CA2308261A1 - Vlan implementation system and on-demand routable ip address service - Google Patents
Vlan implementation system and on-demand routable ip address service Download PDFInfo
- Publication number
- CA2308261A1 CA2308261A1 CA002308261A CA2308261A CA2308261A1 CA 2308261 A1 CA2308261 A1 CA 2308261A1 CA 002308261 A CA002308261 A CA 002308261A CA 2308261 A CA2308261 A CA 2308261A CA 2308261 A1 CA2308261 A1 CA 2308261A1
- Authority
- CA
- Canada
- Prior art keywords
- server
- routable
- vlan
- addresses
- users
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/14—Charging, metering or billing arrangements for data wireline or wireless communications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
- H04L61/5014—Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5061—Pools of addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/104—Grouping of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
- H04L12/4645—Details on frame tagging
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
- H04L12/467—Arrangements for supporting untagged frames, e.g. port-based VLANs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
Abstract
A server and method is provided to provide a specific service to network users. The server and method automatically provide user-to-server security using VLANs.
The server manages VLAN based on the request from a user for creating/deleting/joining/leaving VLANs. The server allows user to control groupings and overcomes the VLAN limit with the filtering policies on the switching infrastructure. In the second aspect of invention, the server and method provide a specific address based on requests from users. The server dynamically handles the management and facilitation of the requests. The server offers users reassignment of IP addresses from a first set of characteristics to a second set of characteristics with minimal user intervention. This allows users the ability to run a broader range of protocols. In the third aspect of invention, the server and method is provided to provide a routable IP address to a remote computer. The server allows pools of routable addresses to be maintained on one or more remote servers. The server can solve the shortage of the routable IP addresses.
The server manages VLAN based on the request from a user for creating/deleting/joining/leaving VLANs. The server allows user to control groupings and overcomes the VLAN limit with the filtering policies on the switching infrastructure. In the second aspect of invention, the server and method provide a specific address based on requests from users. The server dynamically handles the management and facilitation of the requests. The server offers users reassignment of IP addresses from a first set of characteristics to a second set of characteristics with minimal user intervention. This allows users the ability to run a broader range of protocols. In the third aspect of invention, the server and method is provided to provide a routable IP address to a remote computer. The server allows pools of routable addresses to be maintained on one or more remote servers. The server can solve the shortage of the routable IP addresses.
Description
VLAN Implementation System and On-demand Routable IP Address Service The present application relates to an Internet access server such as described in U. S.
Provisional Application 60/171,644, filed December27, 1999, the contents of which are incorporated herein by reference. The preferred embodiment of the Internet access server described in the U. S. Provisional Application 60/171,644 will be referred herein as the SolutionIP server.
Background of the Invention Without the use of VLANs it is possible for users on the system to see network traffic from other users. This presents a potential security problem for the system and its users;
When VLANs are used for security and group collaboration, but generally, they are manually configured ahead of time, on switching hardware. Additionally, there is a finite number of VLANs that the switching hierarchy can support and this physical limitation on the number of VLANs supported may be an issue.
In addition, some network protocols require fully mutable IP addresses to function (e.g.
tunnelling protocols including VPNs). Typically a user requesting a dynamic IP
address can be given either a routable or non-routable IP address depending upon the configuration of the DHCP
server on that network. Since dynamic switching from non-routable to routable IP addresses is not generally handled by the server, users are left to their own devices if they required a routable IP address but were served a non-routable IP address.
There is a need in the art for a system that overcomes the above difficulties.
Summary of the Invention It is an object of the invention to provide a VLAN Implementation System and On-demand Routable IP Address Service.
The systems of the present invention attempt to extend the SolutionIP VBN
server's capabilities in the following two areas:
1. VLAN enabling of the server to interpret and process VLAN tags coupled with server communication with the switching infrastructure for VLAN management.
This attempts to ensure user-to-server security and facilitatessecure group collaboration.
Provisional Application 60/171,644, filed December27, 1999, the contents of which are incorporated herein by reference. The preferred embodiment of the Internet access server described in the U. S. Provisional Application 60/171,644 will be referred herein as the SolutionIP server.
