최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
DataON 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Edison 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Kafe 바로가기국가/구분 | United States(US) Patent 등록 |
---|---|
국제특허분류(IPC7판) |
|
출원번호 | US-0404452 (2017-01-12) |
등록번호 | US-9985800 (2018-05-29) |
발명자 / 주소 |
|
출원인 / 주소 |
|
인용정보 | 피인용 횟수 : 0 인용 특허 : 923 |
A wide area network using the internet as a backbone utilizing specially selected ISX/ISP providers whose routers route packets of said wide area network along private tunnels through the internet comprised of high bandwidth, low hop-count data paths. Firewalls are provided at each end of each priva
A wide area network using the internet as a backbone utilizing specially selected ISX/ISP providers whose routers route packets of said wide area network along private tunnels through the internet comprised of high bandwidth, low hop-count data paths. Firewalls are provided at each end of each private tunnel which recognize IP packets addressed to devices at the other end of the tunnel and encapsulate these packets in other IP packets which have a header which includes as the destination address, the IP address of the untrusted side of the firewall at the other end of the tunnel. The payload sections of these packets are the original IP packets and are encrypted and decrypted at both ends of the private tunnel using the same encryption algorithm using the same key or keys.
1. A method of routing packets at a first machine associated with a first network, the packets originating from one or more third party sources and destined for one or more third party destinations, each of the sources and destinations not being a part of the first network, the method comprising: re
1. A method of routing packets at a first machine associated with a first network, the packets originating from one or more third party sources and destined for one or more third party destinations, each of the sources and destinations not being a part of the first network, the method comprising: receiving the packets;filtering the received packets to distinguish first packets which are to be associated with a virtual private network from second packets which are not to be associated with the virtual private network;encapsulating the first packets;routing the encapsulated first packets via a dedicated line connection to a second machine associated with the first network, for forwarding of the first packets to the one or more third party destinations; androuting the second packets exclusively over at least one second connection, different than the dedicated connection, for forwarding to the one or more third party destinations;wherein the method further comprises storing a first routing table and at least one second routing table, wherein one or more routes identified by the first routing table are mutually-exclusive to one or more routes identified by the at least one second routing table, wherein routing the encapsulated, first packets includes using only one or more routes of the first routing table to route the encapsulated, first packets, and wherein routing the second packets includes using only one or more routes of the at least one second routing table. 2. The method of claim 1, wherein receiving includes using a channel service unit to receive the packets via a dedicated connection that directly links the machine with a network associated with a predetermined client. 3. The method of claim 2, wherein filtering includes examining header information of the received packets, comparing a network destination address from said header information with a predetermined address, and identifying the received packets as the first packets when the network address matches the predetermined address. 4. The method of claim 2, wherein filtering includes identifying a type of data conveyed by the received packets, associating the identified type of data with a quality of service level, and identifying the received packets as the first packets when the quality of service level meets a threshold. 5. The method of claim 1, wherein filtering includes examining header information of the received packets, comparing a network address from said header information with a list having at least one predetermined address, identifying the received packets as the first packets when the network address matches the predetermined address, and identifying the received packets as the second packets when the network address does not match any predetermined address in the list. 6. The method of claim 1, wherein filtering includes determining whether the received packets are accompanied by a mnemonic label corresponding to the virtual private network and, if the received packets are accompanied by the mnemonic label, identifying the received packets as the first packets. 7. The method of claim 6, wherein the first machine is associated with a first endpoint of the first network, wherein the second machine corresponds to a second endpoint of the first network, and wherein the mnemonic label corresponds to at least one first route that connects said first endpoint with the second endpoint of the first network, wherein further the second machine is to remove the encapsulation added by the first machine before forwarding of the first packets to the one or more third party destinations. 8. The method of claim 1, wherein: the received packets are to be received as mixed traffic, comprising both the first packets and the second packets, from a first intermediary network;the second packets are to be exchanged by the first network with a second intermediary network; andeach of the first intermediary network, the second intermediary network and the first network is adapted to carry mixed Internet traffic between the one or more third party sources and the one or more third party destinations. 9. The method of claim 1, wherein: the first machine is associated with a first endpoint of the first network;the second machine corresponds to a second endpoint of the first network;the dedicated connection connects said first endpoint with the second endpoint of the first network;filtering includes examining header information for received packets, comparing a network destination address from said header information with a predetermined address outside of the first network, and identifying the received packets as the first packets when the network destination address matches the predetermined address; andthe second machine is to forward packets associated with the virtual private network from the first network to the network destination address. 10. The method of claim 1, wherein filtering includes examining header information of received packets, comparing a network destination address from said header information with a predetermined destination address, and automatically identifying the received packets as the first packets when the network destination address and a source of the received packets match a predetermined source-destination address pair. 11. The method of claim 1, wherein encapsulating the first packets includes encrypting those packets using an encryption key corresponding to a decryption key known a priori to the destination associated with the first network. 12. The method of claim 1, wherein filtering includes identifying a type of data conveyed by the received packets, associating the identified type of data with a quality of service level, and identifying the received packets as the first packets when the quality of service level meets a threshold. 