Domain isolation through virtual network machines
First Claim
1. A single network device to act as an intermediate station comprising:
- a plurality of transceivers to communicate information resources between subscriber end stations and nodes belonging to different network domains; and
a non-transitory machine-readable medium having stored therein a set of instructions to cause the single network device to, instantiate different virtual network machines for the different network domains,wherein each of the different virtual network machines is one of a virtual router and a virtual bridge,wherein each of the different virtual network machines has a separate independently administrable network database,wherein administrative chores of the separate independently administrable network databases include an assignment of access control and a configuration of policies for the separate independently administrable network databases,wherein the access control comprises user identifiers such as user names, passwords, and unique keys,wherein the policies comprise traffic filtering policies to indicate what kind of information payloads can be carried, and traffic and route filtering policies to indicate what paths through the different network domains will be used for each payload carried, andwherein each of the different network domains is to comprise a plurality of nodes and links that include one of the different virtual network machines, and each of the different network domains is virtually isolated from the other different network domains, andcouple different ones of the subscriber end stations to different ones of the different virtual network machines through dynamic bindings,communicate information resources of different ones of the subscriber end stations using the virtual network machines to which those subscriber end stations are currently coupled, andrecord subscriber activity for accounting.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and device for communicating information resources between subscriber end stations and nodes belonging to different network domains is described. The device instantiates different virtual network machines for different network domains using separate independently administrable network databases. Each of the administrable chores of the separate independently administrable network databases includes the assignment of access control and the configuration of the policies for those network databases. The policies include traffic filtering policies to indicate what kind of information payloads can be carried, traffic and route filtering policies to indicate what paths through the network will be used for each payload carried. Each of the network domains includes one of the different virtual network machines and each of the different network domains is virtually isolated from other network domains.
-
Citations
10 Claims
-
1. A single network device to act as an intermediate station comprising:
-
a plurality of transceivers to communicate information resources between subscriber end stations and nodes belonging to different network domains; and a non-transitory machine-readable medium having stored therein a set of instructions to cause the single network device to, instantiate different virtual network machines for the different network domains, wherein each of the different virtual network machines is one of a virtual router and a virtual bridge, wherein each of the different virtual network machines has a separate independently administrable network database, wherein administrative chores of the separate independently administrable network databases include an assignment of access control and a configuration of policies for the separate independently administrable network databases, wherein the access control comprises user identifiers such as user names, passwords, and unique keys, wherein the policies comprise traffic filtering policies to indicate what kind of information payloads can be carried, and traffic and route filtering policies to indicate what paths through the different network domains will be used for each payload carried, and wherein each of the different network domains is to comprise a plurality of nodes and links that include one of the different virtual network machines, and each of the different network domains is virtually isolated from the other different network domains, and couple different ones of the subscriber end stations to different ones of the different virtual network machines through dynamic bindings, communicate information resources of different ones of the subscriber end stations using the virtual network machines to which those subscriber end stations are currently coupled, and record subscriber activity for accounting. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A network comprising:
-
a plurality of different network domains, wherein each of the different network domains comprises a plurality of nodes and links and each of the different network domains is virtually isolated from other different network domains; a plurality of subscriber end stations; and a single network device coupled between nodes of the different network domains and the plurality of subscriber end stations, the single network device having different virtual network machines belonging to the different network domains, wherein each of the different virtual network machines is one of a virtual router and a virtual bridge, wherein different ones of the subscriber end stations are coupled to different ones of the different virtual network machines through dynamic bindings, wherein the different virtual network machines communicate information resources between the subscriber end stations and nodes of the network domain to which that virtual network machine belongs, and wherein the different virtual network machines record subscriber activity, and separate independently administrable network databases for each of the different virtual network machines, wherein administrative chores of the separate independently administrable network databases include an assignment of access control and a configuration of policies for the separate independently administrable network databases, wherein the access control comprises user identifiers such as user names, passwords, and unique keys, and wherein the policies comprise traffic filtering policies to indicate what kind of information payloads can be carried, and traffic and route filtering policies to indicate what paths through the different network domains will be used for each payload carried. - View Dependent Claims (7, 8, 9, 10)
-
Specification