| 发明名称 |
Method and apparatus for network security |
| 摘要 |
A method of securely routing data traffic between communication networks. In an integrated security device, a host router supports a virtual router that peers with VRF (virtual routing and forwarding) instances associated with participating networks on the host router. Each VRF instance preferably runs its own dynamic routing protocol and determines when received data traffic may be directly forwarded from one network to another and when it must be forwarded to an OE (offload engine) for enforcement of security policies or NAT (network address translation) processing. |
| 申请公布号 |
US9036647(B2) |
申请公布日期 |
2015.05.19 |
| 申请号 |
US201213727978 |
申请日期 |
2012.12.27 |
| 申请人 |
Alcatel Lucent |
发明人 |
Yeh Chiang;Helmerich Lawrence;Mohandas Sindhu K.;Sinha Abhishek;Page Gregory G.;Ott Peter;Ferreira Andrew |
| 分类号 |
H04L12/721;H04L12/713;H04L29/06 |
主分类号 |
H04L12/721 |
| 代理机构 |
|
代理人 |
Wyse Stephen J. |
| 主权项 |
1. A method of routing data traffic between networks, comprising:
receiving the data traffic from a source network; determining whether the data traffic may be directly forwarded to a destination network, wherein determining whether the data traffic may be directly forwarded to the destination network comprises running a first instance of VRF (virtual routing and forwarding); forwarding the data traffic to an OE (offload engine) if it is determined that the data traffic may not be directly forwarded to the destination network; replacing a delineator associated with any data traffic that has been forwarded to the OE, wherein replacing the delineator comprises removing a delineator associated with the first VRF instance and replacing it with a delineator associated with the second VRF instance; and forwarding any data traffic that has been forwarded to the OE from the OE to the destination network, wherein forwarding the data traffic from the OE to the destination network comprises running a second instance of VRF. |
| 地址 |
Boulogne-Billancourt FR |
