Network service header used to relay authenticated session information
First Claim
Patent Images
1. A method comprising:
- receiving a first packet at a service function classifier node in a service topology layer, whereinthe service function classifier node comprises a cache, andthe first packet is received from a first client node in the service topology layer;
determining that a session has not been established for the first client node;
in response to determining that a session has not been established for the first client node, forwarding the first packet to an authentication node;
authenticating the first packet at the authentication node;
subsequent to authenticating the first packet, storing authentication information in the cache of the service function classifier node, whereinthe storing is configured to allow the service function classifier node to authenticate a subsequent packet received from the first client node;
in response to authenticating the first packet, setting a value in a header of the first packet, whereinthe value indicates that the first packet is authenticated in the service topology layer; and
forwarding the first packet to a first service node in the service topology layer, wherein the first service node is configured to perform a first service function, andthe first service node uses the value in the header to authenticate the first packet prior to performing the first service function.
2 Assignments
0 Petitions
Accused Products
Abstract
In one embodiment, a system, method, and computer program product are disclosed for authenticating a packet received from a client node, storing the results of the authentication in a cache memory of a service classifier node, and including the results of the authentication in a network service header of a packet before forwarding the packet to downstream service nodes. In one embodiment, the initial authentication is performed in conjunction with an authentication node.
25 Citations
18 Claims
-
1. A method comprising:
-
receiving a first packet at a service function classifier node in a service topology layer, wherein the service function classifier node comprises a cache, and the first packet is received from a first client node in the service topology layer; determining that a session has not been established for the first client node; in response to determining that a session has not been established for the first client node, forwarding the first packet to an authentication node; authenticating the first packet at the authentication node; subsequent to authenticating the first packet, storing authentication information in the cache of the service function classifier node, wherein the storing is configured to allow the service function classifier node to authenticate a subsequent packet received from the first client node; in response to authenticating the first packet, setting a value in a header of the first packet, wherein the value indicates that the first packet is authenticated in the service topology layer; and forwarding the first packet to a first service node in the service topology layer, wherein the first service node is configured to perform a first service function, and the first service node uses the value in the header to authenticate the first packet prior to performing the first service function. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising:
a service function classifier node, wherein the service function classifier node comprises a first microprocessor, a cache, and a non-transitory computer-readable storage medium, comprising computer instructions executable by the first microprocessor, wherein the computer instructions are configured to perform a method comprising the steps of; receiving a first packet, wherein
the first packet is received from a first client node in a service topology layer,determining that a session has not been established for the first client node, in response to determining that a session has not been established for the first client node, forwarding the first packet to an authentication node, authenticating the first packet at the authentication node, subsequent to authenticating the first packet, storing authentication information in the cache of the service function classifier node, wherein
the storing is configured to allow the service function classifier node to authenticate a subsequent packet received from the first client node,in response to authenticating the first packet, setting a value in a header of the first packet, wherein
the value indicates that the first packet is authenticated in the service topology layer, andforwarding the first packet to a first service node in the service topology layer, wherein
the first service node is configured to perform a first service function,
the first service node uses the value in the header to authenticate the first packet prior to performing the first service function, and
the first service node comprises at least a second processor.- View Dependent Claims (9, 10, 11, 12, 13)
-
14. A non-transitory computer-readable storage medium comprising:
a plurality of program instructions, comprising a first set of instructions, executable on a computer system, configured to receive a first packet at a service function classifier node, wherein the service function classifier node comprises a cache, and the first packet is received from a first client node in a service topology layer, determine that a session has not been established for the first client node, and in response to determining that a session has not been established for the first client node, forward the first packet to an authentication node; a second set of instructions, executable on the computer system, configured to authenticate the first packet at the authentication node, subsequent to authenticating the first packet, storing authentication information in the cache of the service function classifier node, wherein the storing is configured to allow the service function classifier node to authenticate a subsequent packet received from the first client node; in response to authenticating the first packet, set a value in a header of the first packet, wherein the value indicates that the first packet is authenticated in the service topology layer; and a third set of instructions, executable on the computer system, configured to forward the first packet to a first service node in the service topology layer, wherein the first service node is configured to perform a first service function, and
the first service node uses the value in the header to authenticate the first packet prior to performing the first service function.- View Dependent Claims (15, 16, 17, 18)
Specification