公开(公告)号：US20150101029A1

公开(公告)日：2015-04-09

申请号：US14570902

申请日：2014-12-15

Applicant: Cisco Technology, Inc.

Inventor： Fabio R. Maino ,  Marco Di Benedetto ,  Claudio Desanti

IPC: H04L29/06

CPC classification number: H04L63/123 ,  H04L9/0838 ,  H04L9/3239 ,  H04L63/12

Abstract: Methods and apparatus are provided for improving both node-based and message-based security in a fibre channel network. Entity to entity authentication and key exchange services can be included in existing initialization messages used for introducing fibre channel network entities into a fibre channel fabric, or with specific messages exchanged over an already initialized communication channel. Both per-message authentication and encryption mechanisms can be activated using the authentication and key exchange services. Messages passed between fibre channel network entities can be encrypted and authenticated using information provided during the authentication sequence. Security services such as per-message authentication, confidentiality, integrity protection, and anti-replay protection can be implemented.

Abstract translation: 提供了用于改进光纤通道网络中的基于节点和基于消息的安全性的方法和装置。 可以将实体认证和密钥交换服务的实体包括在用于将光纤信道网络实体引入光纤信道结构的现有初始化消息中，或者通过已经初始化的通信信道交换的特定消息。 可以使用认证和密钥交换服务来激活每消息认证和加密机制。 在光纤通道网络实体之间通过的消息可以使用在认证序列期间提供的信息进行加密和认证。 可以实现诸如每消息认证，机密性，完整性保护和反重放保护等安全服务。

公开(公告)号：US10298595B2

公开(公告)日：2019-05-21

申请号：US14570902

申请日：2014-12-15

Applicant: Cisco Technology, Inc.

Inventor： Fabio R. Maino ,  Marco Di Benedetto ,  Claudio Desanti

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32

Abstract: Methods and apparatus are provided for improving both node-based and message-based security in a fiber channel network. Entity to entity authentication and key exchange services can be included in existing initialization messages used for introducing fiber channel network entities into a fiber channel fabric, or with specific messages exchanged over an already initialized communication channel. Both per-message authentication and encryption mechanisms can be activated using the authentication and key exchange services. Messages passed between fiber channel network entities can be encrypted and authenticated using information provided during the authentication sequence. Security services such as per-message authentication, confidentiality, integrity protection, and anti-replay protection can be implemented.

公开(公告)号：US09407504B1

公开(公告)日：2016-08-02

申请号：US14156324

申请日：2014-01-15

Applicant: Cisco Technology, Inc.

Inventor： Marco Di Benedetto ,  Pierluigi Rolando ,  Thomas Vincent Flynn

IPC: G06F15/16 ,  H04L12/24

CPC classification number: H04L41/0806 ,  H04L12/46 ,  H04L12/4633 ,  H04L12/4641 ,  H04L45/64

Abstract: Creating virtual links is disclosed, including: determining a first network appliance to configure to communicate with a second network appliance using a virtual link, wherein the virtual link comprises a layer three overlay point-to-point data link; and determining the second network appliance to configure to communicate with the first network appliance using the virtual link.

Abstract translation: 公开了创建虚拟链路，包括：确定第一网络设备配置为使用虚拟链路与第二网络设备进行通信，其中所述虚拟链路包括第三层覆盖点对点数据链路; 以及确定所述第二网络设备被配置为使用所述虚拟链路与所述第一网络设备进行通信。

公开(公告)号：US20130329743A1

公开(公告)日：2013-12-12

申请号：US13965610

申请日：2013-08-13

Applicant: Cisco Technology, Inc.

Inventor： Silvano Gai ,  Claudio Desanti ,  Marco Di Benedetto

IPC: H04L29/08

CPC classification number: H04L29/08702 ,  H04L12/462 ,  H04L49/351 ,  H04L49/357 ,  H04L49/602

Abstract: In one embodiment, a Fibre Channel over Ethernet (FCoE) proxy point (FPP) that is connected to one or more end-point devices is coupled to one or more other FPPs, and to a FCoE control and management plane (F-CMP) server. The FPP provides data plane functionality. The F-CMP server provides control plane functionality. At least some control and management traffic received at the FPP is proxied between the F-CMP server and the one or more end point devices connected to the FPP. FCoE traffic received at the FPP from the one or more end point devices connected to the FPP is transmitted to the one or more other FPPs without the FCoE traffic traversing the F-CMP server. The transmitting is performed by data plane functionality of the FPP operating under directions from the control plane functionality of the F-CMP server.

Abstract translation: 在一个实施例中，连接到一个或多个端点设备的光纤以太网通道（FCoE）代理点（FPoE）被耦合到一个或多个其他FPP，并耦合到FCoE控制和管理平面（F-CMP） 服务器。 FPP提供数据平面功能。 F-CMP服务器提供控制平面功能。 在F-CMP服务器和连接到FPP的一个或多个端点设备之间，代理了在FPP处接收的至少一些控制和管理流量。 从连接到FPP的一个或多个端点设备在FPP处接收到的FCoE流量被发送到一个或多个其他FPP，而FCoE流量不经过F-CMP服务器。 通过在来自F-CMP服务器的控制平面功能的方向上操作的FPP的数据平面功能执行发送。