System and method for reducing CPU load in processing PPP packets on a SSL-VPN tunneling device

US 8,804,504 B1
Filed: 09/16/2011
Issued: 08/12/2014
Est. Priority Date: 09/16/2010
Status: Active Grant

First Claim

Patent Images

1. A method of reducing processing required to transmit a data packet over a virtual private network, the method comprising:

receiving, at a network transmitting device, an initial encapsulated data packet to be transmitted over an established Virtual Private Network (VPN) tunnel connection to a receiving device;

removing, at the network transmitting device, from the initial encapsulated data packet, a Layer 2 (L2) protocol header and at least one framing element selected from a front end delimiter or a back end delimiter;

appending, at the network transmitting device, an alternate encapsulated protocol header to an Internet Protocol (IP) data packet of the initial encapsulated data packet to generate a modified encapsulated data packet, wherein the alternate encapsulated protocol header contains processing information for the IP data packet, the processing information comprising at least a payload length of the IP data packet; and

sending, with the network transmitting device, the modified encapsulated data packet to the receiving device over the VPN tunnel connection, wherein the alternate encapsulated protocol header is configured to allow the receiving device to handle the IP data packet in the modified encapsulated data packet using less computational resources in comparison to handling the initial encapsulated data packet.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for reducing processing load on an encapsulated data packet transmitted over a virtual private network. The method includes handling an initial encapsulated data packet to be transmitted over an established VPN tunnel connection to a receiving device, the initial encapsulated data packet having a Layer 2 (L2) protocol header, an IP data packet and at least one framing element; removing the at least one framing element; removing the L2 protocol header; appending an alternate L2 encapsulated protocol header to the IP data packet to generate a modified encapsulated data packet, wherein the alternate header contains information of the IP data packet; and sending the modified encapsulated data packet to the receiving device, wherein the alternate encapsulated protocol header allows the receiving device to handle the IP data packet using less computational resources in comparison to receiving the initial encapsulated data packet.

247 Citations

18 Claims

1. A method of reducing processing required to transmit a data packet over a virtual private network, the method comprising:
- receiving, at a network transmitting device, an initial encapsulated data packet to be transmitted over an established Virtual Private Network (VPN) tunnel connection to a receiving device;
  
  removing, at the network transmitting device, from the initial encapsulated data packet, a Layer 2 (L2) protocol header and at least one framing element selected from a front end delimiter or a back end delimiter;
  
  appending, at the network transmitting device, an alternate encapsulated protocol header to an Internet Protocol (IP) data packet of the initial encapsulated data packet to generate a modified encapsulated data packet, wherein the alternate encapsulated protocol header contains processing information for the IP data packet, the processing information comprising at least a payload length of the IP data packet; and
  
  sending, with the network transmitting device, the modified encapsulated data packet to the receiving device over the VPN tunnel connection, wherein the alternate encapsulated protocol header is configured to allow the receiving device to handle the IP data packet in the modified encapsulated data packet using less computational resources in comparison to handling the initial encapsulated data packet.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the encapsulated protocol header further comprises one or more components selected from a type component, a length component, or a value component.
  - 3. The method of claim 2, wherein the one or more components comprise a Length-Type-Value (LTV) element and the LTV element is in a binary format.
  - 4. The method of claim 2, wherein the type component indicates a type of field of a message represented by the IP data packet, the length component indicates a size of a value field of the IP data packet, and the value component indicates a set of bytes that contain data identifying a type of information included in the IP data packet.
  - 5. The method of claim 1, wherein the at least one framing element is further selected from a checksum frame.
  - 6. The method of claim 1, wherein the L2 protocol is a Point-to-Point (PPP) protocol.

