Support of a large number of VLANs in a bridged network
    1.
    发明授权
    Support of a large number of VLANs in a bridged network 有权
    支持桥接网络中的大量VLAN

    公开(公告)号:US08902908B2

    公开(公告)日:2014-12-02

    申请号:US11416988

    申请日:2006-05-02

    CPC分类号: H04L12/4641 H04L45/50

    摘要: Disclosed are, inter alia, methods, apparatus, data structures, computer-readable media, mechanisms, and means for supporting a large number of virtual local area networks (VLANS) in a bridged network. Packets are received that include 802.1Q Virtual Local Area Network (VLAN) identifiers (VIDs). However, rather than accessing the VLAN forwarding information directly based on the VID as conventionally performed, the VLAN forwarding information to use for a particular packet is determined based on an interface (e.g., virtual or physical interface, port, MPLS label, GRE tunnel or other abstraction of the interface). In other words, the interface associated with the packet identifies a context for determining the VLAN forwarding information based on the VID included in the packet. Therefore, network bridging devices can support more VLANs than that imposed by the 4096 possible values of a VID.

    摘要翻译: 公开了尤其是用于支持桥接网络中的大量虚拟局域网(VLAN)的方法,装置,数据结构,计算机可读介质,机制和装置。 收到包含802.1Q虚拟局域网(VLAN)标识符(VID)的数据包。 但是,根据传统的VID直接访问VLAN转发信息,而不是根据接口(例如,虚拟或物理接口,端口,MPLS标签,GRE隧道或者接口)来确定用于特定数据包的VLAN转发信息, 接口的其他抽象)。 换句话说,与分组相关联的接口基于分组中包括的VID来标识用于确定VLAN转发信息的上下文。 因此,网络桥接设备可以支持比VID的4096个可能值所施加的更多的VLAN。

    Sampling rate-limited traffic
    2.
    发明授权
    Sampling rate-limited traffic 有权
    采样率限制流量

    公开(公告)号:US08018845B2

    公开(公告)日:2011-09-13

    申请号:US11339597

    申请日:2006-01-25

    CPC分类号: H04L43/022 H04L43/16

    摘要: Out-of-profile rate-limited traffic is sampled to provide data for analysis, such as for, but not limited to, identifying a threat condition such as a denial-of-service or other malicious attack, or a non-malicious attack such as an error in configuration. A rate limiter including at least three states is typically used, with one of these states being an out-of-profile sampling state wherein the packet traffic is sampled to identify one or more sampled packets on which analysis can be performed, with defensive action possibly taken in response to the analysis.

    摘要翻译: 采样失速率限制流量以提供用于分析的数据,例如用于但不限于识别威胁状况,例如拒绝服务或其他恶意攻击,或非恶意攻击,例如非恶意攻击 作为配置错误。 通常使用包括至少三个状态的速率限制器,其中这些状态之一是失真采样状态,其中对分组业务进行采样以识别可以在其上进行分析的一个或多个采样分组,具有可能的防御动作 作为回应分析。

    Constraining flooding of multicast traffic in Layer2 networks
    3.
    发明申请
    Constraining flooding of multicast traffic in Layer2 networks 有权
    限制二层网络中组播流量的泛洪

    公开(公告)号:US20070091890A1

    公开(公告)日:2007-04-26

    申请号:US11257696

    申请日:2005-10-25

    IPC分类号: H04L12/56

    摘要: A mechanism for a network device to constrain multicast flooding of out-of-profile multicast frames is provided by defining a multicast flood domain that includes a subset of ports that are members of the broadcast domain. Such a multicast flood domain can be user configured or dynamically configured to include device ports that are coupled to network elements that should receive such out-of-profile multicast transmissions and exclude network elements that should not receive such multicast transmissions. In one embodiment of the present invention, such capability is provided by incorporating into a network device a mechanism for performing a multicast flood domain lookup of an address table in the event that an out-of-profile multicast frame is received.

