SCALABLE SOURCE SECURITY GROUP TAG (SGT) PROPAGATION OVER THIRD-PARTY WAN NETWORKS

    公开(公告)号:US20240406183A1

    公开(公告)日:2024-12-05

    申请号:US18223344

    申请日:2023-07-18

    Abstract: Techniques for propagating security group tag mapping between external interconnected sites that are not capable of carrying the SGT mappings. A system is disclosed that includes operations of subscribing at a first border of a first site, by a control plane, a first SGT mapping associated with a first data packet at the first site for storing the SGT mapping of the first data packet at the control plane. Then transmitting, the first data packet from the first border of the first site to a second border of the second site without attaching the first SGT mapping with the first data packet. Further, in response to a determination by the control plane that the first data packet has lost the associated first SGT mapping at the second border, identifying the SGT mapping with the first data packet at the second border to be re-associated with the first data packet.

    MULTI-HOMED LAYER-2 (L2) SERVICE INSERTION ENTERPRISE FABRIC NETWORKS

    公开(公告)号:US20250126060A1

    公开(公告)日:2025-04-17

    申请号:US18380457

    申请日:2023-10-16

    Abstract: Techniques and architecture are described for L2 service insertion in a network. More particularly, the techniques and architecture provide for monitoring a L2 service, e.g., firewall, MAC address (instead of learning the MAC address) and registering/de-registering the service node (e.g., fabric border or edge or LISP service_etr) to the service control plane (e.g., LISP MSMR) based on this. This not only load-balances the traffic (per L2 flow) but also tracks it for node's liveliness. The techniques and architecture also provide L2 service insertion connected to a service border to allow for dynamic SGT based service, e.g., firewall, insertion for both software defined access (SDA) fabric and non-fabric deployments.

    DIRECTED BROADCAST IN NETWORK FABRIC

    公开(公告)号:US20210385100A1

    公开(公告)日:2021-12-09

    申请号:US16897110

    申请日:2020-06-09

    Abstract: This technology enables directed broadcasts in network fabrics. To enable a directed broadcast, a control plane node is configured to resolve directed broadcast addresses by mapping the directed broadcast address to a subnet address associated with the network fabric. A fabric border node receives a directed broadcast, extracts a destination address associated with the directed broadcast, and transmits a request to the control plane node to resolve the destination address. The control plane node retrieves the stored mapping and generates a map reply to the fabric border node with a multicast destination comprising the network fabric subnet address. The fabric border node encapsulates the directed broadcast with a header comprising the multicast destination and forwards the encapsulated directed broadcast to fabric edge nodes, which decapsulate the directed broadcast and deliver a data set from the directed broadcast to appropriate end point devices.

    DIRECTED BROADCAST IN NETWORK FABRIC

    公开(公告)号:US20220173999A1

    公开(公告)日:2022-06-02

    申请号:US17672278

    申请日:2022-02-15

    Abstract: This technology enables directed broadcasts in network fabrics. A control plane node is configured to resolve directed broadcast addresses by mapping the directed broadcast address to a subnet address. A fabric border node receives a directed broadcast, extracts a destination address, and transmits a request to the control plane node to resolve the destination address. The control plane node retrieves the stored mapping and generates a map reply with a multicast destination. The fabric border node encapsulates and forwards the directed broadcast to fabric edge nodes, which decapsulate the directed broadcast and deliver a data set from the directed broadcast to appropriate end point devices. Each fabric edge node may be enabled to determine if the fabric edge node may be connected to a silent host and, based on that determination, request the fabric border node to be added to the multicast destination to receive the directed broadcast.

    Directed broadcast in network fabric

    公开(公告)号:US11258621B2

    公开(公告)日:2022-02-22

    申请号:US16897110

    申请日:2020-06-09

    Abstract: This technology enables directed broadcasts in network fabrics. To enable a directed broadcast, a control plane node is configured to resolve directed broadcast addresses by mapping the directed broadcast address to a subnet address associated with the network fabric. A fabric border node receives a directed broadcast, extracts a destination address associated with the directed broadcast, and transmits a request to the control plane node to resolve the destination address. The control plane node retrieves the stored mapping and generates a map reply to the fabric border node with a multicast destination comprising the network fabric subnet address. The fabric border node encapsulates the directed broadcast with a header comprising the multicast destination and forwards the encapsulated directed broadcast to fabric edge nodes, which decapsulate the directed broadcast and deliver a data set from the directed broadcast to appropriate end point devices.

Patent Agency Ranking