Separating control plane function and forwarding plane function of broadband remote access server
US-2019222434-A1 · Jul 18, 2019 · US
VXLAN access authentication method and VTEP device
US12388678B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12388678-B2 |
| Application number | US-202217973812-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 26, 2022 |
| Priority date | Apr 27, 2020 |
| Publication date | Aug 12, 2025 |
| Grant date | Aug 12, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A VXLAN access authentication method includes: An authentication point device receives a VXLAN authentication packet, where the VXLAN authentication packet is a VXLAN packet. The VXLAN authentication packet includes a VXLAN header and an authentication request sent by a terminal, the VXLAN header includes a first VNI, and the authentication request includes an authentication credential. The authentication point device obtains permission of the terminal or a second VNI based on the authentication credential. The permission of the terminal corresponds to the second VNI. The authentication point device sends the permission of the terminal or the second VNI to a control point device, where the control point device is a device that encapsulates the authentication request into the VXLAN authentication packet. In this application, VXLAN access authentication is performed on an overlay network, so that configuration complexity can be reduced when a VXLAN access authentication mode is modified or created.
First claim
Opening claim text (preview).
What is claimed is: 1. A virtual extensible local area network (VXLAN) access authentication method, comprising: receiving, by an authentication point device, a first VXLAN packet sent by a control point device, wherein the first VXLAN packet comprises a first VXLAN header and a first hypertext transfer protocol (HTTP) request, and wherein the first VXLAN header comprises a first VXLAN network identifier (VNI); receiving, by the authentication point device, a VXLAN authentication packet comprising a VXLAN header and an authentication request sent by a terminal, wherein the VXLAN header comprises a first VNI, and wherein the authentication request comprises an authentication credential; obtaining, by the authentication point device, permission of the terminal including passing prohibited or a second VNI based on the authentication credential, wherein the permission of the terminal corresponds to the second VNI; and sending, by the authentication point device, the permission of the terminal or the second VNI to the control point device that encapsulates the authentication request into the VXLAN authentication packet. 2. The method according to claim 1 , wherein no data traffic runs on a VXLAN network corresponding to the first VNI. 3. The method according to claim 1 , wherein before receiving the VXLAN authentication packet and after receiving the first VXLAN packet, the method further comprises: sending, by the authentication point device, a second VXLAN packet to the control point device, wherein the second VXLAN packet comprises a second VXLAN header and an HTTP redirect packet, wherein the second VXLAN header comprises the first VNI, and wherein the HTTP redirect packet comprises a uniform resource identifier (URI) of a portal server. 4. The method according to claim 1 , wherein the control point device is an edge device, and wherein the authentication point device is a border device. 5. The method according to claim 1 , wherein the first VNI is a default VNI for VXLAN authentication. 6. A virtual extensible local area network (VXLAN) access authentication method, comprising: sending, by a control point device, a first VXLAN packet to an authentication point device, wherein the first VXLAN packet comprises a first VXLAN header and a first hypertext transfer protocol (HTTP) request, and wherein the first VXLAN header comprises a first VXLAN network identifier (VNI); sending, by the control point device, a VXLAN authentication packet to the authentication point device comprising a VXLAN header and an authentication request sent by a terminal, wherein the VXLAN header comprises the first VNI, and wherein the authentication request comprises an authentication credential; receiving, by the control point device, permission of the terminal including passing prohibited or a second VNI, wherein the permission of the terminal corresponds to the second VNI, and wherein the permission of the terminal or the second VNI is obtained by the authentication point device based on the authentication credential; and encapsulating, by the control point device, a packet from the terminal into a VXLAN packet on a VXLAN network corresponding to the second VNI. 7. The method according to claim 6 , wherein no data traffic runs on the VXLAN network corresponding to the first VNI. 8. The method according to claim 6 , wherein before the-sending the VXLAN authentication packet to the authentication point device and after sending the first VXLAN packet, the method further comprises: receiving, by the control point device, a second VXLAN packet sent by the authentication point device, wherein the second VXLAN packet comprises a second VXLAN header and an HTTP redirect packet, wherein the second VXLAN header comprises the first VNI, and wherein the HTTP redirect packet comprises a uniform resource identifier (URI) of a portal server. 9. The method according to claim 6 , wherein the control point device is an edge device, and wherein the authentication point device is a border device. 10. The method according to claim 6 , wherein the first VNI is a default VNI for VXLAN authentication. 11. A virtual extensible local area network (VXLAN) tunnel endpoint (VTEP) device, comprising: a receiver, configured to; receive a first VXLAN packet sent by a control point device, wherein the first VXLAN packet comprises a first VXLAN header and a first hypertext transfer protocol (HTTP) request, and the first VXLAN header comprises a first VXLAN network identifier (VNI); receive a VXLAN authentication packet, wherein the VXLAN authentication packet is a VXLAN packet, the VXLAN authentication packet comprises a VXLAN header and an authentication request sent by a terminal, the VXLAN header comprises the first VNI, and the authentication request comprises an authentication credential; a processor, configured to obtain permission of the terminal including passing prohibited or a second VNI based on the authentication credential, wherein the permission of the terminal corresponds to the second VNI; and a transmitter, configured to send the permission of the terminal or the second VNI to the control point device, wherein the control point device is a device that encapsulates the authentication request into the VXLAN authentication packet. 12. The device according to claim 11 , wherein no data traffic runs on a VXLAN network corresponding to the first VNI. 13. The device according to claim 11 , wherein the transmitter is further configured to send a second VXLAN packet to the control point device, wherein the second VXLAN packet comprises a second VXLAN header and an HTTP redirect packet, the second VXLAN header comprises the first VNI, and the HTTP redirect packet comprises a uniform resource identifier (URI) of a portal server. 14. The device according to claim 11 , wherein the control point device is an edge device, and an authentication point device is a border device. 15. The device according to claim 11 , wherein the first VNI is a default VNI for VXLAN authentication.
Assignees
Inventors
Classifications
based on web technology, e.g. hypertext transfer protocol [HTTP] · CPC title
using an additional device, e.g. smartcard, SIM or a different communication terminal (cryptographic mechanisms or cryptographic arrangements for entity authentication involving additional secure or trusted devices H04L9/3234) · CPC title
using passwords (cryptographic mechanisms or cryptographic arrangements for entity authentication using a predetermined code H04L9/3226) · CPC title
for controlling access to devices or network resources · CPC title
by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12388678B2 cover?
- A VXLAN access authentication method includes: An authentication point device receives a VXLAN authentication packet, where the VXLAN authentication packet is a VXLAN packet. The VXLAN authentication packet includes a VXLAN header and an authentication request sent by a terminal, the VXLAN header includes a first VNI, and the authentication request includes an authentication credential. The aut…
- Who is the assignee on this patent?
- Huawei Tech Co Ltd
- What technology area does this patent fall under?
- Primary CPC classification H04L63/08. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Aug 12 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).