VPN usage to create wide area network backbone over the internet
First Claim
1. A method of routing packets at a first machine associated with a first network, the packets originating from one or more third party sources and destined for one or more third party destinations, each of the sources and destinations not being a part of the first network, the method comprising:
- receiving the packets;
filtering the received packets to distinguish first packets which are to be associated with a virtual private network from second packets which are not to be associated with the virtual private network;
encapsulating the first packets;
routing the encapsulated first packets via a dedicated line connection to a second machine associated with the first network, for forwarding of the first packets to the one or more third party destinations; and
routing the second packets exclusively over at least one second connection, different than the dedicated connection, for forwarding to the one or more third party destinations;
wherein the method further comprises storing a first routing table and at least one second routing table, wherein one or more routes identified by the first routing table are mutually-exclusive to one or more routes identified by the at least one second routing table, wherein routing the encapsulated, first packets includes using only one or more routes of the first routing table to route the encapsulated, first packets, and wherein routing the second packets includes using only one or more routes of the at least one second routing table.
4 Assignments
0 Petitions
Accused Products
Abstract
A wide area network using the internet as a backbone utilizing specially selected ISX/ISP providers whose routers route packets of said wide area network along private tunnels through the internet comprised of high bandwidth, low hop-count data paths. Firewalls are provided at each end of each private tunnel which recognize IP packets addressed to devices at the other end of the tunnel and encapsulate these packets in other IP packets which have a header which includes as the destination address, the IP address of the untrusted side of the firewall at the other end of the tunnel. The payload sections of these packets are the original IP packets and are encrypted and decrypted at both ends of the private tunnel using the same encryption algorithm using the same key or keys.
-
Citations
25 Claims
-
1. A method of routing packets at a first machine associated with a first network, the packets originating from one or more third party sources and destined for one or more third party destinations, each of the sources and destinations not being a part of the first network, the method comprising:
-
receiving the packets; filtering the received packets to distinguish first packets which are to be associated with a virtual private network from second packets which are not to be associated with the virtual private network; encapsulating the first packets; routing the encapsulated first packets via a dedicated line connection to a second machine associated with the first network, for forwarding of the first packets to the one or more third party destinations; and routing the second packets exclusively over at least one second connection, different than the dedicated connection, for forwarding to the one or more third party destinations; wherein the method further comprises storing a first routing table and at least one second routing table, wherein one or more routes identified by the first routing table are mutually-exclusive to one or more routes identified by the at least one second routing table, wherein routing the encapsulated, first packets includes using only one or more routes of the first routing table to route the encapsulated, first packets, and wherein routing the second packets includes using only one or more routes of the at least one second routing table. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. An apparatus adapted for use in a first network, to route packets the packets originating from one or more third party sources to one or more third party destinations, each of the sources and destinations not being a part of the first network, the apparatus comprising:
-
means for receiving the packets; means for filtering the received packets to distinguish first packets which are to be associated with a virtual private network from second packets which are not to be associated with the virtual private network; means for encapsulating the first packets; means for routing the encapsulated first packets via a dedicated line connection to a second machine associated with the first network, for forwarding of the first packets to the one or more third party destinations; and means for routing the second packets exclusively over at least one second connection, different than the dedicated connection, for forwarding to the one or more third party destinations; wherein the apparatus further comprises means for storing a first routing table and at least one second routing table, wherein one or more routes identified by the first routing table are mutually-exclusive to one or more routes identified by the at least one second routing table, wherein the means for routing the encapsulated, first packets is to use only one or more routes of the first routing table to route the encapsulated, first packets, and wherein the means for routing the second packets is to use only one or more routes of the at least one second routing table.
-
-
14. An apparatus comprising instructions stored on non-transitory machine-readable media, the instructions when executed to cause at least one processor in a first machine associated with a first network to:
-
receive packets; filter the received packets to distinguish first packets which are to be associated with a virtual private network from second packets which are not to be associated with the virtual private network; encapsulate the first packets; route the encapsulated first packets via a dedicated line connection to a second machine associated with the first network, for forwarding of the first packets to one or more third party destinations; and route the second packets exclusively over at least one second connection, different than the dedicated connection, for forwarding to the one or more third party destinations; wherein the received packets originate from one or more third party sources and are addressed to the one or more third party destinations, and wherein each of the sources and destinations are not a part of the first network; wherein the instructions when executed are further to cause the at least one processor to store a first routing table and at least one second routing table, one or more routes identified by the first routing table being mutually-exclusive to one or more routes identified by the at least one second routing table, route the encapsulated, first packets using one or more routes of the first routing table, to the exclusion of each route of the second routing table, and route the second packets using only one or more routes of the at least one second routing table, to the exclusion of each route of the first routing table. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
Specification