METHOD AND SYSTEM FOR PROTECTING DATA FLOW BETWEEN PAIRS OF BRANCH NODES IN A SOFTWARE-DEFINED WIDE-AREA NETWORK
A method for protecting data flows between pairs of branch nodes in a software-defined wide-area network (SD-WAN) is disclosed. In an embodiment, the method involves establishing secure connections between a SD-WAN controller and branch nodes in a plurality of branch nodes, wherein each branch node...
Gespeichert in:
Hauptverfasser: | , , , , , |
---|---|
Format: | Patent |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext bestellen |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
Zusammenfassung: | A method for protecting data flows between pairs of branch nodes in a software-defined wide-area network (SD-WAN) is disclosed. In an embodiment, the method involves establishing secure connections between a SD-WAN controller and branch nodes in a plurality of branch nodes, wherein each branch node advertises a half-key to the SD-WAN controller via its secure connection, distributing advertised half-keys to branch nodes in the plurality of branch nodes via the established secure connections, wherein the advertised half-keys distributed to each branch node are the half-keys advertised by peer branch nodes of the branch node, and encrypting payloads for transmission from a first branch node in the plurality of branch nodes to a peer branch node in the plurality of branch nodes using a shared secret key, the shared secret key generated using the half-key of the first branch node and the distributed half-key of the peer branch node. |
---|