Distributing remote device management attributes to service nodes for service rule processing
First Claim
Patent Images
1. A non-transitory machine readable medium storing a program for processing remote-device data messages entering a network, the program comprising sets of instructions for:
- receiving, at a virtual private network (VPN) gateway, a data message sent by the remote device through a first tunnel that connects the remote device to the network;
identifying a set of remote device management (RDM) attributes associated with the received data message; and
based on the RDM attribute set, forwarding the data message to a particular network element within the network via a second tunnel and inserting the identified RDM attribute set in a header of the second tunnel;
said inserted RDM attribute set in the second tunnel header for identifying a service operation to perform on the data message;
wherein the particular network element and the VPN gateway operate on two different physical devices.
1 Assignment
0 Petitions
Accused Products
Abstract
Some embodiments provide novel methods for processing remote-device data messages in a network based on data-message attributes from a remote device management (RDM) system. For instance, the method of some embodiments identifies a set of RDM attributes associated with a data message, and then performs one or more service operations based on identified RDM attribute set.
75 Citations
16 Claims
-
1. A non-transitory machine readable medium storing a program for processing remote-device data messages entering a network, the program comprising sets of instructions for:
-
receiving, at a virtual private network (VPN) gateway, a data message sent by the remote device through a first tunnel that connects the remote device to the network; identifying a set of remote device management (RDM) attributes associated with the received data message; and based on the RDM attribute set, forwarding the data message to a particular network element within the network via a second tunnel and inserting the identified RDM attribute set in a header of the second tunnel; said inserted RDM attribute set in the second tunnel header for identifying a service operation to perform on the data message; wherein the particular network element and the VPN gateway operate on two different physical devices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A non-transitory machine readable medium storing a program for processing remote-device data messages entering a network, the program comprising sets of instructions for:
-
receiving a data message sent by the remote device; identifying a set of remote device management (RDM) attributes associated with the received data message; and based on the RDM attribute set, forwarding the data message to a particular network element within the network via a tunnel and inserting the identified RDM attribute set in a header of the tunnel, wherein the particular network element executes a middlebox service node that performs a middlebox service operation on the forwarded data message based on the identified RDM attribute set; wherein the service node performs the middlebox service operation by using the inserted RDM attribute set to identify a service rule with an RDM attribute set that matches the inserted RDM attribute set, said identified service rule specifying the service operation to perform on the forwarded data message.
-
-
12. A non-transitory machine readable medium storing a program for processing remote-device data messages entering a network, the program comprising sets of instructions for:
-
receiving, at a virtual private network (VPN) gateway, a data message sent by the remote device through a first tunnel that connects the remote device to the network; performing, at the VPN gateway, a load balancing operation to select a particular network service element from a plurality of network service elements that perform the service operation, and identifying a set of remote device management (RDM) attributes associated with the received data message; and based on the RDM attribute set, forwarding the data message to a particular network element within the network via a second tunnel and inserting the identified RDM attribute set in a header of the second tunnel, said inserted RDM attribute set in the second tunnel header for identifying a service operation to perform on the data message; the VPN gateway forwarding data messages to at least two different service network elements along at least two different tunnels.
-
-
13. A method of processing remote-device data messages entering a network comprising a plurality of network elements, the method comprising:
-
through a first tunnel that connects the remote device to the network, receiving a data message sent by the remote device; identifying a set of remote device management (RDM) attributes associated with the received data message, said identifying comprising receiving at least a subset of the RDM attribute set in a header of the first tunnel; and based on the RDM attribute set, forwarding the data message to a particular network element within the network via a second tunnel and inserting the identified RDM attribute set in a header of the second tunnel; said inserted RDM attribute set in the second tunnel header for identifying a service operation to perform on the data message. - View Dependent Claims (14)
-
-
15. A method of processing remote-device data messages entering a network comprising a plurality of network elements, the method comprising:
-
through a first tunnel that connects the remote device to the network, receiving a data message sent by the remote device; identifying a set of remote device management (RDM) attributes associated with the received data message; and based on the RDM attribute set, forwarding the data message to a particular network element within the network via a second tunnel and inserting the identified RDM attribute set in a header of the second tunnel, said inserted RDM attribute set in the second tunnel header for identifying a service operation to perform on the data message, said forwarding comprising; removing a tunnel header for the first tunnel from the data message; encapsulating the data message with a tunnel header for the second tunnel to forward the data message along the second tunnel to the particular node. - View Dependent Claims (16)
-
Specification