Secure high-throughput data-center network employing routed firewalls
First Claim
1. A data center comprising:
- a first data-center tier configured to electronically connect to an external network;
an internal portion of the data center coupled to the first data-center tier, wherein the internal portion comprises;
a second data-center tier comprising;
a second data-center tier internal core; and
an intrusion detection service module; and
a third data-center tier comprising a third data-center tier internal core;
a first routed firewall instance coupled between the first data-center tier and the external network; and
a second routed firewall instance coupled between the first data-center tier and the second data-center tier, wherein the second routed firewall instance facilitates data filtering and routing data between a plurality of virtual local area networks (VLANs) that are internal to the first data-center tier and a VLAN that interfaces the first data-center tier and the second data-center tier, and wherein the intrusion detection service module is electronically connected to the second routed firewall instance, the second data-center tier internal core, and the third data-center tier internal core.
1 Assignment
0 Petitions
Accused Products
Abstract
A reliable and secure data-center. The data center includes a first data-center tier that is adapted to connect to an external network and an internal portion of the data center. A first firewall instance interfaces the first tier and the external network. A second firewall instance interfaces the first tier and the internal portion of the data center. In a more specific embodiment, the first firewall instance and the second firewall instance accommodate Internet Protocol SECurity (IPSEC) terminations using one or more VPNSMs. In this embodiment, the first data-center tier implements a core tier that includes one or more core switches that facilitate implementing the first firewall instance and the second firewall instance. The interior portion of the network represents a DeMilitarized Zone (DMZ) that includes a second tier that is connected between the first data-center tier and a third tier. The second tier implements an aggregation tier that includes one or more aggregation switches that facilitate implementing reverse-proxy caching. Overall Layer-3 design methodology is used within each tier and across tiers for optimized packet switching. The aggregation tier includes one or more aggregation-tier service modules for implementing load balancing, Secure Socket Layer (SSL) offloading, and/or the reverse-proxy caching.
54 Citations
42 Claims
-
1. A data center comprising:
-
a first data-center tier configured to electronically connect to an external network; an internal portion of the data center coupled to the first data-center tier, wherein the internal portion comprises; a second data-center tier comprising; a second data-center tier internal core; and an intrusion detection service module; and a third data-center tier comprising a third data-center tier internal core; a first routed firewall instance coupled between the first data-center tier and the external network; and a second routed firewall instance coupled between the first data-center tier and the second data-center tier, wherein the second routed firewall instance facilitates data filtering and routing data between a plurality of virtual local area networks (VLANs) that are internal to the first data-center tier and a VLAN that interfaces the first data-center tier and the second data-center tier, and wherein the intrusion detection service module is electronically connected to the second routed firewall instance, the second data-center tier internal core, and the third data-center tier internal core. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 40, 41, 42)
-
-
37. A method comprising:
-
constructing a first data-center tier for electronically connecting to an external network and an internal portion of a data center, wherein the internal portion comprises; a second data-center tier comprising a second data-center tier internal core and an intrusion detection service module; and a third data-center tier comprising a third data-center tier internal core; and implementing a first routed firewall instance to interface the first data-center tier and the external network; and implementing a second routed firewall instance to interface the first data-center tier and the second data-center tier, wherein the second routed firewall instance facilitates data filtering and routing data between a plurality of virtual local area networks (VLANs) that are internal to the first data-center tier and a VLAN that interfaces the first data-center tier and the second data-center tier, and wherein the intrusion detection service module is electronically connected to the second routed firewall instance, the second data-center tier internal core, and the third data-center tier internal core.
-
-
38. A data center comprising:
-
a first data-center tier for electronically connecting to an external network and an internal portion of a data center, wherein the internal portion comprises; a second data-center tier comprising a second data-center tier internal core and an intrusion detection service module; and a third data-center tier comprising an third data-center tier internal core; a first routed firewall instance to interface the first data-center tier and the external network; and means for implementing a second routed firewall instance to interface the first data-center tier and the second data-center tier, wherein the second routed firewall instance facilitates data filtering and routing data between a plurality of virtual local area networks (VLANs) that are internal to the first data-center tier and a VLAN that interfaces the first data-center tier and the second data-center tier, and wherein the intrusion detection service module is electronically connected to the second routed firewall instance, the second data-center tier internal core, and the third data-center tier internal core. - View Dependent Claims (39)
-
Specification