Tunnel interface for securing traffic over a network
First Claim
1. A method of delivering security services, comprising:
- establishing a first routing node within a first processing system;
establishing a second routing node within a second processing system;
establishing a first internet protocol (IP) connection communications path between the first processing system and the second processing system that includes the first routing node and the second routing node;
receiving a plurality of data packets into the first routing node;
encrypting all of the received packets, without regard to any indication in the received packets, to form encrypted packets;
sending the encrypted packets from the first routing node to the second routing node;
receiving the encrypted packets into the second routing node;
decrypting all of the received encrypted packets, without regard to any indication in the received encrypted packets, to form decrypted packets; and
sending the decrypted packets from the second routing node to a destination in the second processing system.
2 Assignments
0 Petitions
Accused Products
Abstract
A flexible, scalable hardware and software platform that allows a service provider to easily provide internet services, virtual private network services, firewall services, etc., to a plurality of customers. One aspect provides a method and system for delivering security services. This includes connecting a plurality of processors in a ring configuration within a first processing system, establishing a secure connection between the processors in the ring configuration across an internet protocol (IP) connection to a second processing system to form a tunnel, and providing both router services and host services for a customer using the plurality of processors in the ring configuration and using the second processing system. A secure communications tunnel is formed by routing all packets for the tunnel through an encrypting router at the sending end to obtain encrypted packets, and routing the encrypted packets through a decrypting router at the receiving end of an IP connection.
286 Citations
19 Claims
-
1. A method of delivering security services, comprising:
-
establishing a first routing node within a first processing system;
establishing a second routing node within a second processing system;
establishing a first internet protocol (IP) connection communications path between the first processing system and the second processing system that includes the first routing node and the second routing node;
receiving a plurality of data packets into the first routing node;
encrypting all of the received packets, without regard to any indication in the received packets, to form encrypted packets;
sending the encrypted packets from the first routing node to the second routing node;
receiving the encrypted packets into the second routing node;
decrypting all of the received encrypted packets, without regard to any indication in the received encrypted packets, to form decrypted packets; and
sending the decrypted packets from the second routing node to a destination in the second processing system. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system of delivering security services, comprising:
-
a first processing system;
a second processing system; and
means for establishing a secure connection between the processors across an internet protocol (IP) connection to a second processing system to form a tunnel, wherein the secure connection encrypts all packets going into the tunnel and decrypts all packets coming from the tunnel. - View Dependent Claims (8, 9, 10, 11, 13, 14, 15, 16, 17, 18, 19)
-
-
12. A system of delivering security services, comprising:
-
a first processing system;
a second processing system;
a first routing node within the first processing system; and
a second routing node within the second processing system;
wherein the first routing node encrypts all packets routed to it and forwards encrypted packets to the second routing node, and the second routing node decrypts the encrypted packets sent from the first routing node and sends the decrypted packets from the second routing node to a destination in the second processing system.
-
Specification