Efficient Use of IPSEC Tunnels in Multi-Path Environment

US 20170034213A1
Filed: 07/28/2015
Published: 02/02/2017
Est. Priority Date: 07/28/2015
Status: Active Grant

First Claim

Patent Images

1. A system for securing network traffic over one or more connections to a computing device, the system comprising:

an IPsec encoder configured to obtain a datagram and encode a datagram, wherein the IPsec encoder includes at least one IPsec security association that is associated with a computing entity;

a packet analyzer configured to associate a first set of metadata with the encoded datagram; and

a gateway to transmit the encoded datagram using one of a plurality of connections to the computing device.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method is provided for securing network traffic across a plurality of connections to a computing device without requiring each connection to have its own security association. The system can include an IPsec encoder configured to obtain a datagram and encode a datagram, wherein the IPsec encoder includes a security association that is associated with a computing entity, a packet analyzer configured to associate metadata with the encoded datagram, and a gateway to transmit the encoded datagram using one of the plurality of connections to the computing device.

Citations

20 Claims

1. A system for securing network traffic over one or more connections to a computing device, the system comprising:
- an IPsec encoder configured to obtain a datagram and encode a datagram, wherein the IPsec encoder includes at least one IPsec security association that is associated with a computing entity;
  
  a packet analyzer configured to associate a first set of metadata with the encoded datagram; and
  
  a gateway to transmit the encoded datagram using one of a plurality of connections to the computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, further comprising:
    - a classifier configured to associate a second set of metadata with the datagram based on attributes of the datagram.
  - 3. The system of claim 2, further comprising:
    - a packet router configured to select one of the plurality of connections based at least on the second set of metadata associated with the datagram.
  - 4. The system of claim 3, further comprising:
    - a link evaluator configured to evaluate the plurality of connections; and
      
      the packet router further configured to route the encoded datagram based at least on one of the first set of associated metadata and the second set of associated metadata, and the evaluation of the plurality of connections.
  - 5. The system of claim 1, wherein the first set of metadata associated with the encoded datagram includes at least one of a timestamp or a sequence number.
  - 6. The system of claim 1, wherein the computing device is configured to:
    - receive one or more encoded datagrams;
      
      organize the one or more encoded datagrams partially based on the first set of metadata; and
      
      decode the one or more encoded datagrams using at least a security association that is associated with the computing entity.
  - 7. The system of claim 1, wherein the computing device includes the computing entity.
  - 8. The system of claim 1, wherein the computing device is communicatively coupled to the computing entity.

9. A method for securing network traffic over one or more connections to a computing device, the method being performed by one or more processors and comprising:
- obtaining a datagram;
  
  encoding the datagram using an encoding consistent with IPsec wherein at least one IPsec security association is associated with a first computing entity;
  
  associating metadata with the encoded datagram; and
  
  transmitting the encoded datagram across one of a plurality of connections to the computing device.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The method of claim 9, further comprising:
    - associating a second set of metadata with the datagram based on attributes of the datagram.
  - 11. The method of claim 10, further comprising:
    - selecting one of the plurality of connections based at least on the second set of metadata associated with the datagram.
  - 12. The method of claim 11, further comprising:
    - evaluating the plurality of connections; and
      
      routing the encoded datagram based at least on one of the first set of metadata and the second set of metadata and the evaluations of the plurality of connections.
  - 13. The method of claim 9, wherein the first set of metadata associated with the encoded datagram includes at least one of a timestamp or a sequence number.
  - 14. The method of claim 13, wherein the at least one of the timestamp or the sequence number is used for organizing the one or more encoded datagrams at the computing entity.

15. A non-transitory computer readable storage medium storing instructions that are executable by one or more processors of a first computing device to cause the first computing device to perform a method for securing network traffic over one or more connections to a second computing device, the method comprising:
- obtaining a datagram;
  
  encoding the datagram using an encoding consistent with IPsec wherein at least one IPsec security association is associated with a first computing entity;
  
  associating metadata with the encoded datagram; and
  
  transmitting the encoded datagram across one of a plurality of connections to the second computing device.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer readable storage medium of claim 15, wherein the set of instructions that are executable by the one or more processors of the first computing device to cause the first computing device to further perform:
    - associating a second set of metadata with the datagram based on attributes of the datagram
  - 17. The computer readable storage medium of claim 16, wherein the set of instructions that are executable by the one or more processors of the first computing device to cause the first computing device to further perform:
    - selecting one of the plurality of connections based at least on the second set of metadata associated with the datagram.
  - 18. The computer readable storage medium of claim 17, wherein the set of instructions that are executable by the one or more processors of the first computing device to cause the first computing device to further perform:
    - evaluating the plurality of connections; and
      
      routing the encoded datagram based at least on one of the first set of metadata and the second set of metadata and the evaluation of the plurality of connections.
  - 19. The computer readable storage medium of claim 15, wherein the metadata associated with the encoded datagram includes at least one of a timestamp or a sequence number.
  - 20. The computer readable storage medium of claim 15, wherein the at least one of the timestamp or the sequence number is used for organizing the one or more encoded datagrams at the computing entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Murgia, Marco Antonio

Granted Patent

US 10,051,000 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/02   for separating internal fro...

H04L 63/0272   Virtual private networks

H04L 63/0428   wherein the data content is...

H04L 63/164   at the network layer

H04W 76/12   Setup of transport tunnels

Efficient Use of IPSEC Tunnels in Multi-Path Environment

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Efficient Use of IPSEC Tunnels in Multi-Path Environment

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links