`
`
`
`
`
`EXHIBIT
`
`EXHIBIT
`1004
`
`1004
`
`
`
`EXPRESS MAIL LABEL: EV 389082077 US
`CUSTOMER NO. 20,551
`
`INfEll£CTUlL ~ROPUl't UW
`
`(~;· .. r
`~!IJJ.~I
`' THORPE
`
`NORTH~
`WESTERN
`
`PATENT APPLICATION
`DOCKET NO. 22973.CON
`
`John W. L. Ogilvie
`Registered Patent Attorney
`ogilvie@tnw.com
`
`IN THE UNITED STATES PATENT AND TRADEMARK OFFICE
`
`Commissioner for Patents
`P.O. Box 1450
`Alexandria, VA 22313-1450
`
`Sir/Madam:
`
`Transmitted herewith for filing is the patent application of Datta, et al. for
`TOOLS AND TECHNIQUES FOR DIRECTING PACKETS OVER DISPARATE
`NETWORKS comprising 44 pages of specification and claims.
`
`[gJ
`
`This continuation application claims priority to U.S. application no.
`10/361,837 filed February 7, 2003.
`
`Enclosed also are:
`2 sheet(s) of drawings.
`
`[g]
`
`[g]
`
`[gJ
`
`[gJ
`
`[gJ
`
`[g]
`0
`[g]
`
`D
`
`Applicant claims small entity status under 37 CFR 1.9(b) & 1.27(c).
`
`Copy of executed Assignment filed in prior application, with cover sheet,
`from the inventors to Ragula Systems (FatPipe Networks).
`
`Copy of executed Declaration and Petition filed in prior application.
`
`Copy of executed Power of Attorney filed in prior application.
`
`A Preliminary Amendment is enclosed.
`
`Nonpublication Request Under 35 USC 122(b)(2)(B)(i).
`
`A Certificate of Mailing by "Express. Mail" certifying a filing date of
`August 3. 2004, by use of Express Mail Label No. EV 389082077 US.
`
`Information Disclosure Statement under 37 C.F.R. § 1.97, PTO Form-
`1449 with listed references attached (if indicated as being attached by the
`Information Disclosure Statement).
`
`www.tnw.com
`8180 South 700 East· Suite 200 ·Sandy, Utah 84070-0562 • 801.566.6633 ·f. 801.566.0750 · patlaw@tnw.com I U.S. Mailing Address: P.O. Box 1219 ·Sandy, Utah 84091-1219
`The Team Approach to Premier Performance<~~>
`
`Viptela, Inc. - Exhibit 1004
`Page 1
`
`
`
`Commissioner for Patents
`Page 2
`
`The filing fee has been calculated as shown below.
`
`...
`BASIC FEE
`
`TOT. CLAIMS
`
`11-20==
`
`9-03=
`IND. CLAIMS
`MULTIPLE DEPENDENT
`CLAIMS PRESENTED
`ASSIGNMENT
`RECORDATION FEE
`
`0
`6
`
`0
`
`NO
`FILED
`
`EXTRA .·.. RA T.E.
`"
`
`RATE-:
`
`FEE
`
`' .. ,
`
`:
`
`..
`·.>'
`
`$385.00
`
`X $9.00 ==
`X $43.00 =
`
`$385.00 $ 770.00
`X $18.00 =
`$ 258.00 X $86.00 ==
`
`$145.00
`
`$40.00
`
`$290.00
`
`$40.00
`
`[g)
`
`A check in the amount of$ 643.00 is enclosed to cover the filing fee.
`
`The Commissioner is hereby authorized to charge any additional fees associated
`with this communication or to credit any overpayment to Deposit Account No. 20-0100.
`Please address all future correspondence in connection with the above-identified patent
`application to the attention of the undersigned.
`
`Dated this 3rd day of August, 2004.
