Domain isolation through virtual network machines
First Claim
1. A method performed by a server end station communicatively coupled with a single network device that is communicatively coupled with one or more end stations, wherein the server end station stores a plurality of user records, the method comprising:
- authenticating, using an authentication, authorization and accounting (AAA) protocol, a user based upon identifying one of the plurality of user records that identifies the user, wherein the user utilizes an end station of the one or more end stations, wherein each of the plurality of user records comprises information indicating which of a plurality of virtual routers the end station of the user is to be currently coupled to, wherein the single network device comprises the plurality of virtual routers that share a set of physical resources of the single network device, and wherein each of the plurality of virtual routers provides access to a different one of a plurality of virtual private networks; and
causing the single network device to communicatively couple the end station of the user with one of the plurality of virtual routers selected based on the information from the user record identified during said authenticating.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and device for communicating information resources between subscriber end stations and nodes belonging to different network domains is described. The device instantiates different virtual network machines for different network domains using separate independently administrable network databases. Each of the administrable chores of the separate independently administrable network databases includes the assignment of access control and the configuration of the policies for those network databases. The policies include traffic filtering policies to indicate what kind of information payloads can be carried, traffic and route filtering policies to indicate what paths through the network will be used for each payload carried. Each of the network domains includes one of the different virtual network machines and each of the different network domains is virtually isolated from other network domains.
-
Citations
21 Claims
-
1. A method performed by a server end station communicatively coupled with a single network device that is communicatively coupled with one or more end stations, wherein the server end station stores a plurality of user records, the method comprising:
-
authenticating, using an authentication, authorization and accounting (AAA) protocol, a user based upon identifying one of the plurality of user records that identifies the user, wherein the user utilizes an end station of the one or more end stations, wherein each of the plurality of user records comprises information indicating which of a plurality of virtual routers the end station of the user is to be currently coupled to, wherein the single network device comprises the plurality of virtual routers that share a set of physical resources of the single network device, and wherein each of the plurality of virtual routers provides access to a different one of a plurality of virtual private networks; and causing the single network device to communicatively couple the end station of the user with one of the plurality of virtual routers selected based on the information from the user record identified during said authenticating. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A server end station to be communicatively coupled with a single network device that is to be communicatively coupled with one or more end stations of one or more users, the server end station comprising:
-
a set of one or more processors; communications hardware to transmit and receive packets; and a non-transitory computer-readable medium having stored therein a set of instructions that, when executed by the set of processors, cause the server end station to; authenticate, using an authentication, authorization and accounting (AAA) protocol, a user of the one or more users based upon identifying one of a plurality of user records stored by the server end station that identifies the user, wherein the plurality of user records comprise information indicating which of a plurality of virtual routers the one or more end stations of the one or more users are to be communicatively coupled to, wherein the single network device comprises the plurality of virtual routers that share a set of physical resources of the single network device, and wherein each of the plurality of virtual routers provides access to a different one of a plurality of virtual private networks, and cause the single network device to communicatively couple an end station of the user with one of the plurality of virtual routers selected based on the information from the user record identified during said authentication. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable storage medium that stores instructions which, when executed by a set of one or more processors of a server end station, cause the server end station to perform operations comprising:
-
authenticating, using an authentication, authorization and accounting (AAA) protocol, a user based upon identifying one of a plurality of user records that identifies the user, wherein the user utilizes an end station of one or more end stations that are communicatively coupled with a single network device, wherein each of the plurality of user records comprises information indicating which of a plurality of virtual routers the end station of the user is to be coupled to, wherein the single network device comprises the plurality of virtual routers that share a set of physical resources of the single network device, and wherein each of the plurality of virtual routers provides access to a different one of a plurality of virtual private networks; and causing the single network device to communicatively couple the end station of the user with one of the plurality of virtual routers selected based on the information from the user record identified during said authenticating. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification