公开(公告)号：US20190173860A1

公开(公告)日：2019-06-06

申请号：US15833807

申请日：2017-12-06

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Balaji Sankaran ,  Karthikeyan Ramachandran ,  Venkatavaradhan Devarajan ,  Gudiputi Suma Chowdary

IPC: H04L29/06 ,  G06F21/60 ,  H04L9/08

Abstract: Examples disclosed herein relate to use of MACsec to encrypt tunnel data packets. In an example, a MACsec capable device may receive a data packet from a host device for tunneling to a controller. MACsec capable device may encapsulate the data packet with an encapsulation header to generate an encapsulated data packet. The encapsulation header may comprise a destination MAC address reserved for the controller. MACsec capable device may direct the encapsulated data packet to a MACsec engine. MACsec engine may encrypt the encapsulated data packet with the encryption key to generate an encrypted data packet. MACsec capable device may encapsulate the encrypted data packet with a first GRE header. MACsec capable device may send the encrypted data packet with the first GRE header to the controller via a GRE tunnel.

公开(公告)号：US20180167262A1

公开(公告)日：2018-06-14

申请号：US15659908

申请日：2017-07-26

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Venkatavaradhan Devarajan ,  Chivukula Koundinya ,  Gopinatha Rao P

IPC: H04L12/24 ,  H04L12/703 ,  H04L12/741 ,  H04L12/26 ,  H04L29/08

Abstract: Examples relate to establishing a network fault detection session. In one example, a routing device may receive a request to initiate a bidirectional forwarding detection (BFD) session with a second routing device; transmit a first echo frame to the second routing device; receive a first response frame; determine that a response time does not meet a response time threshold; in response to the determination, determine that a BFD failure threshold has not been met; after the determination that the BFD failure threshold has not been met, transmit a second echo frame to the second routing device; receive a second response frame; determine whether a second response time meets the BFD response time threshold; and in response to determining that the second response time meets the BFD response time threshold, provide a notification that a BFD session has been established between the routing device and the second routing device.

公开(公告)号：US20240283798A1

公开(公告)日：2024-08-22

申请号：US18315269

申请日：2023-05-10

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Balaji Sankaran ,  Venkatavaradhan Devarajan ,  Vinayak Joshi

IPC: H04L9/40

CPC classification number: H04L63/104 ,  H04L63/102 ,  H04L63/30

Abstract: Some examples relate to a proxy service on a network device for applying a group based policy (GBP) to network traffic from a client. In an example, a proxy service on a network device is used to intercept a network access request message, pertaining to a client, from an access device. The proxy service forwards the network access request message to an authentication server. The server responds by sending a network access response message to the access device. The proxy service intercepts the network access response message from the authentication server and obtains the role information of the client from the network access response message. In response to receiving network traffic from the client, the proxy service identifies a GBP corresponding to the role information of the client and applies the GBP to the network traffic from the client.

公开(公告)号：US20240244000A1

公开(公告)日：2024-07-18

申请号：US18097975

申请日：2023-01-17

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Vinayak Joshi ,  Venkatavaradhan Devarajan ,  Rajib Majila ,  Vijeesh Erankotte Panayamthatta

IPC: H04L45/745 ,  H04L12/46 ,  H04L45/00 ,  H04L45/12

CPC classification number: H04L45/745 ,  H04L12/4641 ,  H04L45/12 ,  H04L45/66

Abstract: A system for selectively programming the forwarding hardware of a switch is provided. During operation, the system can operate the switch as a tunnel endpoint of a tunnel in conjunction with a remote switch. The tunnel can facilitate a virtual private network (VPN). The system can determine, using a routing protocol, a set of routes for the VPN. The system can maintain the set of routes in a first data structure in an application space. The set of routes can include a first subset of routes to remote hosts of the VPN and a second subset of routes comprising the rest of the set of routes. The system can program the second subset routes in the forwarding hardware. Upon receiving a packet for a remote host, the system can determine a route to the remote host from the first set of routes and program the route in the forwarding hardware.

公开(公告)号：US20240205048A1

公开(公告)日：2024-06-20

申请号：US18067813

申请日：2022-12-19

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Tathagata Nandy ,  Venkatavaradhan Devarajan

IPC: H04L12/46 ,  H04L12/18 ,  H04L45/00

CPC classification number: H04L12/4633 ,  H04L12/185 ,  H04L45/26 ,  H04L45/66

Abstract: In an example, a network device may receive, from a client device, a multicast query for a service advertised by a host device connected to another network device. The network device is configured as a first Virtual tunnel endpoint (VTEP) and the other network device is configured as a second VTEP in an overlay network. The network device may determine whether a host name, of the host device, corresponding to the service name in the multicast query is present in a resource record. In response to determining that the host name is present in the resource record, the network device may identify, from the resource record, an overlay network path corresponding to the host name. The network device may encapsulate the multicast query based on an overlay encapsulation protocol implemented at the first VTEP and route, the encapsulated multicast query, via the overlay network path, to the host device.