`
`ohn W.L. Ogilvie
`Attorney for App ·cant
`Registration No. 37,987
`
`THORPE NORTH & WESTERN, LLP
`Customer No. 20,551
`P.O. Box 1219
`Sandy, Utah 84091-1219
`Telephone: (801) 566-6633
`
`•
`
`JWO/sbh
`Enclosures
`
`. DATE OFPEPOSIT: August··3. 2004':
`.
`EXPRESS MAIL LABEL NO.: EV 389082077 .US .
`~ ,·::
`; ·. ,,., ' ... ' . .
`I he~eby certifY that. this paper or :fee {al~n·g.~th ~y paper or f~ referred ~o ~ being anac.hed or.e~~losed):i~ bel~g ~i:Po;ited With
`:the .lJ'l\~e,d swes. Post!lt SeiVi~ ~~E~Pt~~s MaiJt~?,Sl 9ffice,tg;~dd~essee~· servic~ !Jndeq?, C,;F.,.R::§;tJ o.witn:.su.ffi9i~ni P§~tage P!td ..
`:the' date inilicated above. and is addressed to: Coriunissioner for PatentS, P.O. B0x:I450;'~Ii:ximdria;'VA: 223!321.450.~ .,~·..
`•· • ·. '· ·"\·
`. . . . . :.: .. WJ~;~:~:i::ff;,:'
`.. ..•
`i . '
`....
`'
`.
`
`.~. "',..
`
`Viptela, Inc. - Exhibit 1004
`Page 2
`
`
`
`·-···· -- -- --· ··- ....... ---. . . --··--·---~-·--·--- ·----·--·--·--_... ____ ----·------- -· -- ---··
`
`Express Mail Label No. EV04 7149870US
`PATENT APPLICATION
`DOCKET NO. 3003.2.11A
`
`UNITED STATES
`PATENT APPLICATION
`
`OF
`
`SANCHAITA DATTA AND RAGULA BHASKAR
`
`FOR
`
`TOOLS AND TECHNIQUES FOR
`DIRECTING PACKETS OVER DISPARATE NETWORKS
`
`Viptela, Inc. - Exhibit 1004
`Page 3
`
`
`
`TOOLS AND TECHNIQUES FOR
`DIRECTING PACKETS OVER DISPARATE NETWORKS
`
`5
`
`RELATED APPLICATIONS
`
`This application claims priority to commonly owned copending U.S. provisional
`
`patent application serial no. 60/355,509 filed February 8, 2002, which is also incorporated
`
`herein by reference. This application is a continuation-in-part of U.S. patent application
`
`serial no. 10/034,197 filed December 28, 200 I, which claims priority to U.S. provisional
`
`10
`
`patent application serial no. 60/259,269 filed December 29,2000, each of which is also
`
`incorporated herein by reference.
`
`FIELD OF THE INVENTION
`
`The present invention relates to computer network data transmission, and more
`
`15
`
`particularly relates to tools and techniques for communications using disparate parallel
`
`networks, such as a virtual private network ("VPN") or the Internet in parallel with a
`
`point-to-point, leased line, or frame relay network, in order to help provide benefits such
`
`as load balancing across network connections, greater reliability, and increased security.
`
`20
`
`TECHNICAL BACKGROUND OF THE INVENTION
`
`Organizations have used frame relay networks and point-to-point leased line
`
`networks for interconnecting geographically dispersed offices or locations. These
`
`networks have been implemented in the past and are currently in use for interoffice
`
`communication, data exchange and file sharing. Such networks have advantages, some of
`
`25
`
`which are noted below. But these networks also tend to be expensive, and there are
`
`1
`
`Viptela, Inc. - Exhibit 1004
`Page 4
`
`
`
`relatively few options for reliability and redundancy. As networked data communication
`
`becomes critical to the day-to-day operation and functioning of an organization, the need
`
`for lower cost alternatives for redundant back-up for wide area networks becomes
`
`important.
`
`5
`
`Frame relay networking technology offers relatively high throughput and
`
`reliability. Data is sent in variable length frames, which are a type of packet. Each frame
`
`has an address that the frame relay network uses to determine the frame's destination.