Background of the Invention Without the use of VLANs it is possible for users on the system to see network traffic from other users. This presents a potential security problem for the system and its users;
When VLANs are used for security and group collaboration, but generally, they are manually configured ahead of time, on switching hardware. Additionally, there is a finite number of VLANs that the switching hierarchy can support and this physical limitation on the number of VLANs supported may be an issue.
In addition, some network protocols require fully mutable IP addresses to function (e.g.
tunnelling protocols including VPNs). Typically a user requesting a dynamic IP
address can be given either a routable or non-routable IP address depending upon the configuration of the DHCP
server on that network. Since dynamic switching from non-routable to routable IP addresses is not generally handled by the server, users are left to their own devices if they required a routable IP address but were served a non-routable IP address.
There is a need in the art for a system that overcomes the above difficulties.
Summary of the Invention It is an object of the invention to provide a VLAN Implementation System and On-demand Routable IP Address Service.
The systems of the present invention attempt to extend the SolutionIP VBN
server's capabilities in the following two areas:
1. VLAN enabling of the server to interpret and process VLAN tags coupled with server communication with the switching infrastructure for VLAN management.
This attempts to ensure user-to-server security and facilitatessecure group collaboration.
2. Issuing mutable IP addresses to requesting users on-demand. This feature deals primarily with enabling virtual private networks (VPN) on the server. This and other technologies sometimes require a fully routable IP address to function.
According to one aspect of the invention, there is provided a VLAN
implementation system for use with an Internet access server such as SolutionIP VBN server.
The VLAN
implementation system provides user-to-server security using VLANs whose management is automated by the server. The system also aims at enabling the server to facilitate user initiated group collaboration by placing users requesting the service in the same ULAN.
Additionally, the system aims at overcoming the VLAN limit through creative use of the filtering policies on the switching infrastructure.
The VLAN implementation system provides user-to-server security by placing each individual user into separate VLANs. The server's automation and management of VLAN
creation/deletion facilitate this process, which allows us to control groupings of users into common VLANs (i.e. group collaboration). Additionally, the filtering policies implemented on the switches allow us to utilize more VLANs than typically possible.
According to a second aspect of the invention, there is provided a dynamic switching system that offers users the choice of a mutable IP address on-demand. Through this system, the SolutionIP VBN server dynamically handles the management and facilitation of the requests. The dynamic switching system of the present invention offers users transparent re-assignment of IP
addresses from non-routable to routable. This allows users the ability to run a broader range of protocols.
Detailed Description of the Invention VLAN implementation system VLAN enabling of the server allows the processing of ULAN tags and various VLAN
services such as: create VLAN, show VLAN and delete VLAN. The ULAN
implementation system is further described in Figures 1 to 4.
Features of the VLAN implementation system comprise:
~ processing of VLAN tags by the SolutionIP VBN server.
~ switch filtering policies that enable us to effectively bypass the physical limit on the number of VLANs capable of being deployed on the switching infrastructure.
Interactive Virtual Local Area Network (IVLAN) A preferred embodiment of the first aspect of the invention will be referred herein as an Interactive Virtual Local Area network (1VLAN).
IVLAN is a communications technology that enables devices communicating with the TCP/IP protocol (the communications protocol of the Internet) to gain secure private and group access to any foreign TCP/IP network that has IVLAN installed. A foreign TCP/IP network which allows access on a temporary basis is often termed a Visitor Based Network (VBN), and is typically composed of core and leaf switches which route messages to and from client devices.
A Virtual Local Area Network (ULAN) is typically established on the network of switches to facilitate message traffic. This technology allows for all clients of the VBN to communicate with each other and any services available via the VBN Gateway.
The capability for clients to communicate with each other is often suppressed on VBNs due to security considerations; for example, while guests at a hotel may wish to share data with some other guests, it would be considered unacceptable to share that data with every hotel guest registered with the hotel VBN. Since VLAN creation and maintenance must typically be performed manually by a network administrator, most VBN systems will include at most one VLAN.
