System and method for performing security actions for inter-layer binding protocol traffic

Assignee

• Cisco Technology, Inc. · US

Inventors

• Premkumar Jonnala · Secunderabad, IN
• Adam James Sweeney · San Jose, US
• Dehua Huang · Newport, US
• Silviu Dobrota · San Jose, US
• Pradeep S. Sudame · Fremont, US
• Marco Foschiano · San Jose, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1416
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Users are allowed to specify per-interface rate limits for inter-layer binding protocol traffic. If the user-specified rate limit is exceeded on a given interface, inter-layer binding protocol messages received via that interface are caused to be dropped (e.g., by selectively dropping ILBP messages, or by simply shutting down the interface). If the rate is not exceeded, inter-layer binding protocol messages received via that interface can be validated (e.g., by comparing an inter-layer binding included in the body of an inter-layer binding protocol message to protocol status information obtained by snooping protocol messages). If the inter-layer binding does not match the protocol status information, the inter-layer binding protocol message is dropped. If a match is found, the inter-layer binding protocol message is allowed to be forwarded normally. Such systems and methods may be used to inhibit various undesirable network behavior, such as man-in-the-middle attacks.