`
`The frames travel to their destination through a series of switches in the frame relay
`
`network, which is sometimes called a network "cloud"; frame relay is an example of
`
`10
`
`packet-switched networking technology. The transmission lines in the frame relay cloud
`
`must be essentially error-free for frame relay to perform well, although error handling by
`
`other mechanisms at the data source and destination can compensate to some extent for
`
`lower line reliability. Frame relay and/or point-to-point network services are provided or
`
`have been provided by various carriers, such as AT&T, Qwest, XO, and MCI WorldCom.
`
`15
`
`Frame relay networks are an example of a network that is "disparate·· from the
`
`Internet and from Internet-based virtual private networks for purposes of the present
`
`invention. Another example of such a "disparate" network is a point-to-point network,
`
`such as a T 1 or T3 connection. Although the underlying technologies differ somewhat,
`
`for purposes of the present invention frame relay networks and point-to-point networks
`
`20
`
`are generally equivalent in important ways, such as the conv~ntional reliance on manual
`
`switchovers when traffic must be redirected after a connection fails, and their
`
`implementation distinct from the Internet. A frame relay permanent virtual circuit is a
`
`virtual point-to-point connection. Frame relays are used as examples throughout this
`
`2
`
`Viptela, Inc. - Exhibit 1004
`Page 5
`
`
`
`document, but the teachings will also be understood in the context of point-to-point
`
`networks.
`
`A frame relay or point-to-point network may become suddenly unavailable for
`
`use. For instance, both MCI WorldCom and AT&T users have lost access to their
`
`5
`
`respective frame relay networks during major outages. During each outage, the entire
`
`network failed. Loss of a particular line or node in a network is relatively easy to work
`
`around. But loss of an entire network creates much larger problems.
`
`Tools and techniques to permit continued data transmission after loss of an entire
`
`frame relay network that would normally carry data are discussed in United States Patent
`
`I 0
`
`Application No. 10/034,197 filed December 28, 2001 and incorporated herein. The '197
`
`application focuses on architectures involving two or more "private" networks in parallel,
`
`whereas the present application focuses on architectures involving disparate networks in
`
`parallel, such as a proprietary frame relay network and the Internet. Note that the term
`
`"private network" is used herein in a manner consistent with its use in the '197 applica-
`
`15
`
`tion (which comprises frame relay and point-to-point networks), except that a "virtual
`
`private network" as discussed herein is not a "private network". Virtual private networks
`
`are Internet-based, and hence disparate from private networks, i.e., from frame relay and
`
`point-to-point networks. To reduce the risk of confusion that might arise from misunder(cid:173)
`
`standing "private network" to comprise "virtual private network" herein, virtual private
`
`20
`
`networks will be henceforth referred to as VPNs. Other differences and similarities
`
`between the present application and the '197 application will also be apparent to those of
`
`skill in the art on reading the two applications.
`
`3
`
`Viptela, Inc. - Exhibit 1004
`Page 6
`
`
`
`Various architectures involving multiple networks are known in the art. For
`
`instance, Figure 1 illustrates prior art configurations involving two frame relay networks
`
`for increased reliability; similar configurations involve one or more point-to-point
`
`network connections. Two sites 102 transmit data to each other (alternately, one site
`
`5 might be only a data source, while the other is only a data destination). Each site has two
`
`border routers 105. Two frame relay networks 106, 108 are available to the sites 102
`
`through the routers 105. The two frame relay networks I 06, 108 have been given
`
`separate numbers in the figure, even though each is a frame relay network, to emphasize
`
`the incompatibility of frame relay networks provided by different carriers. An AT&T
`
`10
`
`frame relay network. for instance, is incompatible- in details such as maximum frame
`
`size or switching capacity- with an MCI WorldCom frame relay network, even though
`
`they are similar when one takes the broader view that encompasses disparate networks
`
`like those discussed herein. The two frame relay providers have to agree upon
`
`information rates, switching capacities, frame sizes, etc. before the two networks can
`
`15
`
`communicate directly with each other.
