-
公开(公告)号:US20240244000A1
公开(公告)日:2024-07-18
申请号:US18097975
申请日:2023-01-17
Applicant: Hewlett Packard Enterprise Development LP
Inventor: Vinayak Joshi , Venkatavaradhan Devarajan , Rajib Majila , Vijeesh Erankotte Panayamthatta
IPC: H04L45/745 , H04L12/46 , H04L45/00 , H04L45/12
CPC classification number: H04L45/745 , H04L12/4641 , H04L45/12 , H04L45/66
Abstract: A system for selectively programming the forwarding hardware of a switch is provided. During operation, the system can operate the switch as a tunnel endpoint of a tunnel in conjunction with a remote switch. The tunnel can facilitate a virtual private network (VPN). The system can determine, using a routing protocol, a set of routes for the VPN. The system can maintain the set of routes in a first data structure in an application space. The set of routes can include a first subset of routes to remote hosts of the VPN and a second subset of routes comprising the rest of the set of routes. The system can program the second subset routes in the forwarding hardware. Upon receiving a packet for a remote host, the system can determine a route to the remote host from the first set of routes and program the route in the forwarding hardware.
-
公开(公告)号:US11743693B2
公开(公告)日:2023-08-29
申请号:US17374422
申请日:2021-07-13
Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
Inventor: Vinayak Joshi , Tathagata Nandy , Venkatavaradhan Devarajan , Saumya Dikshit
CPC classification number: H04W4/08 , H04L45/16 , H04L45/66 , H04W36/18 , H04L12/189 , H04W84/12 , H04W88/08
Abstract: In an example, a wired network device receives a first join message originating from a client device associated with a first wireless access point (WAP) connected to another wired network device in a broadcast domain. An entry corresponding to the client device is created in a remote receiver record of the wired network device. In response to the client device transitioning from the first WAP to a second WAP connected to the wired network device, it is determined that the client device is locally connected to the wired network device. Intention of the client device to receive multicast traffic is identified. A second join message directed to the network address of the multicast group and distributed in the broadcast domain. A traffic flow path for the multicast traffic via the wired network device and the second WAP to the client device is configured.
-
公开(公告)号:US11570077B2
公开(公告)日:2023-01-31
申请号:US17221813
申请日:2021-04-04
Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
Inventor: Saumya Dikshit , Vinayak Joshi
IPC: H04L43/0882 , H04L43/0823 , H04L43/0817 , H04L12/46 , H04L45/00 , H04L45/24 , H04L45/28
Abstract: An example network orchestrator of a SDN is configured to receive, based on a user input, credentials associated with a traffic flow. Based on the credentials, it is determined whether the traffic flow is received at an ingress overlay network node. Route information and encapsulation information of the traffic flow is extracted from the ingress overlay network node. A first set of underlay network nodes each of which is a potential next hop for the traffic flow is identified. It is determined, based on the encapsulation information, whether the traffic flow is received by one of the first set of underlay network nodes. It is determined whether the traffic flow is received at an egress overlay network node from one of the first. A network trace of the traffic flow is determined based on the determinations of whether the traffic flow is received at the ingress overlay network node, one of the first set of underlay network nodes, and the egress overlay network node. Based on the network trace, a fault in a link between network nodes or in the ingress overlay network node or in the egress overlay network node or in one of the first set of underlay network nodes is detected.
-
公开(公告)号:US20220417287A1
公开(公告)日:2022-12-29
申请号:US17409179
申请日:2021-08-23
Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
Inventor: Vinayak Joshi , Venkatavaradhan Devarajan , Rajib Majila , Tathagata Nandy
IPC: H04L29/06
Abstract: Examples disclosed herein relate to a method for defining an ingress access policy at an ingress network device based on instructions from an egress network device. The egress network device receives data packets directed to a first entity from a second entity connected to an ingress network device. Each data packet transmitted includes a source role tag corresponding to the second entity. At the egress network device, the data packets may be dropped based on the enforcement of an egress access policy. When the number of data packets that are being dropped increases beyond a pre-defined threshold, the egress network device transmits a command to the ingress network device instructing the ingress network device to create a restriction on the transmission of subsequent data packets. The command is transmitted in a Border Gateway Protocol (BGP) Flow Specification (FlowSpec) route.
-
公开(公告)号:US20240259373A1
公开(公告)日:2024-08-01
申请号:US18103341
申请日:2023-01-30
Applicant: Hewlett Packard Enterprise Development LP
Inventor: Vinayak Joshi , Tathagata Nandy
Abstract: A system for enforcement of a set of segmentation policies at a gateway switch of a network is provided. Here, the segmentation policies can indicate which other roles are allowed to communicate with a respective role, which can indicate a set of privileges in the network. During operation, the switch can receive a first message associated with a join request for a multicast group from a host. The switch can also receive a second message comprising data from a source of the multicast group. The first and second messages can indicate first and second roles, respectively, of the host and source. Based on the first and second roles and a corresponding segmentation policy, the system can determine whether the host is allowed to receive the data from the source. If not allowed, the system can prevent the second message from being forwarded to the host from the gateway switch.