13. An apparatus adapted for use in a first network, to route packets the packets originating from one or more third party sources to one or more third party destinations, each of the sources and destinations not being a part of the first network, the apparatus comprising: means for receiving the packets;means for filtering the received packets to distinguish first packets which are to be associated with a virtual private network from second packets which are not to be associated with the virtual private network;means for encapsulating the first packets;means for routing the encapsulated first packets via a dedicated line connection to a second machine associated with the first network, for forwarding of the first packets to the one or more third party destinations; andmeans for routing the second packets exclusively over at least one second connection, different than the dedicated connection, for forwarding to the one or more third party destinations;wherein the apparatus further comprises means for storing a first routing table and at least one second routing table, wherein one or more routes identified by the first routing table are mutually-exclusive to one or more routes identified by the at least one second routing table, wherein the means for routing the encapsulated, first packets is to use only one or more routes of the first routing table to route the encapsulated, first packets, and wherein the means for routing the second packets is to use only one or more routes of the at least one second routing table. 14. An apparatus comprising instructions stored on non-transitory machine-readable media, the instructions when executed to cause at least one processor in a first machine associated with a first network to: receive packets;filter the received packets to distinguish first packets which are to be associated with a virtual private network from second packets which are not to be associated with the virtual private network;encapsulate the first packets;route the encapsulated first packets via a dedicated line connection to a second machine associated with the first network, for forwarding of the first packets to one or more third party destinations; androute the second packets exclusively over at least one second connection, different than the dedicated connection, for forwarding to the one or more third party destinations;wherein the received packets originate from one or more third party sources and are addressed to the one or more third party destinations, and wherein each of the sources and destinations are not a part of the first network; wherein the instructions when executed are further to cause the at least one processor to store a first routing table and at least one second routing table, one or more routes identified by the first routing table being mutually-exclusive to one or more routes identified by the at least one second routing table,route the encapsulated, first packets using one or more routes of the first routing table, to the exclusion of each route of the second routing table, androute the second packets using only one or more routes of the at least one second routing table, to the exclusion of each route of the first routing table. 15. The apparatus of claim 14, wherein the instructions when executed are to cause the at least one processor to obtain the received the packets from the one or more third party sources via a channel service unit, the channel service unit to directly link the first network to a network of a predetermined client, via a dedicated connection. 16. The apparatus of claim 15, wherein the instructions when executed are to cause the at least one processor to examine header information of the received packets, compare a network destination address from said header information with a predetermined address, and identify the received packets as the first packets when the network address matches the predetermined address. 17. The apparatus of claim 15, wherein the instructions when executed are to cause the at least one processor to identify a type of data conveyed by the received packets, associate the identified type of data with a quality of service level, and identify the received packets as the first packets when the quality of service level meets a threshold. 18. The apparatus of claim 14, wherein the instructions when executed are to cause the at least one processor to examine header information of the received packets, compare a network address from said header information with a list having at least one predetermined address, identify the received packets as the first packets when the network address matches the predetermined address, and identify the received packets as the second packets when the network address does not match any predetermined address in the list. 19. The apparatus of claim 14, wherein the instructions when executed are to cause the at least one processor to determine whether the received packets are accompanied by a mnemonic label corresponding to the virtual private network and, if the received packets are accompanied by the mnemonic label, to identify the received packets as associated the first packets. 20. The apparatus of claim 19, wherein the first machine is associated with a first endpoint of the first network, wherein the second machine corresponds to a second endpoint of the first network, and wherein the mnemonic label corresponds to at least one first route that connects said first endpoint with the second endpoint of the first network, wherein further the second machine is to remove the encapsulation added by the first machine before forwarding of the first packets to the one or more third party destinations. 21. The apparatus of claim 14, wherein: the received packets are to be received as mixed traffic, comprising both the first packets and the second packets, from a first intermediary network;the second packets are to be exchanged by the first network with a second intermediary network; andeach of the first intermediary network, the second intermediary network and the first network is adapted to carry mixed Internet traffic between the one or more third party sources and the one or more third party destinations. 22. The apparatus of claim 14, wherein: the first machine is associated with a first endpoint of the first network;the second machine corresponds to a second endpoint of the first network;the dedicated connection connects said first endpoint with the second endpoint of the first network;the instructions when executed are to cause the at least one processor to examine header information for the received packets, to compare a network destination address from said header information with a predetermined address outside of the first network, and to identify the received packets as the first packets when the network destination address matches the predetermined address; andthe specific destination is to forward packets associated with the virtual private network from the first network to the network destination address. 23. The apparatus of claim 14, wherein the instructions when executed are to cause the at least one processor to examine header information of the received packets, to compare a network destination address from said header information with a predetermined destination address, and to automatically identify the received packets as the first packets when the network destination address and a source of the received packets match a predetermined source-destination address pair. 24. The apparatus of claim 14, wherein the instructions when executed are further to cause the at least one processor to encrypt the first packets using an encryption key corresponding to a decryption key known a priori to the destination associated with the first network. 25. The apparatus of claim 14, wherein the instructions when executed are further to cause the at least one processor to identify a type of data conveyed by the received packets, to associate the identified type of data with a quality of service level, and to identify the received packets as the first packets when the quality of service level meets a threshold.
Copyright KISTI. All Rights Reserved.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.