`
`A configuration like that shown in Figure 1 may be actively and routinely using
`
`both frame relay networks A and B. For instance, a local area network (LAN) at site 1
`
`may be set up to send all traffic from the accounting and sales departments to router A 1
`
`and send all traffic from the engineering department to router B 1. This may provide a
`
`20
`
`very rough balance of the traffic load between the routers, but it does not attempt to
`
`balance routet: loads dynamically in response to actual traffic and thus is not "load(cid:173)
`
`balancing" as that term is used herein.
`
`4
`
`Viptela, Inc. - Exhibit 1004
`Page 7
`
`
`
`Alternatively, one ofthe frame relay networks may be a backup which is used
`
`only when the other frame relay network becomes unavailable. In that case, it may take
`
`even skilled network administrators several hours to perform the steps needed to switch
`
`the traffic away from the failed network and onto the backup network, unless the
`
`5
`
`invention of the '197 application is used. In general, the necessary Private Virtual
`
`Circuits (PVCs) must be established, routers at each site 102 must be reconfigured to use
`
`the correct serial links and PYCs, and LANs at each site 102 must be reconfigured to
`
`point at the correct router as the default gateway.
`
`Although two private networks are shown in Figure 1, three or more such
`
`10
`
`networks could be employed, with similar considerations coming into play as to increased
`
`reliability, limits on load-balancing, the efforts needed to switch traffic when a network
`
`fails, and so on. Likewise, for clarity of illustration Figure 1 shows only two sites, but
`
`three or more sites could communicate through one or more private networks.
`
`Figure 2 illustrates a prior art configuration in which data is normally sent
`
`15
`
`between sites 102 over a private network 106. A failover box 202 at each site 102 can
`
`detect failure ofthe network 106 and, in response to such a failure, will send the data
`
`instead over an ISDN link 204 while the network l 06 is down. Using an ISDN link 204
`
`as a backup is relatively easier and less expensive than using another private network 106
`
`as the backup, but generally provides lower throughput. The ISDN link is an example of
`
`20
`
`a point-to-point or leased line network link.
`
`Figure 3 illustrates prior art configurations involving two private networks for
`
`increased reliability, in the sense that some of the sites in a given government agency or
`
`other entity 302 can continue communicating even after one network goes down. For
`
`5
`
`Viptela, Inc. - Exhibit 1004
`Page 8
`
`
`
`instance, if a frame relay network A goes down, sites I, 2, and 3 will be unable to
`
`communicate with each other but sites 4, 5, and 6 will still be able to communicate
`
`amongst themselves through frame relay network B. Likewise, if network B goes down,
`
`sites L 2, and 3 will still be able to communicate through network A. Only if both
`
`5
`
`networks go down at the same time would all sites be completely cut off. Like the Figure
`
`l configurations, the Figure 3 configuration uses two private networks. Unlike Figure I,
`
`however, there is no option for switching traffic to another private network when one
`
`network 106 goes down, although either or both of the networks in Figure 3 could have
`
`an ISDN backup like that shown in Figure 2. Note also that even when both private
`
`10
`
`networks are up, sites I, 2, and 3 communicate only among themselves; they are not
`
`connected to sites 4, 5, and 6. Networks A and Bin Figure 3 are therefore not in
`
`"parallel" as that term is used herein, because all the traffic between each pair of sites
`
`goes through at most one of the networks A, B.
`
`Figure 4 illustrates a prior art response to the incompatibility of frame relay
`
`15
`
`networks of different carriers. A special "network-to-network interface" (NNI) 402 is
`
`used to reliably transmit data between the two frame relay networks A and B. NNis are
`
`generally implemented in software at carrier offices. Note that the configuration in
`
`Figure 4 does not provide additional reliability by using two frame relay networks 106,
`
`because those networks are in series rather than in parallel. If either of the frame relay
`
`20
`
`networks A, Bin the Figure 4 configuration fails, there is no path between site 1 and site
`
`2~ adding the second frame relay network has not increased reliability. By contrast,
`
`Figure I increases reliability by placing the frame relay networks in parallel, so that an
`
`alternate path is available if either (but not both) of the frame relay networks fails.
