公开(公告)号：US09350608B2

公开(公告)日：2016-05-24

申请号：US14592934

申请日：2015-01-09

Applicant: Arista Networks, Inc.

Inventor： Douglas Alan Gourlay ,  Kenneth James Duda

IPC: H04L29/06 ,  H04L12/24 ,  H04L12/927 ,  H04L12/721 ,  H04L12/741 ,  H04L12/931

CPC classification number: H04L63/20 ,  H04L41/0816 ,  H04L41/0893 ,  H04L45/72 ,  H04L45/74 ,  H04L47/20 ,  H04L47/80 ,  H04L49/354 ,  H04L49/70 ,  H04L63/0876 ,  H04L63/10 ,  H04L63/123

Abstract: A method and system for securing a VXLAN environment, including configuring a default network policy, associated with interfaces of the network device, for dropping all VXLAN frames including a VXLAN attribute; obtaining, by the network device, registered VTEP identifiers; determining, using the registered VTEP identifiers, that an interface of the network device is operatively connected to a registered VTEP associated with a registered VTEP identifier; disassociating the default network policy from the interface based on the determination; receiving, at the interface, a frame; performing a first verification that the frame is a VXLAN frame by examining the frame to determine that the frame includes the VXLAN attribute; performing a second verification to determine that the VXLAN frame includes a registered VTEP identifier; allowing, based on the first verification and the second verification, the network device to process the VXLAN frame; and processing the VXLAN frame.

Abstract translation: 一种用于保护VXLAN环境的方法和系统，包括配置与网络设备的接口相关联的默认网络策略，用于丢弃包括VXLAN属性的所有VXLAN帧; 通过网络设备获得注册的VTEP标识符; 使用注册的VTEP标识符确定网络设备的接口可操作地连接到与注册的VTEP标识符相关联的注册VTEP; 基于确定，将界面的默认网络策略分离; 在界面处接收一帧; 通过检查帧来确定帧包括VXLAN属性来执行帧是VXLAN帧的第一验证; 执行第二验证以确定VXLAN帧包括注册的VTEP标识符; 允许网络设备基于第一次验证和第二次验证来处理VXLAN帧; 并处理VXLAN框架。

公开(公告)号：US20150200847A1

公开(公告)日：2015-07-16

申请号：US14592932

申请日：2015-01-09

Applicant: Arista Networks, Inc.

Inventor： Douglas Alan Gourlay ,  Kenneth James Duda

IPC: H04L12/721 ,  H04L12/741 ,  H04L12/931

CPC classification number: H04L63/20 ,  H04L41/0816 ,  H04L41/0893 ,  H04L45/72 ,  H04L45/74 ,  H04L47/20 ,  H04L47/80 ,  H04L49/354 ,  H04L49/70 ,  H04L63/0876 ,  H04L63/10 ,  H04L63/123

Abstract: A method and system for applying a network policy in a virtual extensible local area network (VXLAN) environment. The method includes receiving, at a network device, a VXLAN frame that includes a source VXLAN network identifier (VNI). The network device includes a first network policy. The method also includes examining the VXLAN frame to determine the source VNI; obtaining, based on the source VNI, the first network policy; and processing the VXLAN frame based on the application of the first network policy.

Abstract translation: 一种在虚拟可扩展局域网（VXLAN）环境中应用网络策略的方法和系统。 该方法包括在网络设备处接收包括源VXLAN网络标识符（VNI）的VXLAN帧。 网络设备包括第一网络策略。 该方法还包括检查VXLAN帧以确定源VNI; 根据源VNI获得第一个网络策略; 并根据第一个网络策略的应用来处理VXLAN帧。

公开(公告)号：US20250168066A1

公开(公告)日：2025-05-22

申请号：US19028097

申请日：2025-01-17

Applicant: Arista Networks, Inc.

Inventor： Douglas Alan Gourlay ,  Kenneth James Duda

IPC: H04L41/0816 ,  H04L9/40 ,  H04L41/0893 ,  H04L41/0894 ,  H04L41/0895 ,  H04L45/00 ,  H04L45/74 ,  H04L47/20 ,  H04L47/80 ,  H04L49/00 ,  H04L49/354

Abstract: A method and system for maintaining persistent network policies for a virtual machine (VM) that includes determining a name of the VM executing on a first host connected to a first network device; binding the name of the VM to a network policy for the VM on the first network device; acquiring from VM management software, using the name of the VM, a universally unique identifier (UUID) of the VM; associating the UUID to the network policy on the first network device; applying the network policy for the VM on the first network device; subscribing to receive notifications from the VM management software of changes to the configuration of the VM corresponding to the UUID; receiving notification from the VM management software of a configuration change made to the VM corresponding to the UUID; and updating the network policy of the VM to reflect the configuration change of the VM.

公开(公告)号：US12278842B2

公开(公告)日：2025-04-15

申请号：US18404629

申请日：2024-01-04

Applicant: Arista Networks, Inc.

