Scalable security services for multicast in a router having integrated zone-based firewall

A technology of routers and firewalls, applied in the field of computer networks, can solve problems such as waste of firewall resources

Active Publication Date: 2010-02-17
JUMIPER NETWORKS INC
View PDF1 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Furthermore, the expressive nature of current systems tends to focus on splitting the multicast into n-way unicast streams for separate application security services, which leads to a waste of resources in the firewall

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Scalable security services for multicast in a router having integrated zone-based firewall
  • Scalable security services for multicast in a router having integrated zone-based firewall
  • Scalable security services for multicast in a router having integrated zone-based firewall

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0023] figure 1is a block diagram illustrating an exemplary network environment 2 in which an exemplary multicast-enabled router 20 , which may represent any routing device, includes an integrated firewall (FW) 22 . In this example, FW 22 provides a zone-based firewall service that allows zone-based security policies to be defined and applied to different network interfaces of the router. exist figure 1 In the example shown, router 20 includes ingress interfaces 23A-23N and egress interfaces 25A-25N for sending multicast communications and multicast action requests to clients 24 and service provider network 27 via physical network connections, and for receiving requests from Multicast communication and multicast action requests for client and service provider networks. Router 20 provides user interfaces that allow service providers to define zones and corresponding security policies on these physical interfaces. In addition, the user interface supports a command syntax that...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

A multicast-capable firewall allows firewall security policies to be applied to multicast traffic. The multicast-capable firewall may be integrated within a routing device, thus allowing a single device to provide both routing functionality, including multicast support, as well as firewall services. The routing device provides a user interface by which a user specifies one or more zones to be recognized by the integrated firewall when applying stateful firewall services to multicast packets. The user interface supports a syntax that allows the user to define subsets of the plurality of interfaces associated with the zones, and define a single multicast policy to be applied to multicast sessions associated with a multicast group. The multicast policy identifies common services to be applied pre-replication, and exceptions specifying additional services to be applied post-replication to copies of the multicast packets for the one or more zones.

Description

technical field [0001] The present invention relates to computer networks, and more particularly, to the transmission of multicast communications in computer networks. Background technique [0002] A computer network is a collection of interconnected computing devices that exchange data and share resources. There are a variety of methods to communicate data between computing devices within a network. One method, often referred to as "multicasting," uses a multicast tree in which a source device sends a single data packet for distribution to a group of one or more receiving computing devices. Using multicast, a source device assigns a multicast identifier to the data such that each computing device in the group receives a copy of the data. In some cases, the source device sends the multicast packet over the network to a router configured for multicast. In turn, the router replicates the packet and forwards a copy of the packet to other multicast-enabled routers. Other rou...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/56H04L12/18H04L29/06H04L45/16
CPCH04L12/18H04L63/104H04L45/00H04L63/0254H04L45/16H04L63/0227H04L45/30H04L45/645
Inventor 卡纳安·瓦拉德汉让-马克·弗拉伊朗安贾恩·文卡特拉马尼
Owner JUMIPER NETWORKS INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap