公开(公告)号：US12126521B2

公开(公告)日：2024-10-22

申请号：US17411875

申请日：2021-08-25

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Rajib Majila ,  Venkatavaradhan Devarajan ,  Vinayak Joshi ,  Ram Iakhan Patel

IPC: H04L45/16 ,  H04L12/46 ,  H04L45/30 ,  H04L45/42

CPC classification number: H04L45/16 ,  H04L12/4633 ,  H04L45/30 ,  H04L45/42

Abstract: A system for policy management in a switch is provided. During operation, the system can generate, from a first policy defined for the switch, a second policy. The first policy can indicate whether a type of traffic is allowed from a source role to a destination role via an overlay tunnel. The second policy can indicate a plurality of destination roles that are allowed to receive multi-destination packets of the type of traffic from the source role via the overlay tunnel. Upon identifying a host associated with a role at a port of the switch, the system can determine whether the role belongs to the plurality of destination roles based on the second policy. If the role belongs to the plurality of allowed destination roles, the system can allow the port to forward a multi-destination packet, which is received via the overlay tunnel and associated with the type of traffic.

公开(公告)号：US11757777B2

公开(公告)日：2023-09-12

申请号：US17483474

申请日：2021-09-23

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Rajib Majila ,  Ram Iakhan Patel

IPC: H04L45/745 ,  H04L45/02 ,  H04L12/46 ,  H04L45/42 ,  H04L101/622

CPC classification number: H04L45/745 ,  H04L12/4641 ,  H04L45/02 ,  H04L45/42 ,  H04L2101/622

Abstract: The system determines a first source MAC associated with a switch. The system updates a MAC address table by mapping the first source MAC to a first tag which indicates a source role corresponding to a network infrastructure. A processor associated with the switch generates a first packet which indicates the first source MAC. The system performs a first search in the MAC address table based on the indicated first source MAC to obtain the first tag, and performs a second search in a policy table based on the first tag for a policy which indicates an action to be applied to the first packet. If the second search is not successful, the system modifies a header of the first packet by adding the first tag. If the second search is successful, the system determines that the indicated action comprises allowing the first packet and transmits the first packet.