Tunnel interface for securing traffic over a network
First Claim
1. A method comprising:
- receiving, at a service management system (SMS) of a managed security service provider, a request to establish an Internet Protocol (IP) connection between a first location of a first subscriber of a plurality of subscribers of the managed security service provider and a second location of the first subscriber;
responsive to the request, the SMS causing a tunnel to be established between a first virtual router (VR) of a first service processing switch of the managed service provider that is associated with the first location and a second VR of a second service processing switch of the managed service provider that is associated with the second location, wherein the first service processing switch and the second service processing switch are coupled in communication via a public network, wherein said causing a tunnel to be established comprises;
binding an encryption configuration decision associated with the request with a routing configuration of the first VR, by, when the request is to establish a secure IP connection, configuring, the first VR (i) to cause all packets transmitted from the first location to the second location to be encrypted prior to transmission through the public network and (ii) to cause all packets received from the second location to be decrypted after transmission through the public network; and
binding the encryption configuration decision with a routing configuration of the second VR, by, when the request is to establish a secure IP connection, configuring, the second VR (i) to cause all packets transmitted from the second location to the first location to be encrypted prior to transmission through the public network and (ii) to cause all packets received from the first location to be decrypted after transmission through the public network.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for a flexible, scalable hardware and software platform that allows a managed security service provider to easily provide security services to multiple customers are provided. According to one embodiment, a method is provided for delivering customized network services to subscribers of the service provider. A request is received, at a service management system (SMS) of the service provider, to establish an Internet Protocol (IP) connection between a first and second location of a first subscriber of the managed security service provider. Responsive to the request, the SMS causes a tunnel to be established between a first virtual router (VR) and a second VR running on a first and second service processing switch, respectively, of the service provider which are coupled in communication via a public network and associated with the first location and the second location, respectively.
275 Citations
16 Claims
-
1. A method comprising:
-
receiving, at a service management system (SMS) of a managed security service provider, a request to establish an Internet Protocol (IP) connection between a first location of a first subscriber of a plurality of subscribers of the managed security service provider and a second location of the first subscriber; responsive to the request, the SMS causing a tunnel to be established between a first virtual router (VR) of a first service processing switch of the managed service provider that is associated with the first location and a second VR of a second service processing switch of the managed service provider that is associated with the second location, wherein the first service processing switch and the second service processing switch are coupled in communication via a public network, wherein said causing a tunnel to be established comprises; binding an encryption configuration decision associated with the request with a routing configuration of the first VR, by, when the request is to establish a secure IP connection, configuring, the first VR (i) to cause all packets transmitted from the first location to the second location to be encrypted prior to transmission through the public network and (ii) to cause all packets received from the second location to be decrypted after transmission through the public network; and binding the encryption configuration decision with a routing configuration of the second VR, by, when the request is to establish a secure IP connection, configuring, the second VR (i) to cause all packets transmitted from the second location to the first location to be encrypted prior to transmission through the public network and (ii) to cause all packets received from the first location to be decrypted after transmission through the public network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system comprising:
-
a service management system (SMS) residing within a network of a managed security service provider; a plurality of service processing switches within the network, each executing a plurality of virtual routers (VRs); wherein, responsive to receipt of a request, by the SMS, to establish an Internet Protocol (IP) connection between a first location of a first subscriber of a plurality of subscribers of the managed security service provider and a second location of the first subscriber, the SMS causes a tunnel to be established between a first VR, associated with the first location, of a first service processing switch of the plurality of service processing switches and a second VR, associated with the second location, of a second service processing switch of the plurality of service processing switches; wherein the first service processing switch and the second service processing switch are coupled in communication via a public network; and wherein the tunnel is established between the first VR and the second VR by; binding an encryption configuration decision associated with the request with a routing configuration of the first VR, by, when the request is to establish a secure IP connection, configuring, the first VR (i) to cause all packets transmitted from the first location to the second location to be encrypted prior to transmission through the public network and (ii) to cause all packets received from the second location to be decrypted after transmission through the public network; and binding the encryption configuration decision with a routing configuration of the second VR, by, when the request is to establish a secure IP connection, configuring, the second VR (i) to cause all packets transmitted from the second location to the first location to be encrypted prior to transmission through the public network and (ii) to cause all packets received from the first location to be decrypted after transmission through the public network. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
Specification