摘要:
Techniques for security association management on a home agent and a foreign agent are described herein. In one embodiment, in response to a first mobile network registration request from a mobile node, a remote authentication facility is accessed to retrieve a security association for the mobile node for authenticating and providing a first network connectivity to the mobile node, wherein the security association is associated with a lifespan. The security association is inserted in a local security association database to create a security association entry, wherein the security association entry includes the lifespan. A second mobile network registration request from the mobile node after the first network connectivity has been terminated is received and the security association entry in the local security association database that corresponds to the mobile node is used to provide authentication of the mobile node without having to access the remote authentication facility again if the lifespan associated with the security association entry is valid. Other methods and apparatuses are also described.
摘要:
Techniques for security association management on a home and foreign agent are described. In one embodiment, in response to a first mobile network registration request from a mobile node, a remote authentication facility is accessed to retrieve a security association for the mobile node for authenticating and providing a first network connectivity to the mobile node, wherein the security association is associated with a lifespan. The security association is inserted in a local security association database (SADB) to create a security association entry, wherein the security association entry includes the lifespan. A second mobile network registration request from the mobile node after the first connectivity is terminated is received and the security association entry in the local SADB that corresponds to the mobile node is used to provide authentication of the mobile node without having to access the remote authentication facility again if the lifespan associated with the security association entry is valid.
摘要:
Techniques for Mobile IP bulk registration revocation are described herein. According to one embodiment, a first mobile agent of a mobile IP network sends a registration revocation message to a second mobile agent of the mobile IP network. The registration revocation message includes information identifying multiple home IP addresses of multiple mobile nodes whose registrations are to be revoked. In response to the registration revocation, the second mobile agent terminates bindings of services associated with multiple mobile nodes identified by the multiple home IP addresses and sends an acknowledgement message to the first mobile agent. Other methods and apparatuses are also described.
摘要:
Techniques for Mobile IP bulk registration revocation are described herein. According to one embodiment, a first mobile agent of a mobile IP network sends a registration revocation message to a second mobile agent of the mobile IP network. The registration revocation message includes information identifying multiple home IP addresses of multiple mobile nodes whose registrations are to be revoked. In response to the registration revocation, the second mobile agent terminates bindings of services associated with multiple mobile nodes identified by the multiple home IP addresses and sends an acknowledgement message to the first mobile agent. Other methods and apparatuses are also described.
摘要:
A method and apparatus for hierarchical redundancy for a distributed control plane. In one embodiment of the invention, control plane processes are distributed among a plurality of processing entities including an active primary control processing entity and multiple secondary processing entities. Each of the secondary processing entities performs a dual role; an active role and a standby role. An application redundancy manager (ARM) instantiated on the active primary control processing entity manages the redundancy services for the secondary processing entities. For each secondary processing entity, the ARM selects one of the secondary processing entities to act as a backup for another one of the secondary processing entities. Upon a failure of one of the secondary processing entities, the ARM causes the secondary processing entity backing up the failed secondary processing entity to transition its standby role to an active role regarding the services provided by the failed secondary processing entity.
摘要:
A method and apparatus for a distributed control plane. In one embodiment of the invention, a primary control card distributes control plane process instances among one or more secondary cards, including a secondary control card and/or one or more Advanced Service Engine (ASE) cards. The primary control card associates particular control messages with particular control plane process instances. Upon a line card receiving a control message that is associated with a particular control plane instance, the line card forwards the control message directly to that particular control plane instance.
摘要:
A method and apparatus for a distributed control plane. In one embodiment of the invention, a primary control card distributes control plane process instances among one or more secondary cards, including a secondary control card and/or one or more Advanced Service Engine (ASE) cards. The primary control card associates particular control messages with particular control plane process instances. Upon a line card receiving a control message that is associated with a particular control plane instance, the line card forwards the control message directly to that particular control plane instance.
摘要:
A method and apparatus for hierarchical redundancy for a distributed control plane. In one embodiment of the invention, control plane processes are distributed among a plurality of processing entities including an active primary control processing entity and multiple secondary processing entities. Each of the secondary processing entities performs a dual role; an active role and a standby role. An application redundancy manager (ARM) instantiated on the active primary control processing entity manages the redundancy services for the secondary processing entities. For each secondary processing entity, the ARM selects one of the secondary processing entities to act as a backup for another one of the secondary processing entities. Upon a failure of one of the secondary processing entities, the ARM causes the secondary processing entity backing up the failed secondary processing entity to transition its standby role to an active role regarding the services provided by the failed secondary processing entity.
摘要:
Methods and apparatus for a network element to handle LSID collisions to prevent different LSAs associated with different routes from sharing the same LSID. According to one embodiment, responsive to determining that a tentative LSID that is generated for a first route that is being added collides with an LSID that is assigned to an LSA for a second route, and that one of the first and second routes is a host route, the host route is suppressed. If the first route is the host route, suppressing includes not originating an LSA for the first route. If the second route is the host route, suppressing includes purging the LSA for the second route and not originating an LSA for the second route. Although the host route is suppressed, network reachability of the range subsuming the host route is provided through the route that is not the host route.
摘要:
A network element that acts as a hub in a hub and spoke topology is configured to limit the amount of topology and reachability information that is advertised to a set of one or more remote network elements that act as one or more spokes in the hub and spoke topology in a same routing area. The network element generates a set of one or two link state advertisements (LSAs) to advertise over an interface that connects at least one of the set of remote network elements to the network element, wherein the set of LSAs includes information that describes a connection to the set of remote network elements and one or more aggregate routes. The network element advertises, during a database exchange process with the one of the set of remote network elements, the set of LSAs to the one of the set of remote network elements.