Method and apparatus for providing network security
First Claim
Patent Images
1. An apparatus for performing network routing, the apparatus comprising:
- authentication logic configured to receive packets sent from a source agent to an endpoint of a tunnel and to determine whether a security association of a packet received corresponds to said source agent, the tunnel being configured by said source agent in accordance with a network protocol;
decision logic configured to make a routing decision for each authenticated packet at least in part without regard to contents of a payload of the packet, the routing decision being based on the security association of the authenticated packet; and
routing logic configured to select a routing destination for each authenticated packet and to route the authenticated packet to the selected routing destination, the routing destination selection being based at least partially on said routing decision.
2 Assignments
0 Petitions
Accused Products
Abstract
An apparatus and a method are provided for performing network routing. The present invention comprises authentication logic, decision logic and routing logic. The authentication logic is configured to receive packets sent from a source agent to a tunnel endpoint and to determine whether or not the security association corresponds to the source agent that configured the tunnel. The decision logic makes a routing decision that is constrained based on the security association of an authenticated. The routing logic then selects a routing destination for the authenticated packet that is based at least partially on the routing decision made by the decision.
-
Citations
30 Claims
-
1. An apparatus for performing network routing, the apparatus comprising:
-
authentication logic configured to receive packets sent from a source agent to an endpoint of a tunnel and to determine whether a security association of a packet received corresponds to said source agent, the tunnel being configured by said source agent in accordance with a network protocol; decision logic configured to make a routing decision for each authenticated packet at least in part without regard to contents of a payload of the packet, the routing decision being based on the security association of the authenticated packet; and routing logic configured to select a routing destination for each authenticated packet and to route the authenticated packet to the selected routing destination, the routing destination selection being based at least partially on said routing decision. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method for performing network routing, the method comprising:
-
authenticating received packets sent from a source agent to an endpoint of a tunnel by determining whether a security association of a received packet corresponds to the source agent that sent the packet, the tunnel being configured by said source agent in accordance with a network protocol; making a routing decision for an authenticated packet at least in part without regard to contents of a payload of the packet, the routing decision being constrained based on the security association of the authenticated packet; selecting a routing destination for a packet based at least partially on the routing decision; and routing the authenticated packet to the selected routing destination. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A computer program for performing network routing in accordance with a private network security technique, the computer program being embodied on a computer readable medium, the computer program comprising:
-
a first code segment, the first code segment authenticating received packets sent from a source agent to a tunnel endpoint to determine whether a security association of a received packet corresponds to the source agent that sent the packet, the tunnel being configured by said source in accordance with a network protocol; a second code segment, the second code segment making a routing decision for an authenticated packet at least in part without regard to contents of a payload of the packet, the routing decision being constrained based on the security association of the authenticated; and a third code segment, the third code segment selecting a routing destination for the authenticated packet based at least partially on the routing decision made by the second code segment. - View Dependent Claims (25)
-
-
26. A method for routing a packet, comprising:
-
receiving a packet at a tunnel endpoint; authenticating the packet; preserving a security association of the packet as an authentication ID; making a routing determination for routing contents of the packet by looking up the authentication ID in a table to determine a destination IP address to which the packet is to be routed. - View Dependent Claims (27, 28, 29, 30)
-
Specification