VPN usage to create wide area network backbone over the internet
DC CAFCFirst Claim
1. A method of routing packets at a machine associated with a first network, the method comprising:
- receiving packets from one or more third party sources;
identifying the received packets as either associated with a virtual private network or not associated with the virtual private network;
encapsulating packets identified as associated with the virtual private network and routing the encapsulated packets via a dedicated connection to a specific destination associated with the first network; and
routing the packets received from the one or more third party sources which are not associated with the virtual private network exclusively over at least one second connection, different than the dedicated connection;
wherein the method further comprises storing a first routing table and at least one second routing table, wherein one or more routes identified by the first routing table are mutually-exclusive to one or more routes identified by the at least one second routing table, wherein routing the encapsulated packets includes using only one or more routes of the first routing table to route the encapsulated packets, and wherein routing the packets which are not associated with the virtual private network includes using only one or more routes of the at least one second routing table.
4 Assignments
Litigations
1 Petition
Accused Products
Abstract
A wide area network using the internet as a backbone utilizing specially selected ISX/ISP providers whose routers route packets of said wide area network along private tunnels through the internet comprised of high bandwidth, low hop-count data paths. Firewalls are provided at each end of each private tunnel which recognize IP packets addressed to devices at the other end of the tunnel and encapsulate these packets in other IP packets which have a header which includes as the destination address, the IP address of the untrusted side of the firewall at the other end of the tunnel. The payload sections of these packets are the original IP packets and are encrypted and decrypted at both ends of the private tunnel using the same encryption algorithm using the same key or keys.
-
Citations
23 Claims
-
1. A method of routing packets at a machine associated with a first network, the method comprising:
-
receiving packets from one or more third party sources; identifying the received packets as either associated with a virtual private network or not associated with the virtual private network; encapsulating packets identified as associated with the virtual private network and routing the encapsulated packets via a dedicated connection to a specific destination associated with the first network; and routing the packets received from the one or more third party sources which are not associated with the virtual private network exclusively over at least one second connection, different than the dedicated connection; wherein the method further comprises storing a first routing table and at least one second routing table, wherein one or more routes identified by the first routing table are mutually-exclusive to one or more routes identified by the at least one second routing table, wherein routing the encapsulated packets includes using only one or more routes of the first routing table to route the encapsulated packets, and wherein routing the packets which are not associated with the virtual private network includes using only one or more routes of the at least one second routing table. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus adapted for use in a first network, comprising:
-
means for receiving packets from one or more third party sources; means for identifying the received packets as either associated with a virtual private network or not associated with the virtual private network; means for encapsulating packets identified as associated with the virtual private network and for routing the encapsulated packets via a dedicated connection to a specific destination also associated with the first network; and means for routing the packets received from the one or more third party sources which are not associated with the virtual private network exclusively over at least one second connection, different than the dedicated connection; wherein said apparatus is further to store a first routing table and at least one second routing table, wherein one or more routes identified by the first routing table are mutually-exclusive to one or more routes identified by the at least one second routing table, wherein means for encapsulating packets and routing the encapsulated packets is to use only one or more routes of the first routing table to route the encapsulated packets, and wherein the means for routing is to use only one or more routes of the at least one second routing table to route the packets which are not associated with the virtual private network.
-
-
10. An apparatus comprising instructions stored on non-transitory machine-readable media, the instructions when executed to cause at least one processor in a machine associated with a first network to:
-
receive packets from one or more third party sources; identify the received packets as either associated with a virtual private network or not associated with the virtual private network; encapsulate packets identified as associated with the virtual private network and route the encapsulated packets via a dedicated connection to a specific destination associated with the first network; and route the packets received from the one or more third party sources which are not associated with the virtual private network exclusively over at least one second connection, different than the dedicated connection; wherein the instructions when executed are further to cause the at least one processor to store a first routing table and at least one second routing table, one or more routes identified by the first routing table being mutually-exclusive to one or more routes identified by the at least one second routing table, route the encapsulated packets using one or more routes of the first routing table, to the exclusion of each route of the second routing table, and route the packets not associated with the virtual private network includes using only one or more routes of the at least one second routing table, to the exclusion of each route of the first routing table. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. An apparatus, comprising:
-
at least one interface to receive first packets and second packets from a client network, the first packets to be routed via a virtual private network connection, the second packets to not be routed via the virtual private network connection; circuitry to encapsulate the first packets and to address the first packets to a virtual private network destination using a route from a first set of one or more routes; and circuitry to transmit the second packets without encapsulation added by said apparatus to a destination using a route of a second set of one or more routes, the routes in the first set being mutually-exclusive to the routes in the second set; wherein said apparatus is further to store a first routing table and at least one second routing table, one or more routes identified by the first routing table being mutually-exclusive to one or more routes identified by the at least one second routing table, the circuitry to encapsulate and address is to route the encapsulated packets using one or more routes of the first routing table, to the exclusion of each route of the second routing table, and the circuitry to transmit is to route the packets not associated with the virtual private network includes using only one or more routes of the at least one second routing table, to the exclusion of each route of the first routing table. - View Dependent Claims (19, 20, 21)
-
-
22. An apparatus adapted for use in a first network, comprising:
-
circuitry to receive packets from one or more third party sources; circuitry to identify the received packets as either associated with a virtual private network or not associated with the virtual private network; circuitry to encapsulate packets identified as associated with the virtual private network; circuitry to route the encapsulated packets via a dedicated connection to a specific destination associated with the first network; and circuitry to route the packets received from the one or more third party sources which are not associated with the virtual private network exclusively over at least one second connection, different than the dedicated connection; wherein said apparatus is further to store a first routing table and at least one second routing table, one or more routes identified by the first routing table being mutually-exclusive to one or more routes identified by the at least one second routing table, the circuitry to route the encapsulated packets is to route the encapsulated packets using one or more routes of the first routing table to the exclusion of each route of the second routing table, and the circuitry to route the packets which are not associated with the virtual private network is to route the packets not associated with the virtual private network includes using only one or more routes of the at least one second routing table, to the exclusion of each route of the first routing table. - View Dependent Claims (23)
-
Specification