×

Secure path selection within computer networks

  • US 9,762,537 B1
  • Filed: 10/14/2008
  • Issued: 09/12/2017
  • Est. Priority Date: 10/14/2008
  • Status: Expired due to Fees
First Claim
Patent Images

1. A method comprising:

  • issuing, with a first router included within a network and in accordance with an inspection protocol, a communication to a network security device coupled to the first router requesting security information that describes at least one security service provided by the network security device, wherein the at least one security service comprises at least one of a firewall service, an anti-virus service, and an intrusion detection and prevention service;

    in response to the communication and in accordance with the inspection protocol, receiving, with the first router, a response communication that includes the security information from the network security device;

    generating, with the first router and in accordance with a routing protocol, a message that includes the security information;

    forwarding, with the first router and in accordance with the routing protocol, the message to at least a second router that is different from the first router;

    receiving, with a second router included within the network, the message including the security information;

    based on both topology information describing the network and the received security information, performing path selection with the second router to determine a path through the network that includes the first router so that the first router coupled to the network security device is positioned along the path between the second router and the destination, wherein the path includes a plurality of next hops from the second router to a destination, and wherein the network security device is not in the forwarding path for network traffic forwarded along the path; and

    forwarding, with the second router, at least a portion of the network traffic along the determined path to the first router along the path;

    redirecting, with the first router, at least the portion of the network traffic to the network security device to apply the at least one security service;

    receiving, with the first router and from the network security device, at least the portion of the network traffic remaining after applying the at least one security service; and

    forwarding, with the first router, at least the portion of the network traffic remaining after applying the at least one security service along the path to the destination.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×