公开(公告)号：US20170237562A1

公开(公告)日：2017-08-17

申请号：US15442722

申请日：2017-02-27

Applicant: Cisco Technology, Inc.

Inventor： Paul QUINN ,  Scott FLUHRER ,  Jim GUICHARD ,  Tirumaleswar REDDY ,  Prashanth PATIL ,  David WARD

IPC: H04L9/32 ,  H04L9/08 ,  H04L29/06

CPC classification number: H04L9/3213 ,  H04L9/0861 ,  H04L9/3242 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/062 ,  H04L2463/062

Abstract: A network service packet (NSP) header security method includes receiving an NSP on a communication interface, analyzing, by a processor, the NSP in order to identify a plurality of service functions and an associated service function path for the plurality of service functions, identifying, by the processor, which security function or functions may be performed by each of the plurality of service functions on an NSP header to be generated for the NSP, requesting, by the processor, at least one key for securing at least part of the NSP header, receiving the at least one key on the communication interface, generating, by the processor, the NSP header for the NSP, securing, by the processor, the NSP header based on the at least one key, and sending, on the communication interface, the NSP with the NSP header to one of the plurality of service functions.

公开(公告)号：US20160337235A1

公开(公告)日：2016-11-17

申请号：US14870722

申请日：2015-09-30

Applicant: Cisco Technology, Inc.

Inventor： James N. GUICHARD ,  Paul QUINN ,  Javed ASGHAR ,  Reinaldo PENNO ,  Yixing RUAN ,  Carlos M. PIGNATARO

IPC: H04L12/741 ,  H04L12/851

CPC classification number: H04L12/4633 ,  H04L63/0272

Abstract: A method for applying network services to data traffic forwarded between virtual private network (VPN) sites includes: receiving a data packet addressed to a target site associated with the VPN, determining services to be applied to the data packet according to a service chain, where the determining is a function of at least one of the VPN, the origin site or the target site, adding an indication of a VPN forwarding context onto the data packet, encapsulating the data packet with Network Service Header encapsulation, where a header for the encapsulated data packet indicates at least the service chain; forwarding the encapsulated data packet in accordance with the service chain, receiving the encapsulated data packet at the end of the service chain, terminating the service chain, removing the encapsulation, and forwarding the data packet to a target destination per the indication of a VPN forwarding context.

Abstract translation: 将网络服务应用于在虚拟专用网（VPN）站点之间转发的数据流量的方法包括：接收寻址到与VPN相关联的目标站点的数据分组，根据服务链确定应用于数据分组的服务，其中 所述确定是VPN，原始站点或目标站点中的至少一个的功能，将VPN转发上下文的指示添加到数据分组上，用网络服务报头封装封装数据分组，其中封装的报头 数据包至少指示服务链; 根据服务链转发封装的数据包，在服务链的末尾接收封装的数据包，终止服务链，去除封装，并根据VPN转发的指示将数据包转发到目标目标 上下文

公开(公告)号：US20160277188A1

公开(公告)日：2016-09-22

申请号：US14726534

申请日：2015-05-31

Applicant: Cisco Technology, Inc.

Inventor： Paul QUINN ,  Scott FLUHRER ,  Jim GUICHARD ,  Tirumaleswar REDDY ,  Prashanth PATIL ,  David WARD

IPC: H04L9/32 ,  H04L29/06

CPC classification number: H04L9/3213 ,  H04L9/0861 ,  H04L9/3242 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/062 ,  H04L2463/062

Abstract: In one embodiment, a network service packet header security method includes receiving a network service packet, analyzing the network service packet in order to identify a plurality of service functions and an associated service function path for the service functions, identifying which security function or functions may be performed by each of the service functions on a network service packet header to be generated for the network service packet, requesting at least one key for securing at least part of the network service packet header, receiving the at least one key, securing the network service packet header based on the at least one key, and sending the network service packet with the network service packet header to one of the service functions. Related apparatus and methods are also described.

Abstract translation: 在一个实施例中，网络服务分组报头安全方法包括接收网络服务分组，分析网络服务分组以识别服务功能的多个服务功能和相关联的服务功能路径，识别哪些安全功能或功能可以 由网络服务分组头部上的每个服务功能执行，为网络服务分组生成，请求至少一个密钥用于保护网络服务分组报头的至少一部分，接收至少一个密钥，保护网络 基于所述至少一个密钥的服务分组报头，并且将具有所述网络服务分组报头的所述网络服务分组发送到所述服务功能之一。 还描述了相关装置和方法。