Dynamically provisioning middleboxes
US8923294B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jun 28, 2011 |
| Grant date | Dec 30, 2014 |
| Priority date | — |
| Expiry date | Jan 21, 2033 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L67/63
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Hybrid security architecture (HSA) provides a platform for middlebox traversal in the network. The HSA decouples the middlebox control from network forwarding. More specifically, such embodiments may receive a data packet having a packet header including an Ethernet header identifying source and destination addresses in the network. A traffic type of the data packet is determined. Then, layer-2 forwarding information, which encodes a set of non-forwarding network service provider middleboxes in the network to be traversed by the data packet, is determined based on the traffic type. The layer-2 forwarding information is inserted into the Ethernet header and the data packet is forwarded into the network. The data packet will then traverse, according to the layer-2 forwarding information, a sequence of the middleboxes in the network, wherein at least one non-forwarding network service will be provided by each of the middleboxes to the data packet in a sequence.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.