Ethernet encryption over resilient virtual private LAN services
First Claim
1. A method for operating on a data packet to provide an enterprise networking environment over a service provider network, comprising the steps of:
- providing a customer edge (CE) router function, located within the enterprise network, operable for providing the data packet;
a Policy Enforcement Point (PEP) function, operable for;
applying an Ethernet encryption protocol to the data packet; and
applying a security association policy to the data packet;
a provider edge router function, located within the service provider network, operable for;
applying an MPLS protocol to the data packet to provide a Virtual Private LAN Network (VPLS) service to the enterprise; and
forwarding the data packet according to the MAC learning and aging functions provided by the VPLS service.
8 Assignments
0 Petitions
Accused Products
Abstract
Encryption of Ethernet/IEEE 802.3 packet data units (PDUs) at the edge of the enterprise network, in such a way as to support resilient Virtual Private LAN Services (VPLS) network designs. The Ethernet traffic is securely tunneled within encrypted Ethernet tunnels from the edge to the edge of the enterprise network. The encrypted Ethernet traffic is also tunneled within Multi-Protocol Layer Switching (MPLS) tunnels from the edge to the edge of the service provider network. The enterprise network thus manages its own Ethernet site-to-site Virtual Private Network (VPN). The service provider thus independently manages its own MPLS network. The result provides a VPLS or Layer 2 MPLS VPN to the enterprise; the enterprise Ethernet encrypted network can thus be considered as an overlay to the MPLS service provider network.
-
Citations
20 Claims
-
1. A method for operating on a data packet to provide an enterprise networking environment over a service provider network, comprising the steps of:
-
providing a customer edge (CE) router function, located within the enterprise network, operable for providing the data packet; a Policy Enforcement Point (PEP) function, operable for; applying an Ethernet encryption protocol to the data packet; and applying a security association policy to the data packet; a provider edge router function, located within the service provider network, operable for; applying an MPLS protocol to the data packet to provide a Virtual Private LAN Network (VPLS) service to the enterprise; and forwarding the data packet according to the MAC learning and aging functions provided by the VPLS service. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An apparatus for operating on a data packet to provide an enterprise networking environment over a service provider network, comprising:
-
a customer edge (CE) router function, located within the enterprise network, for; providing the data packet; a Policy Enforcement Point (PEP) function, for; applying an Ethernet encryption protocol to the data packet; and applying a security association policy to the data packet; a provider edge router function, located within the service provider network, for; applying an MPLS protocol to the data packet to provide a Virtual Private LAN Network (VPLS) service to the enterprise; and forwarding the data packet according to the MAC learning and aging functions provided by the VPLS service. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification