| CPC H04W 12/08 (2013.01) [H04L 63/18 (2013.01); H04L 63/20 (2013.01); H04W 12/0433 (2021.01)] | 20 Claims |
|
1. A non-transitory computer-readable storage medium having embodied thereon a program, the program being executable by a processor to perform a method comprising:
identifying, by an agent of a first networking device, a plurality of data paths between the first networking device and a second networking device, wherein a given data path connects an interface of the first networking device with an interface of the second networking device, each interface being uniquely identified by an associated Internet Protocol (IP) address;
establishing, by the agent, a secure connection, wherein establishing the secure connection includes:
establishing a connection between the first and second networking devices using a first IP address of the first networking device and a second IP address of the second networking device;
negotiating security keys to establish the secure connection, the security keys including encryption keys and decryption keys;
generating an inbound security association and an outbound security association for each of the plurality of data paths, a given inbound security association including IP addresses associated with the given data path and a respective decryption key of the decryption keys, a given outbound security association including IP addresses associated with the given data path and a respective encryption key of the encryption keys; and
installing the inbound security association and outbound security association of each of the plurality of data paths in a data plane of the first networking device.
|