公开(公告)号：US10708081B2

公开(公告)日：2020-07-07

申请号：US15657046

申请日：2017-07-21

Applicant: Huawei Technologies Co., Ltd.

Inventor： Luxiao Sun ,  Tao Han ,  Jiuming Li

IPC: H04L12/437 ,  H04L12/24

Abstract: Embodiments of the present disclosure provide a failure protection method based on a ring protection link, a device, and a system, and nodes in the ring protection link include a forwarding device in an SDN. The method includes: receiving, by a network controller, a high-priority failure message sent by a first node, where the failure message includes information used to indicate a failure; obtaining, according to the failure message, data information about port state changes that are of the nodes and that are caused by the failure; and sending a high-priority switching message to each of the nodes, so that each of the nodes updates a local MAC address table according to the switching message, where the switching message includes the data information about port state changes that are of the nodes and that are caused by the failure.

公开(公告)号：US20160285850A1

公开(公告)日：2016-09-29

申请号：US15178770

申请日：2016-06-10

Applicant: Huawei Technologies Co., Ltd.

Inventor： Peilin Yang ,  Tao Han

IPC: H04L29/06

CPC classification number: H04L63/08 ,  H04L41/28 ,  H04L63/12 ,  H04L63/1416 ,  H04L69/40

Abstract: A security authentication method includes: receiving, by a control plane of a BFD device, a first BFD packet that is sent by a control plane of a peer BFD device; generating, by the control plane, a first token value according to the random nonce; sending the first token value to a data plane; receiving, by the data plane, a second BFD packet that is sent by a data plane of the peer BFD device, where the second BFD packet carries authentication information, and the authentication information includes a random nonce; and generating, by the data plane, a second token value according to the random nonce included in the authentication information and by using a calculation method the same as that of the control plane, and successfully authenticating, by the data plane, the second BFD packet if the first token value and the second token value are the same.

Abstract translation: 一种安全认证方法，包括：由BFD设备的控制平面接收由对等BFD设备的控制平面发送的第一BFD报文; 由控制平面根据随机随机数生成第一令牌值; 将第一令牌值发送到数据平面; 由所述数据平面接收由对端BFD设备的数据平面发送的第二BFD分组，其中所述第二BFD分组携带认证信息，所述认证信息包括随机随机数; 并且通过数据平面根据认证信息中包含的随机随机数生成第二令牌值，并且使用与控制平面相同的计算方法，并且通过数据平面成功地认证第二BFD分组 如果第一个令牌值和第二个令牌值相同。

公开(公告)号：US20230421499A1

公开(公告)日：2023-12-28

申请号：US18459163

申请日：2023-08-31

Applicant: Huawei Technologies Co., Ltd.

Inventor： Zhibo Hu ,  Ping’an Yang ,  Tao Han ,  Jie Dong

IPC: H04L45/745 ,  H04L45/00

CPC classification number: H04L45/745 ,  H04L45/566

Abstract: A packet transmission method includes: A first network device receives a first data packet; and the first network device updates the first data packet to obtain a second data packet, where the second data packet includes a global identifier; the first network device sends the second data packet to a second network device, where the global identifier is used by the second network device to verify the second data packet based on a correspondence, and the correspondence is a correspondence between the global identifier and an egress port through which the second network device transmits the second data packet.

公开(公告)号：US11556100B2

公开(公告)日：2023-01-17

申请号：US16730060

申请日：2019-12-30

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Xiaotao Deng ,  Qing Luo ,  Zhifeng Chen ,  Tao Han ,  Junfei Zeng

IPC: G05B17/02 ,  H04L67/12 ,  H04L41/14

Abstract: A control method includes sending, by a controller, a created context-aware model to a context-aware engine. The context-aware model is used to define a preset control performed when target data meets a trigger condition and to instruct the context-aware engine to send indication information to the controller when the context-aware engine determines that the target data meets the trigger condition. The preset control is used to implement a context-aware function. The indication information is used to indicate that the target data meets the trigger condition. The method also includes receiving, by the controller, the indication information. The method further includes performing, by the controller, the preset control based on the indication information.

公开(公告)号：US10097530B2

公开(公告)日：2018-10-09

申请号：US15178770

申请日：2016-06-10

Applicant: Huawei Technologies Co., Ltd.

Inventor： Peilin Yang ,  Tao Han

IPC: H04L12/24 ,  H04L29/06 ,  H04L29/14

Abstract: A security authentication method includes: receiving, by a control plane of a BFD device, a first BFD packet that is sent by a control plane of a peer BFD device; generating, by the control plane, a first token value according to the random nonce; sending the first token value to a data plane; receiving, by the data plane, a second BFD packet that is sent by a data plane of the peer BFD device, where the second BFD packet carries authentication information, and the authentication information includes a random nonce; and generating, by the data plane, a second token value according to the random nonce included in the authentication information and by using a calculation method the same as that of the control plane, and successfully authenticating, by the data plane, the second BFD packet if the first token value and the second token value are the same.

