Methods, apparatus and data structures for preserving address and service level information in a virtual private network

US 8,243,627 B2
Filed: 02/20/2009
Issued: 08/14/2012
Est. Priority Date: 08/31/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method comprising:

receiving a packet originated by a source system via an ingress port, the packet including a destination layer 3 address and a layer 2 header portion;

retrieving context information from the layer 2 header portion of the packet, the context information corresponding to the ingress port and including a multicast indicator;

determining whether the packet is authorized for use of a multicast resource based on the multicast indicator; and

allowing the packet to be forwarded to the destination layer 3 address when the packet is authorized.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Supporting virtual private networks by using a new layer 3 address to encapsulate a network-bound packet so that its context information, from which a layer 2 (e.g., MAC) address can be derived, is preserved. If this encapsulation was not done, the layer 2 address would change over each segment of the network. Thus, the encapsulation preserves the concept of group identification, using at least a part of the context, over the entire network and not just at the edge of the network. If a packet is received from the network (to be forwarded to a customer), the layer 3 address that was added in the encapsulation is stripped off. The original layer 3 destination address may be used with a client device addressing table to determine a new context information, and a layer 2 (e.g., MAC) address of a destination client device.

Citations

16 Claims

1. A method comprising:
- receiving a packet originated by a source system via an ingress port, the packet including a destination layer 3 address and a layer 2 header portion;
  
  retrieving context information from the layer 2 header portion of the packet, the context information corresponding to the ingress port and including a multicast indicator;
  
  determining whether the packet is authorized for use of a multicast resource based on the multicast indicator; and
  
  allowing the packet to be forwarded to the destination layer 3 address when the packet is authorized.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the layer 2 header portion of the packet is an Ethernet header, and the destination layer 3 address is an Internet Protocol address.
  - 3. The method of claim 1, wherein the packet is an Internet Group Multicast Protocol (IGMP) packet.
  - 4. The method of claim 1, wherein the context information further includes a virtual private network (VPN) identifier associated with the ingress port.
  - 5. The method of claim 1, wherein the multicast indicator identifies a multicast access control list group.
  - 6. A non-transitory processor-readable medium storing instructions executable by a processor and configured to perform the method of claim 1 when executed by the processor.

7. A method comprising:
- receiving a packet originating from a source system over a first communications link at a first physical port, the packet including a layer 2 header;
  
  determining a logical port associated with the first physical port;
  
  determining context information associated with the logical port, the context information including a unique bit string;
  
  replacing at least a portion of the layer 2 header with the context information;
  
  determining a second physical port connected to a second communication link; and
  
  transmitting the packet via the second physical port.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The method of claim 7, wherein the layer 2 header is an Ethernet header.
  - 9. The method of claim 7, wherein the unique bit string is a virtual private network identifier.
  - 10. The method of claim 7, wherein the second communication link is a higher bandwidth link than the first communication link, and transmitting the packet via the second physical port includes aggregating the packet with other packets originating from other source systems.
  - 11. A non-transitory processor-readable medium storing instructions executable by a processor and configured to perform the method of claim 7 when executed by the processor.

12. A system comprising:
- a plurality of first physical port devices;
  
  a plurality of second physical port devices; and
  
  a processing system coupled to the plurality of first physical port devices and the plurality of second physical port devices, the processing system including a first table storing port mapping information associating individual ones of the plurality of first physical port devices to individual ones of a plurality of logical port identifiers, a second table storing logical port information associated with individual ones of the plurality of logical port identifiers, wherein the processing system is configured to determine one of the logical port identifiers associated with a physical port via which a packet originated by a source system is received, modify a level 2 header portion of the packet to include a unique bit string based on the logical port information associated with the determined logical port identifier, and to cause the transmission of the packet via one of the plurality of second physical port devices.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The system of claim 12, wherein the layer 2 header is an Ethernet header.
  - 14. The system of claim 12, wherein the unique bit string is a virtual private network identifier.
  - 15. The system of claim 12, wherein the plurality of first physical port devices are each connected to a respective one of a plurality of first communications links, wherein the plurality of second physical ports are each connected to a respective one of a plurality of second communications links, and wherein each of the plurality of second communication links is a higher bandwidth link than each of the plurality of first communication links.
  - 16. The system of claim 15, wherein transmitting the packet via one of the plurality of second physical port devices includes aggregating the packet with other packets originating from other source systems.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Communications Inc.
Inventors
Baum, Robert T., Voit, Eric A.
Primary Examiner(s)
Ngo, Ricky
Assistant Examiner(s)
NGUYEN, PHUONGCHAU BA

Application Number

US12/390,196
Publication Number

US 20090168776A1
Time in Patent Office

1,271 Days
Field of Search

370/252, 370/256, 370465-469, 370401-402, 370/409, 370/410, 370/389, 370391-392, 370/474, 370/468, 370/399, 370/349, 370/352, 3703955-39553, 709/238, 709/249, 713/166, 713/200, 713/201, 713/202, 713153-154, 714/4
US Class Current

370/256
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 2463/102   applying security measure f...

H04L 61/00   Network arrangements, proto...

H04L 61/35   involving non-standard use ...

H04L 63/0272   Virtual private networks

H04L 63/101   Access control lists [ACL]

H04L 63/104   Grouping of entities

H04L 69/22   Parsing or analysis of headers

Methods, apparatus and data structures for preserving address and service level information in a virtual private network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Methods, apparatus and data structures for preserving address and service level information in a virtual private network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links