Abstract: A technique for encapsulating data packets at a Data Link Layer to provide security functions. The technique first encrypts a payload to provide an encrypted payload. The encrypted payload is inserted in an output encapsulated frame. Also added to the output encapsulated frame is an encapsulation header that includes security information, such as a security packet index (SPI) value used to identify a security association (SA). Because the output encapsulated frame may now be longer than maximum allowed Ethernet Path Maximum Transmission Unit (PMTU), the encapsulation header also preferably includes a fragmentation field. The fragmentation field supports the ability to fragment the encrypted datagrams into smaller pieces.

Abstract: Providing security functions, such as data origin authentication, data integrity, and data confidentiality to data packets communicated over a communications pathway, in some instances, may result in data packets too large in size to be communicated over the pathway. A technique is provided which security encapsulates a data packet, and in event the size of the security encapsulated data packet exceeds a maximum data packet size capable of being transmitted over a communications pathway, fragments the security encapsulated data packet. As such, the provided technique enables data packets to be secured with security functions and to be communicated over the communications pathway without being impacted by or otherwise affected by the properties of the communications pathway.

Abstract: A technique for encapsulating data packets at a Data Link Layer to provide security functions. The technique first encrypts a payload to provide an encrypted payload. The encrypted payload is inserted in an output encapsulated frame. Also added to the output encapsulated frame is an encapsulation header that includes security information, such as a security packet index (SPI) value used to identify a security association (SA). Because the output encapsulated frame may now be longer than maximum allowed Ethernet Path Maximum Transmission Unit (PMTU), the encapsulation header also preferably includes a fragmentation field. The fragmentation field supports the ability to fragment the encrypted datagrams into smaller pieces.