公开(公告)号：US11044197B2

公开(公告)日：2021-06-22

申请号：US16511898

申请日：2019-07-15

Applicant: Arista Networks, Inc.

Inventor： Simon Francis Capper ,  Kenneth James Duda ,  Hugh Holbrook

IPC: H04L12/721 ,  H04L12/46

Abstract: In general, embodiments of the invention relate to processing network traffic data units (NTDUs). More specifically, embodiments of the invention relate to processing NTDUs transmitted between client device and the one or more protected resources. The protected resources are logically surrounded by a perimeter, which is implemented as a set of network devices that manage the flow of NTDUs between client devices and the protected resources. The perimeter works in conjunction with a set of filtering devices to determine whether a given NTDU can ultimately be transmitted to, and processed by, a protected resource.

公开(公告)号：US10999131B2

公开(公告)日：2021-05-04

申请号：US16576443

申请日：2019-09-19

Applicant: Arista Networks, Inc.

Inventor： Robert E. Gilligan ,  Kenneth James Duda

IPC: H04L12/24 ,  H04L12/26

Abstract: A method for detecting abnormalities in network element operation. The method includes monitoring at least a portion of the network element for abnormalities and making a determination that an abnormality exists, in response to the monitoring, and based on the determination, tracking the abnormality. An abnormality includes a measured performance that deviates from a nominal performance, but that does not cause erroneous behavior of the network element.

公开(公告)号：US20200106640A1

公开(公告)日：2020-04-02

申请号：US16363137

申请日：2019-03-25

Applicant: Arista Networks, Inc.

Inventor： François Labonté ,  Kenneth James Duda ,  Hugh W. Holbrook

IPC: H04L12/417 ,  H04L12/24 ,  H04W72/04 ,  H04W68/00

Abstract: Embodiments of the invention may relate to methods, systems, and/or non-transitory computer readable mediums for sidelining Such sidelining may include making a first determination, by a first network device, that a first network device state has degraded and making a first request, based on the first determination, to receive a first sideline token from a network controller. The network controller, in response to the first request, may make a second determination that a remaining sideline token is available. The method may also include receiving, by the first network device and based on the second determination, the remaining sideline token from the network controller and initiating, by the first network device, a graceful offlining based on receiving the remaining sideline token.

公开(公告)号：US20180248770A1

公开(公告)日：2018-08-30

申请号：US15626017

申请日：2017-06-16

Applicant: Arista Networks, Inc.

Inventor： Sudip Regmi ,  Udayakumar Srinivasan ,  Kenneth James Duda ,  Anirban Sinha

IPC: H04L12/24 ,  H04L29/08 ,  G06F9/445

CPC classification number: H04L41/145 ,  G06F8/60 ,  G06F8/61 ,  G06F8/65 ,  G06F8/656 ,  G06F9/4411 ,  G06F9/455 ,  G06F9/45533 ,  G06F16/951 ,  G06F17/509 ,  G06F2217/04 ,  H04L41/082 ,  H04L41/20 ,  H04L43/50 ,  H04L67/20 ,  H04L67/34

Abstract: A method and apparatus of a network element that processes control plane data in a network element is described. In an exemplary embodiment, the device receives control plane data with a network element operating system, where at least a functionality of the network element operating system is executing in a container of the network element. In addition, the network element includes a data plane with a plurality of hardware tables and the host operating system. Furthermore, the network element processes the control plane data with the network element operating system. The network element additionally updates at least one of the plurality of hardware tables with the process control plane data using the network element operating system.

公开(公告)号：US20180246715A1

公开(公告)日：2018-08-30

申请号：US15626028

申请日：2017-06-16

Applicant: Arista Networks, Inc.

Inventor： Sudip Regmi ,  Udayakumar Srinivasan ,  Kenneth James Duda ,  Anirban Sinha

IPC: G06F9/445

CPC classification number: H04L41/145 ,  G06F8/60 ,  G06F8/61 ,  G06F8/65 ,  G06F8/656 ,  G06F9/4411 ,  G06F9/455 ,  G06F9/45533 ,  G06F16/951 ,  G06F17/509 ,  G06F2217/04 ,  H04L41/082 ,  H04L41/20 ,  H04L43/50 ,  H04L67/20 ,  H04L67/34

Abstract: A method and apparatus of a network element that hitlessly upgrades a network element operating system of a network element is described. In an exemplary embodiment, the network element receives a second image for the network element operating system, where a first image of the network element operating system is executing as a first set of processes in a first container and the first set of processes manages the plurality of hardware tables for the network element. The network element further instantiates a second container for the second image. In addition, the network element starts a second set of processes using at least the second image in the second container. The network element additionally synchronizes state data between the first set of processes and the second set of processes. Furthermore, the network element sets the second set of processes as managing the plurality of hardware tables, and stops the first set of processes within the first container.

公开(公告)号：US20170359199A9

公开(公告)日：2017-12-14

申请号：US15335993

申请日：2016-10-27

Applicant: Arista Networks, Inc.

Inventor： Benoit Sigoure ,  Kenneth James Duda

IPC: H04L12/46 ,  H04L12/931

CPC classification number: H04L12/4645 ,  H04L12/4633 ,  H04L12/4641 ,  H04L49/354

Abstract: A method for virtual extensible local area network (VXLAN) encapsulation. The method includes receiving a first augmented MAC frame on a first ingress port of a first network device, where the first augmented MAC frame includes a first egress port ID (EPID), a first ingress port ID (IPID), and a first MAC frame. The method further includes identifying a first destination VXLAN tunnel endpoint (VTEP) internet protocol (IP) address based on the first EPID, where the first destination VTEP IP address is associated with a first destination VTEP. The method further includes identifying a source VTEP IP address based on the first IPID, performing VXLAN encapsulation of the first MAC frame to obtain a VXLAN frame, and sending the VXLAN frame to the first destination VTEP via a first egress port of the first network device.

