摘要:
An apparatus and method for ensuring distributed packet transmission security are provided. In an embodiment of the present invention, a main control board allocates SA information to multiple processing boards according to a pre-defined criterion, so that each processing board which receives and stores the SA information may implement IPSec processing. As such, the IPSec processing is shared by the multiple processing boards. Accordingly, when there are a large number of IPSec tunnels on one interface, the IPSec processing to the packets passing the IPSec tunnels will not completely rely on only the processing board where the interface is located. Instead, the IPSec processing is allocated to different processing boards. Therefore, the multiple processing boards effectively share the IPSec processing corresponding to multiple SAs. The efficiency of the IPSec processing is increased.
摘要:
The present invention discloses a method for advertising and processing pseudo-wire (PW) information, which comprises: the sending provider edge (PE) device using two or more methods to group PWs, identifying the group identifier assigned to each PW with each grouping method, and sending all group identifiers of each PW to the receiving PE device; the sending PE device sending to the receiving PE device the notification message that carries information identifying the affected PW group, and the receiving PE device identifying the PWs belonging to the affected PW group according to the received notification. The present invention also discloses the sending and receiving PE devices for advertising and processing PW information. The method and the devices of the present invention can support grouping PWs with more than one method, allowing for flexible use of PW group-based messaging and message processing.
摘要:
A midplane of a communication device, includes the first connectors and the second connectors which connect with each other via high-speed traces, the first connectors arrange in parallel at one side of the midplane, the second connectors arrange in parallel at the other side of the midplane and in parallel with the first connectors. The wiring of high-speed traces between the first connectors and the second connectors can be disposed on the whole midplane, so that it avoids the high density of wiring in part of midplane, reduces the number of layers of the midplane and the complexity of design, and reduces the crosstalk in signals. And the cooling of the whole communication device can be accomplished by only one heat dissipation system, it reduces the complexity of design of the communication device. The area between each frames of the midplane is provided to allocate electrical power in the communication device with two or multiple frames, it reduces the costs of the communication device.
摘要:
The present invention discloses a method for synchronizing connection state in data communication, which includes: a node requests connection state information from an opposite node connected with it and the node updates the local connection state according to the connection state information returned by the opposite node. The invention further discloses a communication node using the method. In the invention, by synchronizing the connection state information between a node that may be out of synchronization and its opposite node connected, the problem of connection state synchronization may be solved substantially, and synchronization may be recovered simply by holding the connection. Further, according to the embodiment of the invention, frequent connection state synchronization inside a high-availability system is no longer necessary, so that system bandwidth and processing capability may be saved, and the original connection may be recovered at any moment when an active/standby switching occurs.
摘要:
The present invention discloses a method for detecting sequence number of the packet during multi-units sending process, wherein all of the sequence numbers of the packets are pre-divided into non-overlapping subsets, the number of the subsets being at least equal to the number of units comprised by the sending party, and each subset is assigned to a unit; the receiving party determines a sliding window according to each subset, and records the correlation between the sliding window and the sequence number subset; then, the receiving party determines whether the packet is a valid packet according to the correlation and the sequence number of the packet sent from the sending party. At the same time, the invention discloses a packet sending device, a packet receiving device, and a system for detecting sequence number of the packet during multi-units sending process. With the invention, the sequence numbers of the packets sent by the units of the sending party are not overlapped, and after the receiving party receives a packet, it finds the corresponding sliding window according to the sequence number and detects the validity of the packet, so that the accuracy of packet validity detection may be improved, and packet loss may be avoided.
摘要:
A source Medium Access Control (MAC) address is learned upon receiving a data message from a local network, and a learned local MAC address entry is added to a MAC address forwarding table. A source MAC address is not learned upon receiving a data message from a tunnel. When a local MAC address entry in the MAC address forwarding table changes, a synchronization message is sent via each tunnel associated with a Virtual Extensible Local Area Network (VXLAN) in the changed local MAC address entry, and is saved into a database corresponding to the tunnel. Each tunnel corresponds to one database.
摘要:
According to an example, after a primary port of a primary switch and a secondary port of a secondary switch are connected to each other and the primary port is configured to operate in a fabric mode, the primary switch may send a mode switch request packet to the secondary switch through the primary port. The secondary switch may change the secondary port from operating in an Ethernet mode to the fabric mode based on information contained in the mode switch request packet and may send a mode switch response packet to the primary switch.
摘要:
A method for forwarding a Software Defined Networking (SDN) packet, applied in a data forwarding device in a SDN network, comprising: dividing a flow table with a plurality of flow table entries according to a class in advance, and obtaining multi-layer flow tables serial in sequence; wherein each layer of flow table corresponds to a class of flow table; and receiving a SDN packet, searching each layer of flow table in sequence according to a precedence order of the multi-layer flow tables, or directly pointing to a specified flow table to search a matched flow table entry, and processing the SDN packet.
摘要:
A method is described in which a first shortest path bridging (SPB) node and a neighboring second SPB node are connected via n links; a plurality of different neighborhoods are established between the first node and the second SPB node; and a shortest path first (SPF) tree is calculated in accordance with the links with the same cost.
摘要:
According to an example, in a method and an apparatus for expanding member ports of a link aggregation group between clusters, each apparatus in a cluster receives a port joining link aggregation group message sent by a master control board on a master apparatus in the cluster. In response to an apparatus determining that a newly joined port is a port on the apparatus itself and also is the first member port in the link aggregation group of the cluster, the newly joined port is associated with the link aggregation group. By applying the method and the apparatus for expanding member ports of a link aggregation group between clusters in this manner, according to an example, the number of member links in the link aggregation group between clusters is able to be increased, and the robustness of the network interconnection between clusters is also able to be enhanced.