Improved error handling for media access control security

A media access control and security technology, applied in the field of error handling, can solve problems such as timeout

Pending Publication Date: 2022-04-15
JUMIPER NETWORKS INC
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Routers that detect this condition may time out in the Interior Gateway Protocol (IGP) and / or Bidirectional Forwarding Detection (BFD) protocols

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Improved error handling for media access control security
  • Improved error handling for media access control security
  • Improved error handling for media access control security

Examples

Experimental program
Comparison scheme
Effect test

example 1

[0070] Example 1 is a method comprising establishing, by a first network device over a first network link, a Media Access Control Security (MACsec) session with a second network device, the MACsec session including a predefined session timeout threshold, the A session timeout threshold defines the maximum elapsed time between receipt of two sequential MACsec Key Agreement Protocol Data Units (MKPDUs) from the second network device through the MACsec session; monitoring through the MACsec session pairs from The elapsed time between the reception of two sequential MKPDUs of the network device; the elapsed time is compared with a predefined alarm time threshold, which is less than the session timeout threshold and optionally generating a MACsec link alarm based on the comparison.

[0071] In Example 2, the technical solution of Example 1 optionally includes wherein the predefined session timeout threshold is equivalent to the MKA lifetime.

[0072] In example 3, the technical so...

example 11

[0080] Example 11 is a system comprising: hardware processing circuitry; one or more hardware memories storing instructions that, when executed, configure the hardware processing circuitry to perform operations comprising: establishing, by the first network device over the first network link, a Media Access Control Security (MACsec) session with the second network device, the MACsec session including a predefined session timeout threshold defined by the MACsec session The maximum elapsed time between receipt of two sequential MACsec Key Agreement Protocol Data Units (MKPDUs) to the second network device; monitoring the response to two sequential MACsec sessions from the network device through the MACsec session; elapsed time between receipts of MKPDUs; comparing the elapsed time to a predefined alert time threshold, the predefined alert time threshold representing an elapsed time less than the session timeout threshold; and selectively based on the This comparison is used to g...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to an improved error handling for media access control security. Embodiments improve error detection and recovery in media access control secure sessions. The MACsec session is disconnected after the three active time intervals have elapsed without receiving a MACsec key exchange protocol data unit (MKPDU) from the remote peer. After the MACsec session has entered the secure blocking mode, the delay between the stop of valid network communication through the MACsec session and the expiration of three "activeness" intervals results in an increase in packet loss and an increase in network convergence time as the network continues to route / forward data through the MACsec session for a period of time. To address this problem, embodiments define a new alert, referred to as a MACsec link alert, which is proposed earlier than the MACsec session timeout generated by conventional embodiments. A MACsec link alert is proposed by at least some embodiments after an MKPDU fails to be successfully received from a remote peer after a single MACsec "Activity" timeout interval has elapsed.

Description

technical field [0001] The present invention relates to the field of communications and, in particular, to improved error handling for media access control security. Background technique [0002] Media Access Control (MAC) Security (MACsec) manages session keys between two endpoints via the MACsec Key Agreement Protocol (MKA). The MACsec standard specifies that MACsec Key Agreement Protocol Data Units (MKPDUs) should be exchanged between peers of a MACsec session at a specific frequency. If no MKPDUs are received from the remote peer within the MKA lifetime period defined by the MACsec standard, the secure data flow of the MACsec session can no longer be maintained. Routers that detect this condition may time out in Interior Gateway Protocol (IGP) and / or Bidirectional Forwarding Detection (BFD) protocols. SUMMARY OF THE INVENTION [0003] A method comprising: establishing, by a first network device over a first network link, a Media Access Control Security (MACsec) sessi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L41/0631H04L43/16H04L43/0852H04L9/08H04L67/141
CPCH04L63/06H04L63/0876H04L63/1425H04L43/16H04L43/0829H04L43/0852H04L43/0876H04L41/0627H04L45/22H04L63/061H04L63/162H04L65/1069H04L2101/622
Inventor M·塔尔瓦A·卡查尼G·格拉梅尔王皓T·比斯瓦斯
Owner JUMIPER NETWORKS INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap