A METHOD AND SYSTEMS FOR ROUTING PACKETS FROM A GATEWAY TO AN ENDPOINT

US 20060029063A1
Filed: 07/22/2005
Published: 02/09/2006
Est. Priority Date: 07/23/2004
Status: Active Grant

First Claim

Patent Images

1. A method for routing packets from a gateway to an endpoint, the method comprising:

(a) associating a private internet protocol (IP) address with an endpoint having a public IP address;

(b) capturing a packet addressed to the private IP address of the endpoint;

(c) applying a policy to the packet; and

(d) transmitting the packet to the public IP address of the endpoint, responsive to the application of the policy to the packet.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for routing packets from a gateway to an endpoint includes the step of associating a private internet protocol (IP) address with an endpoint having a public IP address. A packet addressed to the private IP address of the endpoint is captured. A policy is applied to the packet. The packet is transmitted to the public IP address of the endpoint, responsive to the application of the policy to the packet.

303 Citations

36 Claims

1. A method for routing packets from a gateway to an endpoint, the method comprising:
- (a) associating a private internet protocol (IP) address with an endpoint having a public IP address;
  
  (b) capturing a packet addressed to the private IP address of the endpoint;
  
  (c) applying a policy to the packet; and
  
  (d) transmitting the packet to the public IP address of the endpoint, responsive to the application of the policy to the packet.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein step (b) further comprises capturing, by a driver on the gateway, a packet addressed to the private IP address of the endpoint.
  - 3. The method of claim 2, wherein the driver complies with the Network Driver Interface Specification (NDIS).
  - 4. The method of claim 1, wherein step (b) further comprises capturing all Ethernet traffic addressed to the endpoint.
  - 5. The method of claim 1, wherein step (b) further comprises capturing a packet addressed to the private IP address of the endpoint prior to routing the packet to the endpoint.
  - 6. The method of claim 1, wherein step (c) further comprises applying a policy to the packet prior to routing the packet to the endpoint.
  - 7. The method of claim 1, wherein step (c) further comprises applying an access control list to the packet.
  - 8. The method of claim 1, wherein step (d) further comprises performing a network address translation to transform the private IP address of the endpoint to the public IP address of the endpoint.

9. A device for routing packets from a gateway to an endpoint, the device comprising:
- an addressing element associating a private IP address with an endpoint having a public IP address;
  
  a receiver in communication with the addressing element intercepting a packet destined for the private IP address of the endpoint;
  
  a policy engine in communication with the receiver receiving the packet and transmitting the packet to the endpoint responsive to a policy applied to the packet; and
  
  a transmitter in communication with the receiver, the policy engine, and the addressing element performing a network address translation on the packet and transmitting the packet to an endpoint.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 10. The device of claim 9, wherein the receiver comprises a driver.
  - 11. The device of claim 9, wherein the receiver comprises a driver in compliance with a Network Driver Interface Specification (NDIS).
  - 12. The device of claim 9, wherein the receiver intercepts Ethernet traffic addressed to the endpoint.
  - 13. The device of claim 9, wherein the receiver forwards the intercepted packet to the policy engine.
  - 14. The device of claim 9, wherein the receiver is a process.
  - 15. The device of claim 14, wherein the receiver process executes in kernel mode.
  - 16. The device of claim 9, wherein the policy engine is a process.
  - 17. The device of claim 16, wherein the policy engine process executes in user mode.
  - 18. The device of claim 9, wherein the policy engine applies an access control list to the packet.
  - 19. The device of claim 9, wherein the transmitter further comprises transforming a private internet protocol (IP) address of the packet to the public IP address associated with the endpoint.
  - 20. The device of claim 9, wherein the transmitter transmits the packet to an endpoint over a secure sockets layer (SSL) tunnel.
  - 21. The device of claim 9, wherein the transmitter is a process.
  - 22. The device of claim 21, wherein the transmitter process executes in kernel mode.

23. A system for routing packets from a gateway to an endpoint, the system comprising:
- a gateway comprising a kernel and an application space; and
  
  a device, in communication with the gateway, comprising;
  
  an addressing element associating a private IP address with an endpoint having a public IP address;
  
  a receiver in communication with the addressing element intercepting a packet addressed to the private IP address of the endpoint;
  
  a policy engine in communication with the receiver receiving the packet and transmitting the packet responsive to a policy applied to the packet; and
  
  a transmitter in communication with the receiver, the policy engine, and the addressing element performing a network address translation on the packet and transmitting the packet to the endpoint.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 24. The system of claim 23, wherein the receiver comprises a driver.
  - 25. The system of claim 23, wherein the receiver comprises a driver in compliance with a Network Driver Interface Specification (NDIS).
  - 26. The system of claim 23, wherein the receiver intercepts Ethernet traffic addressed to the endpoint.
  - 27. The system of claim 23, wherein the receiver forwards the intercepted packet to the policy engine.
  - 28. The system of claim 23, wherein the receiver is a process.
  - 29. The system of claim 28, wherein the receiver process executes in kernel mode.
  - 30. The system of claim 23, wherein the policy engine is a process.
  - 31. The system of claim 30, wherein the policy engine process executes in user mode.
  - 32. The system of claim 23, wherein the policy engine applies an access control list to the packet.
  - 33. The system of claim 23, wherein the transmitter further comprises transforming a private internet protocol (IP) address of the packet to the public IP address associated with the endpoint.
  - 34. The system of claim 23, wherein the transmitter transmits the packet to an endpoint over a secure sockets layer (SSL) tunnel.
  - 35. The system of claim 23, wherein the transmitter is a process.
  - 36. The system of claim 35, wherein the transmitter process executes in kernel mode.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Rao, Goutham P., Brueggemann, Eric R., Rodriguez, Robert A.

Granted Patent

US 8,363,650 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/389
CPC Class Codes

H04L 12/2856   Access arrangements, e.g. I...

H04L 12/2898   Subscriber equipments DSL m...

H04L 45/00   Routing or path finding of ...

H04L 45/72   Routing based on the source...

H04L 47/20   Traffic policing

H04L 61/00   Network arrangements, proto...

H04L 61/2514   between local and global IP...

H04L 61/2557   Translation policies or rules

H04L 63/0227   Filtering policies mail mes...

H04L 63/0272   Virtual private networks

H04L 63/101   Access control lists [ACL]

H04L 63/164   at the network layer

H04L 63/166   at the transport layer

H04L 63/20   for managing network securi...

A METHOD AND SYSTEMS FOR ROUTING PACKETS FROM A GATEWAY TO AN ENDPOINT

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

303 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

A METHOD AND SYSTEMS FOR ROUTING PACKETS FROM A GATEWAY TO AN ENDPOINT

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

303 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links