System and method for remote monitoring and control of network devices

US 8,527,662 B2
Filed: 08/20/2012
Issued: 09/03/2013
Est. Priority Date: 03/01/2007
Status: Active Grant

First Claim

Patent Images

1. A method of operating a centralized server that is coupled over the Internet to a plurality of network traffic devices in local networks, the method comprising:

providing for remote management of the plurality of network traffic devices over the Internet from the centralized server, each of the network traffic devices being either a router or a wireless access point, wherein the centralized server is outside of the local networks, wherein different ones of the network traffic devices are part of different ones of the local networks, wherein each of the network traffic devices provide a gateway for their local network to the Internet, wherein each of the network traffic devices can send messages from other nodes of their local networks over the Internet to the centralized server, wherein each of the local networks includes at least one client device that is one of a laptop computer, desktop computer, and a portable computing device, wherein the local networks are interfaced to the Internet, wherein the network traffic devices are behind network address translation devices (NATs) and have node IP addresses that are not publicly routable from the Internet, wherein the node IP addresses are assigned such that none of the network traffic devices have the same node IP address, and wherein the providing includes,the centralized server listening for user datagram protocol (UDP) packets on a well-known IP address and UDP port, wherein each of the network traffic devices opens a UDP connection to the centralized server'"'"'s well-known IP address and UDP port;

exchanging, by the centralized server, Internet Protocol (IP) packets with the plurality of network traffic devices using IP over UDP encapsulation, including sending network configuration data to each of the network traffic devices and receiving operational statistics from each of the network traffic devices via respective tunnels over the Internet, wherein when travelling over the Internet the UDP headers used for the UDP encapsulation have as source and destination addresses the centralized server'"'"'s well-known IP address and the IP addresses of externally routable network devices behind which the network traffic devices are located, wherein IP headers of the IP packets encapsulated within the UDP headers have as source and destination addresses an agreed upon IP network address of the centralized server and the node IP addresses of the network traffic devices, wherein the network traffic devices include a first network traffic device having a first public IP address that is publicly routable within the Internet and a first node IP address for communicating with the centralized server via a first tunnel, wherein the network traffic devices include a second network traffic device that is behind the first network traffic device, the second network traffic device having a second node IP address for communicating with the centralized server via a second tunnel, wherein the first and second node IP addresses are not publicly routable in the Internet; and

maintaining, by the centralized server, a node mapping table on how to reach each of the network traffic devices via a respective tunnel, the node mapping table having a plurality of entries, each corresponding to one of the network traffic devices for mapping an externally routable IP address to a node IP address of a network traffic device, wherein an externally routable IP address is either a public IP address of the corresponding network traffic device or a public IP address of an externally routable network traffic device behind which the corresponding network traffic device is located, wherein the node mapping table comprises a first entry associated with the first network traffic device, and a second entry associated with the second network traffic device,wherein the first entry maps the first public IP address of the first network traffic device with the first node IP address of the first network traffic device, and wherein the second entry maps the first public IP address of the first network traffic device with the second node IP address of the second network traffic device, such that the centralized server does not need to know whether any of the first and second network traffic devices is behind another network traffic device when the centralized server communicates with any of the first and second network traffic devices, wherein each of the local networks is a wireless mesh network.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A managed network provides unique network addresses that are assigned to nodes such that no two nodes will have the same address in the managed network and such that each node will always have the same network address regardless of changing its location or changing the network to which it is joined. The nodes, communicating together, comprise a mesh network. Remote management and control of the nodes is possible from the host server, which is located outside of the mesh network, even if a node is located behind a firewall or network address translator (NAT), because server management messages are encapsulated within headers so that a persistent connection between the node and the external host server is maintained once the node sends a message to the host.

