Two factor authentication of ICR transport and payload for interchassis redundancy
First Claim
1. A method in a first network device of an inter-chassis redundancy (ICR) system, the ICR system comprising the first network device communicatively coupled to a second network device of the ICR system, the method comprising:
- in response to determining to transmit an ICR message to the second network device, generating the ICR message by;
generating an application header and application data,generating a first authentication digest based on the application header and the application data, wherein the first authentication digest is used by the second network device to perform a first level authentication of the ICR message,generating a second authentication digest based on an Internet Protocol (IP) header and a common header, wherein the second authentication digest is used by the second network device to perform a second level authentication of the ICR message, andincluding the first authentication digest and the second authentication digest in the ICR message;
transmitting the ICR message that includes the first authentication digest, the second authentication digest, the application header, and the application data to the second network device;
performing, by the second network device, the first level authentication by generating a third authentication digest and comparing the third authentication digest against the first authentication digest received in the ICR message; and
if the first level authentication is successful, performing, by the second network device, the second level authentication by generating a fourth authentication digest and comparing the fourth authentication digest against the second authentication digest received in the ICR message.
1 Assignment
0 Petitions
Accused Products
Abstract
Exemplary methods for performing authentication by a first network device of an inter-chassis redundancy (ICR) system, the ICR system comprising the first network device communicatively coupled to a second network device of the ICR system, includes in response to determining to transmit an ICR message to the second network device, generating the ICR message by generating a first and second authentication digest. In one embodiment, the methods include encrypting a payload of the ICR message, and transmitting the ICR message that includes the first and second authentication digest to the second network device. In another aspect of the invention, the methods include receiving an ICR message from the second network device and performing a first level authentication of the received ICR message. The methods further include in response to determining the first level authentication is successful, performing a second level authentication of the received ICR message.
8 Citations
33 Claims
-
1. A method in a first network device of an inter-chassis redundancy (ICR) system, the ICR system comprising the first network device communicatively coupled to a second network device of the ICR system, the method comprising:
-
in response to determining to transmit an ICR message to the second network device, generating the ICR message by; generating an application header and application data, generating a first authentication digest based on the application header and the application data, wherein the first authentication digest is used by the second network device to perform a first level authentication of the ICR message, generating a second authentication digest based on an Internet Protocol (IP) header and a common header, wherein the second authentication digest is used by the second network device to perform a second level authentication of the ICR message, and including the first authentication digest and the second authentication digest in the ICR message; transmitting the ICR message that includes the first authentication digest, the second authentication digest, the application header, and the application data to the second network device; performing, by the second network device, the first level authentication by generating a third authentication digest and comparing the third authentication digest against the first authentication digest received in the ICR message; and if the first level authentication is successful, performing, by the second network device, the second level authentication by generating a fourth authentication digest and comparing the fourth authentication digest against the second authentication digest received in the ICR message. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A first network device of an inter-chassis redundancy (ICR) system, the ICR system comprising the first network device communicatively coupled to a second network device of the ICR system, the first network device comprising:
-
a set of one or more processors; and a non-transitory machine-readable storage medium containing instructions, which when executed by the set of one or more processors, cause the first network device to; in response to determining to transmit an ICR message to the second network device; generate an application header and application data, generate a first authentication digest based on the application header and the application data, wherein the first authentication digest is used by the second network device to perform a first level authentication of the ICR message, generate a second authentication digest based on an Internet Protocol (IP) header and a common header, wherein the second authentication digest is used by the second network device to perform a second level authentication of the ICR message, and include the first authentication digest and the second authentication digest in the ICR message; and transmit the ICR message that includes the first authentication digest, the second authentication digest, the application header, and the application data to the second network device, wherein the second network device performs the first level authentication by generating a third authentication digest and comparing the third authentication digest against the first authentication digest received in the ICR message, and if the first level authentication is successful, the second network device performs the second level authentication by generating a fourth authentication digest and comparing the fourth authentication digest against the second authentication digest received in the ICR message. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A non-transitory computer-readable medium having computer instructions stored therein, which when executed by a processor of a first network device of an inter-chassis redundancy (ICR) system, the ICR system comprising the first network device communicatively coupled to a second network device of the ICR system, cause the processor to perform operations comprising:
