IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0620539
(2012-09-14)
|
등록번호 |
US-8713153
(2014-04-29)
|
발명자
/ 주소 |
|
출원인 / 주소 |
|
대리인 / 주소 |
Blakely, Sokoloff, Taylor & Zafman LLP
|
인용정보 |
피인용 횟수 :
0 인용 특허 :
75 |
초록
▼
A method and device for communicating information resources between subscriber end stations and nodes belonging to different network domains is described. The device instantiates different virtual network machines for different network domains using separate independently administrable network datab
A method and device for communicating information resources between subscriber end stations and nodes belonging to different network domains is described. The device instantiates different virtual network machines for different network domains using separate independently administrable network databases. Each of the administrable chores of the separate independently administrable network databases includes the assignment of access control and the configuration of the policies for those network databases. The policies include traffic filtering policies to indicate what kind of information payloads can be carried, traffic and route filtering policies to indicate what paths through the network will be used for each payload carried. Each of the network domains includes one of the different virtual network machines and each of the different network domains is virtually isolated from other network domains.
대표청구항
▼
1. A method performed by a single network device communicatively coupled with a plurality of end stations, comprising: authenticating, using an authentication, authorization and accounting (AAA) protocol, a plurality of users based upon a plurality of records, wherein the plurality of users utilize
1. A method performed by a single network device communicatively coupled with a plurality of end stations, comprising: authenticating, using an authentication, authorization and accounting (AAA) protocol, a plurality of users based upon a plurality of records, wherein the plurality of users utilize the plurality of end stations, wherein each of the plurality of records comprises information indicating which of a plurality of virtual routers the respective end station is to be currently coupled to, wherein the single network device comprises the plurality of virtual routers that share a set of physical resources of the single network device, and wherein each of the plurality of virtual routers belongs to a different one of a plurality of virtual private networks; andcommunicatively coupling, within the single network device, different ones of the plurality of end stations with different ones of the virtual routers based on the information obtained using the AAA protocol during said authenticating. 2. The method of claim 1, further comprising: routing packets for the plurality of end stations via the respective virtual routers using a plurality of network databases, wherein each of the plurality of network databases belongs to a different one of the plurality of virtual routers. 3. The method of claim 2, further comprising: causing an accounting, using the AAA protocol, for the network activity of each of the plurality of users. 4. The method of claim 1, wherein the AAA protocol is Remote Authentication Dial In User Service (RADIUS) protocol. 5. The method of claim 4, wherein said authenticating comprises communicating with a remote server using the RADIUS protocol. 6. The method of claim 1, wherein said communicatively coupling comprises associating the different ones of the plurality of end stations with the different ones of the virtual routers within a binding data structure. 7. The method of claim 1, wherein said routing of packets for the plurality of end stations further utilizes a plurality of tunneled connections. 8. A single network device, comprising: a set of one or more processors;communications hardware to transmit and receive packets to and from a plurality of end stations; anda non-transitory computer-readable medium having stored therein a set of instructions that, when executed by the set of processors, cause the single network device to, create a plurality of virtual routers that will share a set of physical resources of the single network device, wherein each of the plurality of virtual routers is to belong to a different one of a plurality of virtual private networks,authenticate, using an authentication, authorization and accounting (AAA) protocol, users based upon a plurality of records, wherein the plurality of users utilize the plurality of end stations communicatively coupled with the single network device, wherein each of the plurality of records is to comprise information to indicate which of the plurality of virtual routers the respective end station is to be coupled to, andcommunicatively couple, within the single network device, different ones of the plurality of end stations with different ones of the virtual routers based on the information that is to be obtained using the AAA protocol during said authenticating. 9. The single network device of claim 8, wherein the set of instructions further cause the single network device to: route packets for the plurality of end stations via the respective virtual routers according to a plurality of network databases of the virtual routers. 10. The single network device of claim 9, wherein the set of instructions further cause the single network device to: cause an accounting, through use of the AAA protocol, of network activity for each of the plurality of users. 11. The single network device of claim 8, wherein the AAA protocol is Remote Authentication Dial In User Service (RADIUS) protocol. 12. The single network device of claim 11, wherein the set of instructions cause the single network device to authenticate users based upon the plurality of records by communicating with a remote server using the RADIUS protocol. 13. The single network device of claim 8, wherein the set of instructions cause the single network device to communicatively couple the different ones of the plurality of end stations with the different ones of the virtual routers by associating the different ones of the plurality of end stations with the different ones of the virtual routers within a binding data structure. 14. The single network device of claim 8, wherein the set of instructions cause the single network device to route packets by utilizing a plurality of tunneled connections. 15. A network, comprising: an Authentication, Authorization, and Accounting (AAA) server that stores a plurality of records, wherein each of the plurality of records is to comprise information to indicate which of a plurality of virtual routers a respective end station of a plurality of end stations is to be coupled to; anda single network device coupled to the AAA server, wherein the single network device includes, a set of one or more processors,communications hardware that transmits and receives packets to and from the plurality of end stations, anda non-transitory computer-readable medium having stored therein a set of instructions, that, when executed by the set of processors, cause the single network device to, create the plurality of virtual routers that will share a set of physical resources of the single network device, wherein each of the plurality of virtual routers is to belong to a different one of a plurality of virtual private networks,authenticate, using an authentication, authorization and accounting (AAA) protocol and the AAA server, the plurality of users based upon the plurality of records, wherein the plurality of users utilize the plurality of end stations communicatively coupled with the single network device, andcommunicatively couple, within the single network device, different ones of the plurality of end stations with different ones of the virtual routers based on the information that is to be obtained using the AAA protocol during said authenticating. 16. The network of claim 15, wherein the set of instructions further cause the single network device to: route packets for the plurality of end stations via the respective virtual routers according to a plurality of network databases of the virtual routers. 