-
公开(公告)号:US20250016091A1
公开(公告)日:2025-01-09
申请号:US18347459
申请日:2023-07-05
Applicant: Hewlett Packard Enterprise Development LP
Inventor: Saumya Dikshit , Balaji Sankaran , Badrish Havaralu Rama Chandra Adiga
Abstract: A system for facilitating segmentation by a first switch of an overlay tunnel fabric is provided. During operation, the system can receive a route update packet for the fabric. The packet can be based on a control plane that allows the exchange of route information via the tunnel and can include a first media access control (MAC) address learned at a second switch and a first role identifier of a first role. The first role can indicate a level of access granted to a first device associated with the first MAC address. The system can store the first MAC address and the first role identifier in a local address data structure. Upon receiving a packet from the first device, the system can then determine, based on the first role identifier and a first segmentation policy, whether a local device is allowed to receive the packet from the first device.
-
公开(公告)号:US20240283798A1
公开(公告)日:2024-08-22
申请号:US18315269
申请日:2023-05-10
Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
Inventor: Balaji Sankaran , Venkatavaradhan Devarajan , Vinayak Joshi
IPC: H04L9/40
CPC classification number: H04L63/104 , H04L63/102 , H04L63/30
Abstract: Some examples relate to a proxy service on a network device for applying a group based policy (GBP) to network traffic from a client. In an example, a proxy service on a network device is used to intercept a network access request message, pertaining to a client, from an access device. The proxy service forwards the network access request message to an authentication server. The server responds by sending a network access response message to the access device. The proxy service intercepts the network access response message from the authentication server and obtains the role information of the client from the network access response message. In response to receiving network traffic from the client, the proxy service identifies a GBP corresponding to the role information of the client and applies the GBP to the network traffic from the client.
-
公开(公告)号:US11258794B2
公开(公告)日:2022-02-22
申请号:US16243700
申请日:2019-01-09
Applicant: Hewlett Packard Enterprise Development LP
Inventor: Badrish Havaralu Rama Chandra Adiga , Balaji Sankaran , Vinay Kumar Vishwakarma , Krishna Mohan Elluru , Shantha Kumara
Abstract: Example approaches for authenticating a device are described. In an example, a category, from a plurality of categories, is identified for a device, based on data packets exchanged between the device and a network element. The category is indicative of operational capabilities of the device. Based on the category identified for the device, an authentication order for the device is determined. The authentication order is indicative of a sequence in which a set of authentication tests is to be executed for authentication of the device.
-
公开(公告)号:US20190068387A1
公开(公告)日:2019-02-28
申请号:US16118833
申请日:2018-08-31
Applicant: Hewlett Packard Enterprise Development LP
CPC classification number: H04L12/18 , G06F16/252 , G06F16/27 , H04L12/1881
Abstract: Examples herein are directed to centralized database based multicast converging. For instance, in various examples centralized database based multicast converging can include starting a restart timer having a value greater than a time to validate stored entries in a centralized database, sending data packets at least to hosts on the network corresponding to the stored entries in the centralized database to maintain service to the hosts while the restart timer is running, sending query packets to validate a host corresponding to an entry of the stored entries in the centralized database, and responsive to the restart timer expiring, sending data packets to a converged group of hosts including at least the validated host.
-
公开(公告)号:US20250133031A1
公开(公告)日:2025-04-24
申请号:US18408772
申请日:2024-01-10
Applicant: Hewlett Packard Enterprise Development LP
Inventor: Krishna Mohan Elluru , Balaji Sankaran , Suresh Rukmangathan
Abstract: A network management service controls the flow of messages (e.g., management messages) with a credit-based system. The network management service may be a cloud-based network management service. A message credit quantity for a managed network device is calculated by the network management service based on multiple criteria. The message credit quantity is communicated to the managed network device. The managed network device limits its sending of management messages to the network management service based on its assigned quantity of message credits.
