Broadband access for virtual private networks
First Claim
Patent Images
1. A method for communicating between a source and a destination, comprising:
- receiving, at an egress edge device from an ingress edge device, an upper layer packet including a virtual private network identification identifying a destination, the virtual private network identification having been added to a header of the upper layer packet by the ingress edge device;
authenticating the upper layer packet at the egress edge device using the virtual private network identification by comparing the virtual private network identification against an expectation for the upper layer packet; and
upon authentication, decapsulating the upper layer packet into a lower layer packet for the destination,wherein the virtual private network identification is a unique identification number assigned to the source for marking the upper layer packet as belonging to a virtual private network to which the source and the destination belong, the virtual private network identification comprising at least four bytes.
4 Assignments
0 Petitions
Accused Products
Abstract
Communications between a source and a destination include receiving, at an egress edge device from an ingress edge device, an upper layer packet including a virtual private network identification identifying a destination. The upper layer packet is authenticated at the egress edge device using the virtual private network identification by comparing the virtual private network identification against an expectation for the upper layer packet. Upon authentication, the upper layer packet is decapsulated into a lower layer packet for the destination.
-
Citations
19 Claims
-
1. A method for communicating between a source and a destination, comprising:
-
receiving, at an egress edge device from an ingress edge device, an upper layer packet including a virtual private network identification identifying a destination, the virtual private network identification having been added to a header of the upper layer packet by the ingress edge device; authenticating the upper layer packet at the egress edge device using the virtual private network identification by comparing the virtual private network identification against an expectation for the upper layer packet; and upon authentication, decapsulating the upper layer packet into a lower layer packet for the destination, wherein the virtual private network identification is a unique identification number assigned to the source for marking the upper layer packet as belonging to a virtual private network to which the source and the destination belong, the virtual private network identification comprising at least four bytes. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A system for communicating between a source and a destination, comprises:
-
a receiver at an egress edge device that receives from an ingress edge device, an upper layer packet including a virtual private network identification identifying a destination, the virtual private network identification having been added to a header of the upper layer packet by the ingress edge device; and a decapsulator at the egress edge device that authenticates the upper layer packet using the virtual private network identification by comparing the virtual private network identification against an expectation for the upper layer packet and, upon authentication, decapsulates the upper layer packet into a lower layer packet for the destination, wherein the virtual private network identification is a unique identification number assigned to the source for marking the upper layer packet as belonging to a virtual private network to which the source and the destination belong, the virtual private network identification comprising at least four bytes.
-
-
19. A non-transitory computer readable medium comprising a set of instructions for communicating between a source and a destination, the set of instructions, when executed by a processor of an egress edge device, causing the egress edge device to perform acts of:
-
receiving an upper layer packet including a virtual private network identification identifying a destination, the virtual private network identification having been added to a header of the upper layer packet by an ingress edge device; authenticating the upper layer packet using the virtual private network identification by comparing the virtual private network identification against an expectation for the upper layer packet; and upon authentication, decapsulating the upper layer packet into a lower layer packet for the destination, wherein the virtual private network identification is a unique identification number assigned to the source for marking the upper layer packet as belonging to a virtual private network to which the source and the destination belong, the virtual private network identification comprising at least four bytes.
-
Specification