Authentication for software defined networks
First Claim
Patent Images
1. A method comprising:
- programming, by a controller device for a software defined network (SDN), interconnected network devices forming the SDN to identify and forward packets to the controller device when the packets include credentials from client devices in accordance with a public key infrastructure (PKI)-based authentication protocol;
receiving, by the controller device, a packet including credentials from one of the client devices in accordance with the PKI-based authentication protocol via one of the network devices forming the SDN;
determining, by the controller device, one or more policies that are applicable to the one of the client devices based on the received credentials; and
programming, by the controller device, one or more of the network devices of the SDN to enforce the determined policies on a per-packet-flow basis for packet flows including the one of the client devices.
2 Assignments
0 Petitions
Accused Products
Abstract
In one example, a controller device for a software defined network (SDN) includes one or more network interfaces configured to communicate with network devices of the SDN, and one or more processors configured to receive credentials from a client device in accordance with a public key infrastructure (PKI)-based authentication protocol, determine one or more policies that are applicable to the client device based on the received credentials, and program network devices of the SDN to enforce the determined policies on a per-packet-flow basis for packet flows including the client device.
-
Citations
19 Claims
-
1. A method comprising:
-
programming, by a controller device for a software defined network (SDN), interconnected network devices forming the SDN to identify and forward packets to the controller device when the packets include credentials from client devices in accordance with a public key infrastructure (PKI)-based authentication protocol; receiving, by the controller device, a packet including credentials from one of the client devices in accordance with the PKI-based authentication protocol via one of the network devices forming the SDN; determining, by the controller device, one or more policies that are applicable to the one of the client devices based on the received credentials; and programming, by the controller device, one or more of the network devices of the SDN to enforce the determined policies on a per-packet-flow basis for packet flows including the one of the client devices. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A controller device for a software defined network (SDN), the controller device comprising:
-
one or more network interfaces configured to communicate with interconnected network devices forming the SDN; and one or more processors configured to program the network devices forming the SDN to identify and forward packets to the controller device when the packets include credentials from client devices in accordance with a public key infrastructure (PKI)-based authentication protocol, receive a packet including credentials from one of the client devices in accordance with the PKI-based authentication protocol via one of the network devices forming the SDN, determine one or more policies that are applicable to the one of the client devices based on the received credentials, and program one or more of the network devices of the SDN to enforce the determined policies on a per-packet-flow basis for packet flows including the one of the client devices. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A non-transitory computer-readable storage medium having stored thereon instructions that, when executed, cause a processor of a controller device for a software defined network (SDN) to:
-
program interconnected network devices forming the SDN to identify and forward packets to the controller device when the packets include credentials from client devices in accordance with a public key infrastructure (PKI)-based authentication protocol; receive a packet including credentials from one of the client devices in accordance with the PKI-based authentication protocol via one of the network devices forming the SDN; determine one or more policies that are applicable to the one of the client devices based on the received credentials; and program network devices of the SDN to enforce the determined policies on a per-packet-flow basis for packet flows including the one of the client devices. - View Dependent Claims (15, 16, 17, 18, 19)
-
Specification