| CPC H04L 63/162 (2013.01) [H04L 63/061 (2013.01); H04L 63/0869 (2013.01); H04L 63/0876 (2013.01)] | 18 Claims |
|
1. A method of securing a link between two network devices in accordance with a network security protocol, the method comprising:
establishing a link between an external-facing port of a first network device and an external-facing port of a second network device, wherein the first network device is an edge router located in a first data center and the second network device is an edge router located in a second data center, the first and second data centers being separated by an unsecured physical span;
with the first network device, transmitting a first start frame in accordance with the network security protocol to the second network device, the first start frame comprising a source address field indicating a first Media Access Control (MAC) address of the first network device;
at the first network device, receiving a second start frame transmitted by the second network device in accordance with the network security protocol to the first network device, the second start frame comprising a source address field indicating a second MAC address of the second network device;
at both network devices, comparing values of the first and second MAC addresses to determine which is higher or lower;
based on the comparison, assigning a server role to one of the first and second network devices, and assigning a client role to the other of the first and second network devices; and
the network device assigned to the server role initiating an authentication process with the network device assigned to the client role to secure the link,
wherein the first network device further comprises one or more internal-facing ports, and
wherein the method further comprises linking the one or more internal-facing ports to corresponding ports of one or more other network devices located within the first data center without performing any authentication processes.
|