The IVLAN technology allows for the dynamic creation of secure VLANs interactively by registered users of a VBN. The user may create a group ULAN and grant access to other registered users on a user name/password basis. IVLAN also allows for registered users to access VBN Gateway services via a secure private VLAN in which no other user may participate.
IVLAN executes on the Linux operating system and comprises the following components:
1. IEEE 802.1 Q Compliant core switch;
2. IEEE 802.1Q Compliant leaf switches;
3. Custom built Simple Network Manager (SNM);
According to one aspect of the invention, there is provided a VLAN
implementation system for use with an Internet access server such as SolutionIP VBN server.
The VLAN
implementation system provides user-to-server security using VLANs whose management is automated by the server. The system also aims at enabling the server to facilitate user initiated group collaboration by placing users requesting the service in the same ULAN.
Additionally, the system aims at overcoming the VLAN limit through creative use of the filtering policies on the switching infrastructure.
The VLAN implementation system provides user-to-server security by placing each individual user into separate VLANs. The server's automation and management of VLAN
creation/deletion facilitate this process, which allows us to control groupings of users into common VLANs (i.e. group collaboration). Additionally, the filtering policies implemented on the switches allow us to utilize more VLANs than typically possible.
According to a second aspect of the invention, there is provided a dynamic switching system that offers users the choice of a mutable IP address on-demand. Through this system, the SolutionIP VBN server dynamically handles the management and facilitation of the requests. The dynamic switching system of the present invention offers users transparent re-assignment of IP
addresses from non-routable to routable. This allows users the ability to run a broader range of protocols.
Detailed Description of the Invention VLAN implementation system VLAN enabling of the server allows the processing of ULAN tags and various VLAN
services such as: create VLAN, show VLAN and delete VLAN. The ULAN
implementation system is further described in Figures 1 to 4.
Features of the VLAN implementation system comprise:
~ processing of VLAN tags by the SolutionIP VBN server.
~ switch filtering policies that enable us to effectively bypass the physical limit on the number of VLANs capable of being deployed on the switching infrastructure.
Interactive Virtual Local Area Network (IVLAN) A preferred embodiment of the first aspect of the invention will be referred herein as an Interactive Virtual Local Area network (1VLAN).
IVLAN is a communications technology that enables devices communicating with the TCP/IP protocol (the communications protocol of the Internet) to gain secure private and group access to any foreign TCP/IP network that has IVLAN installed. A foreign TCP/IP network which allows access on a temporary basis is often termed a Visitor Based Network (VBN), and is typically composed of core and leaf switches which route messages to and from client devices.
A Virtual Local Area Network (ULAN) is typically established on the network of switches to facilitate message traffic. This technology allows for all clients of the VBN to communicate with each other and any services available via the VBN Gateway.
The capability for clients to communicate with each other is often suppressed on VBNs due to security considerations; for example, while guests at a hotel may wish to share data with some other guests, it would be considered unacceptable to share that data with every hotel guest registered with the hotel VBN. Since VLAN creation and maintenance must typically be performed manually by a network administrator, most VBN systems will include at most one VLAN.
The IVLAN technology allows for the dynamic creation of secure VLANs interactively by registered users of a VBN. The user may create a group ULAN and grant access to other registered users on a user name/password basis. IVLAN also allows for registered users to access VBN Gateway services via a secure private VLAN in which no other user may participate.
IVLAN executes on the Linux operating system and comprises the following components:
1. IEEE 802.1 Q Compliant core switch;
2. IEEE 802.1Q Compliant leaf switches;
3. Custom built Simple Network Manager (SNM);
4. Common Gateway Interface (CGI) Components accessed via HTML pages;
Registration Driver incorporated into the Linux kernel; and 6. Modified Linux kernel Packet Driver.
The following paragraphs describe in more detail the technology encapsulated by IVLAN
in the creation, maintenance, and use of VLANs.