-
Patent Agency Ranking
公开(公告)号:US20240259346A1
公开(公告)日:2024-08-01
申请号:US18161171
申请日:2023-01-30
Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
Inventor: Vinayak Joshi , Venkata Varadhan Devarajan , Rajib Majila , Sathyanarayana Gopal , Hari Anil Kumar
IPC: H04L9/40
CPC classification number: H04L63/0254 , H04L63/0245 , H04L63/104
Abstract: A system for compacting traffic separation policies in campus networks, the system comprising an access layer switch and a campus border switch. The access layer switch is configured to receive a definition of one or more policies; responsive to receiving a packet, determine whether any of the policies apply to the packet; responsive to determining that none of the policies apply, cause a tag to be inserted into a communication header of the packet and forward the packet; and responsive to determining that one of the policies applies, forward or drop the packet according to the applicable policy and omit the tag. The campus border switch is configured to, responsive to receiving a packet from the access layer switch, determine whether the packet includes the tag, and responsive to determining that the packet includes the tag, apply a traffic separation policy associated with the tag to the packet.
-
公开(公告)号:US11888901B2
公开(公告)日:2024-01-30
申请号:US17409179
申请日:2021-08-23
Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
Inventor: Vinayak Joshi , Venkatavaradhan Devarajan , Rajib Majila , Tathagata Nandy
CPC classification number: H04L63/20 , H04L63/0236 , H04L63/105
Abstract: Examples disclosed herein relate to a method for defining an ingress access policy at an ingress network device based on instructions from an egress network device. The egress network device receives data packets directed to a first entity from a second entity connected to an ingress network device. Each data packet transmitted includes a source role tag corresponding to the second entity. At the egress network device, the data packets may be dropped based on the enforcement of an egress access policy. When the number of data packets that are being dropped increases beyond a pre-defined threshold, the egress network device transmits a command to the ingress network device instructing the ingress network device to create a restriction on the transmission of subsequent data packets. The command is transmitted in a Border Gateway Protocol (BGP) Flow Specification (FlowSpec) route.
-
公开(公告)号:US20230318961A1
公开(公告)日:2023-10-05
申请号:US17712342
申请日:2022-04-04
Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
Inventor: Venkatavaradhan Devarajan , Vinayak Joshi
CPC classification number: H04L45/02 , H04L12/4641 , H04L63/105 , H04L63/08 , H04L45/04
Abstract: In an example, a switch may receive an authentication request from a host associated with a first wireless access point (WAP) connected to the switch. The switch acts as a VXLAN Tunnel Endpoint (VTEP) in a Border Gateway Protocol (BGP) Ethernet Virtual Private Network (EVPN) based Virtual Extensible Local Area Network (VXLAN). The switch forwards the authentication request to an authentication server and on successful authentication of the host, may associate a role information with the host based on an authentication response from the authentication server. Further, the switch may create a BGP extended community field carrying the role identifier indicative of network policies to be implemented for the host and attach the BGP extended community field with a route advertisement. The switch then sends the route advertisement to another switch. The another switch is configured as a peer VTEP in the VXLAN. The switch and the another switch is configured in a single Virtual Local Area Network (VLAN).
-
19.发明授权公开(公告)号:US11671282B2
公开(公告)日:2023-06-06
申请号:US17328485
申请日:2021-05-24
Applicant: Hewlett Packard Enterprise Development LP
Inventor: Vinayak Joshi , Venkatavaradhan Devarajan , Rajib Majila
IPC: H04L12/46
CPC classification number: H04L12/4641 , H04L12/4633
Abstract: A system for dynamically activating a virtual network is provided. During operation, the system can operate a switch as a tunnel endpoint of a tunnel in conjunction with a remote switch. The tunnel can facilitate a virtual private network (VPN) spanning the switch and the remote switch. The system can maintain an inactive state for a virtual local area network (VLAN) and a corresponding tunnel network identifier identifying the VLAN for the tunnel. If a notification indicating the activation of the VLAN at a downstream switch is received by the switch, the system can activate the VLAN at the switch. The system can then activate the tunnel network identifier in a routing process of the VPN, thereby enabling sharing of a media access control (MAC) address associated with the VLAN via the tunnel.
-
公开(公告)号:US11646991B2
公开(公告)日:2023-05-09
申请号:US17334005
申请日:2021-05-28
Applicant: Hewlett Packard Enterprise Development LP
Inventor: Ankit Kumar Sinha , Saumya Dikshit , Vinayak Joshi , Venkatesh Natarajan
IPC: H04L61/103 , H04L45/02 , H04L61/255 , H04L12/46 , H04L12/66 , H04L61/58 , H04L61/59
CPC classification number: H04L61/103 , H04L12/4641 , H04L12/66 , H04L45/04 , H04L61/255 , H04L61/58 , H04L61/59
Abstract: One aspect provides a method and system for managing address resolution requests in a network. During operation, a gateway of the network advertises a route for sending address resolution requests and determines whether a cached entry corresponding to an address resolution request received via the route exists in a neighbor table. In response to determining that the cached entry exists, the gateway responds to the address resolution request based on the cached entry; in response to determining that the cached entry does not exist, the gateway replicates the address resolution request to edge devices in the network, thereby facilitating discovery of a target host corresponding to the address resolution request.
-
-
-
-
-
-
-
-
-
Search Results
28
records
(took 0.017 seconds)
