System and method to provide multiple private networks using PBB
First Claim
1. A system to provide multiple private networks comprising:
- a public Metropolitan Ethernet Interface (MAN) consisting of a Provider Backbone Bridge (PBB) network configured to receive a plurality of customer network services each with a separate Service Instance Identifier (I-SID);
a plurality of physically separate local area network (LAN) ports configured to communicate data to LAN ports; and
a switching process between the PBB interface and the LAN ports;
the switching process being configured to create bindings, wherein each binding binds an individual I-SID from the PBB interface to each of the respective LAN ports so as to communicate data packets between the PBB and the bound LAN ports, the data packets being assigned to an individual LAN port based on the I-SID data stream binding, wherein an Ethernet frame format of each data packet includes an Ethernet Media Access Control (MAC) address, wherein the bindings are created independent of the Ethernet frame format Backbone Source Address (B-SA), Backbone Destination Address, (B-DA) and Backbone VLAN Identifier (B-VID) and leave the Ethernet frame format unaltered, such that prior to encapsulation at the PBB interface of a data packet being transmitted from a specific LAN port to the PBB network via a specific binding and after de-encapsulation at the PBB interface of a data packet being transmitted from the packet switched network to the specific LAN port via the specific binding, the specific binding hides the MAC address of the Ethernet frame format of the data packet through that binding from other LAN ports;
wherein the bindings between the PBB port and the LAN ports provide network security by hiding the MAC addresses such that a security breach using a duplicate MAC address on a LAN port does not affect operation of other LAN ports.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method are supplied to provide multiple private networks. The system can include a Provider Backbone Bridge (PBB) interface or interfaces configured to receive a plurality of data stream types each associated with an Instance Service Identifier (I-SID) from a Metropolitan Area Network (MAN) or public carrier Ethernet. A plurality of local area network (LAN) ports can be configured to communicate data to a plurality of LANs. A switching process is provided between the PBB interface and the LAN ports. The switching process can be configured to bind individual data stream types from subdivided data streams each represented by an I-SID to each of the respective LAN ports. In addition, the switching process can communicate packets between the PBB interface and the bound LAN ports.
-
Citations
27 Claims
-
1. A system to provide multiple private networks comprising:
-
a public Metropolitan Ethernet Interface (MAN) consisting of a Provider Backbone Bridge (PBB) network configured to receive a plurality of customer network services each with a separate Service Instance Identifier (I-SID); a plurality of physically separate local area network (LAN) ports configured to communicate data to LAN ports; and a switching process between the PBB interface and the LAN ports;
the switching process being configured to create bindings, wherein each binding binds an individual I-SID from the PBB interface to each of the respective LAN ports so as to communicate data packets between the PBB and the bound LAN ports, the data packets being assigned to an individual LAN port based on the I-SID data stream binding, wherein an Ethernet frame format of each data packet includes an Ethernet Media Access Control (MAC) address, wherein the bindings are created independent of the Ethernet frame format Backbone Source Address (B-SA), Backbone Destination Address, (B-DA) and Backbone VLAN Identifier (B-VID) and leave the Ethernet frame format unaltered, such that prior to encapsulation at the PBB interface of a data packet being transmitted from a specific LAN port to the PBB network via a specific binding and after de-encapsulation at the PBB interface of a data packet being transmitted from the packet switched network to the specific LAN port via the specific binding, the specific binding hides the MAC address of the Ethernet frame format of the data packet through that binding from other LAN ports;wherein the bindings between the PBB port and the LAN ports provide network security by hiding the MAC addresses such that a security breach using a duplicate MAC address on a LAN port does not affect operation of other LAN ports. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method for interfacing with a network, comprising:
-
receiving a plurality of data streams via one of a plurality of Service Instance Identifiers (I-SIDs) in a Provider Backbone Bridge (PBB) interface; binding each data stream from an I-SID to a physically separate local area network (LAN) port; communicating data packets in each separate data stream associated with each I-SID through to the respectively bound LAN port when data packets are received from the PBB interface, wherein an Ethernet frame format of each data packet includes an Ethernet Media Access Control (MAC) address, wherein the bindings are created independent of the outer Ethernet frame format backbone MAC address including Backbone Source Address (B-SA), Backbone Destination Address (B-DA) and Backbone VLAN Identifier (B-VID) and leave the Ethernet frame format of the inner binding unaltered, such that prior to encapsulation at the PBB interface of a data packet being transmitted from a specific LAN port to the Metropolitan Ethernet Interface (MAN) via a specific binding and after de-encapsulation at the PBB interface of a data packet being transmitted from the MAN to the specific LAN port via the specific binding, the specific binding hides the MAC address of the Ethernet frame format of the data packet through that binding from other LAN ports; and wherein the bindings between the PBB interface and the physically separate LAN ports provide network security by hiding the MAC addresses such that a security breach using a duplicate MAC address on a LAN port cannot affect operation of other LAN ports. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A system for interfacing between networks, comprising:
-
a Provider Backbone Bridge (PBB) interface configured to receive a plurality of data stream via one of a plurality of Service Instance Identifiers (I-SIDs) over a Metropolitan Ethernet Interface (MAN); a plurality of physically separate Ethernet ports configured to communicate data to a local area network (LAN), wherein each LAN is differentiated by the physical LAN port; a switching process in communication with the PBB interface and the Ethernet ports, the switching process being configured to bind each of the I-SIDs to each of the separate Ethernet ports and to forward data packets between the PBB interface and bound Ethernet ports, wherein an Ethernet frame format of each data packet includes a Ethernet Media Access Control (MAC) address, wherein the bindings are created independent of the Ethernet frame format MAC address and leave the Ethernet frame format unaltered, such that prior to encapsulation at the PBB interface of a data packet being transmitted from a specific LAN port to the MAN via a specific binding and after de-encapsulation at the PBB interface of a data packet being transmitted from the MAN to the specific LAN port via the specific binding, the specific binding hides the MAC address of the Ethernet frame format of the data packet through that binding from other LAN ports; and wherein the bindings between the I-SIDs and the Ethernet ports provide network security by hiding the MAC addresses such that a security breach using a duplicate MAC address on an Ethernet port cannot affect operation of other Ethernet ports. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
-
Specification