17. The network of claim 16, wherein the set of instructions further cause the single network device to: cause an accounting, through use of the AAA protocol and the AAA server, of network activity for each of the plurality of users. 18. The network of claim 15, wherein the AAA protocol is Remote Authentication Dial In User Service (RADIUS) protocol. 19. The network of claim 15, wherein the set of instructions cause the single network device to communicatively couple the different ones of the plurality of end stations with the different ones of the virtual routers by associating the different ones of the plurality of end stations with the different ones of the virtual routers within a binding data structure. 20. The network of claim 15, wherein the set of instructions cause the single network device to route packets by utilizing a plurality of tunneled connections. 21. A method performed by a single network device communicatively coupled with a plurality of end stations, wherein the single network device comprises a plurality of virtual routers that share a set of physical resources of the single network device, and wherein each of the plurality of virtual routers belongs to a different one of a plurality of virtual private networks, the method comprising: responsive to an initial communication with an end station of a user, authenticating the user with an Authentication, Authorization, and Accounting (AAA) server to determine information identifying a virtual router of the plurality of virtual routers that the end station of the user is to be coupled to, wherein said authenticating utilizes a Remote Authentication Dial-In User Service (RADIUS) protocol; andcommunicatively coupling, within the single network device through a binding data structure, the end station of the user with the virtual router of the plurality of virtual routers based on said determined information. 22. A single network device to implement a plurality of virtual routers that share a set of physical resources of the single network device, wherein each of the plurality of virtual routers belongs to a different one of a plurality of virtual private networks, the single network device comprising: a set of one or more processors;communications hardware to transmit and receive packets to and from a plurality of end stations; anda non-transitory computer-readable medium having stored therein a set of instructions that, when executed by the set of processors, cause the single network device to, responsive to an initial communication with an end station of the plurality of end stations that is to be utilized by a user, authenticate the user with an Authentication, Authorization, and Accounting (AAA) server to determine information that identifies a virtual router of a plurality of virtual routers that the end station of the user is to be coupled to, wherein said authentication is to utilize a Remote Authentication Dial-In User Service (RADIUS) protocol, andcommunicatively couple, within the single network device through a binding data structure, the end station of the user with the identified virtual router of the plurality of virtual routers based on said determined information. 23. A network, comprising: an Authentication, Authorization, and Accounting (AAA) server that stores a plurality of records, wherein each of the plurality of records comprises information to indicate which virtual router of a plurality of virtual routers a respective end station of a plurality of end stations is to be coupled to; anda single network device coupled to the AAA server, wherein the single network device implements the plurality of virtual routers that share a set of physical resources of the single network device, wherein each of the plurality of virtual routers belongs to a different one of a plurality of virtual private networks, wherein the single network device includes, a set of one or more processors,communications hardware that transmits and receives packets to and from the plurality of end stations, anda non-transitory computer-readable medium having stored therein a set of instructions that, when executed by the set of processors, cause the single network device to, responsive to an initial communication with an end station of the plurality of end stations that is to be utilized by a user, authenticate the user with the AAA server to determine information that identifies a virtual router of the plurality of virtual routers that the end station of the user is to be coupled to, wherein said authentication is to utilize a Remote Authentication Dial-In User Service (RADIUS) protocol, andcommunicatively couple, within the single network device through a binding data structure, the end station of the user with the identified virtual router of the plurality of virtual routers based on said determined information. 24. A method performed by a single network device configured to be communicatively coupled with a plurality of end stations, comprising: receiving authentication and authorization information of a user from an Authentication, Authorization, and Accounting (AAA) server wherein the user utilizes an end station, wherein the authentication and authorization information indicates which of a plurality of virtual routers the end station is to be coupled to, wherein the single network device includes the plurality of virtual routers that share a set of physical resources of the single network device, and wherein each of the plurality of virtual routers belongs to a different one of a plurality of virtual private networks. 25. A method performed by a single network device configurable to be communicatively coupled with a plurality of end stations, wherein the single network device includes a plurality of virtual routers that share a set of physical resources of the single network device, and wherein each of the plurality of virtual routers belongs to a different one of a plurality of virtual private networks, the method comprising: responsive to an initial communication with an end station of a user, receiving authentication and authorization information about the user from an Authentication, Authorization, and Accounting (AAA) server, the authentication and authorization information for identifying a virtual router of the plurality of virtual routers that the end station of the user is to be coupled to, wherein said AAA server utilizes a Remote Authentication Dial-In User Service (RADIUS) protocol; andcommunicatively coupling, within the single network device through a binding data structure, the end station of the user with the virtual router of the plurality of virtual routers based on said authentication and authorization information. 26. A single network device to implement a plurality of virtual routers that share a set of physical resources of the single network device, wherein each of the plurality of virtual routers belongs to a different one of a plurality of virtual private networks, the single network device comprising: a set of one or more processors;communications hardware to transmit and receive packets to and from a plurality of end stations; anda non-transitory computer-readable medium having stored therein a set of instructions that, when executed by the set of processors, cause the single network device to, responsive to an initial communication with an end station of the plurality of end stations that is to be utilized by a user, receive authentication and authorization information about the user from an Authentication, Authorization, and Accounting (AAA) server that identifies a virtual router of the plurality of virtual routers that the end station of the user is to be coupled to, wherein said AAA server utilizes a Remote Authentication Dial-In User Service (RADIUS) protocol, andcommunicatively couple, within the single network device through a binding data structure, the end station of the user with the identified virtual router of the plurality of virtual routers based on said authentication and authorization information.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.