公开(公告)号：US20170359253A1

公开(公告)日：2017-12-14

申请号：US15668484

申请日：2017-08-03

Applicant: Huawei Technologies Co., Ltd.

Inventor： Peilin Yang ,  Hengcheng Zhang ,  Tao Han

IPC: H04L12/703 ,  H04L12/911 ,  H04L12/707 ,  H04L12/715

CPC classification number: H04L45/28 ,  H04L12/4641 ,  H04L41/0663 ,  H04L41/0668 ,  H04L41/0836 ,  H04L45/22 ,  H04L45/38 ,  H04L45/64 ,  H04L47/728 ,  H04L47/746

Abstract: A link protection method in a software-defined networking (SDN), a corresponding switching device and network controller, where the method includes receiving, by a first switching device in the SDN, first information from a network controller in the SDN and link protection information, where the first information establishes a communication link between the first switching device and a destination device, and the link protection information instructs the first switching device to proactively perform primary-to-secondary link switching when a link is faulty, establishing, by the first switching device, the communication link with the destination device according to the first information, and determining, by the first switching device according to the link protection information, that the first switching device proactively performs the primary-to-secondary link switching.

公开(公告)号：US11444913B2

公开(公告)日：2022-09-13

申请号：US17327019

申请日：2021-05-21

Applicant: Huawei Technologies Co., Ltd.

Inventor： Jian Sheng ,  Tao Han ,  Wei Jiang

IPC: G06F15/16 ,  H04L61/256 ,  H04L43/10 ,  H04L61/251 ,  H04L61/2514 ,  H04L101/663 ,  H04L101/686

Abstract: A data transmission method, implemented by a network device, includes sending a probe packet to a log server, determining whether the log server can receive a packet responsive to whether the network device receives a probe response packet from the log server, and sending a log packet to the log server when the log server can receive a packet. The log packet includes a correspondence between a public Internet Protocol (IP) address and a private IP address.

公开(公告)号：US20180069792A1

公开(公告)日：2018-03-08

申请号：US15795587

申请日：2017-10-27

Applicant: Huawei Technologies Co., Ltd.

Inventor： Yuan Gao ,  Tao Han ,  Weilian Jiang

IPC: H04L12/741 ,  H04L12/46 ,  H04L12/715

CPC classification number: H04L45/745 ,  H04L12/46 ,  H04L12/4633 ,  H04L12/4641 ,  H04L12/4675 ,  H04L45/04 ,  H04L49/70 ,  H04L2012/4629

Abstract: A packet processing method, and a device and a system includes receiving, by a provider edge (PE) device, a first virtual extensible local area network (VxLAN) encapsulated packet sent by a network virtualization edge (NVE) device, where the PE device and the NVE device are located in a same data center (DC), and the first VxLAN encapsulated packet includes a first VxLAN network identifier (VNI); parsing, by the PE device, the first VxLAN encapsulated packet to obtain the first VNI; obtaining, according to a correspondence between a VNI and a virtual routing and forwarding (VRF) table, a first VRF table that corresponds to the first VNI; searching, by the PE device, the first VRF table for a route according to a destination Internet Protocol (IP) address of the first VxLAN encapsulated packet; and forwarding the first VxLAN encapsulated packet.

公开(公告)号：US20250132906A1

公开(公告)日：2025-04-24

申请号：US19001904

申请日：2024-12-26

Applicant: Huawei Technologies Co., Ltd.

Inventor： Yulin Shi ,  Tao Han ,  Kai Liu

IPC: H04L9/08 ,  H04L45/02 ,  H04L45/748

Abstract: A method for distributing encryption information includes receiving, by a network device, a route advertisement packet. The network device generates a key based on the encryption extended information in the route advertisement packet, and generates a routing entry with an encryption attribute. The routing entry can indicate to the network device to encrypt data by using the key and then send encrypted data to a network indicated by the routing prefix.

公开(公告)号：US11979294B2

公开(公告)日：2024-05-07

申请号：US17697068

申请日：2022-03-17

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Feng Dong ,  Tao Han ,  Tongjiang Yang ,  Xinyu Yan

IPC: H04L41/14 ,  G06N5/022 ,  H04L12/46 ,  H04L41/12 ,  H04L41/16

CPC classification number: H04L41/145 ,  G06N5/022 ,  H04L12/4641 ,  H04L41/12 ,  H04L41/16

Abstract: A network management method. The method includes: obtaining a network type of a target network; obtaining a logical network model of the target network based on the network type and a logical network recommendation model; determining a physical network model of the target network based on the logical network model and a physical network recommendation model; and performing network configuration based on the physical network model of the target network. An advantage of the embodiments lies in that, when a user inputs the network type of the target network instead of a large quantity of detailed network configurations, a network management system can automatically establish the required target network for the user, thereby greatly improving efficiency of establishing the target network.