Dynamic firewall and dynamic host configuration protocol configuration

US 8,363,658 B1
Filed: 11/13/2008
Issued: 01/29/2013
Est. Priority Date: 11/13/2008
Status: Active Grant

First Claim

Patent Images

1. A dynamic network interfaces system, comprising:

an at least one computer system;

a configuration database comprising a subnet interface pool and a virtual local area network tag pool; and

a dynamic network interfaces application that, when executed on the at least one computer system,receives a message from a network access component containing a request to authenticate a client device accessing a network service,determines that a policy requires the client device to be associated with a virtual local area network to access the network service,authenticates the client device for association with the virtual local area network,obtains subnet interface information from the subnet interface pool and a virtual local area network tag from the virtual local area network tag pool to provision the virtual local area network, wherein the virtual local area network tag is unrelated to and randomly combined with the subnet interface information,assigns the subnet interface information from the subnet interface pool and the virtual local area network tag from the virtual local area network tag pool to the client device, the network access component, and a firewall component,sends a reply containing the subnet interface information from the subnet interface pool and the virtual local area network tag from the virtual local area network tag pool to the network access component and the firewall component in response to the request, wherein the reply further includes instructions to the network access component and the firewall component to use the subnet interface information from the subnet interface pool and the virtual local area network tag from the virtual local area network tag pool to provision the virtual local area network, andactivates the virtual local area network in response to receiving at least one message from the access device and the firewall device indicating that interfaces have been configured on each device and associated with the virtual local area network tag and a physical interface.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system is provided comprising a computer system, a configuration database, and a dynamic network interfaces application that receives a message from a network access component containing a request to authenticate a client device accessing a network service, determines that a policy requires the client device to be associated with a virtual local area network to access the network service, and authenticates the client device for association with the virtual local area network. The dynamic network interfaces application also searches the configuration database for configuration information to provision the virtual local area network, assigns the configuration information to the client device, the network access component, and a firewall component, and sends a reply containing the configuration information to the network access component and the firewall component in response to the request, wherein the configuration information comprises settings to provision the virtual local area network.

Citations

20 Claims

1. A dynamic network interfaces system, comprising:
- an at least one computer system;
  
  a configuration database comprising a subnet interface pool and a virtual local area network tag pool; and
  
  a dynamic network interfaces application that, when executed on the at least one computer system,receives a message from a network access component containing a request to authenticate a client device accessing a network service,determines that a policy requires the client device to be associated with a virtual local area network to access the network service,authenticates the client device for association with the virtual local area network,obtains subnet interface information from the subnet interface pool and a virtual local area network tag from the virtual local area network tag pool to provision the virtual local area network, wherein the virtual local area network tag is unrelated to and randomly combined with the subnet interface information,assigns the subnet interface information from the subnet interface pool and the virtual local area network tag from the virtual local area network tag pool to the client device, the network access component, and a firewall component,sends a reply containing the subnet interface information from the subnet interface pool and the virtual local area network tag from the virtual local area network tag pool to the network access component and the firewall component in response to the request, wherein the reply further includes instructions to the network access component and the firewall component to use the subnet interface information from the subnet interface pool and the virtual local area network tag from the virtual local area network tag pool to provision the virtual local area network, andactivates the virtual local area network in response to receiving at least one message from the access device and the firewall device indicating that interfaces have been configured on each device and associated with the virtual local area network tag and a physical interface.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein the reply further includes instructions to configure a subnet interface on the network access component and the firewall component to provision the virtual local area network, the subnet interface to be associated with the physical interface on the network access component and the firewall component.
  - 3. The system of claim 1, wherein the authentication of the client device for association with the virtual local area network uses the IEEE 802.1x framework for authentication.
  - 4. The system of claim 1, wherein the subnet interface information from the subnet interface pool and the virtual local area network tag from the virtual local area network tag pool comprises at least one of information identifying the virtual local area network, a physical interface, and information to configure a subnet interface comprising at least one of an internet protocol address, a subnet mask, a default gateway, a domain name system server, and a dynamic host configuration protocol server.
  - 5. The system of claim 1, wherein the dynamic network interfaces application sends the reply to the network access component and the firewall component using a messaging framework associated with one of a dynamic host configuration protocol and a simple network management protocol.
  - 6. The system of claim 1, wherein the network access component and the firewall component are installed on computers separate from the computer system on which the dynamic network interfaces application executes.
  - 7. The system of claim 1, wherein the network access component and the firewall component comprise components to install the subnet interface information from the subnet interface pool and the virtual local area network tag from the virtual local area network tag pool provisioning the virtual local area network.
  - 8. The system of claim 1, wherein the dynamic network system interface further sends a message that the network service requested by the client device is accessible.

