このアプリケーションの一部のコンテンツは現時点では利用できません。
このような状況が続く場合は、にお問い合わせくださいフィードバック & お問い合わせ
1. (WO2019027751) DYNAMIC DISASSOCIATED CHANNEL ENCRYPTION KEY DISTRIBUTION
注意: このテキストは、OCR 処理によってテキスト化されたものです。法的な用途には PDF 版をご利用ください。

CLAIMS

What is claimed is:

1. A method, comprising:

determining, by a first network device, a type of control channel to open across a transport in a software-defined network (SDN);

establishing the control channel with a control device via a control plane that is separate from a data plane;

advertising first security association parameters to the control device via the control channel;

receiving, from the control device via the control channel, second security association parameters associated with a second network device; and

establishing a data plane connection with the second network device using the second security association parameters.

2. The method of claim 1 further comprising authenticating with the control device using an authentication protocol.

3. The method of claim 2 further comprising authenticating with a network management device prior to authenticating with the control device.

4. The method of claim 3 further comprising determining a potential network address translation (NAT) for an upstream path toward the control device.

5. The method of claim 3 or 4 further comprising sending, to the control device, the NAT for the upstream path.

6. The method of any of claims 1 to 5, wherein establishing the control channel with the control device via the control plane that is separate from a data plane comprises: identifying a plurality of transports that are available to the first network device to use to connect to the control device; and

establishing a respective control channel with the control device across each of the plurality of transports.

7. The method of any of claims 1 to 6, wherein the first security association parameters include a key that is reflected to the second network device, and wherein the key is used to establish the data plane with the second network device.

8. A non-transitory computer-readable medium that includes computer-readable instructions stored thereon that are executable by a processor to perform or control performance of operations comprising:

determine, by a first network device, a type of control channel to open across a transport in a software-defined network (SDN);

establish the control channel with a control device via a control plane that is separate from a data plane;

advertising first security association parameters to the control device via the control channel;

receive, from the control device via the control channel, second security association parameters associated with a second network device; and

establish a data plane connection with the second network device using the second security association parameters.

9. The non-transitory computer-readable medium of claim 8, the operations further comprising authenticating with the control device using an authentication protocol.

10. The non-transitory computer-readable medium of claim 9, the operations further comprising authenticating with a network management device prior to authenticating with the control device.

11. The non-transitory computer-readable medium of claim 10, the operation further comprising determining a potential network address translation (NAT) for an upstream path toward the control device.

12. The non-transitory computer-readable medium of claim 10 or 11, the operations further comprising sending, to the control device, the NAT for the upstream path.

13. The non-transitory computer-readable medium of any of claims 8 to 12, wherein establishing the control channel with the control device via the control plane that is separate from a data plane comprises:

identifying a plurality of transports that are available to the first network device to use to connect to the control device; and

establishing a respective control channel with the control device across each of the plurality of transports.

14. The non-transitory computer-readable medium of any of claims 8 to 13, wherein the first security association parameters include a key that is reflected to the second network device, and wherein the key is used to establish the data plane with the second network device.

15. A system comprising:

a memory; and

one or more processors, the one or more processors configured to perform operations comprising:

determine a type of control channel to open across a transport in a software-defined network (SDN);

establish the control channel with a control device via a control plane that is separate from a data plane;

advertising first security association parameters associated with a first network device to the control device via the control channel;

receive, from the control device via the control channel, second security association parameters associated with a second network device; and

establish a data plane connection with the second network device using the second security association parameters.

16. The system of claim 15, the operations further comprising authenticating with the control device using an authentication protocol.

17. The system of claim 16, the operations further comprising authenticating with a network management device prior to authenticating with the control device.

18. The system of claim 17, the operation further comprising determining a potential network address translation (NAT) for an upstream path toward the control device.

19. The system of claim 17 or 18, the operations further comprising sending, to the control device, the NAT for the upstream path.

20. The system of any of claims 15 to 19, wherein establishing the control channel with the control device via the control plane that is separate from a data plane comprises: identifying a plurality of transports that are available to the first network device to use to connect to the control device; and

establishing a respective control channel with the control device across each of the plurality of transports.

21. An apparatus comprising:

means for determining, by a first network device, a type of control channel to open across a transport in a software-defined network (SDN);

means for establishing the control channel with a control device via a control plane that is separate from a data plane;

means for advertising first security association parameters to the control device via the control channel;

means for receiving, from the control device via the control channel, second security association parameters associated with a second network device; and

means for establishing a data plane connection with the second network device using the second security association parameters.

22. The apparatus according to claim 21 further comprising means for implementing the method according to any of claims 2 to 7.

23. A computer program, computer program product or computer readable medium comprising instructions which, when executed by a computer, cause the computer to carry out the steps of the method of any of claims 1 to 7.