237 Citations

28 Claims

1. A method of operating a centralized server that is coupled over the Internet to a plurality of network traffic devices in local networks, the method comprising:
- providing for remote management of the plurality of network traffic devices over the Internet from the centralized server, each of the network traffic devices being either a router or a wireless access point, wherein the centralized server is outside of the local networks, wherein different ones of the network traffic devices are part of different ones of the local networks, wherein each of the network traffic devices provide a gateway for their local network to the Internet, wherein each of the network traffic devices can send messages from other nodes of their local networks over the Internet to the centralized server, wherein each of the local networks includes at least one client device that is one of a laptop computer, desktop computer, and a portable computing device, wherein the local networks are interfaced to the Internet, wherein the network traffic devices are behind network address translation devices (NATs) and have node IP addresses that are not publicly routable from the Internet, wherein the node IP addresses are assigned such that none of the network traffic devices have the same node IP address, and wherein the providing includes,the centralized server listening for user datagram protocol (UDP) packets on a well-known IP address and UDP port, wherein each of the network traffic devices opens a UDP connection to the centralized server'"'"'s well-known IP address and UDP port;
  
  exchanging, by the centralized server, Internet Protocol (IP) packets with the plurality of network traffic devices using IP over UDP encapsulation, including sending network configuration data to each of the network traffic devices and receiving operational statistics from each of the network traffic devices via respective tunnels over the Internet, wherein when travelling over the Internet the UDP headers used for the UDP encapsulation have as source and destination addresses the centralized server'"'"'s well-known IP address and the IP addresses of externally routable network devices behind which the network traffic devices are located, wherein IP headers of the IP packets encapsulated within the UDP headers have as source and destination addresses an agreed upon IP network address of the centralized server and the node IP addresses of the network traffic devices, wherein the network traffic devices include a first network traffic device having a first public IP address that is publicly routable within the Internet and a first node IP address for communicating with the centralized server via a first tunnel, wherein the network traffic devices include a second network traffic device that is behind the first network traffic device, the second network traffic device having a second node IP address for communicating with the centralized server via a second tunnel, wherein the first and second node IP addresses are not publicly routable in the Internet; and
  
  maintaining, by the centralized server, a node mapping table on how to reach each of the network traffic devices via a respective tunnel, the node mapping table having a plurality of entries, each corresponding to one of the network traffic devices for mapping an externally routable IP address to a node IP address of a network traffic device, wherein an externally routable IP address is either a public IP address of the corresponding network traffic device or a public IP address of an externally routable network traffic device behind which the corresponding network traffic device is located, wherein the node mapping table comprises a first entry associated with the first network traffic device, and a second entry associated with the second network traffic device,wherein the first entry maps the first public IP address of the first network traffic device with the first node IP address of the first network traffic device, and wherein the second entry maps the first public IP address of the first network traffic device with the second node IP address of the second network traffic device, such that the centralized server does not need to know whether any of the first and second network traffic devices is behind another network traffic device when the centralized server communicates with any of the first and second network traffic devices, wherein each of the local networks is a wireless mesh network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. The method of claim 1, wherein the providing further comprises:
    - initially receiving from each of the network traffic devices a UDP message that is sent to the centralized server'"'"'s well-known IP address and that is to establish a connection between that network traffic device and the centralized server.
  - 3. The method of claim 2, wherein a payload of each of the UDP messages sent to establish the connection between the network traffic devices and the centralized server includes the node IP address of the sending network traffic device and an authentication secret to authenticate that network traffic device.
  - 4. The method of claim 1, wherein the exchanging including the centralized server querying the network traffic devices for the operational statistics rather than having the network traffic devices proactively reporting the operational statistics at regular intervals.
  - 5. The method of claim 1, wherein the network traffic devices are routers.
  - 6. The method of claim 1, wherein at least one of the local networks includes a plurality of network traffic devices that are wireless access points, that are behind the network traffic device providing the gateway for that local network, and that communicate over a wireless network communications protocol to form a wireless mesh network with the network traffic device providing the gateway.
  - 7. The method of claim 6, wherein each of the plurality network traffic devices that are access points also have node IP addresses that are not publicly routable from the Internet, wherein the node IP addresses are assigned such that none of the network traffic devices have the same node IP address.
  - 8. The method of claim 7, wherein the providing further comprises:
    - providing for remote management over the Internet from the centralized server of the network traffic devices that are wireless access points.
  - 9. The method of claim 8, wherein the providing for remote management over the Internet from the centralized server of the network traffic devices that are wireless access points further comprises:
    - also exchanging, by the centralized server, Internet Protocol (IP) packets with the plurality of network traffic devices that are access points using IP over UDP encapsulation, wherein each of the network traffic devices that are access points also open a UDP connection to the centralized server'"'"'s well-known IP address and UDP port, wherein IP headers of the IP packets encapsulated within the UDP headers have as source and destination addresses the agreed upon IP network address of the centralized server and the node IP addresses of the network traffic devices that are access points, wherein the exchanging includes,sending network configuration data to each of the network traffic devices that are access points; and
      