-
in response to determining to transmit an ICR message to the second network device, generating the ICR message by; generating an application header and application data, generating a first authentication digest based on the application header and the application data, wherein the first authentication digest is used by the second network device to perform a first level authentication of the ICR message, generating a second authentication digest based on an Internet Protocol (IP) header and a common header, wherein the second authentication digest is used by the second network device to perform a second level authentication of the ICR message, and including the first authentication digest and the second authentication digest in the ICR message; transmitting the ICR message that includes the first authentication digest, the second authentication digest, the application header, and the application data to the second network device; performing, by the second network device, the first level authentication by generating a third authentication digest and comparing the third authentication digest against the first authentication digest received in the ICR message; and if the first level authentication is successful, performing, by the second network device, the second level authentication by generating a fourth authentication digest and comparing the fourth authentication digest against the second authentication digest received in the ICR message. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A method in a first network device of an inter-chassis redundancy (ICR) system, the ICR system comprising the first network device communicatively coupled to a second network device of the ICR system, the method comprising:
-
receiving an ICR message from the second network device; performing a first level authentication of the received ICR message based on a first authentication digest included in the received ICR message, wherein the first level authentication uses an Internet Protocol (IP) header included in the received ICR message and a common header included in the received ICR message; in response to determining the first level authentication is successful, performing a second level authentication of the received ICR message based on a second authentication digest included in the received ICR message, wherein the second level authentication uses an application header included in the received ICR message and application data in the received ICR message; in response to determining the first level authentication is successful, processing the ICR message based on the application header and application data in the ICR message; wherein performing the first level authentication comprises generating a third authentication digest and comparing the third authentication digest against the first authentication digest received in the ICR message; and wherein performing the second level authentication comprises generating a fourth authentication digest and comparing the fourth authentication digest against the second authentication digest received in the ICR message. - View Dependent Claims (20, 21, 22, 23)
-
-
24. A first network device of an inter-chassis redundancy (ICR) system, the ICR system comprising the first network device communicatively coupled to a second network device of the ICR system, the first network device comprising:
-
a set of one or more processors; and a non-transitory machine-readable storage medium containing instructions, which when executed by the set of one or more processors, cause the first network device to receive an ICR message from the second network device; perform a first level authentication of the received ICR message based on a first authentication digest included in the received ICR message, wherein the first level authentication uses an Internet Protocol (IP) header included in the received ICR message and a common header included in the received ICR message; in response to determining the first level authentication is successful, perform a second level authentication of the received ICR message based on a second authentication digest included in the received ICR message, wherein the second level authentication uses an application header included in the received ICR message and application data in the received ICR message; in response to determining the first level authentication is successful, processing the ICR message based on the application header and application data in the ICR message; wherein performing the first level authentication comprises generating a third authentication digest and comparing the third authentication digest against the first authentication digest received in the ICR message; and wherein performing the second level authentication comprises generating a fourth authentication digest and comparing the fourth authentication digest against the second authentication digest received in the ICR message. - View Dependent Claims (25, 26, 27, 28)
-
-
29. A non-transitory computer-readable medium having computer instructions stored therein, which when executed by a processor of a first network device of an inter-chassis redundancy (ICR) system, the ICR system comprising the first network device communicatively coupled to a second network device of the ICR system, cause the processor to perform operations comprising:
-
receiving an ICR message from the second network device; performing a first level authentication of the received ICR message based on a first authentication digest included in the received ICR message, wherein the first level authentication uses an Internet Protocol (IP) header included in the received ICR message and a common header included in the received ICR message; in response to determining the first level authentication is successful, performing a second level authentication of the received ICR message based on a second authentication digest included in the received ICR message, wherein the second level authentication uses an application header included in the received ICR message and application data in the received ICR message; and in response to determining the first level authentication is successful, processing the ICR message based on the application header and application data in the ICR message; wherein performing the first level authentication comprises generating a third authentication digest and comparing the third authentication digest against the first authentication digest received in the ICR message; and wherein performing the second level authentication comprises generating a fourth authentication digest and comparing the fourth authentication digest against the second authentication digest received in the ICR message. - View Dependent Claims (30, 31, 32, 33)
-
Specification