`
`6
`
`Viptela, Inc. - Exhibit 1004
`Page 9
`
`
`
`Someone of skill in the art who was looking for ways to improve reliability by putting
`
`networks in parallel would probably not consider NNis pertinent, because they were used
`
`for serial configurations rather than parallel ones, and adding networks in a serial manner
`
`does not improve reliability.
`
`5
`
`Internet-based communication solutions such as VPNs and Secure Sockets Layer
`
`(SSL) offer alternatives to frame relay 106 and point-to-point leased line networks such
`
`as those using an ISDN link 204. These Internet-based solutions are advantageous in the
`
`flexibility and choice they offer in cost, in service providers, and in vendors.
`
`Accordingly, some organizations have a frame relay 106 or leased line connection (a.k.a.
`
`to
`
`point-to-point) for intranet commtmication and also have a connection for accessing tl1e
`
`Internet 500, using an architecture such as that shown in Figure 5.
`
`But better tools and techniques are needed for use in architectures such as that
`
`shown in Figure 5. In particular, prior approaches for selecting which network to use for
`
`which packet(s) are coarse. For instance, all packets from department X might be sent
`
`15
`
`over the frame relay connection 106 while all packets from department Yare sent over
`
`the Internet 500. Or the architecture might send all traffic over the frame relay network
`
`unless that network fails, and then be manually reconfigured to send all traffic over a
`
`VPN 502.
`
`Organizations are still looking for better ways to use Internet-based redundant
`
`20
`
`connections to backup the primary frame relay networks. Also, organizations wanting to
`
`change from frame relay and point-to-point solutions to Internet-based solutions have not
`
`had the option of transitioning in a staged manner. They have had to decide instead
`
`between the two solutions, and deploy the solution in their entire network communica-
`
`7
`
`Viptela, Inc. - Exhibit 1004
`Page 10
`
`
`
`tions system in one step. This is a barrier for deployment of Internet-based solutions
`
`500/502, since an existing working network would be replaced by a yet-untested new
`
`network. Also, for organizations with several geographically distributed locations a
`
`single step conversion is very complex. Some organizations may want a redundant
`
`5
`
`Internet-based backup between a few locations while maintaining the frame relay network
`
`for the entire organization.
`
`It would be an advancement in the art to provide new tools and techniques for
`
`configuring disparate networks (e.g., frame relay/point-to-point WANs and lnternet-based
`
`VPNs) in parallel, to obtain benefits such as greater reliability, improved security, and/or
`
`10
`
`load-balancing. Such improvements are disclosed and claimed herein.
`
`BRIEF SUMMARY OF THE INVENTION
`
`The present invention provides tools and techniques for directing packets over
`
`multiple parallel disparate networks, based on addresses and other criteria. This helps
`
`15
`
`organizations make better use of frame relay networks and/or point-to-point (e.g., Tl, T3,
`
`fiber, OCx, Gigabit, wireless, or satellite based) network connections in parallel with
`
`VPNs and/or other Internet-based networks. For instance, some embodiments of the
`
`invention allow frame relay and VPN wide area networks to co-exist for redundancy as
`
`well as for transitioning from frame relay/point-to-point solutions to Internet-based
`
`20
`
`solutions in a staged manner. Some embodiments operate in configurations which
`
`communicate data packets over two or more disparate WAN connections, with the data
`
`traffic being dynamically load-balanced across the connections, while some embodiments
`
`8
`
`Viptela, Inc. - Exhibit 1004
`Page 11
`
`
`
`treat one of the WANs as a backup for use mainly in case the primary connection through
`
`the other WAN fails.
