END-TO-END ENCRYPTION AND DECRYPTION WITHIN A HIERARCHICAL SD-WAN WITH AN IPV6 TRANSPORT

Inventor(s)

Lianxiang Wang
Yunpeng Zhang
Avinash Shah
Alan Xiao-rong Wang
Pan Wu

Abstract

Techniques are presented herein that address a singular pain point in a hierarchical software-defined wide area network (SD-WAN) deployment comprising an Internet Protocol (IP) version 6 (IPv6) transport – end-to-end encryption and decryption. Aspects of the presented techniques leverage the IPv6 address schema to support a new concept that may be referred to herein as a micro-Transport Locator (TLOC) or uTLOC. Under the presented techniques, when an Overlay Management Protocol (OMP) virtual private network (VPN) route is published a next hop may be set to the combination of all of the uTLOCs along a path. Within such a context, each router (along the path) may program a customized action (such as, for example, the shifting of a destination, an insertion into a source, etc.) into a routing table for a uTLOC prefix and then forward a packet to a destination edge without the need for decryption and re-encryption operations in an intermediate border router.

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 License.

Recommended Citation

Wang, Lianxiang; Zhang, Yunpeng; Shah, Avinash; Wang, Alan Xiao-rong; and Wu, Pan, "END-TO-END ENCRYPTION AND DECRYPTION WITHIN A HIERARCHICAL SD-WAN WITH AN IPV6 TRANSPORT", Technical Disclosure Commons, (November 29, 2023)
https://www.tdcommons.org/dpubs_series/6458