Intelligent sorting for N-way secure split tunnel

US 9,762,541 B2
Filed: 09/21/2015
Issued: 09/12/2017
Est. Priority Date: 02/13/2009
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

sorting outgoing datagrams into one of at least three categories, wherein the three categories include a first category of datagrams addressed to a central network location, a second category of datagrams addressed to destinations on a white list, and a third category of datagrams addressed to other destinations absent from the white list;

sending datagrams in the first category to the central network location along an N-way split virtual private network tunnel, wherein N is a multiple of three;

sending datagrams in the second category to the destinations on the white list along the N-way split virtual private network tunnel;

sending datagrams in the third category to a scanning service website along the N-way split virtual private network tunnel, the scanning service website configured to provide a first scrubbing service for HTTP datagrams and a second scrubbing service for SMTP, POP, and IMAP datagrams.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of intelligently sorting packets/datagrams for sending through appropriate branches of a N-way split VPN tunnel according to embodiments of the present invention allow for efficient movement of network traffic to and from a remote network location. Intelligent sorting may be based on a wide range of criteria in order to implement different policies. For example, datagrams may be sorted for sending through the branches of a 3-way split tunnel so that all traffic from a remote network location ultimately destined to servers at a central location may be sent via a secure VPN tunnel, all traffic that matches a “white-list” of trusted external sites may be sent directly to and from these sites to the remote network location, and all other traffic may be redirected through a Web service that scrubs and filters the traffic to/from questionable sites. Furthermore, the VPN tunnel may be chosen to minimize latency, to detour around network failures, or to conserve energy by minimizing the number of routers a datagram passes through.

33 Citations

View as Search Results

10 Claims

1. A method comprising:
- sorting outgoing datagrams into one of at least three categories, wherein the three categories include a first category of datagrams addressed to a central network location, a second category of datagrams addressed to destinations on a white list, and a third category of datagrams addressed to other destinations absent from the white list;
  
  sending datagrams in the first category to the central network location along an N-way split virtual private network tunnel, wherein N is a multiple of three;
  
  sending datagrams in the second category to the destinations on the white list along the N-way split virtual private network tunnel;
  
  sending datagrams in the third category to a scanning service website along the N-way split virtual private network tunnel, the scanning service website configured to provide a first scrubbing service for HTTP datagrams and a second scrubbing service for SMTP, POP, and IMAP datagrams.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, comprising:
    - determining corresponding branches of the N-way split virtual private network tunnel to send datagrams in the first category, datagrams in the second category, and datagrams in the third category;
      
      sending the datagrams in the first category, datagrams in the second category, and datagrams in the third category along the corresponding branches.
  - 3. The method of claim 1, comprising:
    - determining corresponding branches of the N-way split virtual private network tunnel to send datagrams in the first category, datagrams in the second category, and datagrams in the third category, wherein the corresponding branches are determined using network latency of splits of the N-way split virtual private network tunnel.
  - 4. The method of claim 1, comprising:
    - determining corresponding branches of the N-way split virtual private network tunnel to send datagrams in the first category, datagrams in the second category, and datagrams in the third category, wherein the corresponding branches are determined using an end-user.
  - 5. The method of claim 1, comprising determining corresponding branches of the N-way split virtual private network tunnel to send datagrams in the first category, datagrams in the second category, and datagrams in the third category, wherein the end-user is identified using an authentication datagram transmitted from an end-user device of the end-user.
  - 6. The method of claim 1, comprising determining corresponding branches of the N-way split virtual private network tunnel to send datagrams in the first category, datagrams in the second category, and datagrams in the third category, wherein the corresponding branches are determined using hop count.
  - 7. The method of claim 1, comprising determining corresponding branches of the N-way split virtual private network tunnel to send datagrams in the first category, datagrams in the second category, and datagrams in the third category, wherein the corresponding branches are determined using a device type of an end-user device.
  - 8. The method of claim 1, wherein the white list includes fully-qualified domain names of the destinations on the white list.
  - 9. The method of claim 1, wherein the white list includes IP addresses mapped to fully-qualified domain names of the destinations on the white list.
  - 10. The method of claim 1, further comprising sending credentials identifying an end user'"'"'s username and a MAC address of an end-user device along with datagrams in the third category to the scanning service website.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Extreme Networks, Inc.
Original Assignee
Aerohive Networks Incorporated (Extreme Networks, Inc.)
Inventors
Mower, Carl Steven, Palmer, Matthew Alan
Primary Examiner(s)
Hussain, Imad

Application Number

US14/860,651
Publication Number

US 20160014083A1
Time in Patent Office

722 Days
Field of Search

709223, 709238, 726 13
US Class Current
CPC Class Codes

H04L 12/6418   Hybrid transport

H04L 45/44   Distributed routing

H04L 49/70   Virtual switches

H04L 63/0227   Filtering policies mail mes...

H04L 63/0236   Filtering by address, proto...

H04L 63/0272   Virtual private networks

H04L 63/029   Firewall traversal, e.g. tu...

Intelligent sorting for N-way secure split tunnel

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

33 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Intelligent sorting for N-way secure split tunnel

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links