公开(公告)号：US11502943B2

公开(公告)日：2022-11-15

申请号：US16866152

申请日：2020-05-04

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Rajib Majila

IPC: H04L45/24 ,  H04L45/00 ,  H04L45/021 ,  H04L47/125

Abstract: Methods for performing neighbor state management between peers of a Multi-Chassis Link Aggregation Group (MCLAG) are provided. In one method, a first peer of a Multi-Chassis Link Aggregation Group (MCLAG) performs state management for each neighbor entry in a first set of neighbor entries. Similarly, a second peer of the MCLAG connected in parallel with the first peer performs state management for each neighbor entry in a second set of neighbor entries, the second set of neighbor entries containing contain at least one neighbor entry absent from the first set of neighbor entries.

公开(公告)号：US10958554B2

公开(公告)日：2021-03-23

申请号：US16108836

申请日：2018-08-22

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Tathagata Nandy ,  Rajib Majila

IPC: H04L12/26 ,  H04L12/751 ,  H04L29/12

Abstract: Examples disclosed herein relate to monitoring flow activity on a network device. In an example, a neighbor table is maintained on a network device. The neighbor table may include a record of a neighbor network device and a hit bit corresponding to the neighbor network device. The hit bit may be used to represent a flow activity of the neighbor network device. A determination may be made whether a status of the hit bit corresponding to the neighbor network device is inactive. If the status of the hit bit is inactive, a flow entry corresponding to the neighbor network device may be deleted from an ASIC table on the network device.

公开(公告)号：US11757777B2

公开(公告)日：2023-09-12

申请号：US17483474

申请日：2021-09-23

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Rajib Majila ,  Ram Iakhan Patel

IPC: H04L45/745 ,  H04L45/02 ,  H04L12/46 ,  H04L45/42 ,  H04L101/622

CPC classification number: H04L45/745 ,  H04L12/4641 ,  H04L45/02 ,  H04L45/42 ,  H04L2101/622

Abstract: The system determines a first source MAC associated with a switch. The system updates a MAC address table by mapping the first source MAC to a first tag which indicates a source role corresponding to a network infrastructure. A processor associated with the switch generates a first packet which indicates the first source MAC. The system performs a first search in the MAC address table based on the indicated first source MAC to obtain the first tag, and performs a second search in a policy table based on the first tag for a policy which indicates an action to be applied to the first packet. If the second search is not successful, the system modifies a header of the first packet by adding the first tag. If the second search is successful, the system determines that the indicated action comprises allowing the first packet and transmits the first packet.

公开(公告)号：US20230113466A1

公开(公告)日：2023-04-13

申请号：US17498029

申请日：2021-10-11

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Rajib Majila ,  Ram lakhan Patel

IPC: H04L12/813

Abstract: A system determines a first set of policies, wherein at least one policy entry for a destination role comprises a source role, a traffic attribute, and an action to be taken for the packet. The system represents the policies as a matrix, wherein a first entry in the matrix indicates the source and destination role, the traffic attribute, and the action of the at least one policy entry. The system replaces, in the first entry, the action with the destination role if the action indicates to allow the packet, and with a null value if the action indicates to deny the packet, to obtain a first data structure with entries indicating, for a respective source role, traffic attributes and corresponding sets of allowed destination roles. The system resolves an overlapping pair comprising a first and a second traffic attribute to obtain a second set of synthesized policies.

公开(公告)号：US12126521B2

公开(公告)日：2024-10-22

申请号：US17411875

申请日：2021-08-25

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Rajib Majila ,  Venkatavaradhan Devarajan ,  Vinayak Joshi ,  Ram Iakhan Patel

IPC: H04L45/16 ,  H04L12/46 ,  H04L45/30 ,  H04L45/42

CPC classification number: H04L45/16 ,  H04L12/4633 ,  H04L45/30 ,  H04L45/42

Abstract: A system for policy management in a switch is provided. During operation, the system can generate, from a first policy defined for the switch, a second policy. The first policy can indicate whether a type of traffic is allowed from a source role to a destination role via an overlay tunnel. The second policy can indicate a plurality of destination roles that are allowed to receive multi-destination packets of the type of traffic from the source role via the overlay tunnel. Upon identifying a host associated with a role at a port of the switch, the system can determine whether the role belongs to the plurality of destination roles based on the second policy. If the role belongs to the plurality of allowed destination roles, the system can allow the port to forward a multi-destination packet, which is received via the overlay tunnel and associated with the type of traffic.

