System for SSL re-encryption after load balance
1 Assignment
0 Petitions
Accused Products
Abstract
A data center provides secure handling of HTTPS traffic using backend SSL decryption and encryption in combination with a load balancer such as a content switch. The load balancer detects HTTPS traffic and redirects it to an SSL offloading device for decryption and return to the load balancer. The load balancer then uses the clear text traffic for load balancing purposes before it redirects the traffic back to the SSL offloading device for re-encryption. Thereafter, the re-encrypted traffic is sent to the destination servers in the data center. In one embodiment, the combination with the back-end SSL with an intrusion detection system improves security by performing intrusion detection on the decrypted HTTPS traffic.
96 Citations
52 Claims
-
1. (canceled)
-
2. (canceled)
-
3. (canceled)
-
4. (canceled)
-
5. (canceled)
-
6. (canceled)
-
7. (canceled)
-
8. (canceled)
-
9. (canceled)
-
10. (canceled)
-
11. (canceled)
-
12. (canceled)
-
13. (canceled)
-
14. (canceled)
-
15. (canceled)
-
16. (canceled)
-
17. (canceled)
-
18. (canceled)
-
19. (canceled)
-
20. (canceled)
-
21. (canceled)
-
22. (canceled)
-
23. (canceled)
-
24. (canceled)
-
25. (canceled)
-
26. (canceled)
-
27. (canceled)
-
28. (canceled)
-
29. (canceled)
-
30. A network device that performs a method comprising:
-
receiving SSL encrypted traffic;
transferring said SSL encrypted traffic to an SSL offload device receiving form said SSL offload device clear text traffic that has been generated by decrypting the SSL encrypted traffic;
determining a destination server for the clear text traffic;
forwarding said clear text traffic to said SSL offload device for re-encryption; and
routing said encrypted traffic to said destination server. - View Dependent Claims (31, 32, 33, 34, 35, 37)
-
-
36. The method of claim 36 wherein said traffic is encrypted using Secure Socket Layer (SSL) encryption.
-
38. A network device that performs a method comprising:
-
receiving SSL encrypted traffic from a load balancer;
performing network based decryption on said SSL encrypted traffic to obtain clear text traffic;
forwarding said clear text traffic to said load balancer;
receiving form said load balancer clear text traffic that has been modified to specify one of a plurality of destination servers; and
performing network based encryption of said modified clear text traffic. - View Dependent Claims (39, 40, 41, 42, 43, 44)
-
-
45. A method for handling encrypted data in a data center comprising:
-
advertising a host route to a load balancer;
routing a request for a destination IP address to said load balancer;
recognizing said request comprises a HTTPS request; and
redirecting the HTTPS request to a destination MAC address corresponding to an SSL device by specifying no nat server to preserve the destination IP address and to rewrite only the destination MAC address. - View Dependent Claims (46, 47, 48, 49, 50)
-
- 51. A data center comprising a load balancer that specifies nat server source-mac to rewrite the destination IP address to the servers'"'"' address and to rewrite the destination MAC address to an SSL offload device MAC address and to send traffic back to the VLAN where the SSL offloader is attached for encryption after the load balancing decision.
Specification