Inventor： Douglas Alan Gourlay ,  Kenneth James Duda

IPC: H04L9/40 ,  H04L41/0816 ,  H04L41/0893 ,  H04L45/00 ,  H04L45/74 ,  H04L47/20 ,  H04L47/80 ,  H04L49/00 ,  H04L49/354

Abstract: A method and system for maintaining persistent network policies for a virtual machine (VM) that includes determining a name of the VM executing on a first host connected to a first network device; binding the name of the VM to a network policy for the VM on the first network device; acquiring from VM management software, using the name of the VM, a universally unique identifier (UUID) of the VM; associating the UUID to the network policy on the first network device; applying the network policy for the VM on the first network device; subscribing to receive notifications from the VM management software of changes to the configuration of the VM corresponding to the UUID; receiving notification from the VM management software of a configuration change made to the VM corresponding to the UUID; and updating the network policy of the VM to reflect the configuration change of the VM.

公开(公告)号：US20230353443A1

公开(公告)日：2023-11-02

申请号：US18348724

申请日：2023-07-07

Applicant: Arista Networks, Inc.

Inventor： Kenneth James Duda

IPC: H04L45/58 ,  H04L45/02 ,  H04L41/0816 ,  H04L41/00

CPC classification number: H04L41/00 ,  H04L41/0816 ,  H04L45/02 ,  H04L45/58 ,  H04L49/3009

Abstract: A method for processing state information updates. The method includes receiving, by a coordination point, a plurality of state information from a plurality of network elements; processing at least one of the plurality of state information to generate a result; and applying the result to at least one of the plurality of network elements in order to modify an operation of the at least one of the plurality of network elements.

公开(公告)号：US11757715B2

公开(公告)日：2023-09-12

申请号：US16953990

申请日：2020-11-20

Applicant: Arista Networks, Inc.

Inventor： Kenneth James Duda

IPC: H04L41/0816 ,  H04L43/065 ,  H04L41/22 ,  H04L41/046 ,  H04L41/12 ,  H04L43/08

CPC classification number: H04L41/0816 ,  H04L41/046 ,  H04L41/12 ,  H04L41/22 ,  H04L43/065 ,  H04L43/08

Abstract: A method for managing networking devices. The method includes receiving, by a second management system, first network device state information (NDSI) for a first plurality of network devices, where the first NDSI is obtained by a first management system and where the first management system manages the first plurality of network devices. The method further includes initiating performance of a management action based on a result, wherein the result is obtained by processing at least the first NDSI.

公开(公告)号：US11303505B2

公开(公告)日：2022-04-12

申请号：US16936191

申请日：2020-07-22

Applicant: Arista Networks, Inc.

Inventor： Kenneth James Duda

IPC: G06F15/173 ,  H04L41/0659 ,  H04L41/12 ,  H04L45/02 ,  H04L61/10 ,  H04L41/0654 ,  H04L41/0813 ,  H04L41/0677 ,  G06F15/16 ,  H04L101/622

Abstract: A method includes obtaining network data. The data includes a first portion of the network data obtained from a first network device of at least two network devices, and a second portion of the network data obtained from a second network device of the at least two network devices. The method also includes obtaining, using the network data, enhanced network data that indicates a presence of a network flaw of the network, the network flaw is not indicated by either of the first portion or the second portion in isolation from the other portion. The method further includes performing a network enhancement action set using the enhanced network data to remediate the network flaw.

公开(公告)号：US20220029877A1

公开(公告)日：2022-01-27

申请号：US16936191

申请日：2020-07-22

Applicant: Arista Networks, Inc.

Inventor： Kenneth James Duda

IPC: H04L12/24 ,  H04L29/12 ,  H04L12/751

Abstract: A method includes obtaining network data. The data includes a first portion of the network data obtained from a first network device of at least two network devices, and a second portion of the network data obtained from a second network device of the at least two network devices. The method also includes obtaining, using the network data, enhanced network data that indicates a presence of a network flaw of the network, the network flaw is not indicated by either of the first portion or the second portion in isolation from the other portion. The method further includes performing a network enhancement action set using the enhanced network data to remediate the network flaw.

公开(公告)号：US11108696B2

公开(公告)日：2021-08-31

申请号：US16521098

申请日：2019-07-24

Applicant: Arista Networks, Inc.

Inventor： Kenneth James Duda

IPC: H04L12/801 ,  H04L12/741 ,  H04L12/851 ,  H04L29/12

Abstract: In general, the invention relates to a method for programming a network device to perform routing of data packets between and/or within networks. More specifically, the method provides a more efficient process for updating the forwarding equivalence class (FEC) table with minimal impacting of the mappings in the forward information base (FIB) of the network device.

公开(公告)号：US11075948B2

公开(公告)日：2021-07-27

申请号：US14592931

申请日：2015-01-09

Applicant: Arista Networks, Inc.

Inventor： Douglas Alan Gourlay ,  Kenneth James Duda

IPC: H04L12/24 ,  H04L12/927 ,  H04L29/08 ,  H04L29/06 ,  H04L12/931 ,  H04L12/813 ,  H04L12/721 ,  H04L12/741

Abstract: A method and system for maintaining persistent network policies for a virtual machine (VM) that includes determining a name of the VM executing on a first host connected to a first network device; binding the name of the VM to a network policy for the VM on the first network device; acquiring from VM management software, using the name of the VM, a universally unique identifier (UUID) of the VM; associating the UUID to the network policy on the first network device; applying the network policy for the VM on the first network device; subscribing to receive notifications from the VM management software of changes to the configuration of the VM corresponding to the UUID; receiving notification from the VM management software of a configuration change made to the VM corresponding to the UUID; and updating the network policy of the VM to reflect the configuration change of the VM.