      receiving operational statistics from each of the network traffic devices that are access points.
  - 10. The method of claim 1, wherein the exchanging further comprises:
    - wrapping the IP packets in a header and then sending the encapsulated packets inside the UDP datagrams to the network traffic devices.
  - 11. The method of claim 1, wherein each of the IP packets sent from the network traffic devices to the centralized server using IP over UDP encapsulation is characterized by appending an mtunnel header to the IP packet and sending it as a UDP datagram, wherein the mtunnel header includes an IP address field and an authentication secret field, wherein the authentication secret field is to authenticate the one of the network traffic devices sending that particular IP packet.
  - 12. The method of claim 1, wherein the node IP addresses are assigned such that each network traffic device will always have the same node IP address.
  - 13. The method of claim 12, wherein the node IP address of each network traffic device is generated based on a media access control (MAC) address of the respective network traffic device.
  - 14. The method of claim 1, wherein the providing further comprises:
    - keeping, by the centralized server, a mapping of how to reach each of the network traffic devices responsive to receiving periodic messages from each of the network traffic devices.
  - 15. The method of claim 14, wherein the providing further comprises:
    - ensuring, by the centralized server sending acknowledgement messages to the periodic messages, that the NATs located along network paths from the centralized server back to the network traffic devices will maintain state that will allow future incoming packet from the centralized server to be delivered to the network traffic devices.
  - 16. The method of claim 1, wherein the exchanging provides an address space bridge between the network traffic devices and any software running on the centralized server.
  - 17. The method of claim 16, wherein the providing further comprises:
    - executing, by the centralized server, network management, report generation, and accounting software applications programs.
  - 18. The method of claim 1, wherein the providing further comprises:
    - providing management tools, by the centralized server over an Internet connection, to assist a network owner.
  - 19. The method of claim 18, wherein the providing management tools further includes providing a user interface accessible through a Web browser.
  - 20. The method of claim 1, wherein the providing further comprises:
    - periodically receiving from each of the network traffic devices a hello packet.
  - 21. The method of claim 1, wherein the providing further comprises ensuring that the NATs located along network paths from the centralized server back to the network traffic devices will maintain state that will allow future incoming packet from the centralized server to be delivered to the network traffic devices.
  - 22. The method of claim 1, wherein the sending network configuration data includes sending to at least one of the network traffic devices at least a portion of at least one of a script and an application that is to be installed by the network traffic devices and that when executed by the network traffic devices cause them to perform monitoring and control functions.

