| CPC H04L 9/0819 (2013.01) [H04L 9/0861 (2013.01); H04L 9/14 (2013.01); H04L 63/029 (2013.01)] | 20 Claims |
|
1. A method for managing encryption keys in a multi-tenant network edge device, the method comprising:
receiving tenant resource information at the multi-tenant network edge device, wherein the multi-tenant network edge device is configured to send and receive network data for a plurality of tenants, and wherein the tenant resource information includes at least one network transport interface for a first tenant;
generating at least one parent encryption key based on a number of network interfaces supported by the plurality of tenants;
generating a plurality of child encryption keys, wherein at least one child encryption key is generated for each tenant in the plurality of tenants;
creating a routing connection to a network controller for each tenant in the plurality of tenants;
transmitting the at least one parent encryption key and the plurality of child encryption keys to the network controller for distribution to the plurality of tenants;
receiving a plurality of advertisements of transport locators from the network controller, wherein each advertisement includes a parent encryption key or a child encryption key;
selecting a set of encryption keys from the plurality of advertisements; and
forming a secure tunnel with each tenant of the plurality of tenants using child encryption keys included in the set of encryption keys.
|