Packet authentication and encryption in virtual networks

摘要

Systems and methods provide logic for distributing cryptographic keys in a physical network comprising a plurality of physical nodes. In one implementation, a computer-implemented method is provided for distributing cryptographic keys in a physical network. The method includes receiving information mapping a virtual network address of a virtual node to a physical network address of a physical node. The virtual node may be associated with a virtual network hosted by the physical node, and the received mapping information identifies a virtual network address of the node and the physical network address of the node. The mapping service transmits a current version of a cryptographic key and an identifier of the current version to the physical node.

主权项

1. A computer-implemented method comprising:
receiving, by a host computing system configured to host one or more virtual computing nodes and from a mapping server that is associated with a virtual network, information mapping a virtual network address of a destination virtual computing node in the virtual network to a distinct physical network address of the destination virtual computing node, the virtual network including multiple virtual computing nodes that include a first virtual computing node hosted by the host computing system; receiving, by the configured host computing system, a cryptographic key from the mapping server; receiving, by the configured host computing system, one or more communications from the first virtual computing node intended for the destination virtual computing node in the virtual network; and for each of at least some of the one or more received communications,
generating, by the configured host computing system, a hash value for the communication, the generated hash value being based at least in part on the communication and on the cryptographic key received from the mapping server; andforwarding, by the configured host computing system and using the received mapping information, the communication and the generated hash value to the destination virtual computing node.