-
Patent Agency Ranking
公开(公告)号:US20200220873A1
公开(公告)日:2020-07-09
申请号:US16243700
申请日:2019-01-09
Applicant: Hewlett Packard Enterprise Development LP
Inventor: Badrish Havaralu Rama Chandra Adiga , Balaji Sankaran , Vinay Kumar Vishwakarma , Krishna Mohan Elluru , Shantha Kumara
IPC: H04L29/06
Abstract: Example approaches for authenticating a device are described, In an example, a category, from a plurality of categories, is identified for a device, based on data packets exchanged between the device and a network element. The category is indicative of operational capabilities of the device. Based on the category identified for the device, an authentication order for the device is determined. The authentication order is indicative of a sequence in which a set of authentication tests is to be executed for authentication of the device.
-
公开(公告)号:US20200021450A1
公开(公告)日:2020-01-16
申请号:US16031256
申请日:2018-07-10
Applicant: Hewlett Packard Enterprise Development LP
Inventor: Tathagata Nandy , Balaji Sankaran , Tinoj Joseph
Abstract: Some examples relate to managing multicast scaling. In an example, a determination may be made at a network device whether more than a pre-defined percentage of ports of a virtual LAN (VLAN) are associated with an IP multicast group. In response to the determination that more than a pre-defined percentage of ports on the VLAN are associated with the IP multicast group, a flood filter may be programmed on the network device for the VLAN. A hardware filter previously associated with the IP multicast group may be disassociated.
-
公开(公告)号:US20180302269A1
公开(公告)日:2018-10-18
申请号:US15946213
申请日:2018-04-05
Applicant: Hewlett Packard Enterprise Development LP
Abstract: Examples disclosed herein relate to providing a failover in a MACsec capable device. In an example, a primary management engine that runs a protocol of MACsec standard in a MACsec capable device may determine whether a parameter related to a protocol of MACsec standard on the MACsec capable device has changed. In response to the determination that the parameter has changed, primary management engine may synchronize data related to the parameter to a secondary management engine, which acts as a failover component for the primary management engine. In response to a determination that the primary management engine has failed, secondary management engine may recreate the latest state of the protocol of MACsec standard in the MACsec capable device prior to the failure of the primary management engine, based on the data related to the parameter.
-
公开(公告)号:US20250138810A1
公开(公告)日:2025-05-01
申请号:US18412044
申请日:2024-01-12
Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
Inventor: Chivukula Koundinya , Balaji Sankaran , Sivakumar Murugan
IPC: G06F8/656
Abstract: In certain embodiments, a method includes stopping platform daemons of a standalone network device; creating an ISSU cache; storing forwarding information in the ISSU cache to freeze the forwarding information; installing an updated state database; storing the forwarding information from the ISSU cache in the updated state database; generating a warm boot file for a line card daemon; installing an updated line card daemon; recovering an internal state of a line card to the updated line card daemon using the warm boot file; connecting the updated line card daemon to the updated state database; syncing the updated state database to a non-updated state database; unfreezing the forwarding information by allowing the updated line card daemon to update the forwarding information of the line card using information from the updated state database; updating control plane daemons of the standalone network device; and updating the platform daemons of the standalone network device.
-
公开(公告)号:US11979286B1
公开(公告)日:2024-05-07
申请号:US17967659
申请日:2022-10-17
Applicant: Hewlett Packard Enterprise Development LP
IPC: G06F15/177 , G06F8/65 , G06F16/27 , H04L41/082 , H04L41/0895 , H04L49/00
CPC classification number: H04L41/082 , G06F8/65 , G06F16/27 , H04L41/0895 , H04L49/70
Abstract: One aspect of the present technology can provide a system for facilitating in-service software upgrade (ISSU) for a switch in a virtual switching stack. During operation, the system can initiate ISSU that facilitate uninterrupted traffic flow. The system can upgrade a first set of daemons of the switch that manage operations of the switch. The system can also upgrade a database stored on the switch. The database can store operational information of the switch. The system can further upgrade a second set of daemons of the switch that configure forwarding information on the forwarding hardware of the switch and facilitate data-plane operations for the switch. The forwarding information configured on the forwarding hardware can remain unchanged during the upgrade. The system can configure the upgraded second set of daemons to obtain control-plane information from a standby switch of a conductor switch of the virtual switching stack.
-
-
-
-
-
-
-
-
-
Search Results
20
records
(took 0.016 seconds)
