Tunnel interface for securing traffic over a network
First Claim
1. A method comprising:
- providing, within each of a plurality of service processing switches of a service provider, a plurality of virtual routers (VRs), wherein each VR of the plurality of VRs is supported by an object group and each object of the object group supports a network service;
assigning one or more VRs of the plurality of VRs to a subscriber of a plurality of subscribers of the service provider;
providing customized network services to the subscriber by the one or more VRs assigned to the subscriber;
receiving, by a service management system (SMS) of the service provider, a request to establish an Internet Protocol (IP) connection between a first location of the subscriber and a second location of the subscriber; and
establishing a tunnel between a first service processing switch of the plurality of service processing switches and a second service processing switch of the plurality of service processing switches coupled in communication with the first service processing switch through a public network, including;
binding an encryption configuration decision associated with the request with a routing configuration of a first packet routing node of the first service processing switch, by, when the request is to establish a secure IP connection, configuring, the first packet routing node (i) to cause all packets transmitted from the first location to the second location to be encrypted prior to transmission through the public network and (ii) to cause all packets received from the second location to be decrypted after transmission through the public network; and
binding the encryption configuration decision with a routing configuration of a second packet routing node of the second service processing switch, by, when the request is to establish a secure IP connection, configuring, the second packet routing node (i) to cause all packets transmitted from the second location to the first location to be encrypted prior to transmission through the public network and (ii) to cause all packets received from the first location to be decrypted after transmission through the public network.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for a flexible, scalable hardware and software platform that allows a managed security service provider to easily provide security services to multiple customers are provided. According to one embodiment, a method is provided for delivering customized network services to subscribers of a service provider. Multiple virtual routers (VRs) are provided within each of multiple service processing switches of a service provider. Each VR is supported by an object group and each object of the object group supports a network service. One or more VRs are assigned to a subscriber of multiple subscribers of the service provider. Customized network services are provided to the subscriber by the one or more VRs assigned to the subscriber.
-
Citations
14 Claims
-
1. A method comprising:
-
providing, within each of a plurality of service processing switches of a service provider, a plurality of virtual routers (VRs), wherein each VR of the plurality of VRs is supported by an object group and each object of the object group supports a network service; assigning one or more VRs of the plurality of VRs to a subscriber of a plurality of subscribers of the service provider; providing customized network services to the subscriber by the one or more VRs assigned to the subscriber; receiving, by a service management system (SMS) of the service provider, a request to establish an Internet Protocol (IP) connection between a first location of the subscriber and a second location of the subscriber; and establishing a tunnel between a first service processing switch of the plurality of service processing switches and a second service processing switch of the plurality of service processing switches coupled in communication with the first service processing switch through a public network, including; binding an encryption configuration decision associated with the request with a routing configuration of a first packet routing node of the first service processing switch, by, when the request is to establish a secure IP connection, configuring, the first packet routing node (i) to cause all packets transmitted from the first location to the second location to be encrypted prior to transmission through the public network and (ii) to cause all packets received from the second location to be decrypted after transmission through the public network; and binding the encryption configuration decision with a routing configuration of a second packet routing node of the second service processing switch, by, when the request is to establish a secure IP connection, configuring, the second packet routing node (i) to cause all packets transmitted from the second location to the first location to be encrypted prior to transmission through the public network and (ii) to cause all packets received from the first location to be decrypted after transmission through the public network. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system operable by a service provider, the system comprising:
-
a service management system (SMS) configured to operate within a service provider network; a plurality of virtual routers (VRs) configured to operate within a plurality of service processing switches within the service provider network, wherein each VR of the plurality of VRs is supported by an object group and each object of the object group supports a network service; wherein the SMS is further configured to; provide customized network services to a subscriber of the service provider network by assigning one or more of the plurality of VRs to the subscriber; receive a request to establish an Internet Protocol (IP) connection between a first location of the subscriber and a second location of the subscriber; establish a tunnel between a first service processing switch of the plurality of service processing switches and a second service processing switch of the plurality of service processing switches coupled in communication with the first service processing switch through a public network; bind an encryption configuration decision associated with the request with a routing configuration of a first packet routing node of the first service processing switch, by, when the request is to establish a secure IP connection, configuring, the first packet routing node (i) to cause all packets transmitted from the first location to the second location to be encrypted prior to transmission through the public network and (ii) to cause all packets received from the second location to be decrypted after transmission through the public network; and bind the encryption configuration decision with a routing configuration of a second packet routing node of the second service processing switch, by, when the request is to establish a secure IP connection, configuring, the second packet routing node (i) to cause all packets transmitted from the second location to the first location to be encrypted prior to transmission through the public network and (ii) to cause all packets received from the first location to be decrypted after transmission through the public network. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification