System and method for remote monitoring and control of network devices

US 9,237,063 B2
Filed: 07/29/2013
Issued: 01/12/2016
Est. Priority Date: 03/01/2007
Status: Active Grant

First Claim

Patent Images

1. A method of operating a centralized server coupled over a public communication network to a plurality of network traffic devices in local networks, the method comprising:

providing for remote management of the plurality of network traffic devices over the public communication network from the centralized server, the plurality of network traffic devices include at least one wireless access point and each network traffic device provides an interface to the public communication network for one or more endpoint nodes associated with the each network traffic device in a respective local network;

assigning, by the centralized server, a non-public IP address to each endpoint node for communicating with the centralized server via a tunnel such that each endpoint node has a unique non-public IP address, wherein at least one network traffic device is a network address translation (NAT) device and at least one endpoint node is behind the NAT device;

listening, by the centralized server, for user datagram protocol (UDP) packets corresponding to one or more endpoint nodes over a persistent UDP connection to a well-known IP address and UDP port of the centralized server, one or more UDP packets include non-public IP addresses of one or more endpoint nodes;

mapping, by the centralized server, a public IP address for each network traffic device to a non-public IP address for the network traffic device for communicating with the centralized server via a tunnel in a node mapping table;

mapping, by the centralized server, the non-public IP address for each endpoint node to the public IP address of the network traffic device that provides the interface to the public communication network for the each endpoint node in the node mapping table such that the centralized server does not know if any endpoint node is behind any traffic device;

maintaining, by the centralized server, the node mapping table to reach each of the network traffic devices and each of the endpoint nodes via respective tunnels; and

exchanging, by the centralized server, Internet Protocol (IP) packets with the plurality of network traffic devices and the endpoint nodes using IP over UDP encapsulation according to the node mapping table, including sending network configuration data and receiving operational statistics, wherein the IP over UDP encapsulation provides UDP headers having a source and a destination address that include at least one of the well-known IP address of the centralized server, the non-public IP address for one of the network devices, or the non-public IP addresses for one of the endpoint nodes.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A managed network provides unique network addresses that are assigned to nodes such that no two nodes will have the same address in the managed network and such that each node will always have the same network address regardless of changing its location or changing the network to which it is joined. The nodes, communicating together, comprise a mesh network. Remote management and control of the nodes is possible from the host server, which is located outside of the mesh network, even if a node is located behind a firewall or network address translator (NAT), because server management messages are encapsulated within headers so that a persistent connection between the node and the external host server is maintained once the node sends a message to the host.

93 Citations

13 Claims

1. A method of operating a centralized server coupled over a public communication network to a plurality of network traffic devices in local networks, the method comprising:
- providing for remote management of the plurality of network traffic devices over the public communication network from the centralized server, the plurality of network traffic devices include at least one wireless access point and each network traffic device provides an interface to the public communication network for one or more endpoint nodes associated with the each network traffic device in a respective local network;
  
  assigning, by the centralized server, a non-public IP address to each endpoint node for communicating with the centralized server via a tunnel such that each endpoint node has a unique non-public IP address, wherein at least one network traffic device is a network address translation (NAT) device and at least one endpoint node is behind the NAT device;
  
  listening, by the centralized server, for user datagram protocol (UDP) packets corresponding to one or more endpoint nodes over a persistent UDP connection to a well-known IP address and UDP port of the centralized server, one or more UDP packets include non-public IP addresses of one or more endpoint nodes;
  
  mapping, by the centralized server, a public IP address for each network traffic device to a non-public IP address for the network traffic device for communicating with the centralized server via a tunnel in a node mapping table;
  
  mapping, by the centralized server, the non-public IP address for each endpoint node to the public IP address of the network traffic device that provides the interface to the public communication network for the each endpoint node in the node mapping table such that the centralized server does not know if any endpoint node is behind any traffic device;
  
  maintaining, by the centralized server, the node mapping table to reach each of the network traffic devices and each of the endpoint nodes via respective tunnels; and
  
  exchanging, by the centralized server, Internet Protocol (IP) packets with the plurality of network traffic devices and the endpoint nodes using IP over UDP encapsulation according to the node mapping table, including sending network configuration data and receiving operational statistics, wherein the IP over UDP encapsulation provides UDP headers having a source and a destination address that include at least one of the well-known IP address of the centralized server, the non-public IP address for one of the network devices, or the non-public IP addresses for one of the endpoint nodes.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - establishing, by the centralized server, a tunnel between each endpoint node and the centralized server by initially receiving a UDP message from each of the network traffic devices sent to the well-known IP address of the centralized server.
  - 3. The method of claim 2, wherein each UDP message includes a payload having a node IP address of a sending endpoint node and an authentication secret to authenticate the sending endpoint node.
  - 4. The method of claim 1, wherein exchanging, by the centralized server, IP packets with the plurality of network traffic devices and the endpoint nodes further comprises querying, by the centralized server, the network traffic devices or the endpoint nodes for the operational statistics.
  - 5. The method of claim 1, wherein the endpoint nodes include at least one of a router or a wireless access point.
  - 6. The method of claim 1, wherein one or more of the IP packets exchanged with the centralized server using IP over UDP encapsulation is characterized by appending an mtunnel header and exchanging the one or more of the IP packets as a UDP datagram, the mtunnel header includes an IP address field for the non-public IP address of a corresponding endpoint node and an authentication secret field to authenticate the corresponding endpoint node.
  - 7. The method of claim 1, wherein the non-public IP addresses of each endpoint node is assigned such that each endpoint node will always have the same IP address.
  - 8. The method of claim 7, wherein the non-public IP address of each endpoint node is generated based on a media access control (MAC) address of the respective endpoint node.
  - 9. The method of claim 1, wherein providing for the remote management of the plurality of network traffic devices further comprises:
    - executing, by the centralized server, network management, report generation, and accounting software applications programs; and
      
      providing management tools, by the centralized server over an Internet connection, to assist a network owner, including providing a user interface accessible through a Web browser.

