Network device for supporting construction of virtual local area networks on arbitrary local and wide area computer networks

摘要

A network device that translates addresses of machines on physically separate networks and filters packets at the link, network and transport layers implements a virtual LAN over interconnected computer networks transparent to the computer networks. Using authentication and encryption, a secure connection between these network devices over a public wide area network implements a virtual private network and enables the definition of virtual LANs over the virtual private network. The network device has three tables for network address translation, routing, and filtering. A controller processes each incoming packet by translating network addresses to determine the destination of the packet, routing the packet to the determined location and filtering the packet according to filters defined for traffic between the source destination of the packet. If the packet is to be directed to a wide area network, encryption and authentication procedures can be provided to ensure secure transmission of the packet.