IVLAN client registration is performed via a Hypertext Meta-Language (HTML) interface, where a client may interactively select to create a private VLAN, a group VLAN, or to join an existing group VLAN. If a VBN client registers for access to services available from the VBN Gateway, a private VLAN is established using the core - leaf switch mechanism for the use of the client user.
Alternatively, the client may register to administer a Group VLAN, supplying a VLAN username and password that other clients may use to gain access to the Group VLAN.
The username, password and the selected number of allowed users are recorded by the Common Gateway Interface (CGI) components that underlie the IVLAN VBN
registration HTML pages. Other clients may indicate upon registration of VBN services that they wish to join a Group VLAN, providing the user name and password for authentication. An example of a VBN utilizing IVLAN is shown in Figure 6.
During the registration process, the CGI components communicate with a custom built Simple Network Manager (SNM) process which executes on the VBN Server.
The SNM
issues SNMP commands to create both private and group VLANs on the core - leaf switch system. Communication ports of the core - leaf switch system are assigned as necessary to the created VLANs as clients register for access.
Private and Group VLANs may co-exist within the VBN due to the ability to tag message packets as they flow through the routing system. The IEEE 802.1Q
standard provides for the capability to include a Q-Tag as part of the Ethernet frame of a message packet. The VBN Server manages the addition and removal of Q-Tags for the message traffic of the clients, which need not necessarily contain 802.1 Q compliant NIC
hardware. The CGI
components obtain the Q-Tag generation ID from the VBN Server Registration Driver during the registration process for the purpose of VLAN creation. The VLAN is created as a final activity of the registration process.
For a private ULAN, utilized for VBN Gateway access, Ethernet frames will be tagged and untagged as part of the packet routing through the core - leaf switch system.
When a message is transmitted by a client, it is untagged. The leaf switch to which the client is connected will insert a Q-Tag in the Ethernet frame before it is routed to the core switch.
The message packet is routed through the core switch to the VBN Server, where the Q-Tag is stripped from the Ethernet frame by the Packet Driver which executes as part of the VBN
Server kernel. The VBN Server Packet Driver also inserts Q-Tags into the Ethernet frames of incoming message packets destined for the client. The mapping between client and Q-Tags is based on the private VLAN ID and upon the IP Address assigned by the VBN
Server DHCP
process, both of which are assigned during the registration process.
For a Group VLAN, Ethernet frames may or may not be tagged as part of the routing of the packet through the system. If all clients belonging to the VLAN are physically connected to the same leaf switch, no Q-Tags are inserted in the Ethernet frame of the packets. However, if clients are connected to different leaf switches within the system, the packets must be routed through the core switch connected to each leaf. In this instance, the Ethernet frames will be tagged before leaving the source leaf switch, and untagged before leaving the destination leaf switch.
Both private and group VLANs are de-assigned from the communication ports of the switching system at the expiry of the user registration lease.
It will be understood by those skilled in the art that KLAN may execute on UNIX
type operating systems other than Linux.
On-demand routable IP address service The on-demand mutable IP address service includes both the tracking and management of IP addresses by the server. The transparent reassignment is handled using DHCP. The service is further described in Figure 5.
Features of the on-demand routable IP address service comprises:
control of IP assignment by the SolutionIP VBN server such that it can dynamically reassign IP addresses on demand.
ReaIIP
A preferred embodiment of the second aspect of the invention will be referred herein as ReaIIP.
ReaIIP is an Internet Protocol (IP) Address allocation technology that enables a Dynamic Host Configuration (DHCP) Server to allocate both routable and non-routable IP
addresses.
IP addresses are utilized by devices communicating with the TCP/IP protocol (the communications protocol of the Internet) to determine the routing of network traffic to and from clients. Typically, network clients are configured either with a static IP address, or to request the allocation of an IP address from a DHCP server.
When a client configured for DHCP is initially connected to a TCP/Tf network, it issues a broadcast message requesting an IP address. Typically, the DHCP
server will respond with an IP address allocated from a pool of addresses that it maintains. T'he DHCP
server can maintain a pool of either routable or non-routable addresses.
