Architecture for routing and IPSec integration
First Claim
1. A method for integrating encapsulation and encryption with packet routing, comprising:
- decrypting an encrypted packet that is included in an encapsulated packet, wherein the encapsulated packet is received over a network;
if a selector list indicates an intermediate hop for the decrypted packet, the decrypted packet is re-encrypted and included in another encapsulated packet, wherein the other encapsulated packet is routed towards an exit gateway; and
if the decrypted packet is unassociated with an intermediate hop, routing the decrypted packet towards its destination.
2 Assignments
0 Petitions
Accused Products
Abstract
The invention is directed towards routing a packet using both IPSec and common routing protocols within dynamic network topologies in a VPN. The routing of IPSec packets employs Open System Interconnection (OSI) layer three information. In one embodiment, a tree mechanism is used for looking up layer three information that may be associated with a protected subnetwork. When a packet is identified as being associated with a protected subnetwork, the packet may be encrypted and encapsulated, including the original destination and source IP address header information within another packet employing the IP Encapsulating Security Payload (ESP) protocol. New source and destination IP addresses are provided for the new packet using IP addresses associated with an entry gateway and an exit gateway to the VPN. The new packet may then be routed through the VPN using traditional routing protocols.
111 Citations
22 Claims
-
1. A method for integrating encapsulation and encryption with packet routing, comprising:
-
decrypting an encrypted packet that is included in an encapsulated packet, wherein the encapsulated packet is received over a network;
if a selector list indicates an intermediate hop for the decrypted packet, the decrypted packet is re-encrypted and included in another encapsulated packet, wherein the other encapsulated packet is routed towards an exit gateway; and
if the decrypted packet is unassociated with an intermediate hop, routing the decrypted packet towards its destination. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus that provides for integrating encapsulation and encryption with packet routing, comprising:
-
a memory for storing instructions; and
a processor for enabling actions based at least in part on the instructions, including;
decrypting an encrypted packet that is included in an encapsulated packet, wherein the encapsulated packet is received over a network;
if a selector list indicates an intermediate hop for the decrypted packet, the decrypted packet is re-encrypted and included in another encapsulated packet, wherein the other encapsulated packet is routed towards an exit gateway; and
if the decrypted packet is unassociated with an intermediate hop, routing the decrypted packet towards its destination. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A computer readable medium that includes a plurality of executable instructions, wherein the plurality of instructions enable actions to be performed, comprising:
-
decrypting an encrypted packet that is included in an encapsulated packet, wherein the encapsulated packet is received over a network;
if a selector list indicates an intermediate hop for the decrypted packet, the decrypted packet is re-encrypted and included in another encapsulated packet, wherein the other encapsulated packet is routed towards an exit gateway; and
if the decrypted packet is unassociated with an intermediate hop, routing the decrypted packet towards its destination. - View Dependent Claims (19, 20, 21)
-
-
22. An apparatus for integrating the operations of IPsec and packet routing, comprising:
-
a memory for storing a plurality of instructions; and
a processor for employing the plurality of instructions to enable actions, including;
determining if a received packet encapsulates an encrypted packet, and if so, performing actions, comprising;
decrypting the encrypted packet that is included in the encapsulated packet;
if an intermediate hop is associated with the decrypted packet, re-encrypting the decrypted packet in another encapsulated packet, wherein the other encapsulated packet is routed towards an exit gateway; and
if the decrypted packet is unassociated with an intermediate hop, routing the decrypted packet towards its destination.
-
Specification