Broadband access for virtual private networks
First Claim
Patent Images
1. A method performed by an ingress interface device, the method comprising:
- receiving data from a source device;
encapsulating the received data into an upper layer packet;
adding a virtual private network (VPN) identification, a destination address, and a destination option type to the upper layer packet, wherein the VPN identification is a unique identification number assigned to the source device for marking the upper layer packet as belonging to a VPN to which the source device and a destination device belong, wherein the destination option type includes a value indicating to discard the upper layer packet on a condition that an egress interface device does not recognize the destination option type; and
forwarding the upper layer packet to at least one egress interface device.
1 Assignment
0 Petitions
Accused Products
Abstract
Communications between a source and a destination include receiving, at an egress edge device from an ingress edge device, an upper layer packet including a virtual private network identification identifying a destination. The upper layer packet is authenticated at the egress edge device using the virtual private network identification by comparing the virtual private network identification against an expectation for the upper layer packet. Upon authentication, the upper layer packet is decapsulated into a lower layer packet for the destination.
152 Citations
19 Claims
-
1. A method performed by an ingress interface device, the method comprising:
-
receiving data from a source device; encapsulating the received data into an upper layer packet; adding a virtual private network (VPN) identification, a destination address, and a destination option type to the upper layer packet, wherein the VPN identification is a unique identification number assigned to the source device for marking the upper layer packet as belonging to a VPN to which the source device and a destination device belong, wherein the destination option type includes a value indicating to discard the upper layer packet on a condition that an egress interface device does not recognize the destination option type; and forwarding the upper layer packet to at least one egress interface device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An ingress interface device comprising:
-
a receiver configured to receive data from a source device; at least one processor configured to encapsulate the received data into an upper layer packet; the at least one processor configured to add a virtual private network (VPN) identification, a destination address, and a destination option type to the upper layer packet, wherein the VPN identification is a unique identification number assigned to the source device for marking the upper layer packet as belonging to a VPN to which the source device and a destination device belong, wherein the destination option type includes a value indicating to discard the upper layer packet on a condition that an egress interface device does not recognize the destination option type; and a transmitter configured to forward the upper layer packet to at least one egress interface device. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A non-transitory computer-readable storage medium with stored instructions, wherein the stored instructions are executable by a processor of a computer, to perform method steps of:
-
receiving data from a source device; encapsulating the received data into an upper layer packet; adding a virtual private network (VPN) identification, a destination address, and a destination option type to the upper layer packet, wherein the VPN identification is a unique identification number assigned to the source device for marking the upper layer packet as belonging to a VPN to which the source device and a destination device belong, wherein the destination option type includes a value indicating to discard the upper layer packet on a condition that an egress interface device does not recognize the destination option type; and forwarding the upper layer packet to at least one egress interface device.
-
Specification