Routable and non-mutable addresses differ fundamentally in that devices with non-routable addresses must initiate any communication. Devices with routable addresses may be contacted by other devices without first initiating the communications flow.
The difference is of interest in the use of Visitor Based Networks (VBNs). A Visitor Based Network is one in which clients connect for temporary access to network or Internet services.
A common implementation of a VBN is a hotel service in which guests may connect to a hotel gateway server for Internet access. Since the number of available routable IP
addresses in this situation is typically smaller than the number of connections available to guests, a pool of non-routable IP addresses is generally utilized by the VBN
DHCP server.
However, this practice limits the capabilities that a guest has available from such a VBN
connection. For example, a common use of digital communications is net-meeting, in which a number of participants may interact electronically through a net meeting server hosted by one of the participants. Without a routable IP address, the hotel guest is unable to host such a meeting for others who are participating via the Internet.
The ReaIIP system allows a network client to request either a routable or non-routable IP Address depending on the client need. ReaIIP executes on the Linux operating system and comprises the following:
1. Common Gateway Interface (CGI) components accessed via Hypertext Meta-Language (HTML) pages;
2. Registration Driver incorporated into the VBN kernel; and 3. Custom built DHCP Server.
The following paragraphs describe in more detail the technology encapsulated by ReaIIP.
When the DHCP server is contacted upon client connection, it receives a non-mutable IP address from the Registration Driver which is incorporated into the VBN
Operating System (OS) kernel. The Registration Driver maintains the pool of IP addresses rather than the DHCP server and maintains a mapping of registered clients and assigned addresses. In this manner, the Registration Driver may maintain both a pool of non-routable addresses and a pool of routable addresses. This process is illustrated in Figure 7.
The client may interactively request the use of a routable IP address through HTML
pages which reside on the VBN server. CGI components that underlie the functionality of the HTML pages will communicate the request to the Registration Driver. The Registration Driver will respond with an IP address allocated from the pool of routable addresses, and release the temporary non-routable IP address previously assigned.
Since the Registration Driver maintains the mapping of VBN clients to allocated IP
addresses, both routable and non-routable addresses may be assigned on request.
It will be understood by those skilled in the art that ReaIIP may execute on UNIX
type operating systems other than Linux:
In a further embodiment, the invention also comprises: Switch/VLAN management using SNMP.
Numerous modifications, variations and adaptations may be made to the particular embodiments of the invention described in the documents attached herein, without departing from the scope of the invention, which is defined in the claims.
Registration Driver incorporated into the Linux kernel; and 6. Modified Linux kernel Packet Driver.
The following paragraphs describe in more detail the technology encapsulated by IVLAN
in the creation, maintenance, and use of VLANs.
IVLAN client registration is performed via a Hypertext Meta-Language (HTML) interface, where a client may interactively select to create a private VLAN, a group VLAN, or to join an existing group VLAN. If a VBN client registers for access to services available from the VBN Gateway, a private VLAN is established using the core - leaf switch mechanism for the use of the client user.
Alternatively, the client may register to administer a Group VLAN, supplying a VLAN username and password that other clients may use to gain access to the Group VLAN.
The username, password and the selected number of allowed users are recorded by the Common Gateway Interface (CGI) components that underlie the IVLAN VBN
registration HTML pages. Other clients may indicate upon registration of VBN services that they wish to join a Group VLAN, providing the user name and password for authentication. An example of a VBN utilizing IVLAN is shown in Figure 6.
During the registration process, the CGI components communicate with a custom built Simple Network Manager (SNM) process which executes on the VBN Server.
The SNM
issues SNMP commands to create both private and group VLANs on the core - leaf switch system. Communication ports of the core - leaf switch system are assigned as necessary to the created VLANs as clients register for access.
Private and Group VLANs may co-exist within the VBN due to the ability to tag message packets as they flow through the routing system. The IEEE 802.1Q
standard provides for the capability to include a Q-Tag as part of the Ethernet frame of a message packet. The VBN Server manages the addition and removal of Q-Tags for the message traffic of the clients, which need not necessarily contain 802.1 Q compliant NIC
hardware. The CGI
components obtain the Q-Tag generation ID from the VBN Server Registration Driver during the registration process for the purpose of VLAN creation. The VLAN is created as a final activity of the registration process.