`
`Other features and advantages of the invention will become more fully apparent
`
`through the following description.
`
`5
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`To illustrate the manner in which the advantages and features of the invention are
`
`obtained, a more particular description of the invention will be given with reference to the
`
`attached drawings. These drawings only illustrate selected aspects of the invention and
`
`10
`
`its context. In the drawings:
`
`Figure l is a diagram illustrating a prior art approach having frame relay networks
`
`configured in parallel for increased reliability for all networked sites, in configurations
`
`that employ manual switchover between the two frame relay networks in case of failure.
`
`Figure 2 is a diagram illustrating a prior art approach having a frame relay
`
`15
`
`network configured in parallel with an ISDN network link for increased reliability for all
`
`networked sites.
`
`Figure 3 is a diagram illustrating a prior art approach having independent and non(cid:173)
`
`parallel frame relay networks, with each network connecting several sites but no routine
`
`or extensive communication between the networks.
`
`20
`
`Figure 4 is a diagram illustrating a prior art approach having frame relay networks
`
`configured in series through a network-to-network interface, with no consequent increase
`
`in reliability because the networks are in series rather than in parallel.
`
`9
`
`Viptela, Inc. - Exhibit 1004
`Page 12
`
`
`
`Figure 5 is a diagram illustrating a prior art approach having a frame relay
`
`network configured in parallel with a VPN or other Internet-based network that is
`
`disparate to the frame relay network, but without the fine-grained packet routing of the
`
`present invention.
`
`5
`
`Figure 6 is a diagram illustrating one system configuration of the present
`
`invention, in which the Internet and a private network are placed in parallel for increased
`
`reliability for all networked sites, without requiring manual traffic switchover, and with
`
`the option in some embodiments of load balancing between the networks and/or
`
`increasing security by transmitting packets of a single logical connection over disparate
`
`I 0
`
`networks.
`
`Figure 7 is a diagram further illustrating a multiple disparate network access
`
`controller of the present invention, which comprises an interface component for each
`
`network to which the controller connects. and a path selector in the controller which uses
`
`one or more of the following as criteria: destination address, network status (up/down),
`
`15
`
`network load, use of a particular network for previous packets in a given logical
`
`connection or session.
`
`Figure 8 is a flowchart illustrating methods of the present invention for sending
`
`packets using a controller such as the one shown in Figure 7.
`
`Figure 9 is a flowchart illustrating methods of the present invention for combining
`
`20
`
`connections to send traffic over multiple parallel independent disparate networks for
`
`reasons such as enhanced reliability, load balancing, and/or security.
`
`Figure 1 0 is a diagram illustrating another system configuration of the present
`
`invention, in which the Internet and a frame relay network are placed in parallel, with a
`
`10
`
`Viptela, Inc. - Exhibit 1004
`Page 13
`
`
`
`VPN tunnel originating after the source controller and terminating before the destination
`
`controller, and each known site that is accessible through one network is also accessible
`
`through the other network unless that other network fails.
`
`Figure l 1 is a diagram illustrating a system configuration similar to Figure 10,
`
`5
`
`except the VPN tunnel originates before the source controller and terminates after the
`
`destination controller.
`
`DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
`
`The present invention relates to methods, systems, and configured storage media
`
`10
`
`for connecting sites over multiple independent parallel disparate networks, such as frame
`
`relay networks and/or point-to-point network connections, on the one hand, and VPNs or
`
`other Internet-based network connections, on the other hand. "Multiple" networks means
`
`two or more such networks. "Independent" means routing information need not be
`
`shared between the networks. "Parallel" does not rule out all use ofNNis and serial
`
`15
`
`networks, but it does require that at least two of the networks in the configuration be in
`
`parallel at the location where the invention distributes traffic, so that alternate data paths
`
`through different networks are present. "Frame relay networks" or "private networks"
`
`does not rule out the use of an ISDN link or other backup for a particular frame relay or
`
`point-to-point private network, but it does require the presence of multiple such networks;
`
`20
`
`Figure 2, for instance, does not meet this requirement. A "frame relay network" is
`
`unavailable to the general public and thus disparate from the Internet and VPNs (which
`
`may be Internet-based), even though some traffic in the Internet may use public frame
`
`relay networks once the traffic leaves the location where the invention distributes traffic.
