Ethernet encryption over resilient virtual private LAN services
First Claim
1. A method for operating on an Ethernet data packet to provide an enterprise networking environment over a service provider network, comprising the steps of:
- encrypting the Ethernet data packet according to an Ethernet encryption protocol to form an encrypted Ethernet data packet;
applying a security association policy to the encrypted Ethernet data packet;
applying an MPLS protocol to the encrypted Ethernet data packet to provide a Virtual Private LAN Network (VPLS) service to the enterprise;
forwarding the encrypted Ethernet data packet according to MAC learning and aging functions provided by the VPLS service;
wherein encrypting the Ethernet data packet and applying the security association policy are performed by a Policy Enforcement Point (PEP); and
wherein applying the MPLS protocol and forwarding the encrypted Ethernet data packet are performed by a provider edge router.
8 Assignments
0 Petitions
Accused Products
Abstract
Encryption of Ethernet/IEEE 802.3 packet data units (PDUs) at the edge of the enterprise network, in such a way as to support resilient Virtual Private LAN Services (VPLS) network designs. The Ethernet traffic is securely tunneled within encrypted Ethernet tunnels from the edge to the edge of the enterprise network. The encrypted Ethernet traffic is also tunneled within Multi-Protocol Layer Switching (MPLS) tunnels from the edge to the edge of the service provider network. The enterprise network thus manages its own Ethernet site-to-site Virtual Private Network (VPN). The service provider thus independently manages its own MPLS network. The result provides a VPLS or Layer 2 MPLS VPN to the enterprise; the enterprise Ethernet encrypted network can thus be considered as an overlay to the MPLS service provider network.
-
Citations
20 Claims
-
1. A method for operating on an Ethernet data packet to provide an enterprise networking environment over a service provider network, comprising the steps of:
-
encrypting the Ethernet data packet according to an Ethernet encryption protocol to form an encrypted Ethernet data packet; applying a security association policy to the encrypted Ethernet data packet; applying an MPLS protocol to the encrypted Ethernet data packet to provide a Virtual Private LAN Network (VPLS) service to the enterprise; forwarding the encrypted Ethernet data packet according to MAC learning and aging functions provided by the VPLS service; wherein encrypting the Ethernet data packet and applying the security association policy are performed by a Policy Enforcement Point (PEP); and wherein applying the MPLS protocol and forwarding the encrypted Ethernet data packet are performed by a provider edge router. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for operating on an Ethernet data packet to provide an enterprise networking environment over a service provider network, the system comprising:
-
a customer edge (CE) router, located within the enterprise network, configured to provide the Ethernet data packet; a Policy Enforcement Point (PEP) communicatively coupled to the CE router, the PEP configured to; encrypt the Ethernet data packet according to an Ethernet encryption protocol to form an encrypted Ethernet data packet; and apply a security association policy to the encrypted Ethernet data packet; a provider edge router communicatively coupled to the PEP and located within the service provider network, the provider edge router configured to; apply an MPLS protocol to the encrypted Ethernet data packet having a security association policy to provide a Virtual Private LAN Network (VPLS) service to the enterprise; and forward the data packet according to MAC learning and aging functions provided by the VPLS service. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification