Legal claims defining the scope of protection, as filed with the USPTO.
1. A packet switching device, comprising: one or more processing elements; memory; a plurality of interfaces configured to send and receive packets; and one or more packet switching mechanisms configured to packet switch packets among said interfaces; wherein the packet switching device is configured to perform operations, including: receiving on one of the plurality of interfaces a particular packet from another packet switching device; and in response to determining to apply a service to the particular packet by one or more application nodes located remotely from the packet switching device: creating a request packet encapsulating the particular packet, with the request packet including an identification of a general service to be applied to the particular packet by said one or more application nodes, and one or more service parameters for the general service defining a particular service of the general service, with the identification of the general service and said one or more service parameters said included in the request packet in fields not within the particular packet; forwarding the request packet to a particular application node of said one or more application nodes, wherein each of said one or more application nodes is external to the packet switching device; receiving on one of the plurality of interfaces from an external source, a response packet corresponding to said forwarded request packet, the response packet encapsulating a service-applied packet corresponding to the particular packet after at least the particular service has been applied to the particular packet, not to the request packet, by said one or more application nodes; extracting the service-applied packet from the response packet; and sending the service-applied packet or a packet derived from the service-applied packet from the packet switching device on one of the plurality of interfaces; wherein the packet switching device, said another packet switching device, and each of said one or more application nodes are different stand-alone appliances communicatively coupled via one or more networks.
2. The packet switching device of claim 1 , wherein the identification of the general service and said one or more service parameters for the general service are encoded in one or more type-length-value (TLV) elements in the request packet.
3. The packet switching device of claim 1 , wherein the general service is a Firewall (FW) service.
4. The packet switching device of claim 1 , wherein said operations include: maintaining, by the packet switching device, forwarding information for a plurality of virtual private networks (VPNs); wherein the request packet and the response packet each include an identification of a particular VPN of the plurality of VPNs, with the particular VPN associated with the particular packet; and wherein said operation of sending the service-applied packet or a packet derived from the service-applied packet from the packet switching device is based on said maintained forwarding information for the particular VPN.
5. An application node, comprising: one or more processing elements; memory; a plurality of interfaces configured to send and receive packets; and wherein the application node is configured to perform operations, including: receiving on one of the plurality of interfaces by the application node of one or more application nodes a request packet from a particular service node different from said one or more application nodes, including: a particular packet, an identification of a general service to be applied to the particular packet by said one or more application nodes, and one or more service parameters for the general service defining a particular service of the general service, with the identification of the general service and said one or more service parameters said included in the request packet in fields not within the particular packet; extracting the particular packet from said received request packet; applying the particular service to the particular packet, such that the result of said applying operation is a service-applied packet corresponding to the particular packet; creating a response packet corresponding to said received request packet, with the response packet encapsulating the service-applied packet; and sending the response packet to: the particular service node, or another application node for applying one or more additional services to the service-applied packet before a packet derived from the service-applied packet is communicated to the particular service node; wherein the particular service node and the application node are different stand-alone appliances communicatively coupled via one or more networks.
6. The application node of claim 5 , wherein the identification of the general service and said one or more service parameters for the general service are encoded in one or more type-length-value (TLV) elements in the request packet.
7. The application node of claim 5 , wherein the request packet and the response packet each include an identification of a particular virtual private network (VPN) of a plurality of VPNs, with the particular VPN associated with the particular packet.
8. The application node of claim 7 , wherein said application of the particular service to the particular packet is based on the particular VPN.
9. A method, comprising: receiving, by a packet switching device from another packet switching device via a network, a particular packet; and in response to determining by the packet switching device to apply a particular service to the particular packet by one or more application nodes located remotely from the packet switching device: creating, by the packet switching device, a request packet encapsulating the particular packet, with the request packet including one or more additional attributes for the particular service to be applied to the particular packet by said one or more application nodes, with said one or more additional attributes said included in the request packet in fields not within the particular packet; forwarding, by the packet switching device, the request packet to a particular application node of said one or more application nodes, wherein each of said one or more application nodes is external to the packet switching device; receiving, by the packet switching device from an external source, a response packet corresponding to said forwarded request packet, the response packet encapsulating a service-applied packet corresponding to the particular packet after at least the particular service has been applied to the particular packet, not to the request packet, by said one or more application nodes; extracting the service-applied packet from the response packet; and sending the service-applied packet or a packet derived from the service-applied packet from the packet switching device; wherein the packet switching device, said another packet switching device, and each of said one or more application nodes are different stand-alone appliances communicatively coupled via one or more networks.
10. The method of claim 9 , where said one or more additional attributes are included in the request packet in fields between forwarding information for the request packet and the particular packet.
11. The method of claim 10 , wherein said one or more additional attributes and the particular packet are in adjacent fields in the request packet.
