Path calculating method, program and calculating apparatus
US-9215163-B2 · Dec 15, 2015 · US
Method and apparatus for network security
US9036647B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9036647-B2 |
| Application number | US-201213727978-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 27, 2012 |
| Priority date | Dec 27, 2012 |
| Publication date | May 19, 2015 |
| Grant date | May 19, 2015 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method of securely routing data traffic between communication networks. In an integrated security device, a host router supports a virtual router that peers with VRF (virtual routing and forwarding) instances associated with participating networks on the host router. Each VRF instance preferably runs its own dynamic routing protocol and determines when received data traffic may be directly forwarded from one network to another and when it must be forwarded to an OE (offload engine) for enforcement of security policies or NAT (network address translation) processing.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method of routing data traffic between networks, comprising: receiving the data traffic from a source network; determining whether the data traffic may be directly forwarded to a destination network, wherein determining whether the data traffic may be directly forwarded to the destination network comprises running a first instance of VRF (virtual routing and forwarding); forwarding the data traffic to an OE (offload engine) if it is determined that the data traffic may not be directly forwarded to the destination network; replacing a delineator associated with any data traffic that has been forwarded to the OE, wherein replacing the delineator comprises removing a delineator associated with the first VRF instance and replacing it with a delineator associated with the second VRF instance; and forwarding any data traffic that has been forwarded to the OE from the OE to the destination network, wherein forwarding the data traffic from the OE to the destination network comprises running a second instance of VRF. 2. The method of claim 1 , further comprising forwarding the data traffic directly to the destination network if it is determined that the traffic may be forwarded directly to the destination network. 3. The method of claim 1 , further comprising inspecting data traffic that has been forwarded to the OE. 4. The method of claim 1 , wherein forwarding the traffic from the OE comprises reference to static routing tables. 5. The method of claim 1 , further comprising running an instance of a dynamic routing protocol in association with the OE. 6. The method of claim 5 , wherein the dynamic routing protocol is OSPF (open shortest path first). 7. The method of claim 5 , further comprising performing IP (internet protocol) address translation. 8. The method of claim 1 , wherein the delineator is a VID (VLAN (virtual local area network) ID). 9. The method of claim 1 , wherein the delineator is an MPLS (multiprotocol label switching) label. 10. The method of claim 1 , wherein forwarding the data traffic from the OE comprises forwarding the data traffic to a packet processor in communication with the OE. 11. The method of claim 10 , further comprising adding an embedded routing header to the data traffic prior to forwarding the data traffic to the packet processor. 12. The method of claim 11 , wherein the embedded routing header is a HiGig™ header. 13. Apparatus for routing data traffic between networks, comprising: a processor; an OE; and a non-transitory memory device comprising program instructions that when executed cause the apparatus to: receive data traffic from a source network; determine whether the data traffic may be directly forwarded to a destination network, wherein determining whether the data traffic may be directly forwarded to the destination network comprises running a first instance of VRF; forward the data traffic to an OE if it is determined that the data traffic may not be directly forwarded to the destination network; replace a delineator associated with any data traffic that has been forwarded to the OE, wherein replacing the delineator comprises removing a delineator associated with the first VRF instance and replacing it with a delineator associated with the second VRF instance; and forward any data traffic that has been forwarded to the OE from the OE to the destination network, wherein forwarding the data traffic from the OE to the destination network comprises running a second instance of VRF. 14. The apparatus of claim 13 , wherein memory device further comprises program instructions that when executed cause the apparatus to forward the data traffic directly to the destination network if it is determined that the traffic may be forwarded directly to the destination network. 15. The apparatus of claim 13 , wherein memory device further comprises program instructions that when executed cause the apparatus to inspect data traffic that has been forwarded to the OE. 16. The apparatus of claim 13 , wherein memory device further comprises program instructions that when executed cause the apparatus to run an instance of a dynamic routing protocol in association with the OE. 17. The apparatus of claim 13 , wherein memory device further comprises program instructions that when executed cause the apparatus to forward data traffic forward data traffic that is being forwarded from the OE to a packet processor in communication with the OE. 18. The apparatus of claim 17 , wherein memory device further comprises program instructions that when executed cause the apparatus to add an embedded routing header to the data traffic prior to forwarding the data traffic to the packet processor.
Assignees
Inventors
Classifications
of virtual routers · CPC title
- H04L45/12Primary
Shortest path evaluation · CPC title
Architectural arrangements, e.g. perimeter networks or demilitarized zones · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9036647B2 cover?
- A method of securely routing data traffic between communication networks. In an integrated security device, a host router supports a virtual router that peers with VRF (virtual routing and forwarding) instances associated with participating networks on the host router. Each VRF instance preferably runs its own dynamic routing protocol and determines when received data traffic may be directly fo…
- Who is the assignee on this patent?
- Alcatel Lucent Usa Inc, Alcatel Lucent
- What technology area does this patent fall under?
- Primary CPC classification H04L45/12. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue May 19 2015 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).