System, method and computer program product for communicating with a private network

US 8,250,214 B2
Filed: 12/20/2004
Issued: 08/21/2012
Est. Priority Date: 12/20/2004
Status: Active Grant

First Claim

Patent Images

1. A method for communicating with a private network, comprising:

intercepting a request from an application of a client before the request can be received by a transport layer of the client, the request being for initiating a communication with a node coupled to the private network;

transforming the request such that when the request is sent via an established network connection over a public network to an interface unit coupled to the private network, the interface unit attempts to establish a communication link with the node over the private network after receiving the request, wherein the transport layer of the client does not attempt to establish the communication link with the node due to the transforming;

sending the request to the interface unit coupled to the private network via the established network connection over the public network, wherein the interface unit attempts to establish the communication link with the node over the private network after receiving the request;

receiving a unique connection identifier from the interface unit via the established network connection over the public network if the interface unit is able to establish the communication link with the node, wherein the connection identifier identifies the communication link established over the private network between the interface unit and the node;

intercepting a communication from the application of the client, the intercepted communication being directed at the node, the communication from the application being intercepted before the communication can be received by the transport layer of the client; and

sending the communication from the application with the connection identifier to the interface unit through the established network connection over the public network, wherein after receipt of the communication with the connection identifier, the interface unit uses the connection identifier to identify the communication link and send the communication from the application to the node via the associated communication link.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and computer program product for communicating with a private network are described. An application of a client is monitored for communications intended for a node coupled to a private network. A communication from the monitored application of the client that is intended for the node may then be intercepted before the communication can be received by the transport layer of the client, the intercepted communication may then be sent with a connection identifier to an interface unit coupled to the private network via an established network connection over a public network. The connection identifier also associated with a communication link that is established over the private network between the interface unit and the node. The interface unit uses the connection identifier that is received with the communication to identify the associated communication link over the private network. The interface unit may then send the communication (without the connection identifier) to the node via the identified associated communication link.

Citations

46 Claims

1. A method for communicating with a private network, comprising:
- intercepting a request from an application of a client before the request can be received by a transport layer of the client, the request being for initiating a communication with a node coupled to the private network;
  
  transforming the request such that when the request is sent via an established network connection over a public network to an interface unit coupled to the private network, the interface unit attempts to establish a communication link with the node over the private network after receiving the request, wherein the transport layer of the client does not attempt to establish the communication link with the node due to the transforming;
  
  sending the request to the interface unit coupled to the private network via the established network connection over the public network, wherein the interface unit attempts to establish the communication link with the node over the private network after receiving the request;
  
  receiving a unique connection identifier from the interface unit via the established network connection over the public network if the interface unit is able to establish the communication link with the node, wherein the connection identifier identifies the communication link established over the private network between the interface unit and the node;
  
  intercepting a communication from the application of the client, the intercepted communication being directed at the node, the communication from the application being intercepted before the communication can be received by the transport layer of the client; and
  
  sending the communication from the application with the connection identifier to the interface unit through the established network connection over the public network, wherein after receipt of the communication with the connection identifier, the interface unit uses the connection identifier to identify the communication link and send the communication from the application to the node via the associated communication link.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 2. The method of claim 1, further comprising intercepting a termination request for terminating the communication with the node from the application of the client before the request is received by the transport layer of the client;
    - sending the termination request with the connection identifier to the interface unit via the established network connection; and
      