    摘要翻译: 通过定义包括作为广播域的成员的端口的子集的组播泛洪域来提供网络设备限制外部组播帧的组播泛洪的机制。 这样的组播泛洪域可以被用户配置或动态地配置为包括耦合到应该接收到这种不合格的多播传输的网络元件的设备端口,并且排除不应该接收这种多播传输的网络元件。 在本发明的一个实施例中,通过在网络设备中并入接收到异常外组播帧的情况下用于执行地址表的组播泛洪域查找的机制来提供这种能力。

    Performing extended lookups on mac-based tables
    4.
    发明申请
    Performing extended lookups on mac-based tables 有权
    在基于Mac的表上执行扩展查找

    公开(公告)号:US20060221960A1

    公开(公告)日:2006-10-05

    申请号:US11096738

    申请日:2005-04-01

    申请人: Gaetano Borgione

    发明人: Gaetano Borgione

    IPC分类号: H04L12/28 H04J3/26

    摘要: A method, system, and computer program product are presented to optimize OSI Level 2 switch forwarding of frames comprising IP addresses, 802.1 QinQ VLAN identifiers, multi-protocol label switching labels, and any other usable information meaningful to derive an L2 forwarding result on frames. In one embodiment, a 16-bit key is included as a prefix to a 48-bit OSI Level 2 address entry, thereby allowing the inclusion of a 32-bit OSI Level 3 address in the lookup table (e.g., a complete IP version 4 address). Implementations of such a solution are presented to resolve address aliasing issues experienced with multicast group destination addresses, including single source multicast. Solutions to optimizing forwarding of frames in an IEEE 802.1 QinQ environment are also presented. A result of these implementations can be reduction of the amount of unnecessary network traffic generated by a network switch incorporating such an OSI Level 2 address lookup table.

    摘要翻译: 提出了一种方法,系统和计算机程序产品,以优化包括IP地址,802.1QinQ VLAN标识符,多协议标签交换标签和任何其他可用信息的帧的OSI 2级交换机转发,以有助于在帧上导出L2转发结果 。 在一个实施例中,将16位密钥作为前缀包括在48位OSI 2级地址条目中,从而允许在查找表中包括32位OSI 3级地址(例如,完整的IP版本4 地址)。 提出了这样的解决方案的实现,以解决组播目的地地址(包括单源组播)所遇到的地址混叠问题。 还介绍了在IEEE 802.1 QinQ环境中优化帧转发的解决方案。 这些实现的结果可以是减少由包含这样的OSI 2级地址查找表的网络交换机生成的不必要的网络流量的量。

    METHOD AND SYSTEM FOR MANAGING INTERCONNECTION OF VIRTUAL NETWORK FUNCTIONS
    5.
    发明申请
    METHOD AND SYSTEM FOR MANAGING INTERCONNECTION OF VIRTUAL NETWORK FUNCTIONS 有权
    管理虚拟网络功能互连的方法和系统

    公开(公告)号:US20150295750A1

    公开(公告)日:2015-10-15

    申请号:US14253775

    申请日:2014-04-15

    IPC分类号: H04L12/24 G06F11/18

    摘要: A method and apparatus is disclosed herein for use of a connectivity manager and a network infrastructure including the same. In one embodiment, the network infrastructure comprises one or more physical devices communicably coupled into a physical network infrastructure or via the overlay provided by the physical servers; and a virtual network domain containing a virtual network infrastructure executing on the physical network infrastructure. In one embodiment, the virtual network domain comprises one or more virtual network functions connected together through one or more links and executing on the one or more physical devices, and one or more interfaces coupled to one or more network functions via one or more links to communicate data between the virtual network domain and at least one of the one or more physical devices of the physical network infrastructure while the virtual network domain is isolated from other virtual infrastructures executing on the physical network infrastructure.

