Method of preventing infection propagation in a dynamic multipoint virtual private network
First Claim
Patent Images
1. A method of preventing infection propagation in a Dynamic Multipoint Virtual Private Network comprising:
- receiving an indication at a hub router that a spoke router site, including a spoke router in communication with said hub router, has become infected;
sending a purge message to said spoke router, said purge message directing said spoke router to purge at least one Next Hop Resolution Protocol (NHRP) request; and
purging, by said spoke router, at least one cached entry from a database and refraining from resolving any next-hop requests from said spoke router.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, apparatus and computer program product for preventing infection propagation in a DMVPN is presented. An infected spoke router site is isolated from the DMVPN network such that the spoke router may (bi-directionally) completely or partially limit communicating with any network devices (including the hub router, any other spoke routers etc.) within the DMVPN which prevents the DMVPN melt-down, isolates a worm-infected spoke router site from the rest of the DMVPN and restricts the spread of the worm within the DMVPN network.
-
Citations
26 Claims
-
1. A method of preventing infection propagation in a Dynamic Multipoint Virtual Private Network comprising:
-
receiving an indication at a hub router that a spoke router site, including a spoke router in communication with said hub router, has become infected; sending a purge message to said spoke router, said purge message directing said spoke router to purge at least one Next Hop Resolution Protocol (NHRP) request; and purging, by said spoke router, at least one cached entry from a database and refraining from resolving any next-hop requests from said spoke router. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A hub router comprising:
-
a memory; a processor; a communications interface; an interconnection mechanism coupling the memory, the processor and the communications interface; and wherein the memory is encoded with an infection propagation prevention application that when performed on the processor, provides a process for processing information, the process causing the network device to be capable of performing the operations of; receiving an indication that a spoke router site including a spoke router in communication with said network device has become infected; and sending a purge message to said spoke router, said purge message directing said spoke router to purge at least one NextHop Resolution Request. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. A spoke router comprising:
-
a memory; a processor; a communications interface; an interconnection mechanism coupling the memory, the processor and the communications interface; and wherein the memory is encoded with an infection propagation prevention application that when performed on the processor, provides a process for processing information, the process causing the network device to be capable of performing the operations of; receiving a purge message from a hub router; and purging at least one cached entry from a database and refraining from resolving one or more next-hop. - View Dependent Claims (21, 22, 23, 24)
-
-
25. A spoke router comprising:
-
a memory; a processor; a communications interface; an interconnection mechanism coupling the memory, the processor and the communications interface; wherein the memory is encoded with a probabilistic signature generation application that when executed on the processor configures the computerized device with a means for generating a signature, the means including; means for receiving a purge message from a hub router; and means for purging at least one cached entry from a database and refraining from resolving one or more next-hop.
-
-
26. A hub router comprising:
-
a memory; a processor; a communications interface; an interconnection mechanism coupling the memory, the processor and the communications interface; wherein the memory is encoded with a probabilistic signature generation application that when executed on the processor configures the computerized device with a means for generating a signature, the means including; means for receiving an indication that a spoke router site including a spoke router in communication with said network device has become infected; and means for sending a purge message to said spoke router, said purge message directing said spoke router to purge at least one NextHop Resolution Request.
-
Specification