For a private ULAN, utilized for VBN Gateway access, Ethernet frames will be tagged and untagged as part of the packet routing through the core - leaf switch system.
When a message is transmitted by a client, it is untagged. The leaf switch to which the client is connected will insert a Q-Tag in the Ethernet frame before it is routed to the core switch.
The message packet is routed through the core switch to the VBN Server, where the Q-Tag is stripped from the Ethernet frame by the Packet Driver which executes as part of the VBN
Server kernel. The VBN Server Packet Driver also inserts Q-Tags into the Ethernet frames of incoming message packets destined for the client. The mapping between client and Q-Tags is based on the private VLAN ID and upon the IP Address assigned by the VBN
Server DHCP
process, both of which are assigned during the registration process.
For a Group VLAN, Ethernet frames may or may not be tagged as part of the routing of the packet through the system. If all clients belonging to the VLAN are physically connected to the same leaf switch, no Q-Tags are inserted in the Ethernet frame of the packets. However, if clients are connected to different leaf switches within the system, the packets must be routed through the core switch connected to each leaf. In this instance, the Ethernet frames will be tagged before leaving the source leaf switch, and untagged before leaving the destination leaf switch.
Both private and group VLANs are de-assigned from the communication ports of the switching system at the expiry of the user registration lease.
It will be understood by those skilled in the art that KLAN may execute on UNIX
type operating systems other than Linux.
On-demand routable IP address service The on-demand mutable IP address service includes both the tracking and management of IP addresses by the server. The transparent reassignment is handled using DHCP. The service is further described in Figure 5.
Features of the on-demand routable IP address service comprises:
control of IP assignment by the SolutionIP VBN server such that it can dynamically reassign IP addresses on demand.
ReaIIP
A preferred embodiment of the second aspect of the invention will be referred herein as ReaIIP.
ReaIIP is an Internet Protocol (IP) Address allocation technology that enables a Dynamic Host Configuration (DHCP) Server to allocate both routable and non-routable IP
addresses.
IP addresses are utilized by devices communicating with the TCP/IP protocol (the communications protocol of the Internet) to determine the routing of network traffic to and from clients. Typically, network clients are configured either with a static IP address, or to request the allocation of an IP address from a DHCP server.
When a client configured for DHCP is initially connected to a TCP/Tf network, it issues a broadcast message requesting an IP address. Typically, the DHCP
server will respond with an IP address allocated from a pool of addresses that it maintains. T'he DHCP
server can maintain a pool of either routable or non-routable addresses.
Routable and non-mutable addresses differ fundamentally in that devices with non-routable addresses must initiate any communication. Devices with routable addresses may be contacted by other devices without first initiating the communications flow.
The difference is of interest in the use of Visitor Based Networks (VBNs). A Visitor Based Network is one in which clients connect for temporary access to network or Internet services.
A common implementation of a VBN is a hotel service in which guests may connect to a hotel gateway server for Internet access. Since the number of available routable IP
addresses in this situation is typically smaller than the number of connections available to guests, a pool of non-routable IP addresses is generally utilized by the VBN
DHCP server.
However, this practice limits the capabilities that a guest has available from such a VBN
connection. For example, a common use of digital communications is net-meeting, in which a number of participants may interact electronically through a net meeting server hosted by one of the participants. Without a routable IP address, the hotel guest is unable to host such a meeting for others who are participating via the Internet.
The ReaIIP system allows a network client to request either a routable or non-routable IP Address depending on the client need. ReaIIP executes on the Linux operating system and comprises the following:
1. Common Gateway Interface (CGI) components accessed via Hypertext Meta-Language (HTML) pages;
2. Registration Driver incorporated into the VBN kernel; and 3. Custom built DHCP Server.
The following paragraphs describe in more detail the technology encapsulated by ReaIIP.