公开(公告)号：US20170264552A1

公开(公告)日：2017-09-14

申请号：US15066913

申请日：2016-03-10

Applicant: Arista Networks, Inc.

Inventor： Kenneth James Duda

IPC: H04L12/801 ,  H04L12/851 ,  H04L29/12 ,  H04L12/741

CPC classification number: H04L47/17 ,  H04L45/02 ,  H04L45/20 ,  H04L45/50 ,  H04L45/54 ,  H04L47/2441 ,  H04L61/103 ,  H04L61/6022

Abstract: In general, the invention relates to a method for programming a network device to perform routing of data packets between and/or within networks. More specifically, the method provides a more efficient process for updating the forwarding equivalence class (FEC) table with minimal impacting of the mappings in the forward information base (FIB) of the network device.

公开(公告)号：US09729578B2

公开(公告)日：2017-08-08

申请号：US14592932

申请日：2015-01-09

Applicant: Arista Networks, Inc.

Inventor： Douglas Alan Gourlay ,  Kenneth James Duda

IPC: H04L29/06 ,  H04L12/24 ,  H04L12/927 ,  H04L12/721 ,  H04L12/741 ,  H04L12/931 ,  H04L12/813

CPC classification number: H04L63/20 ,  H04L41/0816 ,  H04L41/0893 ,  H04L45/72 ,  H04L45/74 ,  H04L47/20 ,  H04L47/80 ,  H04L49/354 ,  H04L49/70 ,  H04L63/0876 ,  H04L63/10 ,  H04L63/123

Abstract: A method and system for applying a network policy in a virtual extensible local area network (VXLAN) environment. The method includes receiving, at a network device, a VXLAN frame that includes a source VXLAN network identifier (VNI). The network device includes a first network policy. The method also includes examining the VXLAN frame to determine the source VNI; obtaining, based on the source VNI, the first network policy; and processing the VXLAN frame based on the application of the first network policy.

公开(公告)号：US20150058470A1

公开(公告)日：2015-02-26

申请号：US13971210

申请日：2013-08-20

Applicant: Arista Networks, Inc.

Inventor： Kenneth James Duda

IPC: H04L12/24

CPC classification number: H04L61/103 ,  H04L12/4633 ,  H04L12/4641 ,  H04L61/6009

Abstract: A method and system for sharing host entries between virtual tunnel endpoints (VTEPs). The method includes making a first determination that an NLHE is present in a locally learned host entry table on a VTEP where the NHLE is associated with a first timestamp, and making a second determination that a first entry corresponding to the NHLE is present in a Host-Specific Portion of Global Host Entry Table (HSPT) on the VTEP, where the first entry is associated with a second timestamp. Based on the second determination, making a third determination, using the timestamps, that the NHLE is more recent than the first entry and based on the third determination updating an active forwarding table on the first VTEP to include a second entry corresponding to the NHLE and to remove the first entry and sending the NHLE to a VXLAN controller operatively connected to the VTEP.

Abstract translation: 一种用于在虚拟隧道端点（VTEP）之间共享主机条目的方法和系统。 该方法包括首先确定NLHE存在于VTEP上的本地学习的主机条目表中，其中NHLE与第一时间戳相关联，并且进行第二确定，与NHLE相对应的第一条目存在于主机 - VTEP上的全局主机条目表（HSPT）的特定部分，其中第一个条目与第二个时间戳相关联。 基于所述第二确定，使用所述时间戳来确定所述NHLE比所述第一条目更新，并且基于所述第三确定来更新所述第一VTEP上的活动转发表以包括对应于所述NHLE的第二条目，以及 删除第一个条目并将NHLE发送到可操作地连接到VTEP的VXLAN控制器。

公开(公告)号：US20140280792A1

公开(公告)日：2014-09-18

申请号：US13893243

申请日：2013-05-13

Applicant: Arista Networks, Inc.

Inventor： Benoit Sigoure ,  Kenneth James Duda ,  Douglas Gourlay

IPC: H04L12/26 ,  H04L29/08

CPC classification number: H04L67/28 ,  H04L41/0654 ,  H04L67/2861 ,  H04L69/40

Abstract: A method and apparatus of a device that notifies another device of a failed device is described. In an exemplary embodiment, a network element detects that a first device is unavailable, where the network element couples the first device to the second device. In response to detecting that the first device is unavailable, the network element configures a proxy for the first device. The network element additionally receives network data that is destined for the first device, where the second device originated the network data. If the proxy can process the network data, the network element transmits a response to the second device from the proxy, where the response indicates that the first device is unavailable, where the first response includes an address of the first device. If the proxy cannot process the network data, the network element drops the network data.

Abstract translation: 描述了通知另一设备故障设备的设备的方法和设备。 在示例性实施例中，网络元件检测到第一设备不可用，其中网络元件将第一设备耦合到第二设备。 响应于检测到第一设备不可用，网络元件为第一设备配置代理。 网络元件另外接收目的地为第一设备的网络数据，其中第二设备发起网络数据。 如果代理可以处理网络数据，则网络单元从代理发送对第二设备的响应，其中响应指示第一设备不可用，其中第一响应包括第一设备的地址。 如果代理无法处理网络数据，则网元丢弃网络数据。