公开(公告)号：US20240259360A1

公开(公告)日：2024-08-01

申请号：US18630360

申请日：2024-04-09

Applicant: NetApp, Inc.

Inventor： Jin Zhang ,  Surajpal S. Sandhu ,  Matthew Martin Houston

IPC: H04L9/40 ,  H04L67/148

CPC classification number: H04L63/0485 ,  H04L63/061 ,  H04L63/20 ,  H04L67/148

Abstract: A system is described. The system includes a processing resource and a non-transitory computer-readable medium, coupled to the processing resource, having stored therein instructions that when executed by the processing resource cause the processing resource to detect an unrecognized Internet Protocol Security (IPsec) packet associated with an IP address at a first node within a cluster, retrieve one or more selector fields from the IPsec packet, query of a security policy database to determine whether a destination IP address included in the one or more retrieved selector fields matches one or more matching outbound IPsec policies associated with a destination IP address, determine whether a matching outbound IPsec policy includes an IPsec policy associated with the destination address entry and establish the first IPsec SA communication session between the first node and the client based on the outbound IPsec policy.

公开(公告)号：US12021851B2

公开(公告)日：2024-06-25

申请号：US17517460

申请日：2021-11-02

Applicant: NetApp, Inc.

Inventor： Jin Zhang ,  Surajpal S. Sandhu ,  Matthew Martin Houston

IPC: H04L9/40 ,  H04L67/148

CPC classification number: H04L63/0485 ,  H04L63/061 ,  H04L63/20 ,  H04L67/148

Abstract: A system is described. The system includes a processing resource and a non-transitory computer-readable medium, coupled to the processing resource, having stored therein instructions that when executed by the processing resource cause the processing resource to detect an unrecognized Internet Protocol Security (IPsec) packet associated with an IP address at a first node within a cluster, retrieve one or more selector fields from the IPsec packet, query of a security policy database to determine whether a destination IP address included in the one or more retrieved selector fields matches one or more matching outbound IPsec policies associated with a destination IP address, determine whether a matching outbound IPsec policy includes an IPsec policy associated with the destination address entry and establish the first IPsec SA communication session between the first node and the client based on the outbound IPsec policy.

公开(公告)号：US20230135158A1

公开(公告)日：2023-05-04

申请号：US17517460

申请日：2021-11-02

Applicant: NetApp, Inc.

Inventor： Jin Zhang ,  Surajpal S. Sandhu ,  Matthew Martin Houston

IPC: H04L29/06 ,  H04L29/08

Abstract: A system is described. The system includes a processing resource and a non-transitory computer-readable medium, coupled to the processing resource, having stored therein instructions that when executed by the processing resource cause the processing resource to detect an unrecognized Internet Protocol Security (IPsec) packet associated with an IP address at a first node within a cluster, retrieve one or more selector fields from the IPsec packet, query of a security policy database to determine whether a destination IP address included in the one or more retrieved selector fields matches one or more matching outbound IPsec policies associated with a destination IP address, determine whether a matching outbound IPsec policy includes an IPsec policy associated with the destination address entry and establish the first IPsec SA communication session between the first node and the client based on the outbound IPsec policy.