公开(公告)号：US20180191669A1

公开(公告)日：2018-07-05

申请号：US15398601

申请日：2017-01-04

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Robert Edgar Barton ,  Patrick Grossetete ,  Laurent Aubert ,  Frederic Detienne ,  Graham Bartlett ,  Amjad Inamdar

IPC: H04L29/12 ,  H04L12/751

CPC classification number: H04L45/02 ,  H04L61/251 ,  H04L61/6068

Abstract: A method is described and in one embodiment includes identifying at an initiator element a list of Internet protocol (“IP”) prefixes corresponding to routes designated as interesting routes, wherein the IP prefixes are included in a Routing Information Base (“RIB”) of the initiator; monitoring the RIB for a change in the list of IP prefixes; and, responsive to detection of a change in the list of IP prefixes, injecting at least a portion of the changed list of IP prefixes into a payload of an IKEv2 NOTIFY message and sending the IKEv2 NOTIFY message to a responder element peered with the initiator element, wherein the responder element updates an RIB of the responder element using the IP prefixes included in the received IKEv2 NOTIFY message.

公开(公告)号：US20200336465A1

公开(公告)日：2020-10-22

申请号：US16849251

申请日：2020-04-15

Applicant: Cisco Technology, Inc.

Inventor： Kyle Mestery ,  Graham Bartlett

IPC: H04L29/06 ,  H04L12/46 ,  H04L12/801

Abstract: Techniques are described to provide efficient protection for a virtual private network. In one example, a method is provided that includes obtaining a packet at a first network entity; determining that the packet is a packet type of an authentication type; determining whether authentication content for the packet matches known good criteria for the packet type of the authentication type; based on determining that the authentication content for the packet does not match the known good criteria, performing at least one of dropping the packet and generating an alarm; and based on determining that the authentication content for the packet does match the known good criteria, processing the packet at the first network entity or forwarding the packet toward a second network entity.

公开(公告)号：US11558354B2

公开(公告)日：2023-01-17

申请号：US16849251

申请日：2020-04-15

Applicant: Cisco Technology, Inc.

Inventor： Kyle Mestery ,  Graham Bartlett

IPC: H04L9/40 ,  H04L12/46 ,  H04L47/34

Abstract: Techniques are described to provide efficient protection for a virtual private network. In one example, a method is provided that includes obtaining a packet at a first network entity; determining that the packet is a packet type of an authentication type; determining whether authentication content for the packet matches known good criteria for the packet type of the authentication type; based on determining that the authentication content for the packet does not match the known good criteria, performing at least one of dropping the packet and generating an alarm; and based on determining that the authentication content for the packet does match the known good criteria, processing the packet at the first network entity or forwarding the packet toward a second network entity.

公开(公告)号：US11258694B2

公开(公告)日：2022-02-22

申请号：US15398601

申请日：2017-01-04

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Robert Edgar Barton ,  Patrick Grossetete ,  Laurent Aubert ,  Frederic Detienne ,  Graham Bartlett ,  Amjad Inamdar

IPC: H04L12/751 ,  H04L29/12 ,  H04L45/02 ,  H04L61/251 ,  H04L101/668

Abstract: A method is described and in one embodiment includes identifying at an initiator element a list of Internet protocol (“IP”) prefixes corresponding to routes designated as interesting routes, wherein the IP prefixes are included in a Routing Information Base (“RIB”) of the initiator; monitoring the RIB for a change in the list of IP prefixes; and, responsive to detection of a change in the list of IP prefixes, injecting at least a portion of the changed list of IP prefixes into a payload of an IKEv2 NOTIFY message and sending the IKEv2 NOTIFY message to a responder element peered with the initiator element, wherein the responder element updates an RIB of the responder element using the IP prefixes included in the received IKEv2 NOTIFY message.