`
`11
`
`Viptela, Inc. - Exhibit 1004
`Page 14
`
`
`
`Figure 6 illustrates one of many possible configurations of the present invention.
`
`Comments made here also apply to similar configurations involving only one or more
`
`frame relay networks 106, those involving only one or more point-to-point networks 204,
`
`and those not involving a VPN 604. for example. Two or more disparate networks are
`
`5
`
`placed in parallel between two or more sites l 02. In the illustrated configuration, the
`
`Internet 500 and a VPN 604 are disparate from, and in parallel with, frame relay I point(cid:173)
`
`to-point network 106/204, with respect to site A and site B. No networks are parallel
`
`disparate networks in Figure 6 with reg~rd to site C as a traffic source, since that site is
`
`not connected to the Internet 500. Access to the disparate networks at site A and and site
`
`10
`
`8 is through an inventive controller 602 at each site. Additional controllers 602 may be
`
`used at each location (i.e., controllers 602 may be placed in parallel to one another) in
`
`order to provide a switched connection system with no single point of failure.
`
`With continued attention to the illustrative network topology for one embodiment
`
`of the invention shown in Figure 6, in this topology the three locations A, B, and C are
`
`15
`
`connected to each other via a frame relay 106 or leased line network 204. Assume, for
`
`example, that all three locations are connected via a single frame relay network 106.
`
`Locations A and Bare also connected to each other via a VPN connection 604. VPN
`
`tunnels are established between locations A and Bin the VPN, which pairs line 1 to line 3
`
`and also pairs line 2 to line 3. There can be only one VPN tunnel between locations A
`
`20
`
`and B. There is no VPN connection between location C and either location A or location
`
`B.
`
`Therefore, locations A, B, and C can communicate with each other over the frame
`
`relay network 106, and locations A and B (but not C) can also communicate with each
`
`12
`
`Viptela, Inc. - Exhibit 1004
`Page 15
`
`
`
`other over the VPN connection 604. Communication between locations A and C, and
`
`communication between locations 8 and C, can take place over the frame relay network
`
`106 only. Communication between locations A and 8 can take place over frame relay
`
`network 106. It can also take place over one of the lines 1-and-3 pair, or the lines 2-and-3
`
`5
`
`pair, but not both at the same time. Traffic can also travel over lines 2 and 4, but without
`
`a VPN tunnel. When the source and destination IP address pairs are the same between
`
`locations A and B but different types of networks connect those locations, as in Figure 6
`
`for instance, then a traffic routing decision that selects between network types cannot he
`
`made \Vith an existing commercially available device. By contrast, the invention allows
`
`10
`
`an organiza!ion to deploy an Internet-based solution between locations A and 8 while
`
`maintaining the frame relay network 106 between locations A, B, and C, and allows
`
`traffic routing that selects between the Internet and the frame relay network on a packet(cid:173)
`
`by-packet basis.
`
`The invention may thus be configured to allow the organization to achieve the
`
`15
`
`following goals, in the context of Figure 6; similar goals are facilitated in other
`
`configurations. First, the organization can deploy an Internet-based second connection
`
`between only locations A and B, while maintaining frame relay connectivity between
`
`locations A, B, and C. Later the organization may deploy an Internet-based solution at
`
`location C as well. Second, the organization can use the Internet-based connection
`
`20
`
`between locations A and B for full load-balancing or backup, or a combination of the two.
`
`Third, the organization can use the frame relay connection between locations A and 8 for
`
`full load-balancing or backup, or a combination of the two. Fourth, the organization can
`
`13
`
`Viptela, Inc. - Exhibit 1004
`Page 16
`
`
`
`load-balance traffic in a multi-homing situation between two ISPs or two connections to
`
`the Internet at locations A and/or B.
