Distributed firewalling in a wireless communication network

US 8,516,567 B2
Filed: 11/29/2011
Issued: 08/20/2013
Est. Priority Date: 11/29/2011
Status: Active Grant

First Claim

Patent Images

1. A controller for distributed collaborative firewalling in a wireless wide area communication network including a plurality of controllers, the controller comprising:

a binding table that is built by the controller in response to receiving identifiers of wireless clients being served by the controller by sending a confirmation request asking for a confirmation that a wireless client is properly associated in order to verify that wireless communication traffic really corresponds to the wireless client, wherein the sending of the confirmation request is rate-limited so that every roam of a wireless client does not generate a confirmation request, the binding table lists the wireless clients properly associated with each access port under control of the controller; and

a processor coupled to the binding table, the processor operable to apply stateless firewalling on wireless communication traffic from the wireless client using the binding table, and applying, by each access port, stateful firewalling on the wireless communication traffic from the wireless client.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for distributed collaborative firewalling in a wireless wide area communication network including a plurality of controllers, comprises a binding table that is built by the controller in response to receiving identifiers of wireless clients being served by the controller, where the binding table lists the wireless clients associated with each access port under control of the controller. A processor of the controller is operable to apply stateless firewalling on wireless communication traffic from a wireless client using the binding table, and applying, by each access port, stateful firewalling on the wireless communication traffic from the wireless client.

4 Citations

View as Search Results

12 Claims

1. A controller for distributed collaborative firewalling in a wireless wide area communication network including a plurality of controllers, the controller comprising:
- a binding table that is built by the controller in response to receiving identifiers of wireless clients being served by the controller by sending a confirmation request asking for a confirmation that a wireless client is properly associated in order to verify that wireless communication traffic really corresponds to the wireless client, wherein the sending of the confirmation request is rate-limited so that every roam of a wireless client does not generate a confirmation request, the binding table lists the wireless clients properly associated with each access port under control of the controller; and
  
  a processor coupled to the binding table, the processor operable to apply stateless firewalling on wireless communication traffic from the wireless client using the binding table, and applying, by each access port, stateful firewalling on the wireless communication traffic from the wireless client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The controller of claim 1, wherein the communication traffic is tunneled wide area network traffic that is bridged between wireless and wired devices.
  - 3. The controller of claim 1, wherein the identifier in the binding table is a Media Access Control (MAC) address of the wireless client.
  - 4. The controller of claim 1, wherein the identifier in the binding table is a Mesh Interconnection Network Technology (MINT) header that identifies that a packet is coming from a particular wireless client.
  - 5. The controller of claim 1, wherein stateless firewalling is only applied if the wireless client is not directly associated with an on-board radio of the controller itself.
  - 6. The controller of claim 1, wherein if the wireless client is associated with an AP, and is wirelessly communicating with another device on the same AP, the firewall flow on the AP is stateful.
  - 7. The controller of claim 1, wherein stateful firewalling is applied for wired devices connected to the controller through a wired communication network.
  - 8. The controller of claim 1, wherein if the wireless client is associated with first AP of a first controller A, and is wirelessly communicating with another device associated with a second AP of a second controller B, the firewall flow on both APs is stateful, and the firewall flows on both controllers will be stateless.
  - 9. The controller of claim 1, wherein whenever the wireless client, for which the controller was doing stateless firewalling, roams directly onto an on-board radio or port of the controller, the controller will make all its firewall flows stateful by dropping all stateless firewall flows and installing the migrating stateful firewall flows.
  - 10. The controller of claim 1, wherein the binding table includes a trust value for each wireless client, the trust value is entered in the binding table in response to the confirmation.

11. A machine-implemented method for distributed collaborative firewalling in a wireless wide area communication network including a plurality of controllers, the method comprising the steps of:
- receiving a wireless client identifier for binding to a known access port;
  
  building, by each controller, a binding table listing wireless clients properly associated with each access port under control of the controller by sending a confirmation request asking for a confirmation that a wireless client is properly associated in order to verify that wireless communication traffic really corresponds to the wireless client, wherein the sending of the confirmation request is rate-limited so that every roam of a wireless client does not generate a confirmation request; and
  
  applying, by each controller, stateless firewalling on wireless communication traffic from the wireless client using the binding table, and applying, by each access port, stateful firewalling on the wireless communication traffic from the wireless client.
- View Dependent Claims (12)
- - 12. The method of claim 11, wherein the binding table includes a trust value for each wireless client, the trust value is entered in the binding table in response to the confirmation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Extreme Networks, Inc.
Original Assignee
Motorola Solutions, Inc.
Inventors
Agrawal, Somesh, Poola, Jeelan
Primary Examiner(s)
PERUNGAVOOR, VENKATANARAY

Application Number

US13/306,352
Publication Number

US 20130139243A1
Time in Patent Office

630 Days
Field of Search

None
US Class Current

726/11
CPC Class Codes

H04L 63/0236   Filtering by address, proto...

H04L 63/0254   Stateful filtering

H04W 12/088   using filters or firewalls

H04W 84/12   WLAN [Wireless Local Area N...

Distributed firewalling in a wireless communication network

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

4 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Distributed firewalling in a wireless communication network

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

4 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links