7. A non-transitory machine readable medium having stored thereon instructions for reducing processing required to transmit a data packet over a virtual private network, the medium comprising machine executable code which when executed by at least one machine, causes the machine to:
- receive an initial encapsulated data packet to be transmitted over an established Virtual Private Network (VPN) tunnel connection to a receiving device;
  
  remove from the initial encapsulated data packet, a Layer 2 (L2) protocol header and at least one framing element selected from a front end delimiter or a back end delimiter;
  
  append an alternate encapsulated protocol header to an Internet Protocol (IP) data packet of the initial encapsulated data packet to generate a modified encapsulated data packet, wherein the alternate encapsulated protocol header contains processing information for the IP data packet, the processing information comprising at least a payload length of the IP data packet; and
  
  send the modified encapsulated data packet to the receiving device over the VPN tunnel connection, wherein the alternate encapsulated protocol header is configured to allow the receiving device to handle the IP data packet in the modified encapsulated data packet using less computational resources in comparison to handling the initial encapsulated data packet.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The machine readable medium of claim 7, wherein the encapsulated protocol header further comprises one or more components selected from a type component, a length component, or a value component.
  - 9. The machine readable medium of claim 8, wherein the one or more components comprise a Length-Type-Value (LTV) element and the LTV element is in a binary format.
  - 10. The machine readable medium of claim 8, wherein the type component indicates a type of field of a message represented by the IP data packet, the length component indicates a size of a value field of the IP data packet, and the value component indicates a set of bytes that contain data identifying a type of information included in the IP data packet.
  - 11. The machine readable medium of claim 7, wherein the at least one framing element is further selected from a checksum frame.
  - 12. The machine readable medium of claim 7, wherein the L2 protocol is a Point-to-Point (PPP) protocol.

13. A network device comprising:
- a memory storing an application module having one or more programming instructions; and
  
  a processor configured execute the application module, which when executed by the processor, causes the processor to;
  
  receive an initial encapsulated data packet to be transmitted over an established Virtual Private Network (VPN) tunnel connection to a receiving device;
  
  remove from the initial encapsulated data packet, a Layer 2 (L2) protocol header and at least one framing element selected from a front end delimiter or a back end delimiter;
  
  append an alternate encapsulated protocol header to an Internet Protocol (IP) data packet of the initial encapsulated data packet to generate a modified encapsulated data packet, wherein the alternate encapsulated protocol header contains processing information for the IP data packet, the processing information comprising at least a payload length of the IP data packet; and
  
  send the modified encapsulated data packet to the receiving device over the VPN tunnel connection, wherein the alternate encapsulated protocol header is configured to allow the receiving device to handle the IP data packet in the modified encapsulated data packet using less computational resources in comparison to handling the initial encapsulated data packet.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The network device of claim 13, wherein the encapsulated protocol header further comprises one or more components selected from a type component, a length component, or a value component.
  - 15. The network device of claim 14, wherein the one or more components comprise a Length-Type-Value (LTV) element and the LTV element is in a binary format.
  - 16. The network device of claim 14, wherein the type component indicates a type of field of a message represented by the IP data packet, the length component indicates a size of a value field of the IP data packet, and the value component indicates a set of bytes that contain data identifying a type of information included in the IP data packet.
  - 17. The network device of claim 13, wherein the at least one framing element is further selected from a checksum frame.
  - 18. The network device of claim 13, wherein the L2 protocol is a Point-to-Point (PPP) protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
F5 Networks, Inc. (F5 Incorporated)
Original Assignee
F5 Networks, Inc. (F5 Incorporated)
Inventors
Chen, Jonathan
Primary Examiner(s)
LEVITAN, DMITRY

Application Number

US13/234,797
Time in Patent Office

1,061 Days
Field of Search

370229-231, 370/235, 370/351, 370/389, 370/431, 370/464, 370/465, 709227-229, 709/238, 709/246
US Class Current

370/229
CPC Class Codes

H04L 12/4633   Interconnection of networks...

H04L 63/0272   Virtual private networks

H04L 69/22   Parsing or analysis of headers

H04L 69/324   in the data link layer [OSI...

System and method for reducing CPU load in processing PPP packets on a SSL-VPN tunneling device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

247 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for reducing CPU load in processing PPP packets on a SSL-VPN tunneling device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

247 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links