Routing methods, systems, and computer program products
US-10587505-B1 · Mar 10, 2020 · US
Enterprise mobility management and network micro-segmentation
US11032247B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11032247-B2 |
| Application number | US-201916701497-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 3, 2019 |
| Priority date | Feb 4, 2016 |
| Publication date | Jun 8, 2021 |
| Grant date | Jun 8, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Disclosed are various examples for the use of network micro-segmentation in enterprise mobility management. In one example, a network device receives a packet with one or mote device management attribute embedded in its header. The network device extracts the device management attribute from the packet header. A compliance status of a client device in an external network is determined based on the device management attribute. The network device forwards the packet based on the compliance status.
First claim
Opening claim text (preview).
Therefore, the following is claimed: 1. A non-transitory computer-readable medium embodying executable instructions, wherein the instructions, when executed by at least one processor, cause at least one computing device to at least: divide an internal network into a plurality of virtual network segments, wherein the plurality of virtual network segments comprise different configurations of a plurality of resources of the internal network; receive, by a network device in the internal network, a packet comprising at least one device management attribute embedded in a packet header, wherein the at least one device management attribute corresponds to a client device in an external network; extract, by the network device in the internal network, the at least one device management attribute from the packet header; determine a compliance status of the client device based on the at least one device management attribute; and forward the packet within the internal network based on a compliance status of the client device. 2. The non-transitory computer-readable medium of claim 1 , wherein the instructions, when executed by the at least one processor, cause the at least one computing device to at least: configure, by a network controller, at least one routing rule for a virtual network segment. 3. The non-transitory computer-readable medium of claim 2 , wherein the instructions, when executed by the at least one processor, cause the at least one computing device to at least: identify, by the network device, the at least one routing rule for the virtual network segment. 4. The non-transitory computer-readable medium of claim 3 , wherein the network device forwards the packet within the internal network based on the compliance status of the client device and the at least one routing rule for the virtual network segment. 5. The non-transitory computer-readable medium of claim 1 , wherein the instructions, when executed by the at least one processor, cause the at least one computing device to at least: identify a destination interface specified for the packet, wherein the packet is forwarded within the internal network based on the destination interface and the compliance status of the client device. 6. The non-transitory computer-readable medium of claim 1 , wherein network device provides access to a virtual network segment, and the packet is forwarded from a gateway device to the network device based on the virtual network segment. 7. The non-transitory computer-readable medium of claim 1 , wherein the packet is forwarded to a failover virtual network segment based on the compliance status indicating non-compliance with at least one routing rule. 8. A system, comprising: at least one computing device; and at least one data store comprising executable instructions, wherein the instructions, when executed by at least one processor, cause the at least one computing device to at least: divide an internal network into a plurality of virtual network segments, wherein the plurality of virtual network segments comprise different configurations of a plurality of resources of the internal network; receive, by a network device in the internal network, a packet comprising at least one device management attribute embedded in a packet header, wherein the at least one device management attribute corresponds to a client device in an external network; extract, by the network device in the internal network, the at least one device management attribute from the packet header; determine a compliance status of the client device based on the at least one device management attribute; and forward the packet within the internal network based on a compliance status of the client device. 9. The system of claim 8 , wherein the instructions, when executed by the at least one processor, cause the at least one computing device to at least: configure, by a network controller, at least one routing rule for a virtual network segment. 10. The system of claim 9 , wherein the instructions, when executed by the at least one processor, cause the at least one computing device to at least: identify, by the network device, the at least one routing rule for the virtual network segment. 11. The system of claim 10 , wherein the network device forwards the packet within the internal network based on the compliance status of the client device and the at least one routing rule for the virtual network segment. 12. The system of claim 8 , wherein the instructions, when executed by the at least one processor, cause the at least one computing device to at least: identify a destination interface specified for the packet, wherein the packet is forwarded within the internal network based on the destination interface and the compliance status of the client device. 13. The system of claim 8 , wherein network device provides access to a virtual network segment, and the packet is forwarded from a gateway device to the network device based on the virtual network segment. 14. The system of claim 8 , wherein the packet is forwarded to a virtual network segment based on the compliance status indicating compliance with at least one routing rule for the virtual network segment. 15. A method, comprising: dividing an internal network into a plurality of virtual network segments, wherein the plurality of virtual network segments comprise different configurations of a plurality of resources of the internal network; receiving, by a network device in the internal network, a packet comprising at least one device management attribute embedded in a packet header, wherein the at least one device management attribute corresponds to a client device in an external network; extracting, by the network device in the internal network, the at least one device management attribute from the packet header; determining a compliance status of the client device based on the at least one device management attribute; and forwarding the packet within the internal network based on a compliance status of the client device. 16. The method of claim 15 , further comprising: configuring, by a network controller, at least one routing rule for a virtual network segment. 17. The method of claim 16 , further comprising: identifying, by the network device, the at least one routing rule for the virtual network segment. 18. The method of claim 17 , wherein the network device forwards the packet within the internal network based on the compliance status of the client device and the at least one routing rule for the virtual network segment. 19. The method of claim 15 , further comprising: identifying a destination interface specified for the packet, wherein the packet is forwarded within the internal network based on the destination interface and the compliance status of the client device. 20. The method of claim 15 , wherein network device provides access to a virtual network segment, and the packet is forwarded from a gateway device to the network device based on the virtual network segment.
Assignees
Inventors
Classifications
Access security · CPC title
Firewall traversal, e.g. tunnelling or, creating pinholes · CPC title
Filtering by information in the payload · CPC title
Managing security policies for mobile devices or for controlling mobile applications · CPC title
- H04L63/0272Primary
Virtual private networks · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11032247B2 cover?
- Disclosed are various examples for the use of network micro-segmentation in enterprise mobility management. In one example, a network device receives a packet with one or mote device management attribute embedded in its header. The network device extracts the device management attribute from the packet header. A compliance status of a client device in an external network is determined based on …
- Who is the assignee on this patent?
- Airwatch Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0272. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jun 08 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).