VPN discovery server
First Claim
1. A method for enabling routing among a plurality of protected enclaves, wherein each of the protected enclaves includes one or more plain text (PT) networks and is supported by one or more Virtual Private Network (VPN) gateways of a plurality of VPN gateways, the method comprising:
- registering a VPN gateway with one or more prefix discovery servers, wherein registering said VPN gateway comprises registering, with said one or more prefix discovery servers, network prefixes within said protected enclaves reachable by said VPN gateway;
receiving from said one or more prefix discovery servers, at said VPN gateway, registered network prefixes within said protected enclaves, including receiving mappings, generated by said one or more prefix discovery servers, between said registered network prefixes and VPN gateways enabled to reach said registered network prefixes. wherein the mappings have associated metrics for using said VPN gateways to reach said registered network prefixes;
distributing said mappings and associated metrics to said protected enclaves reachable by said VPN gateway; and
determining, using said received mappings and associated metrics, routing paths between said protected enclaves reachable by said VPN gateway and other protected enclaves of said plurality of protected enclaves.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems for enabling robust routing between protected enclaves over an unsecured network are provided herein. In one aspect, the present invention provides methods and systems for enabling routing among a plurality of protected enclaves, each supported by one or more secure gateways, over an unsecured network. Methods and systems according to the present invention achieve key routing requirements while presenting solutions that can be readily scaled to large network environments. In another aspect, the present invention provides methods and systems for implementing a Prefix Discovery Server (PDS) that enables the mapping of Plain Text (PT) networks to secure gateways, maintains current network routing information, and assists VPN gateways in determining routes to remote protected enclaves.
-
Citations
21 Claims
-
1. A method for enabling routing among a plurality of protected enclaves, wherein each of the protected enclaves includes one or more plain text (PT) networks and is supported by one or more Virtual Private Network (VPN) gateways of a plurality of VPN gateways, the method comprising:
-
registering a VPN gateway with one or more prefix discovery servers, wherein registering said VPN gateway comprises registering, with said one or more prefix discovery servers, network prefixes within said protected enclaves reachable by said VPN gateway; receiving from said one or more prefix discovery servers, at said VPN gateway, registered network prefixes within said protected enclaves, including receiving mappings, generated by said one or more prefix discovery servers, between said registered network prefixes and VPN gateways enabled to reach said registered network prefixes. wherein the mappings have associated metrics for using said VPN gateways to reach said registered network prefixes; distributing said mappings and associated metrics to said protected enclaves reachable by said VPN gateway; and determining, using said received mappings and associated metrics, routing paths between said protected enclaves reachable by said VPN gateway and other protected enclaves of said plurality of protected enclaves. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system for enabling routing among a plurality of protected enclaves, wherein each of said protected enclaves includes one or more plain text (PT) networks and is supported by one or more Virtual Private Network (VPN) gateways, the system comprising:
-
a VPN gateway; and one or more prefix discovery servers (PDS); wherein said VPN gateways includes a first processor configured to perform a first method, the first method comprising; registering, with said one or more PDS(s), network prefixes within said protected enclaves reachable by said VPN gateway; receiving, from said one or more PDS(s), registered network prefixes within said protected enclaves, including receiving mappings between said registered network prefixes and VPN gateways enabled to reach said registered network prefixes wherein the mappings have associated metrics for using said VPN gateways to reach said registered network prefixes; and determining, using said received mappings and associated metrics, routing paths between said protected enclaves reachable by said VPN gateway and other protected enclaves of said plurality of protected enclaves, and wherein each of said one or more PDS(s) includes a second processor configured to perform a second method, the second method comprising; generating said mappings between said registered network prefixes and said VPN gateways; and distributing said mappings and associated metrics to said VPN gateway. - View Dependent Claims (14, 15, 16)
-
-
17. A method for enabling routing among a plurality of protected enclaves, wherein each of the protected enclaves includes one or more plain text (PT) networks and is supported by one or more Virtual Private Network (VPN) gateways of a plurality of VPN gateways, the method comprising:
-
receiving a registration requests from a VPN gateways of the plurality of VPN gateways, wherein said registration requests includes network prefixes within said protected enclaves reachable by the VPN gateway; generating mappings between registered network prefixes and VPN gateways enabled to reach said registered network prefixes, wherein said mappings have associated metrics for using said VPN gateways to reach said registered network prefixes; transmitting the generated mappings to the VPN gateways; receiving a query from the VPN gateway, wherein said query includes a target network prefix; and transmitting to said VPN gateway mappings associated with said target network prefix, including addresses of VPN gateways of the plurality of VPN gateways enabled to reach said target network prefix. - View Dependent Claims (18, 19, 20, 21)
-
Specification