      notifying the application that communication with the node has been terminated after receiving a response from the interface unit via the established network connection that indicates that the communication link with the node has been terminated.
  - 3. The method of claim 2, wherein the response from the interface unit includes the connection identifier.
  - 4. The method of claim 3, wherein the interface unit, after receiving the termination request with the connection identifier, uses the connection identifier to identify the communication link with the node, closes the identified communication link to the node, and transmits via the established network connection the response via the established network connection.
  - 5. The method of claim 1, further comprising receiving from the interface unit via the established network connection a communication from the node with the connection identifier, and providing the communication from the node to the application.
  - 6. The method claim 5, wherein the communication from the node was received by the interface unit via communication link over the private network, wherein the interface unit included the connection identifier associated with the communication link with the communication from the node prior to transmission over the established network connection.
  - 7. The method of claim 1, wherein the established network connection over the public network is encrypted.
  - 8. The method of claim 7, wherein the established network connection is encrypted utilizing secure socket layer (SSL).
  - 9. The method of claim 1, wherein transforming comprises:
    - encapsulating the request from the application in a single packet and transmitting the request over the established network connection in the single packet such that the transport layer of the client does not attempt to establish the communication link with the node.
  - 10. The method of claim 9, wherein the connection identifier is included in the packet.
  - 11. The method of claim 1, further comprising determining whether the established network connection has been established with the interface unit.
  - 12. The method of claim 1, wherein at least one of the request and the communication from the application of the client comprises a TCP operation.
  - 13. The method of claim 1, wherein the established network connection comprises a TCP tunnel.
  - 14. The method of claim 1, wherein the communication link between the interface unit and the node over the private network comprises a transport control protocol/Internet protocol (TCP/IP) connection.
  - 15. The method of claim 1, wherein the application is monitored for the issuance of TCP operations to the transport layer of the client.
  - 16. The method of claim 1, wherein the interface unit establishes a unique communication link with the node over the private network and assigns a corresponding unique connection identifier for each request that is intercepted from the application of the client and sent to the interface unit over the established network connection over the public network.
  - 17. The method of claim 1, wherein one or more subsequent requests from the application to establish a new connection with the node that are intercepted and sent to the interface unit via the established network connection are associated with the connection identifier so that subsequent intercepted communications from the application directed to the new connections are sent to the node via the same communication link.
  - 18. The method of claim 1, wherein the communication link is selected from a group of one or more established communication links between the interface unit and the node over the private network.
  - 19. The method of claim 1, further comprising establishing a network connection over the public network with an additional interface unit coupled to the private network.
  - 20. The method of claim 1, wherein the connection identifier is generated using information based on at least one of a network address of the node.
  - 21. The method of claim 1, wherein the connection identifier is generated by the interface unit from a four tuple of a private side IP address and port of the interface unit and an IP address and port of the node.
  - 22. The method of claim 1, wherein the request from the application is identified for interception by one or more of a source port, a source IP address, a destination port, and a destination IP address.
  - 23. The method of claim 1, wherein communications from the application that are not directed to the node are permitted to be received by the transport layer of the client.
  - 24. The method of claim 1, further comprising intercepting a second request from a second application of a second client for initiating a second communication with the private network before the second request can be received by a transport layer of the second client, establishing a second network connection with the interface unit over the public network, and sending the second request to the interface unit via the second established network connection.
  - 25. The method of claim 1, further comprising intercepting a second request from a second application of a second client for initiating a second communication with the private network before the second request can be received by a transport layer of the second client, sending the second request to the interface unit via the established network connection.
  - 26. The method of claim 1, wherein the established network connection is selected from a group of one or more pre-established network connections with the interface unit over the public network.
  - 27. The method of claim 1, wherein the established network connection comprises a TCP tunnel, the communication from the application of the client is TCP data, and the intercepting of the communication from the application comprises sending information over the TCP tunnel without introducing latency involved in transferring excess TCP information.

28. A system for communicating with a private network, comprising:
- logic that intercepts a request from an application of a client for initiating a communication with a node coupled to a private network, the request being intercepted before the request can be received by the transport layer of the client;
  
  logic that transforms the request such that when the request is sent via an established network connection over a public network to an interface unit coupled to the private network, the interface unit attempts to establish a communication link with the node over the private network after receiving the request, wherein the transport layer of the client does not attempt to establish the communication link with the node due to the transforming;
  
  logic that sends the request to the interface unit coupled to the private network via the established network connection over the public network, wherein the interface unit attempts to establish the communication link with the node over the private network after receiving the request;
  
  logic that receives a unique connection identifier from the interface unit via the established network connection over the public network if the interface unit is able to establish the communication link with the node, wherein the connection identifier is associated with the communication link established over the private network between the interface unit and the node;
  
  logic that intercepts a communication from the application of the client directed at the node, the communication from the application being intercepted before the communication can be received by the transport layer of the client; and
  
  logic that sends the communication from the application with the connection identifier to the interface unit through the established network connection over the public network, wherein after receipt of the communication with the connection identifier, the interface unit uses the connection identifier to identify the associated communication link and sends the communication from the application to the node via the associated communication link.

29. A system for communicating with a private network, comprising:
- an interface unit;
  
  a client capable of communicating with the interface unit;
  
  wherein the client includes a non-transitory computer usable storage medium storing computer code that;
  
  intercepts a request from an application of the client for initiating a communication with a node coupled to the private network before the request is received by a transport layer of the client;
  
  transforms the request such that when the request is sent via an established network connection over a public network to an interface unit coupled to the private network, the interface unit attempts to establish a communication link with the node over the private network after receiving the request, wherein the transport layer of the client does not attempt to establish the communication link with the node due to the transforming;
  
  sends the request to the interface unit coupled to the private network via the established network connection over the public network, wherein the interface unit attempts to establish the communication link with the node over the private network after receiving the request;
  
  receives a unique connection identifier from the interface unit via the established network connection over the public network if the interface unit is able to establish the communication link with the node, wherein the connection identifier is associated with the communication link established over the private network between the interface unit and the node;
  
  intercepts a communication from the application of the client directed at the node before the communication is received by the transport layer of the client; and
  
  sends the communication from the application with the connection identifier to the interface unit through the established network connection over the public network, wherein after receipt of the communication with the connection identifier, the interface unit uses the connection identifier to identify the associated communication link and sends the communication from the application to the node via the associated communication link.