10. A non-transitory computer-readable medium containing machine instructions executable by a centralized server, which is coupled to a plurality of network traffic devices in respective local networks over a public communication network, the instructions, when executed, cause the centralized server to:
- provide for remote management of the plurality of network traffic devices over the public communication network from the centralized server, the plurality of network traffic devices include at least one wireless access point, and each network traffic device provides an interface to the public communication network for one or more endpoint nodes associated with the each network traffic device in a respective local network;
  
  assign a non-public IP address to each endpoint node for communicating with the centralized server via a tunnel such that each endpoint node has a unique non-public IP address, wherein at least one network traffic device is a network address translation (NAT) device and at least one endpoint node is behind the NAT device;
  
  listening, by the centralized server, for user datagram protocol (UDP) packets corresponding to one or more endpoint nodes over a persistent UDP connection to a well-known IP address and UDP port of the centralized server, one or more UDP packets include non-public IP addresses of one or more endpoint nodes;
  
  map a public IP address for each network traffic device to a non-public IP address for the network traffic device for communicating with the centralized server via a tunnel in a node mapping table;
  
  map the non-public IP address for each endpoint node to the public IP address of the network traffic device that provides the interface to the public communication network for the each endpoint node in the node mapping table such that the centralized server does not know if any endpoint node is behind any traffic device;
  
  maintain the node mapping table to reach each of the network traffic devices and each of the endpoint nodes via respective tunnels; and
  
  exchange Internet Protocol (IP) packets with the plurality of network traffic devices and endpoint nodes using IP over UDP encapsulation according to the node mapping table, including sending network configuration data and receiving operational statistics, wherein the IP over UDP encapsulation provides UDP headers having a source and a destination address that include at least one of the well-known IP address of the centralized server, the non-public IP address for one of the network devices, or the non-public IP addresses for one of the endpoint nodes.
- View Dependent Claims (11)
- - 11. The non-transitory computer-readable medium of claim 10, wherein when the centralized server provides for the remote management of the plurality of network traffic devices, the centralized server is further caused to:
    - execute network management, report generation, and accounting software applications programs; and
      
      provide management tools, by the centralized server over an Internet connection, to assist a network owner, including providing a user interface accessible through a Web browser.

12. A system for managing a plurality of network traffic devices in local networks over a public communication network, the system comprising:
- a plurality of network traffic devices associated with a plurality of local networks, the plurality of network traffic devices include at least one wireless access point and each of the network traffic devices provides an interface to the public communication network for one or more endpoint nodes associated with the each network traffic device in a respective local network to; and
  
  a centralized server that provides remote management of the plurality of network traffic devices over the public communication network, the centralized server is operable to;
  
  assign a non-public IP address to each endpoint node for communicating with the centralized server via a tunnel such that each network traffic device has a unique non-public IP address, wherein at least one network traffic device is a network address translation (NAT) device and at least one endpoint node is behind the NAT device;
  
  listen for user datagram protocol (UDP) packets corresponding to one or more endpoint nodes over a persistent UDP connection to a well-known IP address and UDP port of the centralized server, one or more UDP packets include non-public IP addresses of one or more endpoint nodes;
  
  map a public IP address for each network traffic device to a non-public IP address for the network traffic device for communicating with the centralized server via a tunnel in a node mapping table;
  
  map the non-public IP address for each endpoint node to the public IP address of the network traffic device that provides the interface to the public communication network for the each endpoint node in the node mapping table such that the centralized server does not know if any endpoint node is behind any traffic device;
  
  maintain the node mapping table to reach each of the network traffic devices and each of the endpoint nodes via respective tunnels; and
  
  exchange Internet Protocol (IP) packets with the plurality of network traffic devices and endpoint nodes using IP over UDP encapsulation according to the node mapping table, including sending network configuration data and receiving operational statistics, wherein the IP over UDP encapsulation provides UDP headers having a source and a destination address that include at least one of the well-known IP address of the centralized server, the non-public IP address for one of the network devices, or the non-public IP address for one of the endpoint nodes.
- View Dependent Claims (13)
- - 13. The system of claim 12, wherein the centralized server is further operable to:
    - execute network management, report generation, and accounting software applications programs; and
      
      provide management tools over an Internet connection, to assist a network owner, including providing a user interface accessible through a Web browser.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Biswas, Sanjit, Bicket, John
Primary Examiner(s)
Bengzon, Greg C

Application Number

US13/953,564
Publication Number

US 20130318233A1
Time in Patent Office

897 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 2101/622   Layer-2 addresses, e.g. med...

H04L 41/0246   Exchanging or transporting ...

H04L 41/026   using e-messaging for trans...

H04L 41/04   Network management architec...

H04L 41/0803   Configuration setting

H04L 41/22   comprising specially adapte...

H04L 41/34   Signalling channels for net...

H04L 61/5014   using dynamic host configur...

H04L 61/5092   by self-assignment, e.g. pi...

H04W 48/16   Discovering, processing acc...

H04W 8/005   Discovery of network device...

H04W 8/26   Network addressing or numbe...

H04W 84/12   WLAN [Wireless Local Area N...

H04W 88/08   Access point devices

H04W 88/16   Gateway arrangements

System and method for remote monitoring and control of network devices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

93 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for remote monitoring and control of network devices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

93 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links