Secure WAN path selection at campus fabric edge

Assignee

• Cisco Technology, Inc. · US

Inventors

• Syed Khalid Raza · Fremont, US
• Mosaddaq Hussain Turabi · San Jose, US
• Fabio R. Maino · Palo Alto, US
• Vina Ermagan · Santa Monica, US
• Atri Indiresan · Sunnyvale, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L69/22
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A method is performed by an access router of an enterprise network including a first edge router to communicate with a second edge router over a wide area network (WAN). The method includes receiving a packet from a first endpoint, receiving from a mapping service a network location of a second edge router for which the packet is destined and a security association (SA) to encrypt the packet from the access router to the second edge router, and generating for the first edge router one or more path selectors for WAN path selection. The method includes encrypting the packet using the SA, and adding to the encrypted IP packet, in clear text, the path selectors and outer encapsulation including the network location, to produce an encrypted tunnel packet. The method also includes forwarding the encrypted tunnel packet to the second edge router via the first edge router and the WAN.