30. A method of communicating with a private network, comprising:
- intercepting a request from an application of a client for initiating a communication with a node coupled to the private network before the request can be received by a transport layer of the client;
  
  transforming the communication such that when the request is sent via an established network connection over a public network to an interface unit coupled to the private network, the interface unit attempts to establish a communication link with the node over the private network after receiving the request, wherein the transport layer of the client does not attempt to establish the communication link with the node due to the transforming, and wherein a connection identifier is received from the interface unit via the established network connection over the public network if the interface unit is able to establish the communication link with the node;
  
  monitoring the application of the client for communications intended for the node;
  
  intercepting a communication from the monitored application of the client intended for the node before the communication is received by the transport layer of the client; and
  
  sending the communication with the connection identifier to the interface unit coupled to the private network via the established network connection over the public network, wherein the connection identifier is associated with the communication link established over the private network between the interface unit and the node, wherein the interface unit uses the connection identifier received with the communication to identify the associated communication link over the private network and then sends the communication without the connection identifier to the node via the associated communication link.

31. A method of communicating with a private network, comprising:
- monitoring an application of a client for TCP operations to a network layer of the client for communicating with a node coupled to the private network;
  
  intercepting the TCP operations from the monitored application of the client, in order to reduce latency involved in transferring excess TCP information, the TCP operations intended for the node, the TCP operations intercepted before the TCP operations are received by a transport layer of the client;
  
  transforming a first TCP operation to be included in a packet such that when the first TCP operation is sent via a TCP tunnel over a public network to an interface unit coupled to the private network, the interface unit attempts to establish a TCP connection with the node over the private network after receiving the request, wherein the transport layer of the client does not attempt to establish the TCP connection with the node due to the transforming, and wherein a connection identifier is received from the interface unit via the TCP tunnel over the public network if the interface unit is able to establish the TCP connection with the node; and
  
  sending a second TCP operation in a packet with the connection identifier to the interface unit coupled to the private network via the TCP tunnel over the public network, wherein the connection identifier is associated with the TCP connection established over the private network between the interface unit and the node, wherein for the second TCP operation in the packet, the interface unit extracts the second TCP operation and connection identifier from the packet and uses the connection identifier received in the packet to identify the associated TCP connection over the private network and forwards the second TCP operation without the connection identifier to the node via the identified associated TCP connection.
- View Dependent Claims (32)
- - 32. The method of claim 31, wherein the intercepting comprises sending information over the TCP tunnel without introducing latency involved in transferring excess TCP information.

33. A method for communicating with a private network, comprising:
- establishing a network connection over a public network with an agent residing on a client, wherein the client has an application residing thereon that issues a request for initiating a communication with a node coupled to the private network, wherein the agent intercepts the request from the application before the request can be received by a transport layer of the client and transforms the request such that when the request is received, a communication link is established with the node over the private network after receiving the request, wherein the transport layer of the client does not attempt to establish the communication link with the node due to the transforming;
  
  receiving the intercepted request from the agent via the established connection;
  
  establishing the communication link with the node over the private network;
  
  associating a connection identifier with the established communication link; and
  
  sending a notification to the agent that indicates the communication link with the node has been established, the notification including the connection identifier.
- View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
- - 34. The method of claim 33, further comprising receiving a packet from the agent via the established network connection, wherein the packet includes the communication identifier and a communication from the application to the node that was intercepted by the agent before the communication could be received by the transport layer of the client.
  - 35. The method of claim 34, further comprising extracting the communication and the connection identifier from the received packet, and using the connection identifier to identify associated communication link, and sending the communication extracted from the packet to the node via the identified communication link over the private network.
  - 36. The method of claim 33, further comprising receiving via the communication link over the private network a packet containing a communication from the node directed to the application of the client, extracting the communication from the node from the packet, sending the communication from the node and the connection identifier associated with the communication line in a packet via the established network connection over the public network to the agent, wherein the agent extracts the communication from the packet sent via the established network connection and provides it to the application of the client.
  - 37. The method of claim 33, wherein the network connection over the public network comprises a TCP tunnel.
  - 38. The method of claim 33, wherein the established network connection is encrypted.
  - 39. The method of claim 33, further comprising establishing a unique communication link with the node over the private network and assigning a corresponding unique connection identifier for each intercepted request received from the agent via the established network connection over the public network.
  - 40. The method of claim 33, wherein one or more subsequent requests from the application to establish a new connection with the node are intercepted by the agent and received from the agent via the established network connection are associated with the connection identifier so that subsequent intercepted communications from the application directed to the new connections are sent to the node via the same communication link.
  - 41. The method of claim 33, further comprising maintaining a group of one or more pre-established communication links with the node over the private network, each pre-established communication link being associated with a corresponding unique connection identifier, and wherein the communication link is selected from a group of one or more pre-established communication links with the node over the private network.
  - 42. The method of claim 33, further comprising generating the connection identifier using information based on at least one of a network address of the node.
  - 43. The method of claim 33, further comprising generating the connection identifier from a four tuple of a private side IP address and port of the interface unit and an IP address and port of the node.

