| CPC H04L 45/745 (2013.01) [H04L 47/625 (2013.01); H04L 2212/00 (2013.01)] | 15 Claims |
|
1. A method comprising:
receiving, by a network device from a first network, one or more network packets of a first network packet type, wherein each of the one or more network packets encapsulate a respective one of one or more fragments of a fragment flow associated with a network packet of a second network packet type;
in response to determining that the one or more network packets of the fragment flow does not include a fragment of the fragment flow that includes an indication of a source port of the network packet, buffering, by the network device, the one or more fragments of the fragment flow;
receiving, by the network device, a network packet of the first network packet type that encapsulates the fragment of the fragment flow that includes the indication of the source port of the network packet;
in response to receiving the network packet of the first network packet type that encapsulates the fragment of the fragment flow that includes the indication of the source port of the network packet, performing, by the network device, an anti-spoof check on the one or more fragments of the fragment flow and the fragment of the fragment flow based at least in part on the source port of the network packet of the second network packet type without reassembling the network packet of the second network packet type from the one or more fragments of the fragment flow and the fragment of the fragment flow; and
in response to the one or more fragments of the fragment flow and the fragment of the fragment flow passing the anti-spoof check, dispatching, by the network device to a second network, the one or more fragments of the fragment flow and the fragment of the fragment flow.
|