×

Method and apparatus for best effort propagation of security group information

  • US 9,407,604 B2
  • Filed: 12/30/2013
  • Issued: 08/02/2016
  • Est. Priority Date: 11/16/2004
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • request authentication of an entity requesting entry into a network, wherein the network comprises a plurality of network nodes;

    receiving an authentication message, wherein the authentication message indicates authentication of the entity; and

    in response to receipt of the authentication message,determining a security group identifier, whereinthe determining is performed at a first network node,the determining is based on a destination address of the first network node,the security group identifier identifies a destination security group, andthe entity is a member of the destination security group, andpropagating the security group identifier towards a host, whereinthe host is a member of a source security group,the security group identifier comprises information that facilitates a determination by a second network node of whether traffic is permitted between members of the source security group and members of the destination security group,the determination comprises performing a lookup using both the source security group and the security group identifier,the second network node is nearer to the host than is the first network node,the propagating comprises sending the security group identifier from the first network node to the second network node, andthe plurality of network nodes comprises the first network node and the second network node.

View all claims
  • 0 Assignments
Timeline View
Assignment View
    ×
    ×