-
Patent Agency Ranking
公开(公告)号:US09667650B2
公开(公告)日:2017-05-30
申请号:US14713588
申请日:2015-05-15
Applicant: Cisco Technology, Inc.
Inventor: Shuxian Lou , Jie Chu , Michael Fingleton , Hsia R. Yu
IPC: H04L29/06
CPC classification number: H04L63/1466 , H04L63/0272 , H04L63/164
Abstract: Processes and systems to create a plurality of sequence number spaces in a security association at a transmission device. Each sequence number space corresponds to a respective class of traffic. Each sequence number space is identified by a unique selector value. For each sequence number space, a sequence number counter is created for counting a sequence of outbound packets of a class of traffic corresponding to the sequence number space. For an outbound packet of a particular class of traffic, a selector value of a sequence number space of the particular class of traffic is written into a first portion of a sequence number field in the outbound packet. Low-order bits of the current value of a sequence number counter, associated with the sequence number space of the particular class of traffic, is written into a second portion of the sequence number field. The sequence number counter is then incremented.
-
公开(公告)号:US20160337398A1
公开(公告)日:2016-11-17
申请号:US14713588
申请日:2015-05-15
Applicant: Cisco Technology, Inc.
Inventor: Shuxian Lou , Jie Chu , Michael Fingleton , Hsia R. Yu
IPC: H04L29/06
CPC classification number: H04L63/1466 , H04L63/0272 , H04L63/164
Abstract: Processes and systems to create a plurality of sequence number spaces in a security association at a transmission device. Each sequence number space corresponds to a respective class of traffic. Each sequence number space is identified by a unique selector value. For each sequence number space, a sequence number counter is created for counting a sequence of outbound packets of a class of traffic corresponding to the sequence number space. For an outbound packet of a particular class of traffic, a selector value of a sequence number space of the particular class of traffic is written into a first portion of a sequence number field in the outbound packet. Low-order bits of the current value of a sequence number counter, associated with the sequence number space of the particular class of traffic, is written into a second portion of the sequence number field. The sequence number counter is then incremented.
Abstract translation: 在传输设备的安全关联中创建多个序列号空间的过程和系统。 每个序列号空间对应于相应的业务类别。 每个序列号空间由唯一的选择器值标识。 对于每个序列号空间,创建一个序列号计数器,用于对与序列号空间相对应的业务类别的出站分组序列进行计数。 对于特定类别的流量的出站分组,将特定业务类别的序列号空间的选择器值写入出站分组中的序列号字段的第一部分。 与特定流量类别的序列号空间相关联的序列号计数器的当前值的低位被写入序列号字段的第二部分。 然后将序列号计数器递增。
-
公开(公告)号:US11722525B2
公开(公告)日:2023-08-08
申请号:US17230675
申请日:2021-04-14
Applicant: Cisco Technology, Inc.
Inventor: Shuxian Lou , Jie Chu , Jonathan Rosen , Douglas Michael Toney , Harikrishnan Pillai , Feng Cao
IPC: H04L29/06 , H04L9/40 , G06F16/2455
CPC classification number: H04L63/20 , G06F16/2455
Abstract: Techniques and mechanisms for IPsec processing of IPsec packets for routing platforms where IPsec is just one or more features in the middle of data path features on the packet processing path and hence, the typical, simple inline IPsec scheme does not work well for such platforms. The techniques include using a hardware look-up table for packet classification and inbound security association (SA) lookup in one pass with IP 5-tuple plus SPI as a lookup key at hardware table. The techniques provide an entry match action format and mechanism for deriving inbound SA dram addresses that may be used by a hardware (HW)/firmware (FW) crypto/IPsec engine to process inbound packet traffic. A software SA look-up table is also provided to overcome hardware look-up table resource limitations and support more IPsec session scaling than the physical hardware look-up table can handle. Additional techniques are described.
-
公开(公告)号:US20220337627A1
公开(公告)日:2022-10-20
申请号:US17230675
申请日:2021-04-14
Applicant: Cisco Technology, Inc.
Inventor: Shuxian Lou , Jie Chu , Jonathan Rosen , Douglas Michael Toney , Harikrishnan Pillai , Feng Cao
IPC: H04L29/06 , G06F16/2455
Abstract: Techniques and mechanisms for IPsec processing of IPsec packets for routing platforms where IPsec is just one or more features in the middle of data path features on the packet processing path and hence, the typical, simple inline IPsec scheme does not work well for such platforms. The techniques include using a hardware look-up table for packet classification and inbound security association (SA) lookup in one pass with IP 5-tuple plus SPI as a lookup key at hardware table. The techniques provide an entry match action format and mechanism for deriving inbound SA dram addresses that may be used by a hardware (HW)/firmware (FW) crypto/IPsec engine to process inbound packet traffic. A software SA look-up table is also provided to overcome hardware look-up table resource limitations and support more IPsec session scaling than the physical hardware look-up table can handle. Additional techniques are described.
-
公开(公告)号:US10904217B2
公开(公告)日:2021-01-26
申请号:US15994590
申请日:2018-05-31
Applicant: Cisco Technology, Inc.
Inventor: Michael L. Sullenberger , Brian Weis , Warren Scott Wainner , Shuxian Lou
Abstract: A source virtual private network (VPN) gateway supports a local source subnet and communicates over a wide area network (WAN) with a destination VPN gateway that supports a local destination subnet. The source VPN gateway receives from the local source subnet an Internet Protocol (IP) packet destined for the local destination subnet, determines a security association (SA) based on a source IP address and a destination IP address of the IP packet, and encapsulates the IP packet with tunnel encapsulation including a tunnel protocol header and a tunnel outer IP header, to produce a clear-text tunnel packet. The source VPN gateway encrypts the IP packet and the tunnel protocol header but not the tunnel outer IP header using an encryption key and a security parameter index for the SA, to produce an encrypted tunnel packet, and tunnels it to the destination VPN gateway over the WAN.
-
-
-
-
Search Results
5
records
(took 0.013 seconds)