    摘要翻译: 本文公开了一种使用连接管理器和包括其的网络基础设施的方法和装置。 在一个实施例中,网络基础设施包括可通信地耦合到物理网络基础设施中或经由物理服务器提供的覆盖物的一个或多个物理设备; 以及包含在物理网络基础设施上执行的虚拟网络基础设施的虚拟网络域。 在一个实施例中,虚拟网络域包括通过一个或多个链路连接在一起并在一个或多个物理设备上执行的一个或多个虚拟网络功能,以及经由一个或多个链路耦合到一个或多个网络功能的一个或多个接口 在虚拟网络域与物理网络基础设施上执行的其他虚拟基础设施隔离的同时,在虚拟网络域与物理网络基础设施的一个或多个物理设备中的至少一个之间传送数据。

    Apparatus and method for utilizing aggregate network links for multicast switching
    6.
    发明授权
    Apparatus and method for utilizing aggregate network links for multicast switching 有权
    利用聚合网络链路进行组播切换的装置和方法

    公开(公告)号:US08155125B1

    公开(公告)日:2012-04-10

    申请号:US10944307

    申请日:2004-09-17

    IPC分类号: H04L12/28

    CPC分类号: H04L12/4641 H04L12/1863

    摘要: A method, system, and apparatus to transmit replicated multicast packets over a plurality of physical network links that are combined into one logical channel or link so that the replicated multicast packets are distributed over more than one network link is disclosed. It is further disclosed that distribution over the network links is accomplished, in part, through analyzing the multicast packet for information other than ethernet addresses. Such information can include a tag header including destination interface information.

    摘要翻译: 公开了一种通过组合成一个逻辑信道或链路的多个物理网络链路来传输复制的多播分组的方法,系统和装置,以便复制的多播分组分布在多于一个的网络链路上。 还公开了通过网络链路的分发部分地通过分析除了以太网地址之外的信息的多播分组来实现。 这样的信息可以包括包括目的地接口信息的标签报头。

    Constraining flooding of multicast traffic in Layer2 networks
    7.
    发明授权
    Constraining flooding of multicast traffic in Layer2 networks 有权
    限制二层网络中组播流量的泛洪

    公开(公告)号:US07599367B2

    公开(公告)日:2009-10-06

    申请号:US11257696

    申请日:2005-10-25

    IPC分类号: H04L12/28 H04L12/56

    摘要: A mechanism for a network device to constrain multicast flooding of out-of-profile multicast frames is provided by defining a multicast flood domain that includes a subset of ports that are members of the broadcast domain. Such a multicast flood domain can be user configured or dynamically configured to include device ports that are coupled to network elements that should receive such out-of-profile multicast transmissions and exclude network elements that should not receive such multicast transmissions. In one embodiment of the present invention, such capability is provided by incorporating into a network device a mechanism for performing a multicast flood domain lookup of an address table in the event that an out-of-profile multicast frame is received.

    摘要翻译: 通过定义包括作为广播域的成员的端口的子集的组播泛洪域来提供网络设备限制外部组播帧的组播泛洪的机制。 这样的组播泛洪域可以被用户配置或动态地配置为包括耦合到应该接收到这种不合格的多播传输的网络元件的设备端口,并且排除不应该接收这种多播传输的网络元件。 在本发明的一个实施例中,通过在网络设备中并入接收到异常外组播帧的情况下用于执行地址表的组播泛洪域查找的机制来提供这种能力。

    Performing extended lookups on MAC-based tables including level 3 multicast group destination addresses
    8.
    发明授权
    Performing extended lookups on MAC-based tables including level 3 multicast group destination addresses 有权
    对基于MAC的表执行扩展查找,包括3级组播组目标地址

    公开(公告)号:US07586895B2

    公开(公告)日:2009-09-08

    申请号:US11096738

    申请日:2005-04-01

    申请人: Gaetano Borgione

    发明人: Gaetano Borgione

    摘要: A method, system, and computer program product are presented to optimize OSI Level 2 switch forwarding of frames comprising IP addresses, 802.1 QinQ VLAN identifiers, multi-protocol label switching labels, and any other usable information meaningful to derive an L2 forwarding result on frames. In one embodiment, a 16-bit key is included as a prefix to a 48-bit OSI Level 2 address entry, thereby allowing the inclusion of a 32-bit OSI Level 3 address in the lookup table (e.g., a complete IP version 4 address). Implementations of such a solution are presented to resolve address aliasing issues experienced with multicast group destination addresses, including single source multicast. Solutions to optimizing forwarding of frames in an IEEE 802.1 QinQ environment are also presented. A result of these implementations can be reduction of the amount of unnecessary network traffic generated by a network switch incorporating such an OSI Level 2 address lookup table.

