Chaining port scheme for network security
First Claim
Patent Images
1. A network chip comprising:
- a chaining port configured to perform an external loop-back function including a first security engine transmitting a frame of data through the chaining port and receiving the frame of data back through the chaining port;
an external port configured to send and receive the frame of data to and from at least one provider device, the at least one provider device being external from the network chip;
the first security engine associated with the chaining port, the first security engine being configured to execute a first addition operation to add an inner encryption layer to the frame in conjunction with the first security engine transmitting the frame of data and configured to perform a first removal operation to remove the inner encryption layer in conjunction with the first security engine receiving the frame of data;
a second security engine associated with the external port, coupled to the first security engine, the second security engine being configured to perform a second addition operation to add an outer encryption layer to the frame when the external port sends the frame of data to the at least one provider device and configured to perform a second removal operation to remove the outer encryption layer when the external port receives the frame of data, wherein the first and second security engines are configured to sequentially operate on the frame of data to add or remove the inner encryption layer and the outer encryption layer; and
control logic configured to cause the first security engine to;
perform the first addition operation but not the first removal operation if the frame of data is to be transmitted by the external port to the at least one provider device; and
perform the first removal operation but not the first addition operation if the frame of data was received by the external port from the at least one provider device.
4 Assignments
0 Petitions
Accused Products
Abstract
A networking method, microchip, and device are described in which a first security engine may be associated with a chaining port and configured to perform an inner processing for an inner layer of encryption for a frame of data, while a second security engine may be associated with an external port and configured to perform an outer processing for an outer layer of encryption for the frame of data. Control logic may be configured to instruct the first security engine to execute both a transmit operation and a receive operation of the frame of data in association with the inner processing.
36 Citations
11 Claims
-
1. A network chip comprising:
-
a chaining port configured to perform an external loop-back function including a first security engine transmitting a frame of data through the chaining port and receiving the frame of data back through the chaining port; an external port configured to send and receive the frame of data to and from at least one provider device, the at least one provider device being external from the network chip; the first security engine associated with the chaining port, the first security engine being configured to execute a first addition operation to add an inner encryption layer to the frame in conjunction with the first security engine transmitting the frame of data and configured to perform a first removal operation to remove the inner encryption layer in conjunction with the first security engine receiving the frame of data; a second security engine associated with the external port, coupled to the first security engine, the second security engine being configured to perform a second addition operation to add an outer encryption layer to the frame when the external port sends the frame of data to the at least one provider device and configured to perform a second removal operation to remove the outer encryption layer when the external port receives the frame of data, wherein the first and second security engines are configured to sequentially operate on the frame of data to add or remove the inner encryption layer and the outer encryption layer; and control logic configured to cause the first security engine to; perform the first addition operation but not the first removal operation if the frame of data is to be transmitted by the external port to the at least one provider device; and perform the first removal operation but not the first addition operation if the frame of data was received by the external port from the at least one provider device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A network device comprising:
-
a chaining port configured to perform an external loop-back function including a first security engine transmitting a frame of data through the chaining port and receiving the frame of data back through the chaining port; an external port configured to send and receive the frame of data to and from at least one provider device, the at least one provider device being external from the network device; the first security engine associated with the chaining port, the first security engine being configured to process an inner layer of encryption on the frame of data; and a second security engine, associated with the external port and coupled to the first security engine, and configured to process a different outer layer of encryption on the frame of data; wherein the first security engine is configured to add the inner layer of encryption in conjunction with the first security engine transmitting the frame of data and the second security engine is configured to add the different outer layer of encryption when the external port sends the frame of data from the network device to the at least one provider device; and wherein the second security engine is configured to remove the different outer layer of encryption when the external port receives the frame of data from the at least one provider device and the first security engine is configured to remove the inner layer of encryption in conjunction with the first security engine receiving the frame of data. - View Dependent Claims (11)
-
Specification