公开(公告)号：US20230089819A1

公开(公告)日：2023-03-23

申请号：US17482079

申请日：2021-09-22

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Rajib Majila ,  Ram lakhan Patel ,  Vinayak Joshi

IPC: H04L29/06

Abstract: One aspect of the instant application facilitates a source port-based identification of client role. During operation, the system can receive, at a network device, a network packet from a client device coupled to the network device via a port. The system can in response to determining that the port is a trusted port, apply a global trusted port configuration based on a first mapping table. The global trusted port configuration corresponds to a default client role. The system can in response to determining that a per-port configuration exists in a second mapping table and the client device is coupled to the trusted port, identify the per-port configuration that corresponds to a port-based client role to override the global trusted port configuration; and apply, based on the per-port configuration and a third mapping table, a policy to the subsequent network packets received via the port.

公开(公告)号：US20200067808A1

公开(公告)日：2020-02-27

申请号：US16108836

申请日：2018-08-22

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Tathagata Nandy ,  Rajib Majila

IPC: H04L12/26 ,  H04L12/751

Abstract: Examples disclosed herein relate to monitoring flow activity on a network device. In an example, a neighbor table is maintained on a network device. The neighbor table may include a record of a neighbor network device and a hit bit corresponding to the neighbor network device. The hit bit may be used to represent a flow activity of the neighbor network device. A determination may be made whether a status of the hit bit corresponding to the neighbor network device is inactive. If the status of the hit bit is inactive, a flow entry corresponding to the neighbor network device may be deleted from an ASIC table on the network device.

公开(公告)号：US12126535B2

公开(公告)日：2024-10-22

申请号：US17498029

申请日：2021-10-11

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Rajib Majila ,  Ram lakhan Patel

IPC: H04L29/06 ,  G06F15/16 ,  G06F17/13 ,  G06Q30/00 ,  H04B17/318 ,  H04L29/08 ,  H04L47/20

CPC classification number: H04L47/20

Abstract: A system determines a first set of policies, wherein at least one policy entry for a destination role comprises a source role, a traffic attribute, and an action to be taken for the packet. The system represents the policies as a matrix, wherein a first entry in the matrix indicates the source and destination role, the traffic attribute, and the action of the at least one policy entry. The system replaces, in the first entry, the action with the destination role if the action indicates to allow the packet, and with a null value if the action indicates to deny the packet, to obtain a first data structure with entries indicating, for a respective source role, traffic attributes and corresponding sets of allowed destination roles. The system resolves an overlapping pair comprising a first and a second traffic attribute to obtain a second set of synthesized policies.

公开(公告)号：US20240244000A1

公开(公告)日：2024-07-18

申请号：US18097975

申请日：2023-01-17

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Vinayak Joshi ,  Venkatavaradhan Devarajan ,  Rajib Majila ,  Vijeesh Erankotte Panayamthatta

IPC: H04L45/745 ,  H04L12/46 ,  H04L45/00 ,  H04L45/12

CPC classification number: H04L45/745 ,  H04L12/4641 ,  H04L45/12 ,  H04L45/66

Abstract: A system for selectively programming the forwarding hardware of a switch is provided. During operation, the system can operate the switch as a tunnel endpoint of a tunnel in conjunction with a remote switch. The tunnel can facilitate a virtual private network (VPN). The system can determine, using a routing protocol, a set of routes for the VPN. The system can maintain the set of routes in a first data structure in an application space. The set of routes can include a first subset of routes to remote hosts of the VPN and a second subset of routes comprising the rest of the set of routes. The system can program the second subset routes in the forwarding hardware. Upon receiving a packet for a remote host, the system can determine a route to the remote host from the first set of routes and program the route in the forwarding hardware.

公开(公告)号：US20230093278A1

公开(公告)日：2023-03-23

申请号：US17483474

申请日：2021-09-23

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Rajib Majila ,  Ram lakhan Patel

IPC: H04L12/741 ,  H04L12/751 ,  H04L12/717 ,  H04L12/46 ,  H04L29/12

Abstract: The system determines a first source MAC associated with a switch. The system updates a MAC address table by mapping the first source MAC to a first tag which indicates a source role corresponding to a network infrastructure. A processor associated with the switch generates a first packet which indicates the first source MAC. The system performs a first search in the MAC address table based on the indicated first source MAC to obtain the first tag, and performs a second search in a policy table based on the first tag for a policy which indicates an action to be applied to the first packet. If the second search is not successful, the system modifies a header of the first packet by adding the first tag. If the second search is successful, the system determines that the indicated action comprises allowing the first packet and transmits the first packet.