    摘要翻译: 提出了一种方法,系统和计算机程序产品,以优化包括IP地址,802.1QinQ VLAN标识符,多协议标签交换标签以及任何其他可用信息的帧的OSI 2级交换机转发,以有助于在帧上导出L2转发结果 。 在一个实施例中,将16位密钥作为前缀包括在48位OSI 2级地址条目中,从而允许在查找表中包括32位OSI 3级地址(例如,完整的IP版本4 地址)。 提出了这样的解决方案的实现,以解决组播目的地地址(包括单源组播)所遇到的地址混叠问题。 还介绍了在IEEE 802.1 QinQ环境中优化帧转发的解决方案。 这些实现的结果可以是减少由包含这样的OSI 2级地址查找表的网络交换机生成的不必要的网络流量的量。

    Support of a large number of VLANs in a bridged network
    9.
    发明申请
    Support of a large number of VLANs in a bridged network 有权
    支持桥接网络中的大量VLAN

    公开(公告)号:US20070258446A1

    公开(公告)日:2007-11-08

    申请号:US11416988

    申请日:2006-05-02

    IPC分类号: H04L12/56

    CPC分类号: H04L12/4641 H04L45/50

    摘要: Disclosed are, inter alia, methods, apparatus, data structures, computer-readable media, mechanisms, and means for supporting a large number of virtual local area networks (VLANS) in a bridged network. Packets are received that include 802.1Q Virtual Local Area Network (VLAN) identifiers (VIDs). However, rather than accessing the VLAN forwarding information directly based on the VID as conventionally performed, the VLAN forwarding information to use for a particular packet is determined based on an interface (e.g., virtual or physical interface, port, MPLS label, GRE tunnel or other abstraction of the interface). In other words, the interface associated with the packet identifies a context for determining the VLAN forwarding information based on the VID included in the packet. Therefore, network bridging devices can support more VLANs than that imposed by the 4096 possible values of a VID.

    摘要翻译: 公开了尤其是用于支持桥接网络中的大量虚拟局域网(VLAN)的方法,装置,数据结构,计算机可读介质,机制和装置。 收到包含802.1Q虚拟局域网(VLAN)标识符(VID)的数据包。 但是,根据传统的VID直接访问VLAN转发信息,而不是根据接口(例如,虚拟或物理接口,端口,MPLS标签,GRE隧道或者接口)来确定用于特定数据包的VLAN转发信息, 接口的其他抽象)。 换句话说,与分组相关联的接口基于分组中包括的VID来标识用于确定VLAN转发信息的上下文。 因此,网络桥接设备可以支持比VID的4096个可能值所施加的更多的VLAN。

    Sampling rate-limited traffic
    10.
    发明申请
    Sampling rate-limited traffic 有权
    采样率限制流量

    公开(公告)号:US20070171824A1

    公开(公告)日:2007-07-26

    申请号:US11339597

    申请日:2006-01-25

    IPC分类号: H04L12/26

    CPC分类号: H04L43/022 H04L43/16

    摘要: Out-of-profile rate-limited traffic is sampled to provide data for analysis, such as for, but not limited to, identifying a threat condition such as a denial-of-service or other malicious attack, or a non-malicious attack such as an error in configuration. A rate limiter including at least three states is typically used, with one of these states being an out-of-profile sampling state wherein the packet traffic is sampled to identify one or more sampled packets on which analysis can be performed, with defensive action possibly taken in response to the analysis.

    摘要翻译: 采样失速率限制流量以提供用于分析的数据,例如用于但不限于识别威胁状况,例如拒绝服务或其他恶意攻击,或非恶意攻击,例如非恶意攻击 作为配置错误。 通常使用包括至少三个状态的速率限制器,其中这些状态之一是失真采样状态,其中对分组业务进行采样以识别可以在其上进行分析的一个或多个采样分组,具有可能的防御动作 作为回应分析。