`
`To better understand the invention, consider the operation of controller device 602
`
`at location A. The controller 602 examines the IP data traffic meant to go through it and
`
`5 makes determinations and takes steps such as those discussed below.
`
`If the traffic is destined for the Internet 500, send the traffic over the Internet using
`
`lines 1 and/or 2. Load balancing decisions that guide the controller 602 in distributing
`
`packets between the lines can be based on criteria such as the load of a given network,
`
`router, or connection relative to other networks, routers, or connections, to be performed
`
`10
`
`dynamically in response to actual traffic. Load-balancing may be done through a round(cid:173)
`
`robin algorithm which places the next TCP or UDP session on the next available line, or
`
`it may involve more complex algorithms that attempt to measure and track the
`
`throughput, latency, and/or other performance characteristics of a given link or path
`
`element. Load-balancing is preferably done on a per-packet basis for site-to-site data
`
`15
`
`traffic over the Internet or frame relay net, or done on a TCP or UDP session basis for
`
`Internet traffic, as opposed to prior approaches that use a per-department and/or per(cid:173)
`
`router basis for dividing traffic. Load-balancing algorithms in general are well
`
`understood. although their application in the context of the present invention is believed
`
`to be new.
`
`20
`
`If the traffic is destined for location B, then there are at least three paths from the
`
`current location (A) to location B: frame relay line 5, VPN line I, or Internet line 2. In
`
`some embodiments, the invention determines whether the three connections are in load(cid:173)
`
`balance mode or on-failure backup mode or a combination thereof. For a load-balance
`
`' 14
`
`Viptela, Inc. - Exhibit 1004
`Page 17
`
`
`
`mode, the controller 602 chooses the communication line based on load-balancing
`
`criteria. For backup mode, it chooses the communication line that is either the preferred
`
`line or (if the preferred line is down) the currently functional (backup) line.
`
`By contrast with the preceding, if the traffic is destined for location C, then the
`
`5
`
`controller 602 at site A sends the traffic on the frame relay line, line 5.
`
`Now let us look at the operation of the controller device 602 at location B. The
`
`device examines the IP data traffic sent to it and makes determinations like the following:
`
`I. Is the traffic destined for the Internet, as opposed to one of the three "known"
`
`locations A, B, and C? If so, send the traffic over the Internet lines (line 3 and/or line
`
`10
`
`4). Load balancing decisions can be based on the criteria described above.
`
`2.
`
`Is the traffic destined for location A? If so, then there are at least two paths to
`
`location A: the frame relay line 6, or VPN line 3. The controller 602 decides whether
`
`the two connections are in load-balance or on-failure backup mode, and chooses
`
`line(s) accordingly as discussed above.
`
`15
`
`3. Is the traffic destined for location C? If so, then send the traffic on the frame relay
`
`line, line 6.
`
`To operate as discussed herein, the invention uses information about the IP
`
`address ranges in the locations reside as input data. For instance, a packet destined for
`
`the Internet 500 is one whose destination address is not in any of the address ranges of the
`
`20
`
`know·n locations (e.g., locations A, B, and C in the example of Figure 6). In some
`
`configurations, this is the same as saying that a packet destined for the Internet is one
`
`whose address is not in the address range of any ofthe organization's locations.
`
`However, although all the known locations may belong to a single organization, that is
`
`15
`
`Viptela, Inc. - Exhibit 1004
`Page 18
`
`
`
`not a necessary condition for using the invention. Known locations may also belong to
`
`multiple organizations or individuals. Likewise, other locations belonging to the
`
`organization may be unknown for purposes of a given embodiment of the invention.
`
`Address ranges can be specified and tested by the controller 602 using subnet
`
`5 masks. The subnet masks may be of different lengths (contain a different number of one
`
`bits) in different embodiments and/o