection scheme between the processing device and a remote device; and forward the packet having the new non-standard bit value in the Ethertype field. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system, comprising:
-
a network device configured to operate between a first network and a second network, the network device to communicate traffic sent from a plurality of subscriber devices of the second network to the first network, to receive traffic from the first network for forwarding over the second network to the subscriber devices, wherein the network device includes; a database containing addressing information for the subscriber devices; a communications link to allow the network device to communicate with the second network; and a processor configured to; for an upstream portion of the traffic that is received over the second network, inspect an Ethertype field of IPv6-based packets included in the upstream traffic portion, said inspection to distinguish ones of the IPv6-based packets that contain a negotiated first bit value in their respective Ethertype fields from those ones of the IPv6-based packets that contain a standard second bit value in their respective Ethertype fields; and for only those ones of the IPv6-based packets that contain the negotiated first bit value in their respective Ethertype fields; identify an address corresponding to the IPv6-based packet; compare the identified address to the database to determine whether the database includes a stored address corresponding to the identified address; forward the IPv6-based packet if the corresponding stored address is absent from the database; and filter the IPv6-based packet according to the comparison if the corresponding stored address is present in the database, said filtering preventing the IPv6-based packet from being forwarded to a non-originating one of the subscriber devices. - View Dependent Claims (8, 9, 10)
-
-
11. A method, comprising:
-
inspecting, at a first device, a first IPv6 layer of a packet, the first IPv6 layer encapsulated in a second Ethernet layer; if the inspection indicates that the packet is a neighbor discovery packet, then modifying original information contained in an Ethertype field of the second Ethernet layer of the packet to indicate a result of the inspection and forwarding the packet having the modified information in the Ethertype field from the first device, over a network, to a second device; and if the inspection indicates that the packet is not a neighbor discovery packet, then forwarding the packet having the original information in the Ethertype field from the first device, over the network, to the second device; wherein the original information in the Ethertype field includes a standard bit value for indicating that the packet contains an IPv6 packet in a payload of the Ethernet frame and the modified information does not contain the standard bit value. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A method, comprising:
-
receiving a packet encapsulated with a plurality of protocol layers including at least a first IPv6 layer and a second Ethertype layer that encapsulates the first IPv6 layer, the second Ethertype layer of the received packet including an Ethertype field containing a standard bit value that denotes, according to the Ethernet protocol, an IPv6 packet in a payload of the Ethernet frame; inspecting the received packet to determine whether the received packet is a neighbor discovery message, wherein the first IPv6 layer of the plurality of protocol layers is analyzed during the inspection; if the received packet is not a neighbor discovery message according to the inspection, then forwarding the packet with the standard bit value in the Ethertype field; if the received packet is a neighbor discovery message according to the inspection, then replacing the standard bit value in the Ethertype field to a new non-standard bit value according to a network-distributed inspection scheme; and forwarding the packet having the new non-standard bit value in the Ethertype field. - View Dependent Claims (18)
-
Specification