When the DHCP server is contacted upon client connection, it receives a non-mutable IP address from the Registration Driver which is incorporated into the VBN
Operating System (OS) kernel. The Registration Driver maintains the pool of IP addresses rather than the DHCP server and maintains a mapping of registered clients and assigned addresses. In this manner, the Registration Driver may maintain both a pool of non-routable addresses and a pool of routable addresses. This process is illustrated in Figure 7.
The client may interactively request the use of a routable IP address through HTML
pages which reside on the VBN server. CGI components that underlie the functionality of the HTML pages will communicate the request to the Registration Driver. The Registration Driver will respond with an IP address allocated from the pool of routable addresses, and release the temporary non-routable IP address previously assigned.
Since the Registration Driver maintains the mapping of VBN clients to allocated IP
addresses, both routable and non-routable addresses may be assigned on request.
It will be understood by those skilled in the art that ReaIIP may execute on UNIX
type operating systems other than Linux:
In a further embodiment, the invention also comprises: Switch/VLAN management using SNMP.
Numerous modifications, variations and adaptations may be made to the particular embodiments of the invention described in the documents attached herein, without departing from the scope of the invention, which is defined in the claims.
Claims (2)
OR PRIVILEGE IS CLAIMED ARE DEFINED AS FOLLOWS:
1. A method of implementing VLAN for use with an Internet access server, the method comprising:
a) processing of VLAN tags by the server; and b) using switch filtering policies for bypassing the physical limit on the number of VLANs capable of being deployed on a switching infrastructure.
a) processing of VLAN tags by the server; and b) using switch filtering policies for bypassing the physical limit on the number of VLANs capable of being deployed on a switching infrastructure.
2. An method of performing on-demand routable IP address service within an Internet access server, the method comprising:
a)controlling IP assignments by the server ; and b)dynamically reassigning IP addresses on demand based on the controlled IP
assignments.
a)controlling IP assignments by the server ; and b)dynamically reassigning IP addresses on demand based on the controlled IP
assignments.
Priority Applications (4)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CA002308261A CA2308261A1 (en) | 2000-05-12 | 2000-05-12 | Vlan implementation system and on-demand routable ip address service |
| AU2001258123A AU2001258123A1 (en) | 2000-05-12 | 2001-05-14 | Server and method for providing specific network services |
| CA2408631A CA2408631C (en) | 2000-05-12 | 2001-05-14 | Server and method for providing secure access to a group of users |
| PCT/CA2001/000675 WO2001086906A2 (en) | 2000-05-12 | 2001-05-14 | Server and method for providing specific network services |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CA002308261A CA2308261A1 (en) | 2000-05-12 | 2000-05-12 | Vlan implementation system and on-demand routable ip address service |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CA2308261A1 true CA2308261A1 (en) | 2001-11-12 |
Family
ID=4166148
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA002308261A Abandoned CA2308261A1 (en) | 2000-05-12 | 2000-05-12 | Vlan implementation system and on-demand routable ip address service |
Country Status (3)
| Country | Link |
|---|---|
| AU (1) | AU2001258123A1 (en) |
| CA (1) | CA2308261A1 (en) |
| WO (1) | WO2001086906A2 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9806970B2 (en) | 2015-02-06 | 2017-10-31 | Crestron Electronics, Inc. | IP address conflict resolution system and method |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030235191A1 (en) * | 2002-06-19 | 2003-12-25 | Heggarty Jonathan W. | VLAN inheritance |
| US7502333B2 (en) * | 2004-03-23 | 2009-03-10 | Hewlett-Packard Development Company, L.P. | Pre-configured topology with connection management |
