Packet Tracing through Control and Data Plane Operations using SNMP Trap Commands
Granted: September 19, 2013
Application Number:
20130242759
Improved debugging capabilities for network packet path tracing. Embodiments trace both the control and data planes. During control plane operations each switch appends its identity to the payload, providing a full trace of the control plan path. SNMP Trap commands containing the forward path payload are provided back at each hop. The data plane is monitored by setting traps along the control plane path, with SNMP Trap commands at each hop being provided that indicate a given switch has…
DYNAMIC SERVICE INSERTION IN A FABRIC SWITCH
Granted: August 29, 2013
Application Number:
20130223449
One embodiment of the present invention provides a switch. The switch includes a service management module and a packet processor. During operation, the service management module identifies a service provided by an appliance coupled to the switch via a local port. The packet processor constructs a notification message for a remote switch. The notification message includes information about the service and the appliance. In this way, the switch allows the remote switch to request the…
Public Cloud Data at Rest Security
Granted: August 22, 2013
Application Number:
20130219169
An encryption switch which is used in a cloud environment to secure data on the LUNs used by the clients. A client provides a certificate to the cloud service. The encryption switch develops a cloud crypto domain (CCD) as a secure area, with the data at rest on the LUNs encrypted. The encryption switch develops a master key for client use in the CCD, which is provided to the client encrypted by the client's public key. Data encryption keys (DEKs) are created for each LUN and provided to…
FLEXIBLE STACKING PORT
Granted: August 22, 2013
Application Number:
20130215791
A stackable device having a plurality of data ports, wherein each of the data ports is capable of operating as a regular data port or a stacking port. A first set of one or more of the data ports is specified as a first flexible stacking port, and a second set of one or more of the data ports is specified as a second flexible stacking port. Each flexible stacking port can be individually configured to operate as an actual stacking port, if required by the configuration of an associated…
Storage Access Authentication Mechanism
Granted: August 15, 2013
Application Number:
20130212386
In embodiments according to the present invention an encryption switch is used to authorize access to LUNs from client VMs present in the cloud provider network. The encryption switch includes responder side software for an authentication protocol and an agent in the client VM includes the requestor side of the authentication protocol. The certificate of the client is securely provided to the encryption switch, which associates the client VM with the LUN. The client private key is…
Virtual Router Redundancy For Server Virtualization
Granted: August 8, 2013
Application Number:
20130205044
A solution for virtual router redundancy for server virtualization includes, at a network device configured as a backup router of a virtual router, examining a packet stored in a memory of the network device. Responsive to the examining, the network device determines whether to forward the packet via a network towards a destination or to send the packet via the network to a master router of the virtual router for forwarding of the packet, by the master router, towards the destination.
LINK AGGREGATION IN SOFTWARE-DEFINED NETWORKS
Granted: August 1, 2013
Application Number:
20130194914
One embodiment of the present invention provides a switch capable of processing software-defined data flows. The switch includes an identifier management module and a flow definition management module. During operation, the identifier management module allocates a logical identifier to a link aggregation port group which includes a plurality of ports associated with different links. The flow definition management module processes a flow definition corresponding to the logical identifier,…
MANAGING A CLUSTER OF SWITCHES USING MULTIPLE CONTROLLERS
Granted: July 25, 2013
Application Number:
20130188514
One embodiment of the present invention provides a computing system. The computing system includes a discovery module, a high-availability management module, and a controlling module. The discovery module determines local switch-specific information associated with a switch based on a discovery response packet. The high-availability management module determines remote switch-specific information about the same switch with respect to a remote computing system. The controlling module…
TRANSPARENT HIGH AVAILABILITY FOR STATEFUL SERVICES
Granted: July 25, 2013
Application Number:
20130191831
One embodiment of the present invention provides a system. The system includes a high availability module and a data transformation module. During operation, the high availability module identifies a modified object belonging to an application in a second system. A modification to the modified object is associated with a transaction identifier. The high availability module also identifies a local object corresponding to the modified object associated with a standby application…
MANAGING A LARGE NETWORK USING A SINGLE POINT OF CONFIGURATION
Granted: July 25, 2013
Application Number:
20130188521
One embodiment of the present invention provides a computing system. The switch includes a discovery module, a device management module, and a logical group management module. The discovery module constructs a multicast query message for a first multicast group to which the computing system is registered. The device management module extracts information about a remote switch from a query response message from the remote switch and constructs a client database, wherein a first entry in…
