-
1.
公开(公告)号:US20180191669A1
公开(公告)日:2018-07-05
申请号:US15398601
申请日:2017-01-04
Applicant: CISCO TECHNOLOGY, INC.
Inventor: Robert Edgar Barton , Patrick Grossetete , Laurent Aubert , Frederic Detienne , Graham Bartlett , Amjad Inamdar
IPC: H04L29/12 , H04L12/751
CPC classification number: H04L45/02 , H04L61/251 , H04L61/6068
Abstract: A method is described and in one embodiment includes identifying at an initiator element a list of Internet protocol (“IP”) prefixes corresponding to routes designated as interesting routes, wherein the IP prefixes are included in a Routing Information Base (“RIB”) of the initiator; monitoring the RIB for a change in the list of IP prefixes; and, responsive to detection of a change in the list of IP prefixes, injecting at least a portion of the changed list of IP prefixes into a payload of an IKEv2 NOTIFY message and sending the IKEv2 NOTIFY message to a responder element peered with the initiator element, wherein the responder element updates an RIB of the responder element using the IP prefixes included in the received IKEv2 NOTIFY message.
-
公开(公告)号:US20200336465A1
公开(公告)日:2020-10-22
申请号:US16849251
申请日:2020-04-15
Applicant: Cisco Technology, Inc.
Inventor: Kyle Mestery , Graham Bartlett
IPC: H04L29/06 , H04L12/46 , H04L12/801
Abstract: Techniques are described to provide efficient protection for a virtual private network. In one example, a method is provided that includes obtaining a packet at a first network entity; determining that the packet is a packet type of an authentication type; determining whether authentication content for the packet matches known good criteria for the packet type of the authentication type; based on determining that the authentication content for the packet does not match the known good criteria, performing at least one of dropping the packet and generating an alarm; and based on determining that the authentication content for the packet does match the known good criteria, processing the packet at the first network entity or forwarding the packet toward a second network entity.
-
公开(公告)号:US11558354B2
公开(公告)日:2023-01-17
申请号:US16849251
申请日:2020-04-15
Applicant: Cisco Technology, Inc.
Inventor: Kyle Mestery , Graham Bartlett
Abstract: Techniques are described to provide efficient protection for a virtual private network. In one example, a method is provided that includes obtaining a packet at a first network entity; determining that the packet is a packet type of an authentication type; determining whether authentication content for the packet matches known good criteria for the packet type of the authentication type; based on determining that the authentication content for the packet does not match the known good criteria, performing at least one of dropping the packet and generating an alarm; and based on determining that the authentication content for the packet does match the known good criteria, processing the packet at the first network entity or forwarding the packet toward a second network entity.
-
4.
公开(公告)号:US11258694B2
公开(公告)日:2022-02-22
申请号:US15398601
申请日:2017-01-04
Applicant: CISCO TECHNOLOGY, INC.
Inventor: Robert Edgar Barton , Patrick Grossetete , Laurent Aubert , Frederic Detienne , Graham Bartlett , Amjad Inamdar
IPC: H04L12/751 , H04L29/12 , H04L45/02 , H04L61/251 , H04L101/668
Abstract: A method is described and in one embodiment includes identifying at an initiator element a list of Internet protocol (“IP”) prefixes corresponding to routes designated as interesting routes, wherein the IP prefixes are included in a Routing Information Base (“RIB”) of the initiator; monitoring the RIB for a change in the list of IP prefixes; and, responsive to detection of a change in the list of IP prefixes, injecting at least a portion of the changed list of IP prefixes into a payload of an IKEv2 NOTIFY message and sending the IKEv2 NOTIFY message to a responder element peered with the initiator element, wherein the responder element updates an RIB of the responder element using the IP prefixes included in the received IKEv2 NOTIFY message.
-
-
-