Method and system for learning network information

US 20070002768A1
Filed: 06/30/2005
Published: 01/04/2007
Est. Priority Date: 06/30/2005
Status: Active Grant

First Claim

Patent Images

1. A method for learning network information through a plurality of network devices, the plurality of network devices being configured for Internet Protocol Security (IPsec), the method comprising setting up a security association between the plurality of network devices;

and providing network information to the plurality of network devices, the network information being based on the security association, the network information comprising a plurality of sub-network routes.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for learning network information through a plurality of network devices is provided. The plurality of network devices are configured for IPsec. The method enables negotiation between the network devices to set up a security association and provide network information between the configured network devices. This network information includes a plurality of sub-network routes.

22 Citations

View as Search Results

16 Claims

1. A method for learning network information through a plurality of network devices, the plurality of network devices being configured for Internet Protocol Security (IPsec), the method comprising setting up a security association between the plurality of network devices;
- and providing network information to the plurality of network devices, the network information being based on the security association, the network information comprising a plurality of sub-network routes.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein providing network information to the plurality of network devices comprises requesting configuration information from a first endpoint of an IPsec tunnel, the request being made by a second endpoint of the IPsec tunnel, wherein the plurality of network devices form endpoints of the IPsec tunnel;
    - sending configuration information to the first endpoint, the configuration information being sent by the second endpoint;
      
      sending a list of the plurality of sub-network routes to the first endpoint; and
      
      accepting the list of the plurality of sub-network routes, the list being accepted by the first endpoint.
  - 3. The method of claim 1, wherein the network information is provided through Internet Security Association Key Management Protocol (ISAKMP) message exchanges.
  - 4. The method of claim 1, wherein setting up a security association between the plurality of network devices comprises setting up an Internet Key Exchange (IKE) security association.
  - 5. The method of claim 1, wherein setting up a security association between the plurality of network devices further comprises setting up an IPsec security association.
  - 6. The method of claim 5, wherein the IPsec security association is used for at least one of split mode and non-split mode.
  - 7. The method of claim 1 further comprising negotiating between the plurality of network devices for re-establishing the security association, if the security association has expired.

8. A method for learning network information through a plurality of network devices, the plurality of network devices being configured for Internet Protocol Security (IPsec), the method comprising setting up a security association between the plurality of network devices;
- and providing network information to the plurality of network devices, the network information being based on the security association, the network information comprising a plurality of sub-network routes, wherein the providing the network information comprises requesting configuration information from a first endpoint of an IPsec tunnel, the request being made by a second endpoint of the IPsec tunnel, wherein the plurality of network devices form endpoints of the IPsec tunnel;
  
  sending configuration information to the first endpoint, the configuration information being sent by the second endpoint;
  
  sending a list of the plurality of sub-network routes to the first endpoint; and
  
  accepting the list of the plurality of sub-network routes, the list being accepted by the first endpoint.

9. A system for learning network information through a plurality of network devices, the plurality of network devices being configured for IPsec, the system comprising a setting module for setting up a security association between the plurality of network devices;
- and a providing module for providing network information, the network information being based on the security association, the network information comprising a plurality of sub-network routes.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The system of claim 9, wherein the providing module comprises a requesting module for requesting configuration information from a first endpoint of an IPsec tunnel, the request being made by a second endpoint of the IPsec tunnel, wherein the plurality of network devices form endpoints of the IPsec tunnel;
    - a sending module for sending configuration information to the first endpoint, the configuration information being sent by the second endpoint;
      
      a listing module for sending a list of a plurality of sub-network routes to the to the first endpoint; and
      
      an accepting module for accepting the list of the plurality of sub-network acceptance of the list, the acceptance of the list being acknowledged by the first endpoint.
  - 11. The system of claim 9, wherein the setting module comprises an IKE setting module for setting up an IKE security association between the endpoints of the IPsec tunnel.
  - 12. The system of claim 9, wherein the setting module comprises an IPsec setting module for setting up an IPsec security association between the endpoints of the IPsec tunnel.
  - 13. The system of claim 9, wherein the plurality of network devices are at least one of a network routing device, a client, a server, a proxy, a host.
  - 14. The system of claim 9, wherein an IPsec interface provides inline encapsulation of network traffic.

15. A system for learning network information through a plurality of network devices, the plurality of network devices being configured for IPsec, the system comprising means for setting up a security association between the plurality of network devices;
- and means for providing network information to the plurality of network devices, the network information being based on the security association, the network information comprising a plurality of sub-network routes.

16. An apparatus for learning network information through a plurality of network devices, the plurality of network devices being configured for IPsec, the apparatus comprising a processing system including a processor coupled to a display and user input device;
- a machine-readable medium including instructions executable by the processor comprising one or more instructions for setting up a security association between the plurality of network devices; and
  
  one or more instructions for providing network information, the network information being based on the security association, the network information comprising a plurality of sub-network routes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Nandy, Kousik, Sethi, Pratima, Patil, Shashidhar, Bafna, Manikchand

Granted Patent

US 8,547,874 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/255
CPC Class Codes

H04L 41/16   using machine learning or a...

H04L 41/28   Restricting access to netwo...

H04L 63/0272   Virtual private networks

H04L 63/164   at the network layer

Method and system for learning network information

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

22 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for learning network information

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links