| 发明名称 | Enhancing IPSEC performance and security against eavesdropping | ||
| 摘要 | A network element (NE) comprising a memory device configured to store instructions, and a processor configured to execute the instructions by dividing a first plurality of data packets of a data flow into a first plurality of sub-flows, and causing the first plurality of sub-flows to be transmitted to a second NE via a network, wherein the first plurality of sub-flows are transmitted using a first Internet Protocol Security (IPsec) security association (SA) cluster comprising a plurality of parallel sub-SAs. The disclosure also includes a NE comprising a processor configured to create an IPsec SA cluster comprising a first plurality of sub-SAs between the NE and a second NE using an internet key exchange (IKE) or an IKEv2, wherein the first sub-SAs are unidirectional, and wherein the first sub-SAs are configured to transport a first plurality of data packets in a common direction. | ||
| 申请公布号 | US9021577(B2) | 申请公布日期 | 2015.04.28 |
| 申请号 | US201313852736 | 申请日期 | 2013.03.28 |
| 申请人 | Futurewei Technologies, Inc. | 发明人 | Song Jifei;Yi Xiaoyong;Zhang Xiangyang |
| 分类号 | G06F9/00;H04L29/06 | 主分类号 | G06F9/00 |
| 代理机构 | Conley Rose, P.C. | 代理人 | Conley Rose, P.C. ;Rodolph Grant;Howell Brandt D. |
| 主权项 | 1. A network element (NE) comprising: a memory device configured to store instructions; and a processor configured to execute the instructions by: dividing a first plurality of data packets of a unidirectional data flow into a first plurality of unidirectional sub-flows;assigning each sub-flow of the data flow to a different parallel sub-security association (SA) of a first Internet Protocol Security (IPsec) security association (SA) cluster; andcausing the first plurality of sub-flows to be transmitted to a second NE across a network via a plurality of IPsec tunnels, each IPsec tunnel being associated with a different sub-SA and transporting a different sub-flow of the data flow. | ||
| 地址 | Plano TX US | ||