公开(公告)号：US20230327981A1

公开(公告)日：2023-10-12

申请号：US17719138

申请日：2022-04-12

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Venkatachalam Swaminathan ,  Venkatavaradhan Devarajan

IPC: H04L45/24 ,  H04L45/42 ,  H04L45/00 ,  H04L45/12

CPC classification number: H04L45/245 ,  H04L45/42 ,  H04L45/22 ,  H04L45/123

Abstract: A system for facilitating traffic redirection for a multi-chassis link aggregation group (MCLAG) is provided. During operation, the system can participate in an MCLAG using a first interface of a first switch. The MCLAG can also include a second interface of a second switch. Based on predetermined unavailability for the first switch, the system can determine a sequence of applications for a plurality of traffic forwarding configurations. A respective configuration can facilitate loop prevention for traffic forwarded via the MCLAG. The system can then apply the plurality of configurations to the first switch based on the sequence of applications to redirect unicast traffic from the first switch to the second switch. Here, applying a respective configuration can include programming corresponding switch hardware with the configuration. Subsequently, the system can perform a set of operations on the first switch that triggers the predetermined unavailability.

公开(公告)号：US11743693B2

公开(公告)日：2023-08-29

申请号：US17374422

申请日：2021-07-13

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Vinayak Joshi ,  Tathagata Nandy ,  Venkatavaradhan Devarajan ,  Saumya Dikshit

IPC: H04W4/08 ,  H04W36/18 ,  H04L45/00 ,  H04L45/16 ,  H04L12/18 ,  H04W84/12 ,  H04W88/08

CPC classification number: H04W4/08 ,  H04L45/16 ,  H04L45/66 ,  H04W36/18 ,  H04L12/189 ,  H04W84/12 ,  H04W88/08

Abstract: In an example, a wired network device receives a first join message originating from a client device associated with a first wireless access point (WAP) connected to another wired network device in a broadcast domain. An entry corresponding to the client device is created in a remote receiver record of the wired network device. In response to the client device transitioning from the first WAP to a second WAP connected to the wired network device, it is determined that the client device is locally connected to the wired network device. Intention of the client device to receive multicast traffic is identified. A second join message directed to the network address of the multicast group and distributed in the broadcast domain. A traffic flow path for the multicast traffic via the wired network device and the second WAP to the client device is configured.

公开(公告)号：US20230179544A1

公开(公告)日：2023-06-08

申请号：US17544493

申请日：2021-12-07

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Saurabh Mohan ,  Vijeesh Erankotte Panayamthatta ,  Venkatavaradhan Devarajan

IPC: H04L49/35 ,  H04L49/00 ,  H04L12/46 ,  H04L69/22 ,  H04L67/141

CPC classification number: H04L49/355 ,  H04L49/30 ,  H04L12/4633 ,  H04L69/22 ,  H04L67/141 ,  H04L63/1416

Abstract: A first ingress interface on a switch receives a first control packet for establishing a Transmission Control Protocol (TCP) session and selects a first engine running on a first line card in the switch. A second ingress interface receives a second control packet and selects the same first engine. Data associated with the TCP session received by the first or second ingress interface subsequent to establishing the TCP session is to be forwarded to the first engine. The first ingress interface receives a third control packet and sends, to the selected first engine, a notification indicating the TCP session which is to be tracked. The first or second ingress interface receives a fourth packet with a payload associated with the TCP session and forwards, to the selected first engine, a copy of the fourth packet, thereby facilitating a plurality of engine instances to support application identification.

公开(公告)号：US11652664B2

公开(公告)日：2023-05-16

申请号：US17221807

申请日：2021-04-04

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Sivasankaran Nagarajan ,  Yasser Salim Sait ,  Venkatavaradhan Devarajan

IPC: H04L12/423 ,  H04L12/46 ,  H04L12/437 ,  H04L45/74 ,  H04L41/0604 ,  H04L12/42 ,  H04L101/622

CPC classification number: H04L12/423 ,  H04L12/437 ,  H04L12/4625 ,  H04L41/0627 ,  H04L45/74 ,  H04L2012/421 ,  H04L2101/622

Abstract: Examples disclosed herein relate to managing a second ring link failure in a multi-ring Ethernet network. In an example, an inter-connection network node in a multi-ring Ethernet network comprising a major ring and a sub-ring may propagate a signal failure (SF) event, received in response to a second ring link failure in the major ring, to one or more nodes in the sub-ring. In response to receiving the SF event, a Ring Protection Link (RPL) on the sub-ring may be unlocked to allow network traffic through the RPL and avoid loop formation on the multi-ring Ethernet network. The sub-ring may be moved to the ring protection switching state, including performing a filtering database (FDB) flush at every node on the multi-ring Ethernet network whereby all MAC addresses and related port associations for traffic forwarding are cleared from the FDB.

公开(公告)号：US20220417287A1

公开(公告)日：2022-12-29

申请号：US17409179

申请日：2021-08-23

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Vinayak Joshi ,  Venkatavaradhan Devarajan ,  Rajib Majila ,  Tathagata Nandy

IPC: H04L29/06

Abstract: Examples disclosed herein relate to a method for defining an ingress access policy at an ingress network device based on instructions from an egress network device. The egress network device receives data packets directed to a first entity from a second entity connected to an ingress network device. Each data packet transmitted includes a source role tag corresponding to the second entity. At the egress network device, the data packets may be dropped based on the enforcement of an egress access policy. When the number of data packets that are being dropped increases beyond a pre-defined threshold, the egress network device transmits a command to the ingress network device instructing the ingress network device to create a restriction on the transmission of subsequent data packets. The command is transmitted in a Border Gateway Protocol (BGP) Flow Specification (FlowSpec) route.