| 发明名称 |
VxLAN Security Implemented using VxLAN Membership Information at VTEPs |
| 摘要 |
A network device stores a Virtual Extensible Local Area Network (VxLAN) Tunnel Endpoint (VTEP) membership information that associates VxLANs each with a corresponding set of VTEPs authorized to originate VxLAN packets on that VxLAN. The network device receives from a communication network a VxLAN packet that identifies a VxLAN and an originating VTEP. The VTEP compares the originating VTEP to the set of VTEPs associated with the VxLAN in the VTEP membership information that matches the identified VxLAN. If the comparison indicates that the originating VTEP is not included in the set of VTEPs authorized to originate VxLAN packets, the VTEP discards the received VxLAN packet. Otherwise the VTEP further processes the VxLAN packet. |
| 申请公布号 |
US2016149808(A1) |
申请公布日期 |
2016.05.26 |
| 申请号 |
US201414549915 |
申请日期 |
2014.11.21 |
| 申请人 |
Cisco Technology, Inc. |
发明人 |
Cai Feng;Chen Yuxiang;Wu Danmu;Fang Zhiyong |
| 分类号 |
H04L12/741;H04L12/931 |
主分类号 |
H04L12/741 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method comprising:
at a network device configured as a Virtual Extensible Local Area Network (VxLAN) Tunnel Endpoint (VTEP):
storing VTEP membership information that associates VxLANs each with a corresponding set of VTEPs authorized to originate VxLAN packets on that VxLAN;receiving from a communication network a VxLAN packet that identifies a VxLAN and an originating VTEP;comparing the originating VTEP to the set of VTEPs associated with the VxLAN in the VTEP membership information that matches the identified VxLAN;if the comparing indicates that the originating VTEP is not included in the set of VTEPs authorized to originate VxLAN packets, discarding the received VxLAN packet; andif the comparing indicates that the originating VTEP is included in the set of VTEPs authorized to originate VxLAN packets, further processing the VxLAN packet. |
| 地址 |
San Jose CA US |
