Path selection for data traffic within a software-defined wide area network using traffic metrics
US-2023059537-A1 · Feb 23, 2023 · US
Bi-directional encryption/decryption device for underlay and overlay operations
US12375464B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12375464-B2 |
| Application number | US-202418615674-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 25, 2024 |
| Priority date | Jan 4, 2022 |
| Publication date | Jul 29, 2025 |
| Grant date | Jul 29, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Technologies for bi-directional encryption and decryption for underlay and overlay operations are described. One network device a path-selection circuit that operates in a first mode or a second mode. In the first mode, the path-selection circuit receives a first incoming packet on a first port, sends it to a security circuitry to decrypt the first incoming packet to obtain a first decrypted packet, sends the first decrypted packet to a processing circuitry to process the first decrypted packet to obtain a first outgoing packet, and sends the first outgoing packet to a second port of the network device. In the second mode, the path-selection circuit receives a second incoming packet on a third port, sends it to the processing circuitry to de-encapsulate the second incoming packet to obtain a second outgoing packet, and sends the second outgoing packet to a fourth port of the network device.
First claim
Opening claim text (preview).
What is claimed is: 1. A network device comprising: a processing circuitry; a path-selection circuit coupled to the processing circuitry, wherein the path-selection circuit to operate in a first mode or a second mode; and a security circuitry coupled to the path-selection circuit, wherein: i) in the first mode, the path-selection circuit is to receive a first incoming packet on a first port of the network device, send the first incoming packet to the security circuitry to decrypt the first incoming packet to obtain a first decrypted packet, send the first decrypted packet to the processing circuitry to process the first decrypted packet to obtain a first outgoing packet, and send the first outgoing packet to a second port of the network device; and ii) in the second mode, the path-selection circuit is to receive a second incoming packet on a third port of the network device, send the second incoming packet to the processing circuitry to de-encapsulate the second incoming packet to obtain a second outgoing packet, and send the second outgoing packet to a fourth port of the network device. 2. The network device of claim 1 , wherein, in the first mode, the path-selection circuit is to send the first outgoing packet to the security circuitry to encrypt the first outgoing packet before sending to the second port. 3. The network device of claim 1 , wherein the first incoming packet is a Media access control security (MACsec) encrypted packet. 4. The network device of claim 1 , wherein the second incoming packet is an overlay MACsec encrypted packet. 5. The network device of claim 4 , wherein the second outgoing packet is an MACsec encrypted packet. 6. The network device of claim 1 , wherein, in the second mode, the path-selection circuit is to send the second outgoing packet to the security circuitry to decrypt the first outgoing packet before sending to the fourth port. 7. The network device of claim 1 , wherein the security circuitry is a media access control security (MACsec) device. 8. The network device of claim 1 , wherein the security circuitry is an Internet Protocol security (IPsec) device. 9. An apparatus comprising: a first port; a second port; a third port; a fourth port; a path-selection circuit coupled to the first port, the second port, the third port, and the fourth port; a decryption circuit coupled to the path-selection circuit; an encryption circuit coupled to the path-selection circuit; and a processing circuitry coupled to the path-selection circuit, wherein the path-selection circuit is to: i) in a first mode, the path-selection circuit is to receive a first incoming packet on the first port, send the first incoming packet to the decryption circuit to decrypt the first incoming packet to obtain a first decrypted packet, send the first decrypted packet to the processing circuitry to process the first decrypted packet to obtain a first outgoing packet, and send the first outgoing packet to the second port; and ii) in a second mode, the path-selection circuit is to receive a second incoming packet on the third port, send the second incoming packet to the processing circuitry to de-encapsulate the second incoming packet to obtain a second outgoing packet, and send the second outgoing packet to the fourth port. 10. The apparatus of claim 9 , wherein, in the first mode, the path-selection circuit is to send the first outgoing packet to the encryption circuit to encrypt the first outgoing packet before sending to the second port. 11. The apparatus of claim 9 , wherein the first incoming packet is a Media access control security (MACsec) encrypted packet. 12. The apparatus of claim 9 , wherein the second incoming packet is an overlay MACsec encrypted packet. 13. The apparatus of claim 12 , wherein the second outgoing packet is an MACsec encrypted packet. 14. The apparatus of claim 9 , wherein, in the second mode, the path-selection circuit is to send the second outgoing packet to the decryption circuit to decrypt the first outgoing packet before sending to the fourth port. 15. The apparatus of claim 9 , further comprising a security integrated circuit comprising the encryption circuit and the decryption circuit, wherein the security integrated circuit is a media access control security (MACsec) device or an Internet Protocol security (IPsec) device. 16. A method comprising: in a first mode: receiving, at a first port of a network device, a first incoming packet; sending, using a path-selection circuit, the first incoming packet to a security circuitry of the network device to decrypt the first incoming packet to obtain a first decrypted packet; sending, using the path-selection circuit, the first decrypted packet to a processing circuitry of the network device to process the first decrypted packet to obtain a first outgoing packet; and sending, using the path-selection circuit, the first outgoing packet to a second port of the network device; and in a second mode: receiving, at a third port of the network device, a second incoming packet; sending, using the path-selection circuit, the second incoming packet to the processing circuitry to de-encapsulate the second incoming packet to obtain a second outgoing packet; and sending, using the path-selection circuit, the second outgoing packet to a fourth port of the network device. 17. The method of claim 16 , further comprising in the first mode, sending, using the path-selection circuit, the first outgoing packet to the security circuitry to encrypt the first outgoing packet before sending to the second port. 18. The method of claim 16 , wherein the first incoming packet is a Media access control security (MACsec) encrypted packet. 19. The method of claim 16 , wherein the second incoming packet is an overlay MACsec encrypted packet. 20. The method of claim 16 , wherein the second outgoing packet is an MACsec encrypted packet.
Assignees
Inventors
Classifications
Interconnection of networks using encapsulation techniques, e.g. tunneling · CPC title
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
at the data link layer · CPC title
at the network layer · CPC title
- H04L63/0485Primary
Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12375464B2 cover?
- Technologies for bi-directional encryption and decryption for underlay and overlay operations are described. One network device a path-selection circuit that operates in a first mode or a second mode. In the first mode, the path-selection circuit receives a first incoming packet on a first port, sends it to a security circuitry to decrypt the first incoming packet to obtain a first decrypted pa…
- Who is the assignee on this patent?
- Mellanox Technologies Ltd
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0485. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jul 29 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).