9. A method of dynamically provisioning a virtual local area network, comprising:
- receiving a message from an access device containing a request to authenticate a client device accessing a network service;
  
  determining that a policy requires the client device to be associated with a virtual local area network to access the network service;
  
  obtaining subnet interface information from a subnet interface pool and a virtual local area network tag from a virtual local area network tag pool in a configuration database, wherein the virtual local area network tag is unrelated to and randomly combined with the subnet interface information;
  
  creating messages comprising the subnet interface information from the subnet interface pool, the virtual local area network tag from the virtual local area network tag pool, the policy, physical interface designations, and a plurality of instructions to configure a subnet interface using the subnet interface information from the subnet interface pool and the virtual local area network tag from the virtual local area network tag pool and associate the subnet interface with the designated physical interfaces on the access device and the firewall device to provision the virtual local area network;
  
  sending the messages to the access device and the firewall device using a messaging framework;
  
  receiving messaging from the access device and the firewall device indicating that the subnet interface has been configured on the access device and the firewall device as directed in the messages received; and
  
  activating the virtual local area network in response to receiving the messages from the access device and the firewall device.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The method of claim 9, wherein the client device is one of a mobile telephone, personal digital assistant, laptop computer, tablet computer, desktop computer, set-top box, media player, Voice over Internet Protocol desk set, printer, data appliance, camera, webcam, and femtocell.
  - 11. The method of claim 9, wherein the messaging framework is associated with one of a dynamic host configuration protocol and a simple network management protocol.
  - 12. The method of claim 9, wherein policies are associated with firewall devices and client devices, and wherein the policies define at least one of client device access to service levels associated with network services and physical interfaces of firewall devices.
  - 13. The method of claim 9, wherein the access device provides notice when the virtual local area network is terminating and the virtual local area network tag is returned to the virtual local area network tag pool and the subnet interface information is returned to the subnet interface pool and the virtual local area network tag and the subnet interface information are made available for future use.
  - 14. The method of claim 13, wherein the virtual local area network tag is returned to the virtual local area network tag pool and the subnet interface information is returned to the subnet interface pool after a time delay.

15. A method of dynamically provisioning a virtual local area network, comprising:
- receiving a message from an access device comprising a request to authenticate a client device accessing a network service;
  
  determining that a policy requires the client device to be associated with a virtual local area network to access the network service;
  
  determining that the client device is a member of a group wherein members of the group are associated with a single virtual local area network tag;
  
  determining that the client device is one of the first member of the group to request access and one of the second and subsequent members of the group to request access to the network service and receive authentication;
  
  when the client device is the first member of the croup to request access to the network service associated with the group,obtaining subnet interface information from a subnet interface pool and the virtual local area network tag from a virtual local area network tag pool, wherein the virtual local area network tag is unrelated to and randomly combined with the subnet interface information,sending to the access device and a firewall device the subnet interface information from the subnet interface pool, the virtual local area network tag from the virtual local area network tag pool, the policy, physical interface designations, and instructions to configure a subnet interface using the subnet interface information and the virtual local area network tag and associate the subnet interface with the designated physical interfaces on the access device and the firewall device to provision the virtual local area network, andactivating the virtual local area network in response to receiving at least one message from the access device and the firewall device indicating that the subnet interface has been configured on each device and associated with the virtual local area network tag and the designated physical interfaces; and
  
  when the client device is one of the second and subsequent members of the group to request access to the network service associated with the group, joining the client device to the existing virtual local area network designated for the group.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, wherein the subnet interface information and the virtual local area network tag designated for a group are randomly generated for the group when the first member of the group authenticates for network services associated with the group and wherein the subnet interface information and the virtual local area network tag are made available for reuse shortly after the last member of the group disconnects from the session.
  - 17. The method of claim 16, wherein the virtual local area network tag designated for a group is reserved for the group when members of the group are one of currently engaged in a virtual local area network session associated with the group and not currently engaged in a virtual local area network session associated with the group.
  - 18. The method of claim 15, wherein a client device that is a member of a group is joined to the virtual local area network associated with the group regardless of the type of access network used by the client device to reach the access device.
  - 19. The method of claim 15, wherein the client devices using different access network types are joined on one virtual local area network.
  - 20. The method of claim 19, wherein the client devices reach the access device from one of a code division multiple access evolution-data optimized, code division multiple access round-trip time, Institute of Electrical and Electronics Engineers 802.1Q, Worldwide Interoperability for Microwave Access, digital subscriber line, and global system for mobile communications high-speed downlink packet access network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Delker, Jason R., Everson, John M., Norris, James W., Ross, Carol A., Whitney, Jason K.
Primary Examiner(s)
Popham, Jeffrey D
Assistant Examiner(s)
GRACIA, GARY S

Application Number

US12/270,537
Time in Patent Office

1,538 Days
Field of Search

726/11, 726/15, 370/252, 370/389, 370/392, 370/395.53
US Class Current

370/395.53
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 41/0895   Configuration of virtualise...

H04L 61/5014   using dynamic host configur...

H04L 63/0272   Virtual private networks

H04W 12/06   Authentication

Dynamic firewall and dynamic host configuration protocol configuration

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic firewall and dynamic host configuration protocol configuration

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links