44. A system for communicating with a private network, comprising:
- logic that establishes a network connection over a public network with an agent residing on a client, wherein the client has an application residing thereon that issues a request for initiating a communication with a node coupled to the private network, wherein the agent intercepts the request from the application before the request can be received by a transport layer of the client and transforms the request such that when the request is received, a communication link is established with the node over the private network after receiving the request, wherein the transport layer of the client does not attempt to establish the communication link with the node due to the transforming;
  
  logic that receives the intercepted request from the agent via the established connection;
  
  logic that establishes a communication link with the node over the private network;
  
  logic that associates a connection identifier with the established communication link; and
  
  logic that sends a notification to the agent that indicates the communication link with the node has been established, the notification including the connection identifier.

45. A system for communicating with a private network, comprising:
- a client;
  
  an interface unit capable of communication with the client;
  
  wherein the interface unit includes a non-transitory computer usable storage medium storing computer code that;
  
  establishes a network connection over a public network with an agent residing on the client, wherein the client has an application residing thereon that issues a request for initiating a communication with a node coupled to the private network, wherein the agent intercepts the request from the application before the request can be received by a transport layer of the client and transforms the request such that when the request is received, a communication link is established with the node over the private network after receiving the request, wherein the transport layer of the client does not attempt to establish the communication link with the node due to the transforming;
  
  receives the intercepted request from the agent via the established connection;
  
  establishes a communication link with the node over the private network;
  
  associates a connection identifier with the established communication link; and
  
  sends a notification to the agent that indicates the communication link with the node has been established, the notification including the connection identifier.

46. A communication system, comprising:
- a private network;
  
  a node coupled to the private network;
  
  a public network;
  
  an interface unit coupled to the public network and the private network;
  
  a client having an application, wherein the application issues a request for initiating a communication with the node;
  
  an agent residing on the client, wherein the agent establishes a network connection with the interface unit over the public network, wherein the agent intercepts the request from the application before the request can be received by a transport layer of the client, wherein the agent transforms the request such that when the request is received, a communication link is established with the node over the private network after receiving the request, wherein the transport layer of the client does not attempt to establish the communication link with the node due to the transforming and sends the request to the interface unit via the established network connection;
  
  wherein the interface unit attempts to establish a communication link with the node over the private network after receiving the request;
  
  wherein the interface unit establishes a communication link with the node over the private network in response to receiving the intercepted request from the agent, wherein the interface unit associates a connection identifier with the established communication link and sends a notification to the agent that indicates the communication link with the node has been established, wherein the notification includes the connection identifier;
  
  wherein the agent notifies the application that a connection has been established with the node after receiving the notification from the interface unit; and
  
  wherein the agent intercepts a subsequent communication from the application of the client directed at the node before the subsequent communication can be received by the transport layer of the client and sends the subsequent communication with the connection identifier to the interface unit through the established network connection over the public network, wherein after receipt of the subsequent communication with the connection identifier from the agent, the interface unit uses the connection identifier to identify the associated communication link and send the subsequent communication to the node via the associated communication link.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vmware LLC (Broadcom, Inc.)
Original Assignee
VMware, Inc. (Broadcom, Inc.)
Inventors
Susai, Michel, Masuraker, Uday, Agrawal, Ritesh
Primary Examiner(s)
GOODCHILD, WILLIAM J

Application Number

US11/019,956
Publication Number

US 20060245414A1
Time in Patent Office

2,801 Days
Field of Search

709/227
US Class Current

709/227
CPC Class Codes

H04L 63/0272 Virtual private networks

H04L 67/14 Session management for real...

System, method and computer program product for communicating with a private network

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

46 Claims

Specification

Solutions

Use Cases

Quick Links

System, method and computer program product for communicating with a private network

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

46 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links