CPC H04L 63/0236 (2013.01) [H04L 9/0643 (2013.01); H04L 63/029 (2013.01); H04L 63/0485 (2013.01)] | 4 Claims |
1. A method for providing randomized Security Parameter Index (SPI) for distributed Internet Protocol security (IPsec) in a cellular telecommunications network, comprising:
designating each IPsec node with a unique node identifier, the IPsec node ID;
performing a hash function on a random SPI to provide a randomized SPI, wherein the random SPI is a generated number over SPI space, the random SPI having a length corresponding to a full space available for use by the SPI space, and wherein the hashing is performed using a known hash collision resistant algorithm;
assigning the randomized SPI to an IPsec tunnel associated with the each IPsec node,
splitting an IPsec subsystem into multiple IPsec virtual nodes, each a logical unit that will be associated with a set of IPsec tunnels, and
distributing tunnels associated with a subsystem among all the nodes;
wherein the randomized SPI is generated uniformly to ensure statistically uniform distribution of SPIs over IPsec nodes,
wherein a plurality of the IPsec nodes are eNodeB s in a Long Term Evolution (LTE) telecommunications network,
wherein the IPsec tunnels provide traffic security between the eNodeBs and an LTE core network; and
wherein the multiple IPsec virtual nodes are thereby configured to act in an active-active failover configuration in an LTE telecommunications network.
|