公开(公告)号：US11770389B2

公开(公告)日：2023-09-26

申请号：US17012235

申请日：2020-09-04

申请人： VMWARE, INC.

发明人： Sourabh Bhattacharya ,  Yong Wang ,  Awan Kumar Sharma ,  Bhargav Puvvada ,  Mayur Katke

IPC分类号： H04L9/40 ,  H04L47/125 ,  H04L9/08

CPC分类号： H04L63/1416 ,  H04L9/0891 ,  H04L47/125 ,  H04L63/029 ,  H04L63/0485 ,  H04L63/20

摘要： Certain embodiments described herein are relate to a method for dynamically rekeying a security association. The method includes establishing, by a destination tunnel endpoint (TEP), an in-bound security association with a source TEP, with a first security parameter index (SPI) value, for encrypting data packets communicated between the source TEP and the destination TEP. The method further includes rekeying, by the destination TEP, the in-bound security association, the rekeying including generating a second SPI value for replacing the first SPI value based on a trigger event relating to at least one of a real-time security score of the in-bound security association, a number of security associations assigned to a compute resource that the in-bound security resource is assigned to, an amount of load managed by the compute resource that the in-bound security resource is assigned to, and an indication received from an administrator.