Self-configuring method and apparatus for providing secure communication between members of a group
First Claim
1. A method of securing communication between at least two members of a group, wherein each member is an autonomous system comprising one or more network devices, the method including the steps of:
- for a first communication between a first subset of members,forwarding, to at least one member of the group, a group security association corresponding to the group;
receiving, from the at least one member of the group, route information enabling communication with each of the one or more network devices of the autonomous system corresponding to the member, the route information identifying a border router that should be used as the next hop to the at least one member of the group;
identifying at least one other member of the group; and
reflecting the route information received from the at least one member of the group to the at least one other member of the group, including the step of securing the route information using the group security association, andfor a second communication between a second subset of members,securing route information using the same group security association used for the first communication between the first subset of members.
23 Assignments
0 Petitions
Accused Products
Abstract
Each member of a group registers with the Security/Routing (S/R) device 30 and receives a Group Security Association (GSA) associated with the group. The member may register as part of a group by identifying the group and the other members. Alternatively, Routing Functionality auto-discovers the other members of the group. AS members are identified, Routing functionality reflects the routes of all members in the group to all other members of the group. The forwarding of the routes to the respective group members may be secured via the GSA associated with the group. Each member can forward communication directly to the group members, securing the communication using the group SA and standard tunneling techniques (such as IPsec, GRE, MPLS, etc.). Thus the S/R provides a mechanism for private networks to be built on top of an existing network without modification of any existing network components and much more scalable in operation and configuration than individual IP sec tunnels.
-
Citations
12 Claims
-
1. A method of securing communication between at least two members of a group, wherein each member is an autonomous system comprising one or more network devices, the method including the steps of:
-
for a first communication between a first subset of members, forwarding, to at least one member of the group, a group security association corresponding to the group; receiving, from the at least one member of the group, route information enabling communication with each of the one or more network devices of the autonomous system corresponding to the member, the route information identifying a border router that should be used as the next hop to the at least one member of the group; identifying at least one other member of the group; and reflecting the route information received from the at least one member of the group to the at least one other member of the group, including the step of securing the route information using the group security association, and for a second communication between a second subset of members, securing route information using the same group security association used for the first communication between the first subset of members. - View Dependent Claims (2, 3, 4, 5)
-
-
6. Apparatus for providing secure communications between at least two members of a group over a backbone network comprising:
a network device including; security association logic for forwarding a group security association of the group to the at least two members of the group for a first communication between a first subset of members; route reflection logic for identifying at least one of the at least two members of the group, receiving routing information for the at least one of the two members of the group, the route information identifying a border router that should be used as the next hop to the at least one member of the group, securing the routing information for the at least one of the two members of the group using the group security association and for forwarding the secured routing information to another one of the at least two members of the group; and the security association logic and router reflection logic performing the same functions for a second communication between a second subset of members, including using the same group security association. - View Dependent Claims (7, 8)
-
9. A method for communicating securely by one member of a group of network devices with at least one other member of the group of network devices over a network backbone including the steps of:
-
for a first communication between a first subset of members, receiving, at the one member, a group security association corresponding to the group; and forwarding, by the one member to the at least one other member of the group, routing information for the one member, the route information identifying a border router that should be used as the next hop to the one member of the group, the routing information being secured using the group security association of the group, and for a second communication between a second subset of members, the one member using the same group security association used for the first communication between the first subset of members. - View Dependent Claims (10, 11, 12)
-
Specification