IP MULTICAST OVER MULTI-CHASSIS TRUNK
Granted: July 18, 2013
Application Number:
20130182581
In embodiments of the present invention, multicast traffic is simultaneously routed via all switches participating in the trunk (can be referred to as partner switches). A respective partner switch synchronizes the local multicast state information with all other partner switches. For a respective multicast group, a plurality of partner switches can be the part of the corresponding multicast distribution tree and obtain multicast traffic from uplink sources. For the multicast group, only…
Printed Circuit Board Cover
Granted: July 11, 2013
Application Number:
20130176684
A sheet metal cover for a printed circuit board (PCB) includes a plurality of legs continuous with a substantially planar elevated section. The legs are attached to the PCB, and electrical connections are provided between the legs and an internal ground plane of the PCB at the attachment locations. The sheet metal cover is thereby grounded, inhibiting the transmission of electromagnetic signals through the sheet metal cover. The elevated section of the sheet metal cover prevents select…
Plenum Kit
Granted: June 27, 2013
Application Number:
20130161277
A plenum assembly for a shallow chassis in a rack-mount system. The rack mount system includes a first set of posts at a first end of the rack, a second set of posts at a second end of the rack, and guide rails that extend between the first and second sets of posts. A shallow chassis mounted on the guide rails extends from the first end of the rack to an intermediate location, between the first and second ends of the rack. The plenum assembly is also mounted on the guide rails, and…
Interrupt Moderation
Granted: June 13, 2013
Application Number:
20130151744
A technique for interrupt moderation allows coalescing interrupts from a device into groups to be processed as a batch by a host processor. Receive and send completions may be processed differently. When the host is interrupted for receive completions, it may check for send completions, reducing the need for interrupts related to send completions. Timers and a counter allow coalescing interrupts into a single interrupt that can be used to signal the host to process multiple completions.…
PORT PROFILE ANALYTICS
Granted: June 13, 2013
Application Number:
20130148654
One embodiment of the present invention provides a computer system. The computer system includes a display mechanism, a storage, and a migration management mechanism. The storage stores a data structure indicating one or more port profiles. The migration management mechanism identifies one or more port profiles associated with a target switch for a migrating virtual machine, wherein the target switch is coupled to a target host machine of the virtual machine and recommends whether the…
AMPP ACTIVE PROFILE PRESENTATION
Granted: June 13, 2013
Application Number:
20130148511
One embodiment of the present invention provides a port profile management mechanism. The port profile management mechanism detects an active profile associated with a physical port on a switch and displays configuration of the port based on the identified port profile using the display mechanism. In addition, a port group management mechanism obtains information of a port group associated with a virtual machine, wherein the port group defines network configurations for the virtual…
METHOD AND SYSTEM FOR EXTENDING ROUTING DOMAIN TO NON-ROUTING END STATIONS
Granted: June 13, 2013
Application Number:
20130148491
A system is provided for facilitating assignment of a virtual routing node identifier to a non-routing node. During operation, the system assigns to a non-routing node coupled to a switch a virtual routing node identifier unique to the non-routing node. In addition, the system communicates reachability information corresponding to the virtual routing node identifier to other switches in the network.
SYSTEM AND METHOD FOR FLOW MANAGEMENT IN SOFTWARE-DEFINED NETWORKS
Granted: May 16, 2013
Application Number:
20130124707
One embodiment of the present invention provides a system for facilitating flow definition management in a switch. During operation, the system identifies a generic flow definition which specifies a flow that is not specific to any input port of a switch. The system further stores in a flow lookup data structure one or more port-specific flow rules based on the generic flow definition, wherein each port-specific flow rule corresponds to a respective port capable of processing data flows.
INTEGRATED FIBRE CHANNEL SUPPORT IN AN ETHERNET FABRIC SWITCH
Granted: May 9, 2013
Application Number:
20130114600
One embodiment of the present invention provides a switch. The switch includes a packet processor and a device management module. During operation, the packet processor constructs a notification message containing a Transparent Interconnection of Lots of Links (TRILL) Routing Bridge (RBridge) identifier associated with a Fibre Channel router. The device management module operates in conjunction with the packet processor and terminates TRILL forwarding for a received TRILL packet with the…
SAN FABRIC ONLINE PATH DIAGNOSTICS
Granted: May 2, 2013
Application Number:
20130111077
A diagnostic testing utility is used to perform online path diagnostic tests to troubleshoot components in a path that contribute to performance degradations and check application level data integrity, while traffic is allowed to flow as normal. To perform the diagnostic tests, two HBA or CNA ports at each end of a path are identified and used to send test frames to perform the diagnostic tests. The entire diagnostic procedure is performed without taking any ports or servers offline.
