Network node with network-attached stateless security offload device employing out-of-band processing

Assignee

• International Business Machines Corporation · US

Inventors

• Curtis M. Gearhart · Raleigh, US
• Christopher Meyer · Vestal, US
• Scott C. Moonen · Holly Springs, US
• Linwood H. Overby, Jr. · Raleigh, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/0485
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A network node for communicating data packets secured with a security protocol over a communications network includes a host information handling system (IHS) and one or more external security offload devices coupled by a secure data link. The host IHS communicates state information about data packets, and the external offload security device provides stateless secure data encapsulation and decapsulation of packets using a security protocol. An external network interface controller or internal network interface controller communicates encapsulated data packets over the communications network to a final destination. Encapsulation and decapsulation of packets by the external security offload device reduces network latency and reduces the computational load on the processor in the host IHS. Maintaining state information in the host IHS allows hot-swapping of external security offload devices without information loss. The external security offload device may be included in a firewall, or intrusion detection device, and may implement IPsec protocol.