Point-to-multi-point/non-broadcasting multi-access VPN tunnels

US 8,127,349 B2
Filed: 07/12/2010
Issued: 02/28/2012
Est. Priority Date: 11/16/2004
Status: Active Grant

First Claim

Patent Images

1. A method, performed by a network device, the method comprising:

receiving, at the network device, a data unit;

performing, by the network device, a lookup in a first table to retrieve a next hop identifier, the next hop identifier corresponding to a destination of the data unit;

performing, by the network device and using the retrieved next hop identifier, a lookup in a second table to identify a tunnel identifier; and

forwarding, by the network device, the data unit via a tunnel corresponding to the tunnel identifier.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system establishes a virtual private network (VPN) tunnel to a destination and determines a next hop for the VPN tunnel. The system inserts the next hop, and an address associated with the destination, into an entry of a first table. The system inserts the next hop, and a tunnel identifier corresponding to the established VPN tunnel, into an entry of a second table. The system associates one or more security parameters, used to encrypt traffic sent via the VPN tunnel, with the tunnel identifier.

63 Citations

View as Search Results

20 Claims

1. A method, performed by a network device, the method comprising:
- receiving, at the network device, a data unit;
  
  performing, by the network device, a lookup in a first table to retrieve a next hop identifier, the next hop identifier corresponding to a destination of the data unit;
  
  performing, by the network device and using the retrieved next hop identifier, a lookup in a second table to identify a tunnel identifier; and
  
  forwarding, by the network device, the data unit via a tunnel corresponding to the tunnel identifier.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, where forwarding the data unit via the tunnel comprises:
    - encrypting the data unit using security parameters associated with the identified tunnel identifier; and
      
      forwarding the encrypted data unit via the tunnel.
  - 3. The method of claim 1, where the tunnel includes a virtual private network (VPN) tunnel.
  - 4. The method of claim 1, where the data unit includes information indicating a source and one or more destinations of the data unit.
  - 5. The method of claim 1, where the data unit includes information indicating a plurality of destination networks and where performing a lookup in the first table to retrieve the next hop identifier includes:
    - performing a lookup in the first table to retrieve a plurality of next hop identifiers, each next hop identifier corresponding to a destination network of the plurality of destination networks.
  - 6. The method of claim 5, where performing the lookup in the second table includes:
    - performing, using the plurality of retrieved next hop identifiers, a lookup in a second table to identify a plurality of tunnel identifiers, each tunnel identifier corresponding to each retrieved next hop identifier.
  - 7. The method of claim 1, where the next hop identifier comprises a network address associated with a network device.

8. A method, performed by a device, the method comprising:
- establishing, by the device, a tunnel to a destination;
  
  inserting, by the device, a tunnel identifier corresponding to the established tunnel into a data table; and
  
  associating, by the device, one or more security parameters, used to encrypt traffic sent via the tunnel, with the tunnel identifier.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, where establishing the tunnel comprises:
    - transmitting a message from a first network device in a path along the tunnel informing a second network device, at an end of the tunnel, of an address of the first network device.
  - 10. The method of claim 8, where the tunnel includes a virtual private network (VPN) tunnel.
  - 11. The method of claim 8, further comprising:
    - determining that the tunnel has been broken; and
      
      marking entries of the data table, corresponding to the broken tunnel, as disabled.
  - 12. The method of claim 11, further comprising:
    - determining that the broken tunnel has been established; and
      
      marking entries of the data table, corresponding to the established tunnel, as enabled.
  - 13. The method of claim 11, where marking entries of the data table as disabled includes setting a disabled flag associated with the entries.
  - 14. The method of claim 8, where the destination includes a private network.

15. A network device comprising:
- a first table to store;
  
  a plurality of destination addresses associated with a plurality of destination networks, anda plurality of next hop identifiers, each next hop identifier corresponding to a network address of the plurality of network addresses;
  
  a second table to store a plurality of tunnel identifiers, each tunnel identifier corresponding to a next hop identifier of the plurality of next hop identifiers; and
  
  a processor to;
  
  receive a data unit, the data unit including a first destination address of a first destination network,retrieve, from the first table and using the first destination address, a first next hop identifier,retrieve, from the second table and using the first next hop identifier, a first tunnel identifier, andforward the data unit using a tunnel associated with a first tunnel identifier.
- View Dependent Claims (16, 17, 20)
- - 16. The network device of claim 15, where the tunnel includes a virtual private network (VPN) tunnel.
  - 17. The network device of claim 15, where the processor is further to:
    - encrypt the data using security parameters associated with the first tunnel identifier, andforward the encrypted data unit.
  - 20. The network device of claim 15, where the first next hop identifier is associated with a network device connected to the first destination network.

18. The network device of 15, where the first next hop identifier includes a network address associated with a network device.
- View Dependent Claims (19)
- - 19. The network device of claim 18, where the network device is at one end of the tunnel.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
Liu, Changming, Shieh, Choung-Yaw, Cheng, Yonghui
Primary Examiner(s)
Cervetti, David Garcia

Application Number

US12/834,726
Publication Number

US 20100278181A1
Time in Patent Office

596 Days
Field of Search

726/15, 370/392, 713/153
US Class Current

726/15
CPC Class Codes

H04L 12/4633   Interconnection of networks...

H04L 45/00   Routing or path finding of ...

H04L 63/0272   Virtual private networks

H04L 63/20   for managing network securi...

H04L 9/40   Network security protocols

Point-to-multi-point/non-broadcasting multi-access VPN tunnels

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

63 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Point-to-multi-point/non-broadcasting multi-access VPN tunnels

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

63 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others