Field of the Invention
The present invention relates computer internetworking and more particularly to the field of network protocol implementation configuration.
Description of the Related Art
Computing devices alone have proven to be useful tools to billions globally; however, the interconnection of computing devices in computing networks has provided a level of utility orders of magnitude in excess of the stand alone computing device. The basic computer network has been uniformly enabled through the implementation of the transport control protocol/internet protocol (TCP/IP). Conforming implementations of TCP/IP form the very heart of the global Internet across which trillions of packets of information flow each day.
Modern advances in computer internetworking rely upon a multiplicity of highly complex protocols, each serving a particular purpose. Substantially attention has been paid recently to security protocol implementations that provide a high level of secure network communications. Security protocol implementations generally include mechanisms for authenticating the identity of communicants to a session and the negotiation of encryption keys for securing data transmitted therebetween. Security protocol implementations further provide means for exchanging encrypted data and for decrypting the data when required. Finally, security protocol implementations often provide infrastructure and processes enabled to pass secure data deep into a secure network without compromising or exposing the identity of one or both of the communicants to outside parties. Examples include Internet Protocol (IP) Security (IPSec) and transport layer security (TLS).
Security protocol implementations, like the implementation of many other network services protocols, often originate from a uniformly adopted protocol. In many cases, the uniformly adopted protocol persists in the form of an industry standard. Notwithstanding, implementations of uniformly adopted protocols can vary for different platforms such that users in many cases must recognize the implementation details of each implementation. Given the varying implementations of different network services protocols, configuring a computer network for interoperability across multiple different computing platforms utilizing one or more common network services can be challenging.
In particular, Internet security protocol implementations generally can be quite complicated to configure. The complexity in configuring an Internet security protocol implementation can arise from the number of protocol options available for configuration, as well as the number of permitted configuration topologies. In many cases, not only must data endpoints be defined, but also security endpoints must be defined. To that end, different security modes can be selected including tunnel mode and transport mode in the case of IPSec. Yet further, in an IPSec security protocol framework, security protocol implementations including authentication header (AH), encapsulated security payload (ESP) and Internet key exchange (IKE) require the definition of filter rules to permit IPSec traffic.