公开(公告)号：US20250112855A1

公开(公告)日：2025-04-03

申请号：US18480361

申请日：2023-10-03

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Vinayak Joshi ,  Venkatavaradhan Devarajan ,  Balaji Sankaran

IPC: H04L45/28 ,  H04L45/42 ,  H04L45/745

Abstract: A network management system (NMS) for provisioning and managing an overlay network is provided. During operation, the NMS can determine that a loop associated with a media access control (MAC) address is detected in the network. The NMS can probe a first switch in the loop by instructing the first switch to observe the MAC address for a predetermined period. The NMS can receive a first message indicating a first set of ports of the first switch observing the MAC address. The NMS can probe an upstream switch reachable via each of the first set of ports by instructing the upstream switch to observe the MAC address for the predetermined period. Here, observing the MAC address at an upstream port of the upstream switch causes further upstream probing. Based on probing the switches in the loop, the NMS can determine one or more loop origination points (LOPs) for the loop.

公开(公告)号：US12126521B2

公开(公告)日：2024-10-22

申请号：US17411875

申请日：2021-08-25

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Rajib Majila ,  Venkatavaradhan Devarajan ,  Vinayak Joshi ,  Ram Iakhan Patel

IPC: H04L45/16 ,  H04L12/46 ,  H04L45/30 ,  H04L45/42

CPC classification number: H04L45/16 ,  H04L12/4633 ,  H04L45/30 ,  H04L45/42

Abstract: A system for policy management in a switch is provided. During operation, the system can generate, from a first policy defined for the switch, a second policy. The first policy can indicate whether a type of traffic is allowed from a source role to a destination role via an overlay tunnel. The second policy can indicate a plurality of destination roles that are allowed to receive multi-destination packets of the type of traffic from the source role via the overlay tunnel. Upon identifying a host associated with a role at a port of the switch, the system can determine whether the role belongs to the plurality of destination roles based on the second policy. If the role belongs to the plurality of allowed destination roles, the system can allow the port to forward a multi-destination packet, which is received via the overlay tunnel and associated with the type of traffic.

公开(公告)号：US20240223348A1

公开(公告)日：2024-07-04

申请号：US18093253

申请日：2023-01-04

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Chethan Chavadibagilu Radhakrishnabhat ,  Venkatavaradhan Devarajan ,  Tathagata Nandy

IPC: H04L7/00 ,  H04L45/16

CPC classification number: H04L7/0012 ,  H04L45/16

Abstract: A system for providing fast multicast convergence for Precision Time Protocol (PTP) at a switch is provided. During operation, the system can receive a multicast control message based on a multicast protocol used for PTP from a respective neighbor switch. The multicast control message can indicate neighbor information associated with the multicast protocol. The system can then determine a role associated with the PTP for a remote switch from the control message. Upon receiving a register message for a multicast group associated with the PTP, the system can determine whether a multicast path from the switch to a PTP source includes a device with a role of a boundary clock (BC) of PTP. If the multicast path includes a device with a role of a BC, the system can send a gratuitous register-stop message for the multicast group toward the PTP source in absence of a native path.

公开(公告)号：US20240146575A1

公开(公告)日：2024-05-02

申请号：US17976691

申请日：2022-10-28

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Rajeev Jain ,  Venkatavaradhan Devarajan

IPC: H04L12/46 ,  H04L45/64

CPC classification number: H04L12/4633 ,  H04L12/4641 ,  H04L45/64

Abstract: A system for facilitating loop-free traffic forwarding is provided. During operation, the system can operate a switch as a tunnel endpoint for a plurality of tunnels with corresponding remote endpoints. The system can determine a tunnel network identifier (TNI) associated with a respective virtual local area network (VLAN) configured at the switch. The system can then enable the TNI for a first tunnel among the plurality of tunnels for carrying traffic of the VLAN. Here, traffic of the VLAN is only forwarded over the first tunnel. Therefore, the system can prevent the rest of the plurality of tunnels from looping the traffic of the VLAN back to the switch. The system can select a second tunnel as a standby tunnel for the TNI from the rest of the plurality of tunnels. If the first tunnel is unavailable, the system can enable the TNI for the second tunnel for traffic forwarding.

公开(公告)号：US11805078B2

公开(公告)日：2023-10-31

申请号：US17544493

申请日：2021-12-07

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Saurabh Mohan ,  Vijeesh Erankotte Panayamthatta ,  Venkatavaradhan Devarajan

IPC: H04L69/16 ,  H04L49/35 ,  H04L49/00 ,  H04L9/40 ,  H04L69/22 ,  H04L67/141 ,  H04L12/46

CPC classification number: H04L49/355 ,  H04L12/4633 ,  H04L49/30 ,  H04L63/1416 ,  H04L67/141 ,  H04L69/22

Abstract: A first ingress interface on a switch receives a first control packet for establishing a Transmission Control Protocol (TCP) session and selects a first engine running on a first line card in the switch. A second ingress interface receives a second control packet and selects the same first engine. Data associated with the TCP session received by the first or second ingress interface subsequent to establishing the TCP session is to be forwarded to the first engine. The first ingress interface receives a third control packet and sends, to the selected first engine, a notification indicating the TCP session which is to be tracked. The first or second ingress interface receives a fourth packet with a payload associated with the TCP session and forwards, to the selected first engine, a copy of the fourth packet, thereby facilitating a plurality of engine instances to support application identification.

