Tunnel interface for securing traffic over a network
First Claim
1. A method of delivering security services through a service provider network, the method comprising:
- establishing a first routing node within a first processing system;
establishing a second routing node within a second processing system;
establishing an internet protocol (IP) connection communications path between the first processing system and the second processing system that includes the first routing node and the second routing node, wherein establishing includes;
connecting the first routing node to a set of one or more service provider routers of a plurality of service provider routers within the service provider network; and
configuring one or more of the plurality of service provider routers to implement a virtual private network between the set of one or more service provider routers and the second routing node;
receiving a plurality of data packets into the first routing node;
forwarding the received plurality of data packets to a selected service provider router of the set of one or more service provider routers;
encrypting the received plurality of data packets to form encrypted packets within the selected service provider router, without regard to any indication regarding encryption in the received plurality of data packets;
sending the encrypted packets from the selected service provider router to the second routing node;
receiving the encrypted packets into the second routing node;
decrypting the received encrypted packets, without regard to any indication regarding decryption in the received encrypted packets, to form decrypted packets; and
sending the decrypted packets to a destination in the second processing system.
2 Assignments
0 Petitions
Accused Products
Abstract
A flexible, scalable hardware and software platform that allows a service provider to easily provide internet services, virtual private network services, firewall services, etc., to a plurality of customers. One aspect provides a method and system for delivering security services. This includes connecting a plurality of processors in a ring configuration within a first processing system, establishing a secure connection between the processors in the ring configuration across an internet protocol (IP) connection to a second processing system to form a tunnel, and providing both router services and host services for a customer using the plurality of processors in the ring configuration and using the second processing system. A secure communications tunnel is formed by routing all packets for the tunnel through an encrypting router at the sending end to obtain encrypted packets, and routing the encrypted packets through a decrypting router at the receiving end of an IP connection.
184 Citations
7 Claims
-
1. A method of delivering security services through a service provider network, the method comprising:
-
establishing a first routing node within a first processing system; establishing a second routing node within a second processing system; establishing an internet protocol (IP) connection communications path between the first processing system and the second processing system that includes the first routing node and the second routing node, wherein establishing includes; connecting the first routing node to a set of one or more service provider routers of a plurality of service provider routers within the service provider network; and configuring one or more of the plurality of service provider routers to implement a virtual private network between the set of one or more service provider routers and the second routing node; receiving a plurality of data packets into the first routing node; forwarding the received plurality of data packets to a selected service provider router of the set of one or more service provider routers; encrypting the received plurality of data packets to form encrypted packets within the selected service provider router, without regard to any indication regarding encryption in the received plurality of data packets; sending the encrypted packets from the selected service provider router to the second routing node; receiving the encrypted packets into the second routing node; decrypting the received encrypted packets, without regard to any indication regarding decryption in the received encrypted packets, to form decrypted packets; and sending the decrypted packets to a destination in the second processing system. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification
-
- Resources
-
Current AssigneeFortinet Inc.
-
Original AssigneeFortinet Inc.
-
InventorsSun, Chih-Tang, Yum, Kiho, Matthews, Abraham R.
-
Primary Examiner(s)Colin, Carl
-
Assistant Examiner(s)LE, CHAU D
-
Application NumberUS09/952,520Publication NumberTime in Patent Office3,995 DaysField of Search713/153, 713/201, 713/150, 380/49, 726 14- 16US Class Current713/153CPC Class CodesH04L 12/4641 Virtual LANs, VLANs, e.g. v...H04L 41/08 Configuration management of...H04L 41/0895 Configuration of virtualise...H04L 45/14 Routing performance; Theore...H04L 61/256 NAT traversalH04L 61/2592 using tunnelling or encapsu...H04L 63/0209 Architectural arrangements,...H04L 63/0272 Virtual private networksH04L 63/029 Firewall traversal, e.g. tu...H04L 63/0428 wherein the data content is...H04L 63/0471 applying encryption by an i...
