Method and system for including security information with a packet
0 Assignments
0 Petitions
Accused Products
Abstract
A method and system for including security information with a packet is disclosed. A packet is detected as it exits a first network and enters a second network. The first network is configured to support a network security technique, and the second network is not configured to support the network security technique. Network security information associated with the network security technique is included with the packet. A network device is configured to include network security information in overhead of a packet. A method for identifying a first network device in a network is also disclosed. Identification information of the first network is communicated to a second network device.
-
Citations
116 Claims
-
1-56. -56. (canceled)
-
57. A method comprising:
-
detecting a packet exiting a first network and entering a second network, wherein the first network is configured to support a network security technique, and the second network is not configured to support the network security technique;
determining whether the packet will traverse a network node capable of processing packet security information; and
forwarding the packet, wherein the forwarding the packet is performed regardless of whether the packet will traverse the network node capable of processing packet security information. - View Dependent Claims (58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71)
-
-
72. An apparatus comprising:
-
means for detecting a packet exiting a first network and entering a second network, wherein the first network is configured to support a network security technique, and the second network is not configured to support the network security technique;
means for determining whether the packet will traverse a network node capable of processing packet security information; and
means for forwarding the packet, wherein the forwarding the packet is performed regardless of whether the packet will traverse the network node capable of processing packet security information. - View Dependent Claims (73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86)
-
-
87. A computer program product comprising:
-
a first set of instructions, executable on a computer system, configured to detect a packet exiting a first network and entering a second network, wherein the first network is configured to support a network security technique, and the second network is not configured to support the network security technique;
a second set of instructions, executable on the computer system, configured to determine whether the packet will traverse a network node capable of processing packet security information;
a third set of instructions, executable on the computer system, configured to forward the packet, wherein the third set of instructions is configured to forward the packet regardless of whether the packet will traverse the network node capable of processing packet security information; and
computer readable media, wherein the computer program product is encoded in the computer readable media. - View Dependent Claims (88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101)
-
-
102. A method comprising:
-
generating identification information, wherein the identification information identifies a first network device in a network; and
communicating the identification information to a second network device in the network, wherein the identification information is associated with the first network device, the first and second network devices are each capable of performing packet security processing, and a third network device within the network is incapable of performing packet security processing. - View Dependent Claims (103, 104, 105, 106)
-
-
107. An apparatus comprising:
-
means for generating identification information, wherein the identification information identifies a first network device in a network; and
means for communicating the identification information to a second network device in the network, wherein the identification information is associated with the first network device, the first and second network devices are each capable of performing packet security processing, and a third network device within the network is incapable of performing packet security processing. - View Dependent Claims (108, 109, 110, 111)
-
-
112. A computer program product comprising:
-
a first set of instructions, executable on a computer system, configured to generate identification information, wherein the identification information identifies a first network device in a network;
a second set of instructions, executable on the computer system, configured to communicate the identification information to a second network device in the network, wherein the identification information is associated with the first network device, the first and second network devices are each capable of performing packet security processing, and a third network device within the network is incapable of performing packet security processing; and
computer readable media, wherein the computer program product is encoded in the computer readable media.
-
-
113. The computer program product of claim 1112, further comprising:
-
a third set of instructions, executable on the computer system, configured to include the identification information in an identification information list; and
a fourth set of instructions, executable on the computer system, configured to store the identification information list at a network management station.
-
-
114. The computer program product of claim 1113, wherein
the identification information is a destination prefix.
Specification