公开(公告)号：US20230111305A1

公开(公告)日：2023-04-13

申请号：US17497209

申请日：2021-10-08

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Vinayak Joshi ,  Venkatavaradhan Devarajan

IPC: H04L12/46 ,  H04L12/741

Abstract: An apparatus for detecting a loop in a domain comprising a plurality of overlay tunnel fabrics is provided. The apparatus can include an indicator logic block that can insert a predetermined value, which can be unique for the apparatus in the domain, into an egress tunnel header of a packet of a data flow. The header's destination address can correspond to a remote apparatus of an overlay tunnel fabric that includes the apparatus. Tunnel encapsulation can be initiated and terminated within the corresponding overlay tunnel fabric. The indicator logic block can determine, for a respective packet of the data flow from a remote overlay tunnel fabric of the domain, whether the predetermined value is present in an ingress tunnel header. Upon identifying the predetermining value in the ingress tunnel header, a loop logic block of the apparatus can determine that a loop is present in the domain.

公开(公告)号：US20230092836A1

公开(公告)日：2023-03-23

申请号：US17482152

申请日：2021-09-22

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Chivukula Koundinya ,  Balaji Sankaran ,  Venkatavaradhan Devarajan ,  Sivakumar Murugan

IPC: H04L29/08 ,  H04L12/775

Abstract: A member switch of multiple connected switches receives a stack-discovery packet from a first coupled switch and, in response, generates and transmits a stack-discovery-response packet to the first coupled switch to allow the member switch to be discovered. The member switch receives stack-configuration information from a stack-control node and forwards the stack-discovery packet to a second coupled switch to facilitate discovery of the second coupled switch. The first coupled switch, the member switch, and the second coupled switch are coupled to each other according to a predetermined order, thereby facilitating an ordered discovery of the multiple connected switches. In response to receiving, from the stack-control node, a control packet, the member switch reboots based on the received stack-configuration information. The stack-configuration information comprises a stack-member identifier allocated, based on the predetermined order, by the stack-control mode to the member switch, thereby facilitating formation of an ordered stack.

公开(公告)号：US10715406B2

公开(公告)日：2020-07-14

申请号：US15306719

申请日：2015-04-24

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Chetan Ambi ,  Allu Ramaprasad ,  Venkatavaradhan Devarajan

IPC: H04L12/26 ,  H04L12/24 ,  H04L29/06

Abstract: A network anomaly may be detected by comparing the network behavior of a packet to an expected network behavior. The network behavior may be determined using a packet sample of a packet matching a flow rule that includes a sampling rule.

公开(公告)号：US10708245B2

公开(公告)日：2020-07-07

申请号：US15833807

申请日：2017-12-06

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Balaji Sankaran ,  Karthikeyan Ramachandran ,  Venkatavaradhan Devarajan ,  Gudiputi Suma Chowdary

IPC: H04L29/06 ,  G06F21/60 ,  H04L9/08 ,  H04L12/46 ,  H04L9/32 ,  H04L12/721

Abstract: Examples disclosed herein relate to use of MACsec to encrypt tunnel data packets. In an example, a MACsec capable device may receive a data packet from a host device for tunneling to a controller. MACsec capable device may encapsulate the data packet with an encapsulation header to generate an encapsulated data packet. The encapsulation header may comprise a destination MAC address reserved for the controller. MACsec capable device may direct the encapsulated data packet to a MACsec engine. MACsec engine may encrypt the encapsulated data packet with the encryption key to generate an encrypted data packet. MACsec capable device may encapsulate the encrypted data packet with a first GRE header. MACsec capable device may send the encrypted data packet with the first GRE header to the controller via a GRE tunnel.

公开(公告)号：US10693761B2

公开(公告)日：2020-06-23

申请号：US16132626

申请日：2018-09-17

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Haris Palapra ,  Mithun Kumar Halder ,  Pavankumar Kulkarni ,  Venkatavaradhan Devarajan

IPC: H04L12/751 ,  H04L12/24 ,  H04L12/707

Abstract: A method may include storing updated firmware in storage of a target switch, transmitting instructions to the target switch to initiate a restart thereof, and transmitting a respective notification to (i) at least one switch in each of a core layer and aggregation layer of the computer system, and (ii) switches in an access layer if a switch of the aggregation layer is the selected target switch. The notification may be indicative of an impending shut down of the target switch and include instructions to each recipient switch to cease directing packets thereto. The method may also include processing any packets directed to the target switch prior to the receipt of the notification and compliance thereto by each recipient switch, confirming all packets directed to the target switch from each recipient switch have been received and processed, and restarting the target switch, thereby updating the firmware on the target switch.