公开(公告)号：US20200044986A2

公开(公告)日：2020-02-06

申请号：US16270163

申请日：2019-02-07

Applicant: ADVA OPTICAL NETWORKING SE

Inventor： Andrew SERGEEV ,  Eli ANGEL

IPC: H04L12/931 ,  H04L12/713 ,  H04L12/947 ,  H04L12/935 ,  H04L12/723

Abstract: A method, device, and computer-program product of forwarding data packets in a virtual switch is provided. The virtual switch comprises: first, second and third virtual ports for respectively receiving/transmitting: LAN traffic from/to a physical LAN port; secured traffic from/to a physical secured traffic port; and Internet traffic from/to a physical Internet port. The method comprises: determining, for selected data packets of the outbound traffic, signature information; storing the signature information and information identifying associated packets; outputting the outbound traffic for processing by a virtual machine; receiving at least a portion of the outbound traffic as outbound secured traffic for supply to the secured port; determining whether each data packet of the outbound secure traffic matches the dedicated signature information and responsively controlling the forwarding of the respective data packet as part of the outbound secured traffic to the secured port and/or creating a SUSPICIOUS SOURCE alarm.

公开(公告)号：US20190245811A1

公开(公告)日：2019-08-08

申请号：US16270163

申请日：2019-02-07

Applicant: ADVA OPTICAL NETWORKING SE

Inventor： Andrew SERGEEV ,  Eli ANGEL

IPC: H04L12/931 ,  H04L12/713 ,  H04L12/947 ,  H04L12/935 ,  H04L12/723

CPC classification number: H04L49/70 ,  H04L45/50 ,  H04L45/586 ,  H04L49/25 ,  H04L49/30 ,  H04L63/02 ,  H04L63/1416

Abstract: A method, device, and computer-program product of forwarding data packets in a virtual switch is provided. The virtual switch comprises: first, second and third virtual ports for respectively receiving/transmitting: LAN traffic from/to a physical LAN port; secured traffic from/to a physical secured traffic port; and Internet traffic from/to a physical Internet port. The method comprises: determining, for selected data packets of the outbound traffic, signature information; storing the signature information and information identifying associated packets; outputting the outbound traffic for processing by a virtual machine; receiving at least a portion of the outbound traffic as outbound secured traffic for supply to the secured port; determining whether each data packet of the outbound secure traffic matches the dedicated signature information and responsively controlling the forwarding of the respective data packet as part of the outbound secured traffic to the secured port and/or creating a SUSPICIOUS SOURCE alarm.

公开(公告)号：US20220029800A1

公开(公告)日：2022-01-27

申请号：US17380149

申请日：2021-07-20

Applicant: ADVA Optical Networking SE

Inventor： Andrew SERGEEV ,  Joo Yeon CHO

IPC: H04L9/08

Abstract: There is provided a technique of establishing encryption keys for communication between 1st peer and 2nd peer via a data path. The technique comprises: by each peer, using input keying material to independently generate equivalent pairs of peer encryption keys (PEKs), verifying equivalence of the generated PEK pairs, and using by 1st peer and 2nd peer the verified PEK pairs to become in possession of equivalent pairs of session encryption keys (SEKs). Verifying comprises: generating by 1st peer a first handshake (HS) message encrypted by PEK Tx1 and sending the first HS message to the 2nd peer via the data path; decrypting by the 2nd peer the first HS message using the PEK Rx2, generating a second HS message encrypted by PEK Tx2, and sending the second HS message to the 1st peer via the data path; and decrypting the second HS message by the 1st peer using PEK Rx1.

公开(公告)号：US20230171015A1

公开(公告)日：2023-06-01

申请号：US17991356

申请日：2022-11-21

Applicant: ADVA Optical Networking SE

Inventor： Michael RABINOVICH ,  Andrew SERGEEV ,  Joo Yeon CHO ,  Shihuan ZOU

IPC: H04J3/06

CPC classification number: H04J3/0667 ,  H04J3/0644

Abstract: There is provided a technique of securing clock synchronization between master clock node (MCN) and client clock node (CCN). During a cycle of exchanging PTP messages between MCN and CCN, MCN generates an associated paired message for each PTP message generated thereby and informative of t1 or t4 timestamps provided by MCN and sends each paired message to a validation entity (VE) via a secured channel between MCN and VE. When PTP messages traverse transparent clock nodes (TCN) between MCN and CCN, each TCN generates a paired message for each version of PTP message updated thereby and sends each generated paired message to VE via a secured channel between respective TCN and VE. VE uses the received paired messages to provide a validation of the cycle, wherein synchronization-related task(s) (e.g. clock correction by the client clock node, etc.) are provided only subject to successful validation of the cycle by VE.

公开(公告)号：US20220407742A1

公开(公告)日：2022-12-22

申请号：US17842140

申请日：2022-06-16

Applicant: ADVA Optical Networking SE

Inventor： Andrew SERGEEV ,  Robert DITTMAR ,  Silviu Adrian SASU ,  Edna GANON

IPC: H04L12/46 ,  H04L47/28 ,  H04L47/43 ,  H04W76/12

Abstract: There is provided a technique of time-sensitive transmission of Ethernet traffic in IET-blind network. A source endpoint network node receives expedited and non-expedited Ethernet frames; for each non-expedited Ethernet frame: detects a pre-provisioned designated non-expedited tunnel with a destination endpoint network node corresponding to a destination address specified in the Ethernet frame, segments non-expedited Ethernet frame into a plurality of segments, encapsulates each segment in accordance with the designated non-expedited tunnel; and sends the encapsulated segments to the destination endpoint network node via the designated non-expedited tunnel. When the designated non-expedited tunnel is constituted by a plurality of successive sub-tunnels (e.g. corresponding to a PDU-session of 5G), the technique further comprises initial encapsulating each segment in accordance with a first of successive sub-tunnels and, when swapping to a next sub-tunnel, relaying the encapsulation of each segment according to a network protocol characterizing the next sub-tunnel.