×

Method and apparatus for best effort propagation of security group information

  • US 8,621,596 B2
  • Filed: 01/24/2011
  • Issued: 12/31/2013
  • Est. Priority Date: 11/16/2004
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • in response to receipt of a first packet at a first network node of a network, propagating a packet from the first network node to a second network node of the network, whereinthe network comprises a plurality of network nodes,the network nodes comprise the first network node and the second network node,the first packet is received from the second network node via the network,the first packet comprisessource security group information, anda destination address,the destination address is an address of a destination of the first packet,the source security group information identifies a source security group,a source of the first packet is a member of the source security group,the packet comprisesaccess control information,the access control information comprisesthe source security group information,destination security group information, andthe destination address,the destination security group information identifies a destination security group,the destination is a member of the destination security group,the propagating is performed in response to access control processing performed on the first packet at the first network node after the first packet has been received by the first network node, andthe access control processing comprisesdetermining the destination security group information using the destination address;

    in response to receipt of the packet at the second network node, making a determination as to whether, at the second network node, the destination group identifier can be associated with the destination address;

    if the determination indicates that, at the second network node, the destination group identifier can be associated with the destination address,associating the destination group identifier with the destination address; and

    if the determination indicates that, at the second network node, the destination group identifier cannot be associated with the destination address, associating a reserved group identifier with the destination address.

View all claims
  • 0 Assignments
Timeline View
Assignment View
    ×
    ×