Layer two encryption for data center interconnectivity
First Claim
1. An apparatus, comprising:
- a receive logic to receive an unencrypted layer two (L2) switched frame, where the unencrypted L2 switched frame includes a payload and an L2 header;
an encryption logic to selectively encrypt the unencrypted L2 switched frame into an encrypted frame upon determining that the unencrypted L2 switched frame is to be sent through an L2 virtual private network (L2VPN) requiring encryption; and
a delivery logic;
to add a service tag and a tunnel header to the encrypted frame, where the service tag includes data to identify a decryption function to decrypt the encrypted frame, where the tunnel header includes routing information, and where at least one of the service tag and the tunnel header are configured based, at least in part, on the encrypting performed by the encryption logic; and
to provide the encrypted frame to the L2VPN, where the providing includes selectively sending the encrypted frame as one of, a point to point packet, and a multipoint packet.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems, methods, and other embodiments associated with layer two (L2) encryption for data center interconnectivity are described. One example system includes a receive logic to receive an unencrypted L2 switched frame (UL2SF). The UL2SF may include a payload and an L2 header. The example system may also include an encryption logic to selectively encrypt the UL2SF into an encrypted frame if the UL2SF is to be sent through an L2 virtual private network (L2VPN) requiring encryption. The example system may also include a delivery logic that adds a header to the encrypted frame. The header may include data to identify a decryption function to decrypt the encrypted frame and routing information for the encrypted frame. The delivery logic may also provide the encrypted frame to the L2VPN, where the providing includes selectively sending the encrypted frame as one of, a point to point packet, and a multipoint packet.
183 Citations
23 Claims
-
1. An apparatus, comprising:
-
a receive logic to receive an unencrypted layer two (L2) switched frame, where the unencrypted L2 switched frame includes a payload and an L2 header; an encryption logic to selectively encrypt the unencrypted L2 switched frame into an encrypted frame upon determining that the unencrypted L2 switched frame is to be sent through an L2 virtual private network (L2VPN) requiring encryption; and a delivery logic; to add a service tag and a tunnel header to the encrypted frame, where the service tag includes data to identify a decryption function to decrypt the encrypted frame, where the tunnel header includes routing information, and where at least one of the service tag and the tunnel header are configured based, at least in part, on the encrypting performed by the encryption logic; and to provide the encrypted frame to the L2VPN, where the providing includes selectively sending the encrypted frame as one of, a point to point packet, and a multipoint packet. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A logic encoded in one or more tangible media for execution and when executed operable to perform a method, the method comprising:
-
receiving a layer two switched frame (L2SF) into a network switch; selectively encrypting and encapsulating the L2SF to create an encrypted and encapsulated L2SF (EEL2SF), where the L2SF is selected for encrypting based, at least in part, on whether the L2SF is to be sent through a layer two virtual private network (L2VPN), where encrypting includes encrypting a payload and a layer two (L2) header, and where adding a header tag to the encrypted L2SF creates an EEL2SF; providing the EEL2SF to the L2VPN; and selectively processing the L2SF to create a de-capsulated L2SF, where the L2SF is selected for de-capsulation based, at least in part, on information stored in a header tag of the L2SF, where de-capsulating the L2SF includes one or more of, removing the header tag from the L2SF, decrypting the L2SF into an unencrypted L2SF, and providing the de-capsulated L2SF to an L2 network. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A system, comprising:
-
means for receiving a layer two switched frame (L2SF) that includes a payload and a layer two header, where the L2SF may be one of, an encrypted and encapsulated L2SF (EEL2SF), and an unencrypted L2SF (UL2SF); means for selectively encrypting and encapsulating an UL2SF into an EEL2SF, where the UL2SF is selected for encrypting based, at least in part, on whether the UL2SF is to be sent through a layer two virtual private network (L2VPN), including means for adding a service tag and a tunnel header to the UL2SF, where the service tag includes data to identify a decryption function to decrypt the EEL2SF, and where the tunnel header includes routing information; and means for selectively processing an EEL2SF to create a de-capsulated L2SF (DL2SF), where the EEL2SF is selected for de-capsulation based, at least in part, on information stored in the service tag of the EEL2SF, where de-capsulating the EEL2SF includes one or more of, removing the service tag and the tunnel header from the EEL2SF, decrypting the EEL2SF into an UL2SF, and providing the DL2SF to a layer two network.
-
Specification