12. The method of claim 9 , comprising: maintaining, by the packet switching device, forwarding information for a plurality of virtual private networks (VPNs); wherein the request packet and the response packet each include an identification of a particular VPN of the plurality of VPNs, with the particular VPN associated with the particular packet; and wherein said operation of sending the service-applied packet or a packet derived from the service-applied packet from the packet switching device is based on said maintained forwarding information for the particular VPN.
13. The method of claim 12 , wherein said one or more additional attributes include the identification of the particular VPN in the request packet.
14. The method of claim 13 , where said one or more additional attributes are included in the request packet in fields between forwarding information for the request packet and the particular packet.
15. The method of claim 14 , wherein said one or more additional attributes and the particular packet are in adjacent fields in the request packet.
16. A method, comprising: receiving, by an application node of one or more application nodes in a network, a request packet from a particular service node different from said one or more application nodes requesting a particular service, with the request packet including one or more additional attributes and a particular packet, with said one or more additional attributes said included in the request packet in fields not within the particular packet; extracting the particular packet from said received request packet; applying, by the application node, the particular service to the particular packet based on said one or more additional attributes, such that the result of said applying operation is a service-applied packet corresponding to the particular packet; creating, by the application node, a response packet corresponding to said received request packet, with the response packet encapsulating the service-applied packet; and sending the response packet to: the particular service node, or another application node for applying one or more additional services to the service-applied packet before a packet derived from the service-applied packet is communicated to the particular service node; wherein the particular service node and the application node are different stand-alone appliances communicatively coupled via one or more networks.
17. The method of claim 16 , wherein the request packet and the response packet each include an identification of a particular virtual private network (VPN) of a plurality of VPNs, with the particular VPN associated with the particular packet.
18. The method of claim 17 , wherein said application of the particular service to the particular packet is based on the particular VPN.
19. The method of claim 17 , wherein said one or more additional attributes include the identification of the particular VPN in the request packet; and wherein the identification of the particular VPN in the response packet is located in fields between forwarding information for the response packet and the service-applied packet.
20. The method of claim 16 , where said one or more additional attributes are included in the request packet in fields between forwarding information for the request packet and the particular packet; and wherein said one or more additional attributes and the particular packet are in adjacent fields in the request packet.
21. A packet switching device, comprising: one or more processing elements; memory; a plurality of interfaces configured to send and receive packets; and one or more packet switching mechanisms configured to packet switch packets among said interfaces; wherein the packet switching device is configured to perform operations, including: receiving a particular packet from another packet switching device via a network; and in response to determining to apply a particular service to the particular packet by one or more application nodes located remotely from the packet switching device: creating a request packet encapsulating the particular packet, with the request packet including one or more additional attributes for the particular service to be applied to the particular packet by said one or more application nodes, with said one or more additional attributes said included in the request packet in fields not within the particular packet; forwarding the request packet to a particular application node of said one or more application nodes, wherein each of said one or more application nodes is external to the packet switching device; receiving from an external source a response packet corresponding to said forwarded request packet, the response packet encapsulating a service-applied packet corresponding to the particular packet after at least the particular service has been applied to the particular packet, not to the request packet, by said one or more application nodes; extracting the service-applied packet from the response packet; and sending the service-applied packet or a packet derived from the service-applied packet from the packet switching device; wherein the packet switching device, said another packet switching device, and each of said one or more application nodes are different stand-alone appliances communicatively coupled via one or more networks.
22. The packet switching device of claim 21 , where said one or more additional attributes are included in the request packet in fields between forwarding information for the request packet and the particular packet.
23. An application node, comprising: one or more processing elements; memory; a plurality of interfaces configured to send and receive packets; and wherein the application node is configured to perform operations, including: receiving, by the application node of one or more application nodes in a network, a request packet from a particular service node different from said one or more application nodes requesting a particular service, with the request packet including one or more additional attributes and a particular packet, with said one or more additional attributes said included in the request packet in fields not within the particular packet; extracting the particular packet from said received request packet; applying the particular service to the particular packet based on said one or more additional attributes, such that the result of said applying operation is a service-applied packet corresponding to the particular packet; creating a response packet corresponding to said received request packet, with the response packet encapsulating the service-applied packet; and sending the response packet to: the particular service node, or another application node for applying one or more additional services to the service-applied packet before a packet derived from the service-applied packet is communicated to the particular service node; wherein the particular service node and the application node are different stand-alone appliances communicatively coupled via one or more networks.
24. The application node of claim 23 , wherein the request packet and the response packet each include an identification of a particular virtual private network (VPN) of a plurality of VPNs, with the particular VPN associated with the particular packet.
25. The method of claim 24 , wherein said application of the particular service to the particular packet is based on the particular VPN.
Unknown
February 23, 2016
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.