Broadband access for virtual private networks

US 8,942,240 B2
Filed: 07/26/2013
Issued: 01/27/2015
Est. Priority Date: 07/29/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A method for communicating between a source and a destination, comprising:

receiving, at an egress edge device from an ingress edge device, an upper layer packet including a virtual private network identification identifying a destination, the virtual private network identification having been added to a header of the upper layer packet by the ingress edge device;

authenticating the upper layer packet at the egress edge device using the virtual private network identification by comparing the virtual private network identification against an expectation for the upper layer packet; and

upon authentication, decapsulating the upper layer packet into a lower layer packet for the destination,wherein the virtual private network identification is a unique identification number assigned to the source for marking the upper layer packet as belonging to a virtual private network to which the source and the destination belong, the virtual private network identification comprising at least four bytes.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Communications between a source and a destination include receiving, at an egress edge device from an ingress edge device, an upper layer packet including a virtual private network identification identifying a destination. The upper layer packet is authenticated at the egress edge device using the virtual private network identification by comparing the virtual private network identification against an expectation for the upper layer packet. Upon authentication, the upper layer packet is decapsulated into a lower layer packet for the destination.

Citations

19 Claims

1. A method for communicating between a source and a destination, comprising:
- receiving, at an egress edge device from an ingress edge device, an upper layer packet including a virtual private network identification identifying a destination, the virtual private network identification having been added to a header of the upper layer packet by the ingress edge device;
  
  authenticating the upper layer packet at the egress edge device using the virtual private network identification by comparing the virtual private network identification against an expectation for the upper layer packet; and
  
  upon authentication, decapsulating the upper layer packet into a lower layer packet for the destination,wherein the virtual private network identification is a unique identification number assigned to the source for marking the upper layer packet as belonging to a virtual private network to which the source and the destination belong, the virtual private network identification comprising at least four bytes.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method according to claim 1,wherein the egress edge device and ingress edge device are on edges of a service provider internet protocol network.
  - 3. The method according to claim 1,wherein the virtual private network identification distinguishes upper layer packets originated by the source from other upper layer packets not from the source.
  - 4. The method according to claim 1,wherein the upper layer packet is received at multicast addresses including an address of the egress edge device.
  - 5. The method according to claim 2,wherein the upper layer packet is received at the egress edge device but not at other egress edge devices of the service provider internet protocol network when the destination is mapped specifically to the egress edge device.
  - 6. The method according to claim 1,wherein the upper layer packet comprises data received in turn from the source.
  - 7. The method according to claim 1,wherein the egress edge device provides an interface for an ethernet local area network.
  - 8. The method according to claim 1,wherein the authenticating the upper layer packet using the virtual private network identification comprises verifying a secured network identifier corresponding to a secured network to which the source and the destination belong, andwherein the upper layer packet is discarded when the secured network identifier is not verified.
  - 9. The method according to claim 1,wherein the destination accesses the egress edge device, to which the upper layer packet is delivered, via a broadband access link.
  - 10. The method according to claim 1,wherein the destination accesses the egress edge device, to which the upper layer packet is delivered, via a digital subscriber line.
  - 11. The method according to claim 10,wherein the egress edge device comprises a digital subscriber line access multiplexer.
  - 12. The method according to claim 9,wherein the egress edge device provides an interface to an internet protocol local area network.
  - 13. The method according to claim 9,wherein the egress edge device comprises an interworking function device.
  - 14. The method according to claim 1,wherein the upper layer packet is received in a unicast.
  - 15. The method according to claim 2,wherein the service provider internet protocol network comprises gateways, andwherein each of the gateways comprises a plurality of line interfaces.
  - 16. The method according to claim 15,wherein the destination corresponds to one of the plurality of line interfaces.
  - 17. The method according to claim 15,wherein the destination corresponds to more than one of the plurality of line interfaces.

18. A system for communicating between a source and a destination, comprises:
- a receiver at an egress edge device that receives from an ingress edge device, an upper layer packet including a virtual private network identification identifying a destination, the virtual private network identification having been added to a header of the upper layer packet by the ingress edge device; and
  
  a decapsulator at the egress edge device that authenticates the upper layer packet using the virtual private network identification by comparing the virtual private network identification against an expectation for the upper layer packet and, upon authentication, decapsulates the upper layer packet into a lower layer packet for the destination,wherein the virtual private network identification is a unique identification number assigned to the source for marking the upper layer packet as belonging to a virtual private network to which the source and the destination belong, the virtual private network identification comprising at least four bytes.

19. A non-transitory computer readable medium comprising a set of instructions for communicating between a source and a destination, the set of instructions, when executed by a processor of an egress edge device, causing the egress edge device to perform acts of:
- receiving an upper layer packet including a virtual private network identification identifying a destination, the virtual private network identification having been added to a header of the upper layer packet by an ingress edge device;
  
  authenticating the upper layer packet using the virtual private network identification by comparing the virtual private network identification against an expectation for the upper layer packet; and
  
  upon authentication, decapsulating the upper layer packet into a lower layer packet for the destination,wherein the virtual private network identification is a unique identification number assigned to the source for marking the upper layer packet as belonging to a virtual private network to which the source and the destination belong, the virtual private network identification comprising at least four bytes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Marlow Technologies, Llc
Original Assignee
Marlow Technologies, Llc
Inventors
Chen, Weijing, Allen, Keith Joseph
Primary Examiner(s)
Lai, Andrew
Assistant Examiner(s)
LEE, ANDREW CHUNG CHEUNG

Application Number

US13/951,867
Publication Number

US 20130308643A1
Time in Patent Office

550 Days
Field of Search

370/352, 370/353, 370/354, 370/389, 370/391, 370/392, 370/393, 370/400, 370/401, 370/395.5, 370/395.63
US Class Current

370/392
CPC Class Codes

H04L 12/46   Interconnection of networks

H04L 12/4625   Single bridge functionality...

H04L 12/4633   Interconnection of networks...

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 45/74   Address processing for routing

H04L 49/354   for supporting virtual loca...

H04L 63/0236   Filtering by address, proto...

H04L 63/0272   Virtual private networks

H04L 63/08   for authentication of entit...

H04L 65/611   for multicast or broadcast ...

H04L 69/22   Parsing or analysis of headers

Broadband access for virtual private networks

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Broadband access for virtual private networks

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links