Performing logical segmentation based on remote device attributes
First Claim
Patent Images
1. A non-transitory machine readable medium storing a program for processing mobile-device data messages entering a network, the program comprising sets of instructions for:
- receiving a first data message sent by a first remote device through a first tunnel that connects the mobile-device to the network;
identifying a first set of remote device management (RDM) attributes associated with the first data message, wherein the mobile-device supplies at least a subset of the first remote device management (RDM) attribute set in a header of the first tunnel;
based on the first RDM attribute set, associating the first data message with a first logical network; and
forwarding the first data message to a destination within the network along a second tunnel, and inserting a first logical network identifier (LNI) for the first logical network in a header of the second tunnel.
1 Assignment
0 Petitions
Accused Products
Abstract
Some embodiments provide novel methods for processing remote-device data messages in a network based on data-message attributes from a remote device management (RDM) system. For instance, the method of some embodiments identifies a set of RDM attributes associated with a data message, and then performs one or more service operations based on identified RDM attribute set.
68 Citations
21 Claims
-
1. A non-transitory machine readable medium storing a program for processing mobile-device data messages entering a network, the program comprising sets of instructions for:
-
receiving a first data message sent by a first remote device through a first tunnel that connects the mobile-device to the network; identifying a first set of remote device management (RDM) attributes associated with the first data message, wherein the mobile-device supplies at least a subset of the first remote device management (RDM) attribute set in a header of the first tunnel; based on the first RDM attribute set, associating the first data message with a first logical network; and forwarding the first data message to a destination within the network along a second tunnel, and inserting a first logical network identifier (LNI) for the first logical network in a header of the second tunnel. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A non-transitory machine readable medium storing a program for processing mobile-device data messages entering a network, the program comprising sets of instructions for:
-
receiving a first data message sent by a first remote device through a first tunnel that connects the mobile-device to the network; identifying a first set of remote device management (RDM) attributes associated with the first data message, said identifying comprising receiving at least a subset of the first RDM attribute set from an RDM server that is used to authenticate a request from the remote device to establish a VPN session through the first tunnel; based on the first RDM attribute set, associating the first data message with a first logical network; and forwarding the first data message to a destination within the network along a second tunnel, and inserting a first logical network identifier (LNI) for the first logical network in a header of the ssecond tunnel. - View Dependent Claims (7, 8, 9)
-
-
10. A non-transitory machine readable medium storing a program for processing mobile-device data messages entering a network, the program comprising sets of instructions for:
-
receiving a first data message sent by a first remote device; identifying a first set of remote device management (RDM) attributes associated with the first data message; based on the first RDM attribute set, associating the first data message with a first logical network, said associating comprising using the identified first RDM attribute set to identify a first logical segmentation (LS) rule that identifies a first logical network identifier (LNI) for data messages associated with the identified first RDM set, the first LS rule stored in a rule storage that stores a plurality of logical segmentation rules, and at least two logical segmentation rules specifying two different LNIs for two different RDM attribute sets; and forwarding the first data message to a destination within the network along a first tunnel, and inserting a second logical network identifier (LNI) for the first logical network in a header of the first tunnel. - View Dependent Claims (11)
-
-
12. A non-transitory machine readable medium storing a program for processing mobile-device data messages entering a network within a multi-tenant datacenter, the program comprising sets of instructions for:
-
receiving a first data message sent by a first remote device that is associated with a first tenant; receiving a second data message sent by a second remote device that is associated with the first tenant; identifying a first RDM (remote device management) attribute set and a second RDM attribute set associated with the received first and second data messages, respectively; based on the first RDM attribute set, associating the first data message with a first logical network of the first tenant, and based on the second RDM attribute set, associating the second data message with a second logical network of the first tenant; and forwarding (i) the first data message to a destination within the network along a first tunnel and inserting a first logical network identifier (LNI) for the first logical network in a header of the first tunnel and (ii) the second data message to a destination within the network along a second tunnel; and
inserting a second LNI for the second logical network in a header of the second tunnel. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A non-transitory machine readable medium storing a program for processing mobile-device data messages entering a network within a multi-tenant datacenter, the program comprising sets of instructions for:
-
receiving a first data message sent by a first remote device that is associated with a first tenant; receiving a second data message sent by a second remote device that is associated with a second tenant; identifying a first RDM attribute set and a second RDM attribute set associated with the received first and second data messages, respectively; based on the first RDM attribute set, associating the first data message with a first logical network associated with the first tenant, and based on the second RDM attribute set, associating the second data message with a second logical network associated with the second tenant; and forwarding (i) the first data message to a destination within the network along a first tunnel and inserting a first logical network identifier (LNI) for the first logical network in a header of the first tunnel and (ii) the second data message to a destination within the network along a second tunnel and inserting a second LNI for the second logical network in a header of the second tunnel. - View Dependent Claims (19, 20, 21)
-
Specification