METHOD AND SYSTEM FOR TUNNELING MACSEC PACKETS THROUGH NON-MACSEC NODES

US 20080123652A1
Filed: 03/13/2007
Published: 05/29/2008
Est. Priority Date: 11/29/2006
Status: Active Grant

First Claim

Patent Images

1. A method for computer networking the method comprising:

determining whether a destination of a MACSec packet requires traversing one or more non-MACSec enabled network nodes; and

inserting, based on said determination, additional header information in said MACSec packet to allow said MACSec packet to be identified when said MACSec packet traverses said one or more non-MACSec enabled nodes.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Aspects of a method and system for tunneling MACSec packets through non-MACSec-enabled nodes are provided. In this regard, aspects of the invention may be utilized for transmitting MACSec Ethernet packets over MACSec and/or non-MACSec-enabled network nodes. In one embodiment of the invention, additional header information may be inserted into a MACSec packet before transmitting the MACSec packet to a non-MACSec-enabled node. Accordingly, aspects of the invention may remove the additional header information from a packet received from a non-MACSec-enabled node to distinguish the packets comprising inserted additional header information, which may comprise a distinguishing Ethertype.

40 Citations

View as Search Results

33 Claims

1. A method for computer networking the method comprising:
- determining whether a destination of a MACSec packet requires traversing one or more non-MACSec enabled network nodes; and
  
  inserting, based on said determination, additional header information in said MACSec packet to allow said MACSec packet to be identified when said MACSec packet traverses said one or more non-MACSec enabled nodes.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method according to claim 1, comprising inserting said additional header information between a source MAC address field and a SecTAG of said MACSec packet.
  - 3. The method according to claim 1, wherein said additional header information comprises one or more VLAN tags.
  - 4. The method according to claim 1, wherein said additional header information comprises an Ethertype field that enables identification of said MACSec packet.
  - 5. The method according to claim 1, comprising parsing said inserted additional header information in said MACSec packet.
  - 6. The method according to claim 5, comprising identifying an Ethertype associated with said parsed inserted additional header information in said MACSec packet.
  - 7. The method according to claim 6, comprising removing said inserted additional header information from between a source MAC address field and a SecTAG of said MACSec packet based on said Ethertype.
  - 8. The method according to claim 7, comprising generating one or more control bit based on said removed additional header information.
  - 9. The method according to claim 8, comprising processing said MACSec packet based on said generated one or more control bits.
  - 10. The method according to claim 1, comprising generating said additional header information inserted in said MACSec packet based on one or more control bits.
  - 11. The method according to claim 1, wherein said MACSec packet comprising said inserted additional header information is identifiable by a MACSec enabled node.

12. A machine-readable storage having stored thereon, a computer program having at least one code section for enabling computer networking, the at least one code section being executable by a machine for causing the machine to perform steps comprising:
- determining whether a destination of a MACSec packet requires traversing one or more non-MACSec enabled network nodes; and
  
  inserting, based on said determination, additional header information in said MACSec packet to allow said MACSec packet to be identified when said MACSec packet traverses said one or more non-MACSec enabled nodes.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The machine-readable storage according to claim 12, wherein said at least one code section enables insertion of said additional header information between a source MAC address field and a SecTAG of said MACSec packet.
  - 14. The machine-readable storage according to claim 12, wherein said additional header information comprises one or more VLAN tags.
  - 15. The machine-readable storage according to claim 12, wherein said additional header information comprises an Ethertype field that enables identification of said MACSec packet.
  - 16. The machine-readable storage according to claim 12, wherein said at least one code section enables parsing of said inserted additional header information in said MACSec packet.
  - 17. The machine-readable storage according to claim 16, wherein said at least one code section enables identification of an Ethertype associated with said parsed inserted additional header information in said MACSec packet.
  - 18. The machine-readable storage according to claim 17, wherein said at least one code section enables removal of said inserted additional header information from between a source MAC address field and a SecTAG of said MACSec packet based on said Ethertype.
  - 19. The machine-readable storage according to claim 18, wherein said at least one code section enables generation of one or more control bit based on said removed additional header information.
  - 20. The machine-readable storage according to claim 19, wherein said at least one code section enables processing of said MACSec packet based on said generated one or more control bits.
  - 21. The machine-readable storage according to claim 12, wherein said at least one code section enables generation of said additional header information inserted in said MACSec packet based on one or more control bits.
  - 22. The machine-readable storage according to claim 12, wherein said MACSec packet comprising said inserted additional header information is identifiable by a MACSec enabled node.

23. A system for computer networking, the system comprising:
- at least one processor that determines whether a destination of a MACSec packet requires traversing one or more non-MACSec enabled network nodes; and
  
  said at least one processor inserts, based on said determination, additional header information in said MACSec packet to allow said MACSec packet to be identified when said MACSec packet traverses said one or more non-MACSec enabled nodes.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 24. The system according to claim 23, wherein said at least one processor enables insertion of said additional header information between a source MAC address field and a SecTAG of said MACSec packet.
  - 25. The system according to claim 23, wherein said additional header information comprises one or more VLAN tags.
  - 26. The system according to claim 23, wherein said additional header information comprises an Ethertype field that enables identification of said MACSec packet.
  - 27. The system according to claim 23, wherein said at least one processor enables parsing of said inserted additional header information in said MACSec packet.
  - 28. The system according to claim 27, wherein said at least one processor enables identification of an Ethertype associated with said parsed inserted additional header information in said MACSec packet.
  - 29. The system according to claim 28, wherein said at least one processor enables removal of said inserted additional header information from between a source MAC address field and a SecTAG of said MACSec packet based on said Ethertype.
  - 30. The system according to claim 29, wherein said at least one processor enables generation of one or more control bit based on said removed additional header information.
  - 31. The system according to claim 30, wherein said at least one processor enables processing of said MACSec packet based on said generated one or more control bits.
  - 32. The system according to claim 23, wherein said at least one processor enables generation of said additional header information inserted in said MACSec packet based on one or more control bits.
  - 33. The system according to claim 23, wherein said MACSec packet comprising said inserted additional header information is identifiable by a MACSec enabled node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avago Technologies International Sales Pte Limited (Broadcom, Inc.)
Original Assignee
Broadcom Corporation (Broadcom, Inc.)
Inventors
Akyol, Bora

Granted Patent

US 7,729,276 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/392
CPC Class Codes

H04L 12/4633   Interconnection of networks...

H04L 12/465   wherein a single frame incl...

H04L 69/22   Parsing or analysis of headers

METHOD AND SYSTEM FOR TUNNELING MACSEC PACKETS THROUGH NON-MACSEC NODES

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

40 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR TUNNELING MACSEC PACKETS THROUGH NON-MACSEC NODES

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links