公开(公告)号：US20240223544A1

公开(公告)日：2024-07-04

申请号：US18147369

申请日：2022-12-28

Applicant: Cisco Technology, Inc.

Inventor： Govind Prasad Sharma ,  Prabhu Balakannan ,  Sivakumar Kailas

IPC: H04L9/40 ,  H04L12/46

CPC classification number: H04L63/0478 ,  H04L12/4633

Abstract: Techniques for generating a per-packet initialization vector for high bandwidth encryption engines in a multipathing IP network are described herein. In examples, a network switch of a first datacenter site may receive a data packet to be sent to a second datacenter site over a network. The data packet may be encrypted according to a virtual extensible LAN (VxLAN) protocol and to be transmitted in a VxLAN tunnel created for the first datacenter site and the second datacenter site. An encryption engine implemented at the network switch may generate an initialization vector (IV) for the data packet based on a packet number (PN) associated with the data packet. The encryption engine may use the IV and information associated with a security association (SA) assigned to the packet to encrypt the data packet. In some examples, a full 64-bit PN may be used to compute the IV for the data packet.