23. A non-transitory computer readable medium containing machine instructions that when executed by a centralized server, which is coupled over the Internet to a plurality of network traffic devices in local networks, cause the centralized server to perform a method, the method comprising:
- providing for remote management of the plurality of network traffic devices over the Internet from the centralized server, each of the network traffic devices being either a router or a wireless access point, wherein the centralized server is outside of the local networks, wherein different ones of the network traffic devices are part of different ones of the local networks, wherein each of the network traffic devices provide a gateway for their local network to the Internet, wherein each of the network traffic devices can send messages from other nodes of their local networks over the Internet to the centralized server, wherein each of the local networks includes at least one client device that is one of a laptop computer, desktop computer, and a portable computing device, wherein the local networks are interfaced to the Internet, wherein the network traffic devices are behind network address translation devices (NATs) and have node IP addresses that are not publicly routable from the Internet, wherein the node IP addresses are assigned such that none of the network traffic devices have the same node IP address, and wherein the providing includes,the centralized server listening for user datagram protocol (UDP) packets on a well-known IP address and UDP port, wherein each of the network traffic devices opens a UDP connection to the centralized server'"'"'s well-known IP address and UDP port; and
  
  exchanging, by the centralized server, Internet Protocol (IP) packets with the plurality of network traffic devices using IP over UDP encapsulation, including sending network configuration data to each of the network traffic devices and receiving operational statistics from each of the network traffic devices via respective tunnels over the Internet, wherein when travelling over the Internet the UDP headers used for the UDP encapsulation have as source and destination addresses the centralized server'"'"'s well-known IP address and the IP addresses of externally routable network devices behind which the network traffic devices are located, wherein IP headers of the IP packets encapsulated within the UDP headers have as source and destination addresses an agreed upon IP network address of the centralized server and the node IP addresses of the network traffic devices, wherein the network traffic devices include a first network traffic device having a first public IP address that is publicly routable within the Internet and a first node IP address for communicating with the centralized server via a first tunnel, wherein the network traffic devices include a second network traffic device that is behind the first network traffic device, the second network traffic device having a second node IP address for communicating with the centralized server via a second tunnel, wherein the first and second node IP addresses are not publicly routable in the Internet; and
  
  maintaining, by the centralized server, a node mapping table on how to reach each of the network traffic devices via a respective tunnel, the node mapping table having a plurality of entries, each corresponding to one of the network traffic devices for mapping an externally routable IP address to a node IP address of a network traffic device, wherein an externally routable IP address is either a public IP address of the corresponding network traffic device or a public IP address of an externally routable network traffic device behind which the corresponding network traffic device is located, wherein the node mapping table comprises a first entry associated with the first network traffic device, and a second entry associated with the second network traffic device,wherein the first entry maps the first public IP address of the first network traffic device with the first node IP address of the first network traffic device, and wherein the second entry maps the first public IP address of the first network traffic device with the second node IP address of the second network traffic device, such that the centralized server does not need to know whether any of the first and second network traffic devices is behind another network traffic device when the centralized server communicates with any of the first and second network traffic devices, wherein each of the local networks is a wireless mesh network.
- View Dependent Claims (24, 25)
- - 24. The non-transitory computer readable medium of claim 23, wherein the providing further comprises:
    - initially receiving from each of the network traffic devices a UDP message that is sent to the centralized server'"'"'s well-known IP address and that is to establish a connection between that network traffic device and the centralized server.
  - 25. The non-transitory computer readable medium of claim 24, wherein a payload of each of the UDP messages sent to establish the connection between the network traffic devices and the centralized server includes the node IP address of the sending network traffic device and an authentication secret to authenticate that network traffic device.

26. A system for managing over the Internet a plurality of network traffic devices in local networks, comprising:
- a plurality of network traffic devices associated with a plurality of local networks, each of the network traffic devices being either a router or a wireless access point, wherein different ones of the network traffic devices are part of different ones of the local networks, wherein each of the network traffic devices provide a gateway for their local network to the Internet, wherein each of the local networks includes at least one client device that is one of a laptop computer, desktop computer, and a portable computing device, wherein the local networks are interfaced to the Internet; and
  
