公开(公告)号：US20230069306A1

公开(公告)日：2023-03-02

申请号：US17411875

申请日：2021-08-25

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Rajib Majila ,  Venkatavaradhan Devarajan ,  Vinayak Joshi ,  Ram lakhan Patel

IPC: H04L12/761 ,  H04L12/717 ,  H04L12/725 ,  H04L12/46

Abstract: A system for policy management in a switch is provided. During operation, the system can generate, from a first policy defined for the switch, a second policy. The first policy can indicate whether a type of traffic is allowed from a source role to a destination role via an overlay tunnel. The second policy can indicate a plurality of destination roles that are allowed to receive multi-destination packets of the type of traffic from the source role via the overlay tunnel. Upon identifying a host associated with a role at a port of the switch, the system can determine whether the role belongs to the plurality of destination roles based on the second policy. If the role belongs to the plurality of allowed destination roles, the system can allow the port to forward a multi-destination packet, which is received via the overlay tunnel and associated with the type of traffic.

公开(公告)号：US11552824B2

公开(公告)日：2023-01-10

申请号：US17391790

申请日：2021-08-02

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Saumya Dikshit ,  Vinayak Joshi

IPC: H04L12/46 ,  H04L45/64 ,  H04L45/50

Abstract: Examples disclosed herein relate to a method comprising receiving a data packet originating from a first device and intended for a second device, wherein the first device and the first access device belong to a first branch of a Wide Area Network (WAN) using a MPLS overlay and the second device belongs to a second branch of the WAN. The method includes encapsulating the data packet in VXLAN including a VXLAN label identifying a role type and transmitting the data packet to a first core device. The method includes determining an MPLS label corresponding to the role type and transmitting the data packet over the MPLS overlay to a second core device belonging to the second branch of the WAN. The method includes translating the MPLS label into the VXLAN label and transmitting the data packet including the VXLAN label to a second access device for an enforcement action.

公开(公告)号：US20220376950A1

公开(公告)日：2022-11-24

申请号：US17328485

申请日：2021-05-24

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Vinayak Joshi ,  Venkatavaradhan Devarajan ,  Rajib Majila

IPC: H04L12/46

Abstract: A system for dynamically activating a virtual network is provided. During operation, the system can operate a switch as a tunnel endpoint of a tunnel in conjunction with a remote switch. The tunnel can facilitate a virtual private network (VPN) spanning the switch and the remote switch. The system can maintain an inactive state for a virtual local area network (VLAN) and a corresponding tunnel network identifier identifying the VLAN for the tunnel. If a notification indicating the activation of the VLAN at a downstream switch is received by the switch, the system can activate the VLAN at the switch. The system can then activate the tunnel network identifier in a routing process of the VPN, thereby enabling sharing of a media access control (MAC) address associated with the VLAN via the tunnel.

公开(公告)号：US20220345330A1

公开(公告)日：2022-10-27

申请号：US17391790

申请日：2021-08-02

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Saumya Dikshit ,  Vinayak Joshi

IPC: H04L12/46 ,  H04L12/723 ,  H04L12/715

Abstract: Examples disclosed herein relate to a method comprising receiving a data packet originating from a first device and intended for a second device, wherein the first device and the first access device belong to a first branch of a Wide Area Network (WAN) using a MPLS overlay and the second device belongs to a second branch of the WAN. The method includes encapsulating the data packet in VXLAN including a VXLAN label identifying a role type and transmitting the data packet to a first core device. The method includes determining an MPLS label corresponding to the role type and transmitting the data packet over the MPLS overlay to a second core device belonging to the second branch of the WAN. The method includes translating the MPLS label into the VXLAN label and transmitting the data packet including the VXLAN label to a second access device for an enforcement action.

公开(公告)号：US11855803B2

公开(公告)日：2023-12-26

申请号：US17497209

申请日：2021-10-08

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Vinayak Joshi ,  Venkatavaradhan Devarajan

IPC: H04L12/46 ,  H04L45/74

CPC classification number: H04L12/4633 ,  H04L45/74

Abstract: An apparatus for detecting a loop in a domain comprising a plurality of overlay tunnel fabrics is provided. The apparatus can include an indicator logic block that can insert a predetermined value, which can be unique for the apparatus in the domain, into an egress tunnel header of a packet of a data flow. The header's destination address can correspond to a remote apparatus of an overlay tunnel fabric that includes the apparatus. Tunnel encapsulation can be initiated and terminated within the corresponding overlay tunnel fabric. The indicator logic block can determine, for a respective packet of the data flow from a remote overlay tunnel fabric of the domain, whether the predetermined value is present in an ingress tunnel header. Upon identifying the predetermining value in the ingress tunnel header, a loop logic block of the apparatus can determine that a loop is present in the domain.

公开(公告)号：US20230024996A1

公开(公告)日：2023-01-26

申请号：US17374422

申请日：2021-07-13

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Vinayak Joshi ,  Tathagata Nandy ,  Venkatavaradhan Devarajan ,  Saumya Dikshit

IPC: H04W4/08 ,  H04W36/18 ,  H04L12/721 ,  H04L12/761

Abstract: In an example, a wired network device receives a first join message originating from a client device associated with a first wireless access point (WAP) connected to another wired network device in a broadcast domain. An entry corresponding to the client device is created in a remote receiver record of the wired network device. In response to the client device transitioning from the first WAP to a second WAP connected to the wired network device, it is determined that the client device is locally connected to the wired network device. Intention of the client device to receive multicast traffic is identified. A second join message directed to the network address of the multicast group and distributed in the broadcast domain. A traffic flow path for the multicast traffic via the wired network device and the second WAP to the client device is configured.

公开(公告)号：US20220400075A1

公开(公告)日：2022-12-15

申请号：US17391836

申请日：2021-08-02

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Saumya Dikshit ,  Vinayak Joshi ,  Venkatavaradhan Devarajan

IPC: H04L12/703 ,  H04L12/709 ,  H04L12/741 ,  H04L12/24 ,  H04L29/12 ,  H04L12/46

Abstract: In an example, a failure event is detected in a network, where the failure event is indicative of a network outage in a network device or a peer network device of an MC-LAG. The network device and the peer network device may be configured as a first VTEP in an overlay network. It may be determined that reprovisioning of virtual tunnels in the network device is incomplete. State parameters between the network device and the peer network device is synchronized. The set of virtual tunnels in the network device is provisioned based on the state parameters. After completion of provisioning of the virtual tunnels, an IP address of the first VTEP is published to underlay network devices connecting the first VTEP to a second VTEP over an underlay network. Subsequently, communication links between the MC-LAG and a host device is enabled.

公开(公告)号：US20220385620A1

公开(公告)日：2022-12-01

申请号：US17334005

申请日：2021-05-28

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Ankit Kumar Sinha ,  Saumya Dikshit ,  Vinayak Joshi ,  Venkatesh Natarajan

IPC: H04L29/12 ,  H04L12/46 ,  H04L12/66 ,  H04L12/715

Abstract: One aspect provides a method and system for managing address resolution requests in a network. During operation, a gateway of the network advertises a route for sending address resolution requests and determines whether a cached entry corresponding to an address resolution request received via the route exists in a neighbor table. In response to determining that the cached entry exists, the gateway responds to the address resolution request based on the cached entry; in response to determining that the cached entry does not exist, the gateway replicates the address resolution request to edge devices in the network, thereby facilitating discovery of a target host corresponding to the address resolution request.