Firewall authentication of controller-generated internet control message protocol (ICMP) echo requests
First Claim
Patent Images
1. A method implemented by a network firewall connected to a first network node, the method comprising:
- obtaining, by the network firewall from a network controller, a first network test session authentication token for a network test;
receiving, by the network firewall, an Internet Control Message Protocol (ICMP) echo request message from a second network node for performing the network test on the first network node, the ICMP echo request message being an extended ICMP echo request packet comprising;
a data format version number field indicating a version number for the extended ICMP echo request packet;
a type of request field indicating a type of information requested by the extended ICMP echo request packet; and
a firewall authentication token field identifying a firewall authentication token for the network test, and comprising a second network test session authentication token;
comparing, by the network firewall, the second network test session authentication token to the first network test session authentication token;
authenticating, by the network firewall, the ICMP echo request message in response to the second network test session authentication token in the ICMP echo request message matching the first network test session authentication token; and
forwarding, by the network firewall, the ICMP echo request message to the first network node to grant the network test on the first network node.
1 Assignment
0 Petitions
Accused Products
Abstract
A method implemented by a network firewall, comprising obtaining a first authentication token for a network test, receiving a test request message for performing the network test on a network element (NE) connected to the network firewall, authenticating the test request message by determining whether the test request message includes a second authentication token that matches the first authentication token, and granting the network test on the NE when the second authentication token matches the first authentication token.
62 Citations
21 Claims
-
1. A method implemented by a network firewall connected to a first network node, the method comprising:
-
obtaining, by the network firewall from a network controller, a first network test session authentication token for a network test; receiving, by the network firewall, an Internet Control Message Protocol (ICMP) echo request message from a second network node for performing the network test on the first network node, the ICMP echo request message being an extended ICMP echo request packet comprising; a data format version number field indicating a version number for the extended ICMP echo request packet; a type of request field indicating a type of information requested by the extended ICMP echo request packet; and a firewall authentication token field identifying a firewall authentication token for the network test, and comprising a second network test session authentication token; comparing, by the network firewall, the second network test session authentication token to the first network test session authentication token; authenticating, by the network firewall, the ICMP echo request message in response to the second network test session authentication token in the ICMP echo request message matching the first network test session authentication token; and forwarding, by the network firewall, the ICMP echo request message to the first network node to grant the network test on the first network node. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 21)
-
-
10. A method implemented by a network management entity, the method comprising:
-
exchanging, by the network management entity, a first network test session authentication token with a network firewall for authenticating an Internet Control Message Protocol (ICMP) echo request message; generating, by the network management entity, the ICMP echo request message for performing a network test on a first network node that is connected to the network firewall, the ICMP echo request message being an extended ICMP echo request packet comprising; a data format version number field indicating a version number for the extended ICMP echo request packet; a type of request field indicating a type of information requested by the extended ICMP echo request packet; and a firewall authentication token field identifying a firewall authentication token for the network test, and comprising a second network test session authentication token; sending, by the network management entity, the ICMP echo request message comprising the second network test session authentication token to the first network node via a second network node; and receiving, by the network management entity from the first network node, an ICMP echo reply message, indicating the network firewall matched the first and second network test session authentication tokens to authenticate the ICMP echo request message and grant the network test on the first network node. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A network firewall connected to a first network node, the network firewall comprising:
-
a non-transitory memory storage comprising instructions; and one or more processors in communication with the non-transitory memory storage, wherein the one or more processors execute the instructions to; obtain, from a network controller, a first network test session authentication token for a network test; receive an Internet Control Message Protocol (ICMP) echo request message from a second network node for performing the network test on the first network node, the ICMP echo request message being an extended ICMP echo request packet comprising; a data format version number field indicating a version number for the extended ICMP echo request packet; a type of request field indicating a type of information requested by the extended ICMP echo request packet; and a firewall authentication token field identifying a firewall authentication token for the network test, and comprising a second network test session authentication token; compare the second network test session authentication token to the first network test session authentication token; authenticate the ICMP echo request message in response to the second network test session authentication token in the ICMP echo request message matching the first network test session authentication token; and forward the ICMP echo request message to the first network node to grant the network test on the first network node. - View Dependent Claims (17, 18, 19, 20)
-
Specification