	US 11,991,159 B2
	Bi-directional encryption/decryption device for underlay and overlay operations
Barak Gafni, Sunnyvale, CA (US); and Liron Mula, Hertzlia (IL)
Assigned to Mellanox Technologies, Ltd., Yokneam (IL)
Filed by Mellanox Technologies, Ltd., Yokneam (IL)
Filed on Jan. 4, 2022, as Appl. No. 17/568,582.
Prior Publication US 2023/0216837 A1, Jul. 6, 2023
Int. Cl. H04L 9/40 (2022.01); H04L 12/46 (2006.01)

CPC H04L 63/0485 (2013.01) [H04L 63/162 (2013.01); H04L 63/164 (2013.01); H04L 12/4633 (2013.01); H04L 63/0428 (2013.01)]

19 Claims

1. A network device comprising:

a plurality of ports;

a network processing element, wherein the network processing element is to encapsulate a packet to obtain an encapsulated packet;

a programmable path-selection circuit coupled to the plurality of ports and the network processing element; and

a security integrated circuit coupled to the programmable path-selection circuit, wherein the programmable path-selection circuit is to operate in a first mode and a second mode, wherein:

i) in the first mode, first outgoing packets are routed to the security integrated circuit to be encrypted before sending on one of the plurality of ports, and first incoming packets, received on one of the plurality of ports, are routed to the security integrated circuit to be decrypted; and

ii) in the second mode, second incoming packets are routed to the security integrated circuit to be encrypted before processing by the network processing element.