公开(公告)号：US09002016B2

公开(公告)日：2015-04-07

申请号：US14229986

申请日：2014-03-30

Applicant: Cisco Technology, Inc.

Inventor： Chandan Mishra

IPC: H04L9/00 ,  H04L29/06 ,  H04L9/08

CPC classification number: H04L63/061 ,  H04L9/0891

Abstract: In one embodiment, apparatus and methods for a rekey process are disclosed. In certain rekey embodiments, when a key-generation protocol exchange is executed, instead of generating a single new security relationship, such as a Security Association or SA, a multiple set (e.g., 10) of new security relationships (e.g., SAs) are generated. An authorized device can then individually use these security relationships (e.g., SAs) as needed to securely communicate with each other. For example, a set of SAs can be efficiently programmed into an 802.1ae protocol ASIC for handling transmitted and received data packets. In the description herein, embodiments of the invention are described with respect to SA's, and this “SA” term is generally defined as any type of security relation that can be formed to allow a particular node to securely transmit packets or frames to another receiving node.

Abstract translation: 在一个实施例中，公开了用于重新密钥处理的装置和方法。 在某些重新密钥实施例中，当执行密钥生成协议交换时，代替生成诸如安全关联或SA的单个新的安全关系，新的安全关系（例如，SA）的多个集合（例如，10））是 生成。 然后，授权设备可以根据需要单独使用这些安全关系（例如，SA）以彼此安全地通信。 例如，可以将一组SA有效地编程到用于处理发送和接收的数据分组的802.1ae协议ASIC中。 在本文的描述中，关于SA的描述了本发明的实施例，并且该“SA”术语通常被定义为任何类型的安全关系，其可以形成为允许特定节点将分组或帧安全地传输到另一个接收节点 。

公开(公告)号：US20140126376A1

公开(公告)日：2014-05-08

申请号：US14155111

申请日：2014-01-14

Applicant: Cisco Technology, Inc.

Inventor： Smita Rai ,  Chandan Mishra ,  Gayatri Ramachandran ,  Sanjay Sane

IPC: H04L12/803

CPC classification number: H04L47/125 ,  H04L45/125 ,  H04L45/58 ,  H04L45/66

Abstract: Embodiments described herein achieve proxy FHRP for anycast routing services through the coordination of L2MP edge switches to allow load balancing for the use of routing services. Such embodiments may avoid duplicity and coordinate control planes between the edge switches to present a proxy interface to the rest of the network for the routing services. As such, multipathing and load-balancing for efficient use of crucial services may be provided for client nodes inside the network.

Abstract translation: 本文描述的实施例通过协调L2MP边缘交换机来实现用于任播路由服务的代理FHRP，以允许对路由服务的使用的负载平衡。 这样的实施例可以避免边缘交换机之间的重复和协调控制平面，以向路由服务的网络的其余部分呈现代理接口。 因此，可以为网络内的客户机节点提供用于有效使用关键业务的多路径和负载平衡。

公开(公告)号：US20140215216A1

公开(公告)日：2014-07-31

申请号：US14229986

申请日：2014-03-30

Applicant: Cisco Technology, Inc.

Inventor： Chandan Mishra

IPC: H04L29/06

CPC classification number: H04L63/061 ,  H04L9/0891

Abstract: In one embodiment, apparatus and methods for a rekey process are disclosed. In certain rekey embodiments, when a key-generation protocol exchange is executed, instead of generating a single new security relationship, such as a Security Association or SA, a multiple set (e.g., 10) of new security relationships (e.g., SAs) are generated. An authorized device can then individually use these security relationships (e.g., SAs) as needed to securely communicate with each other. For example, a set of SAs can be efficiently programmed into an 802.1ae protocol ASIC for handling transmitted and received data packets. In the description herein, embodiments of the invention are described with respect to SA's, and this “SA” term is generally defined as any type of security relation that can be formed to allow a particular node to securely transmit packets or frames to another receiving node.

Abstract translation: 在一个实施例中，公开了用于重新密钥处理的装置和方法。 在某些重新密钥实施例中，当执行密钥生成协议交换时，代替生成诸如安全关联或SA的单个新的安全关系，新的安全关系（例如，SA）的多个集合（例如，10））是 生成。 然后，授权设备可以根据需要单独使用这些安全关系（例如，SA）以彼此安全地通信。 例如，可以将一组SA有效地编程到用于处理发送和接收的数据分组的802.1ae协议ASIC中。 在本文的描述中，关于SA的描述了本发明的实施例，并且该“SA”术语通常被定义为任何类型的安全关系，其可以形成为允许特定节点将分组或帧安全地传输到另一个接收节点 。

公开(公告)号：US09584421B2

公开(公告)日：2017-02-28

申请号：US14155111

申请日：2014-01-14

Applicant: Cisco Technology, Inc.

Inventor： Smita Rai ,  Chandan Mishra ,  Gayatri Ramachandran ,  Sanjay Sane

IPC: H04L12/26 ,  H04L12/803 ,  H04L12/775 ,  H04L12/729 ,  H04L12/721

CPC classification number: H04L47/125 ,  H04L45/125 ,  H04L45/58 ,  H04L45/66

Abstract: Embodiments herein achieve proxy FHRP for anycast routing services through the coordination of L2MP edge switches to allow load balancing for the use of routing services. Such embodiments may avoid duplicity and coordinate control planes between the edge switches to present a proxy interface to the rest of the network for the routing services. As such, multipathing and load-balancing for efficient use of crucial services may be provided for client nodes inside the network.

Abstract translation: 本文中的实施例通过协调L2MP边缘交换机来实现用于任播路由服务的代理FHRP，以允许对路由服务的使用进行负载平衡。 这样的实施例可以避免边缘交换机之间的重复和协调控制平面，以向路由服务的网络的其余部分呈现代理接口。 因此，可以为网络内的客户机节点提供用于有效使用关键业务的多路径和负载平衡。