IDENTITY-BASED NETWORKING

US 20090257437A1
Filed: 06/22/2009
Published: 10/15/2009
Est. Priority Date: 10/13/2005
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a network database including VLAN information;

a first network domain seed coupled to the network database;

a second network domain seed coupled to the network database and the first network domain seed;

a first network domain member coupled to the first network domain seed;

a second network domain member coupled to the second network domain seed;

wherein, in operation, a client that is authorized on the second network domain member attempts to connect to the first network domain member, the first network domain seed performs a lookup in the network database and determines that the client is authorized on the second network domain member, and, based on the determination, the client is connected from the first network domain member to the second network domain member via VLAN tunneling.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A technique for identity based networking is disclosed. A system according to the technique can include a WAN, a first VLAN, a second VLAN, and a network database. The first VLAN and second VLAN can be coupled to the WAN. The network database can include VLAN information. In operation, a client that is authorized on the second VLAN can attempt to connect to the first VLAN. A switch in the WAN can perform a lookup in the network database and determine that the client is authorized on the second VLAN. Based on this information, the client can be connected to the second VLAN using VLAN tunneling.

130 Citations

View as Search Results

20 Claims

1. A system comprising:
- a network database including VLAN information;
  
  a first network domain seed coupled to the network database;
  
  a second network domain seed coupled to the network database and the first network domain seed;
  
  a first network domain member coupled to the first network domain seed;
  
  a second network domain member coupled to the second network domain seed;
  
  wherein, in operation, a client that is authorized on the second network domain member attempts to connect to the first network domain member, the first network domain seed performs a lookup in the network database and determines that the client is authorized on the second network domain member, and, based on the determination, the client is connected from the first network domain member to the second network domain member via VLAN tunneling.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein, in operation, the first network domain member queries the first network domain seed to perform the lookup in the network database.
  - 3. The system of claim 1, wherein, in operation, the first network domain member tunnels to the second network domain member to connect a client to a VLAN associated with the second network domain member.
  - 4. The system of claim 1, wherein the network database is stored on the second network domain seed.
  - 5. The system of claim 1, wherein the second network domain member, which supports a VLAN, has a first tunnel affinity, further comprising:
    - a third network domain member supporting the VLAN, the third network domain member having a second tunnel affinity;
      
      wherein the first network domain member tunnels to the second network domain member instead of the third network domain member based, at least in part, on the first tunnel affinity.
  - 6. The system of claim 1, wherein the first network domain seed, the second network domain seed, the first network domain member, and the second network domain member are in geographically distinct locations.
  - 7. The system of claim 1, wherein the network database includes IP addresses for network switches, VLAN names, and VLAN tunnel affinities.
  - 8. A system as recited in claim 1, further comprising at least three access points coupled to the first network domain member, wherein a location of the client is determinable by triangulation using data detected by the at least three access points.

9. A method comprising:
- receiving a log-in request from a client coupled to a first network domain member;
  
  requesting from a network domain seed VLAN information associated with the client configuration on a second network domain member;
  
  receiving the VLAN information at the first network domain member;
  
  determining, using the VLAN information, that the client is configured on a the second network domain member;
  
  connecting the client from the first network domain member to the second network domain member via VLAN tunneling.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The method of claim 9, wherein the log-in request is received by a first network domain member associated with a first VLAN and the first network domain member tunnels to a second network domain member to connect the client to a second VLAN.
  - 11. The method of claim 9, wherein the network database is stored locally with respect to the first network domain seed, further comprising querying the network database with a local query.
  - 12. The method of claim 9, further comprising:
    - retrieving information from a plurality of network domain seeds.
  - 13. The method of claim 9, wherein the VLAN information includes tunnel affinity information of at least two network domain members, further comprising:
    - comparing tunnel affinity information, from the VLAN information, of at least two network domain members that support a VLAN; and
      
      connecting the client to the network domain member with the highest tunnel affinity.
  - 14. The method of claim 9, further comprising:
    - querying for the client'"'"'s location;
      
      returning a location of a network domain member that received the client'"'"'s initial log-in request.

15. A system comprising:
- a means for receiving a log-in request from a client coupled to a first network domain member;
  
  a means for requesting from a network domain seed VLAN information associated with the client configuration on a second network domain member;
  
  a means for receiving the VLAN information at the first network domain member;
  
  a means for determining, using the VLAN information, that the client is configured on a the second network domain member;
  
  a means for connecting the client from the first network domain member to the second network domain member via VLAN tunneling.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein the log-in request is received by a first network domain member associated with a first VLAN, further comprising a means for tunneling from the first network domain member to a second network domain member to connect the client to a second VLAN.
  - 17. The system of claim 15, wherein the network database is stored locally with respect to the first network domain seed, further comprising a means for querying the network database with a local query.
  - 18. The system of claim 15, further comprising:
    - a means for retrieving information from a plurality of network domain seeds.
  - 19. The system of claim 15, wherein the VLAN information includes tunnel affinity information of at least two network domain members, further comprising:
    - a means for comparing tunnel affinity information, from the VLAN information, of at least two network domain members that support a VLAN; and
      
      a means for connecting the client to the network domain member with the highest tunnel affinity.
  - 20. The system of claim 15, further comprising:
    - a means for querying for the client'"'"'s location;
      
      a means for returning a location of a network domain member that received the client'"'"'s initial log-in request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trapeze Networks Incorporated (Juniper Networks Incorporated)
Original Assignee
Trapeze Networks Incorporated (Juniper Networks Incorporated)
Inventors
Tiwari, Manish

Granted Patent

US 8,270,408 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/395.530
CPC Class Codes

H04L 12/4641 Virtual LANs, VLANs, e.g. v...

IDENTITY-BASED NETWORKING

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

130 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

IDENTITY-BASED NETWORKING

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

130 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links