| 发明名称 |
PROTECTING CUSTOMER VIRTUAL LOCAL AREA NETWORK (VLAN) TAG IN CARRIER ETHERNET SERVICES |
| 摘要 |
In the subject system, a customer virtual local network (VLAN) tag is protected using, for example, media access control security (MACSec). MACSec authentication is performed on a packet by including the VLAN tag in an integrity check value (ICV) computation. When a packet is received from an Ethernet Virtual Connection (EVC) at an ingress port of the subject system, a remote site is identified and an associated VLAN tag is determined based on the identified remote site and a VLAN tag associated with the packet. The subject system may perform VLAN tag mapping to account for changes in a VLAN tag across EVCs. An ICV is computed based on the determined VLAN tag and compared with an ICV stored in the received packet. The integrity check passes when the computed ICV matches the stored ICV and fails when the computed ICV does not match the stored ICV. |
| 申请公布号 |
US2015381531(A1) |
申请公布日期 |
2015.12.31 |
| 申请号 |
US201514728331 |
申请日期 |
2015.06.02 |
| 申请人 |
BROADCOM CORPORATION |
发明人 |
HUANG Ching-Liang |
| 分类号 |
H04L12/931;H04L12/721;H04L12/741;H04L12/46 |
主分类号 |
H04L12/931 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A device, comprising:
at least one processor circuit configured to:
receive a frame from an ingress Ethernet Virtual Connection (EVC) at an user network interface (UNI), wherein the frame is associated with a first virtual local area network identifier (VLAN ID);identify a network device based at least on a channel identifier contained in the received frame;determine a second VLAN ID associated with the identified network device based at least on the identified network device and the first VLAN ID; andperform an integrity check based at least on the determined second VLAN ID. |
| 地址 |
Irvine CA US |