| US8775571B2 (en) * | 2005-06-07 | 2014-07-08 | Extreme Networks, Inc. | Methods, systems, and computer program products for dynamic network access device port and user device configuration for implementing device-based and user-based policies |
| US8751649B2 (en) | 2005-06-07 | 2014-06-10 | Extreme Networks | Port management system |
| US8279874B1 (en) | 2007-03-30 | 2012-10-02 | Extreme Networks, Inc. | Self-configuring network |
| US10320626B1 (en) | 2016-04-07 | 2019-06-11 | Wells Fargo Bank, N.A. | Application discovery and dependency mapping |
| JP6585656B2 (en) * | 2017-05-10 | 2019-10-02 | 株式会社ソニー・インタラクティブエンタテインメント | Computer system for production line and network setting method thereof |
| CN113824809B (en) * | 2021-07-14 | 2023-07-18 | 中国人民解放军63626部队 | IP resource information management system and method applied to spaceflight transmitting field |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| IL118984A (en) * | 1996-07-30 | 2003-12-10 | Madge Networks Israel Ltd | APPARATUS AND METHOD FOR ASSIGNING VIRTUAL LANs TO A SWITCHED NETWORK |
| US6546005B1 (en) * | 1997-03-25 | 2003-04-08 | At&T Corp. | Active user registry |
| US6360257B1 (en) * | 1998-01-30 | 2002-03-19 | Telefonaktiebolaget L M Ericsson (Publ) | Managing group IP addresses in mobile end stations |
| US6614788B1 (en) * | 1998-03-03 | 2003-09-02 | Sun Microsystems, Inc. | Network address management |
| US6188691B1 (en) * | 1998-03-16 | 2001-02-13 | 3Com Corporation | Multicast domain virtual local area network |
| US6167052A (en) * | 1998-04-27 | 2000-12-26 | Vpnx.Com, Inc. | Establishing connectivity in networks |
| US6052725A (en) * | 1998-07-02 | 2000-04-18 | Lucent Technologies, Inc. | Non-local dynamic internet protocol addressing system and method |
-
2000
- 2000-05-12 CA CA002308261A patent/CA2308261A1/en not_active Abandoned
-
2001
- 2001-05-14 WO PCT/CA2001/000675 patent/WO2001086906A2/en active Application Filing
- 2001-05-14 AU AU2001258123A patent/AU2001258123A1/en not_active Abandoned
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9806970B2 (en) | 2015-02-06 | 2017-10-31 | Crestron Electronics, Inc. | IP address conflict resolution system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2001086906A3 (en) | 2002-09-06 |
| WO2001086906A2 (en) | 2001-11-15 |
| AU2001258123A1 (en) | 2001-11-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7356841B2 (en) | Server and method for providing specific network services | |
| US9705846B2 (en) | Methods and apparatus for providing high speed connectivity to a hotel environment | |
| US6934754B2 (en) | Methods and apparatus for processing network data transmissions | |
| EP3080707B1 (en) | Identity and access management-based access control in virtual networks | |
| US8370834B2 (en) | Routing across a virtual network | |
| US7693507B2 (en) | Wireless network control device and wireless network control system | |
| US8332523B2 (en) | Architecture to enable keyboard, video and mouse (KVM) access to a target from a remote client | |
| US20030140142A1 (en) | Initiating connections through firewalls and network address translators | |
| US20040205188A1 (en) | Distributed server functionality for emulated lan | |
| CN103685026A (en) | Virtual network access method and system | |
| WO2014121514A1 (en) | Method, device and system for realizing private network traversal | |
| CA2308261A1 (en) | Vlan implementation system and on-demand routable ip address service | |
| US20040083290A1 (en) | Software implemented virtual private network service | |
| WO2020029793A1 (en) | Internet access behavior management system, device and method | |
| Cisco | Configuring Easy IP | |
| Cisco | Configuring Cisco Easy IP | |
| EP1413095B1 (en) | System and method for providing services in virtual private networks | |
| CN113014559A (en) | Message processing method and device | |
| US20050216598A1 (en) | Network access system and associated methods | |
| Hara et al. | VPN architecture enabling users to be associated with multiple VPNs | |
| CA2408631C (en) | Server and method for providing secure access to a group of users | |
| Terada et al. | Access control for inter-organizational computer network environment | |
| Cullen | Virtual Local Area Networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| FZDE | Discontinued |