  a centralized server to provide for remote management of the plurality of network traffic devices over the Internet, wherein the centralized server is outside of the local networks, wherein each of the network traffic devices can send messages from other nodes of their local networks over the Internet to the centralized server,wherein the network traffic devices are behind network address translation devices (NATs) and have node IP addresses that are not publicly routable from the Internet, wherein the node IP addresses are assigned such that none of the network traffic devices have the same node IP address, and wherein the providing includes,wherein the centralized server is to listen for user datagram protocol (UDP) packets on a well-known IP address and UDP port, wherein each of the network traffic devices opens a UDP connection to the centralized server'"'"'s well-known IP address and UDP port,wherein the centralized server is to exchange Internet Protocol (IP) packets with the plurality of network traffic devices using IP over UDP encapsulation, including sending network configuration data to each of the network traffic devices and receiving operational statistics from each of the network traffic devices via respective tunnels over the Internet, wherein when travelling over the Internet the UDP headers used for the UDP encapsulation have as source and destination addresses the centralized server'"'"'s well-known IP address and the IP addresses of externally routable network devices behind which the network traffic devices are located, wherein IP headers of the IP packets encapsulated within the UDP headers have as source and destination addresses an agreed upon IP network address of the centralized server and the node IP addresses of the network traffic devices, wherein the network traffic devices include a first network traffic device having a first public IP address that is publicly routable within the Internet and a first node IP address for communicating with the centralized server via a first tunnel, wherein the network traffic devices include a second network traffic device that is behind the first network traffic device, the second network traffic device having a second node IP address for communicating with the centralized server via a second tunnel, wherein the first and second node IP addresses are not publicly routable in the Internet; and
  
  wherein the centralized server maintains a node mapping table on how to reach each of the network traffic devices via a respective tunnel, the node mapping table having a plurality of entries, each corresponding to one of the network traffic devices for mapping an externally routable IP address to a node IP address of a network traffic device, wherein an externally routable IP address is either a public IP address of the corresponding network traffic device or a public IP address of an externally routable network traffic device behind which the corresponding network traffic device is located, wherein the node mapping table comprises a first entry associated with the first network traffic device, and a second entry associated with the second network traffic device,wherein the first entry maps the first public IP address of the first network traffic device with the first node IP address of the first network traffic device, and wherein the second entry maps the first public IP address of the first network traffic device with the second node IP address of the second network traffic device, such that the centralized server does not need to know whether any of the first and second network traffic devices is behind another network traffic device when the centralized server communicates with any of the first and second network traffic devices, wherein each of the local networks is a wireless mesh network.
- View Dependent Claims (27, 28)
- - 27. The system of claim 26, wherein the centralized server initially receives from each of the network traffic devices a UDP message that is sent to the centralized server'"'"'s well-known IP address and that is to establish a connection between that network traffic device and the centralized server.
  - 28. The system of claim 27, wherein a payload of each of the UDP messages sent to establish the connection between the network traffic devices and the centralized server includes the node IP address of the sending network traffic device and an authentication secret to authenticate that network traffic device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Meraki Incorporated (Cisco Systems, Inc.)
Inventors
Biswas, Sanjit, Bicket, John
Primary Examiner(s)
Bengzon, Greg C

Application Number

US13/589,901
Publication Number

US 20120317191A1
Time in Patent Office

379 Days
Field of Search

None
US Class Current

709/249
CPC Class Codes

H04L 2101/622   Layer-2 addresses, e.g. med...

H04L 41/0246   Exchanging or transporting ...

H04L 41/026   using e-messaging for trans...

H04L 41/04   Network management architec...

H04L 41/0803   Configuration setting

H04L 41/22   comprising specially adapte...

H04L 41/34   Signalling channels for net...

H04L 61/5014   using dynamic host configur...

H04L 61/5092   by self-assignment, e.g. pi...

H04W 48/16   Discovering, processing acc...

H04W 8/005   Discovery of network device...

H04W 8/26   Network addressing or numbe...

H04W 84/12   WLAN [Wireless Local Area N...

H04W 88/08   Access point devices

H04W 88/16   Gateway arrangements

System and method for remote monitoring and control of network devices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

237 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for remote monitoring and control of network devices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

237 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links