METHOD AND SYSTEM FOR PROTECTING DATA FLOW BETWEEN PAIRS OF BRANCH NODES IN A SOFTWARE-DEFINED WIDE-AREA NETWORK

A method for protecting data flows between pairs of branch nodes in a software-defined wide-area network (SD-WAN) is disclosed. In an embodiment, the method involves establishing secure connections between a SD-WAN controller and branch nodes in a plurality of branch nodes, wherein each branch node...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Prabhu Manjunath, Shenoy Shiva, Ramanathan Ramasamy, Siddalingaiah Prasanna, Mehta Apurva, Iyer Jayakrishnan
Format: Patent
Sprache:eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A method for protecting data flows between pairs of branch nodes in a software-defined wide-area network (SD-WAN) is disclosed. In an embodiment, the method involves establishing secure connections between a SD-WAN controller and branch nodes in a plurality of branch nodes, wherein each branch node advertises a half-key to the SD-WAN controller via its secure connection, distributing advertised half-keys to branch nodes in the plurality of branch nodes via the established secure connections, wherein the advertised half-keys distributed to each branch node are the half-keys advertised by peer branch nodes of the branch node, and encrypting payloads for transmission from a first branch node in the plurality of branch nodes to a peer branch node in the plurality of branch nodes using a shared secret key, the shared secret key generated using the half-key of the first branch node and the distributed half-key of the peer branch node.