WO2014201040A1 - Scalable and segregated network virtualization - Google Patents

Scalable and segregated network virtualization Download PDF

Info

Publication number
WO2014201040A1
WO2014201040A1 PCT/US2014/041774 US2014041774W WO2014201040A1 WO 2014201040 A1 WO2014201040 A1 WO 2014201040A1 US 2014041774 W US2014041774 W US 2014041774W WO 2014201040 A1 WO2014201040 A1 WO 2014201040A1
Authority
WO
WIPO (PCT)
Prior art keywords
switch
vlan tag
packet
port
edge
Prior art date
Application number
PCT/US2014/041774
Other languages
French (fr)
Inventor
Venkata R. K. ADDANKI
Sadasivudu Malladi
Chi L. Chong
Kiran K. Gavini
Original Assignee
Brocade Communications Systems, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Brocade Communications Systems, Inc. filed Critical Brocade Communications Systems, Inc.
Priority to CN201480043860.1A priority Critical patent/CN105519046B/en
Priority to EP14738940.7A priority patent/EP3008860B1/en
Priority to EP17181928.7A priority patent/EP3261301B1/en
Publication of WO2014201040A1 publication Critical patent/WO2014201040A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • H04L12/4645Details on frame tagging
    • H04L12/465Details on frame tagging wherein a single frame includes a plurality of VLAN tags
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/745Address table lookup; Address filtering

Definitions

  • the present disclosure relates to communication networks. More specifically, the present disclosure relates to scalable network virtualization.
  • a fabric switch is a collection of individual member switches. These member switches form a single, logical switch that can have an arbitrary number of ports and an arbitrary topology. As demands grow, customers can adopt a "pay as you grow" approach to scale up the capacity of the fabric switch.
  • TRILL Transparent Interconnection of Lots of Links
  • the switch includes a virtual network module and a forwarding module.
  • the virtual network module includes a global virtual local area network (VLAN) tag in a packet.
  • the global VLAN tag is mapped to an edge VLAN tag in the packet and is associated with a datacenter domain.
  • the datacenter domain indicates a set of ports associated with a datacenter.
  • the forwarding module identifies an egress edge port for the packet based on the global VLAN tag.
  • the global VLAN tag is mapped to an internal virtual identifier, which is internal and local to the switch.
  • the forwarding module further identifies the egress edge port based on a mapping between the egress port and the internal virtual identifier.
  • the edge VLAN tag is associated with a virtual machine.
  • the virtual machine is allowed to migrate to the set of ports indicated by the datacenter domain.
  • the packet does not include the edge VLAN tag, and the global VLAN tag is mapped to a media access control (MAC) address in the packet.
  • MAC media access control
  • the global VLAN tag is further mapped to one or more of: (i) a tenant identifier, which is information that can distinguish between tenants, and (ii) an identifier of the datacenter domain.
  • the switch also includes a tag management module which generates the global VLAN tag based on the datacenter domain and the edge VLAN tag.
  • the switch also includes a fabric switch management module which maintains a membership in a fabric switch.
  • the fabric switch accommodates a plurality of member switches and operates as a single switch.
  • the fabric switch management module includes the global VLAN tag in a notification message for the member switches.
  • the global VLAN tag is generated based on the datacenter domain and the edge VLAN tag.
  • the switch also includes a port profile module which applies a port profile to the ingress port of the packet in response to identifying the source MAC address of the packet in a port profile.
  • the port profile is in a port profile set associated with the datacenter domain.
  • FIG. 1 illustrates an exemplary provider network with scalable and segregated network virtualization support, in accordance with an embodiment of the present invention.
  • FIG. 2A illustrates exemplary mappings of global virtual local area networks
  • VLANs in accordance with an embodiment of the present invention.
  • FIG. 2B illustrates exemplary direct mapping of a global VLAN to a virtual machine's media access control (MAC) address, in accordance with an embodiment of the present invention.
  • MAC media access control
  • FIG. 2C illustrates exemplary tables comprising mappings of global VLANs, in accordance with an embodiment of the present invention.
  • FIG. 3A presents a flowchart illustrating the process of a datacenter manager creating a datacenter domain for a datacenter, in accordance with an embodiment of the present invention.
  • FIG. 3B presents a flowchart illustrating the process of a switch mapping an edge VLAN tag to a global VLAN tag, in accordance with an embodiment of the present invention.
  • FIG. 3C presents a flowchart illustrating the process of a switch mapping a global VLAN to an internal virtual identifier (IVID), in accordance with an embodiment of the present invention.
  • FIG. 6B presents a flowchart illustrating the process of a switch applying a port profile from a port profile set based on a received packet, in accordance with an embodiment of the present invention.
  • FIG. 7 illustrates an exemplary architecture of a switch scalable and segregated network virtualization support, in accordance with an embodiment of the present invention.
  • a tenant can use an edge VLAN tag used by another tenant, and therefore, can use a large number of edge VLANs (e.g., up to the available number of edge VLANs represented by 12 bits).
  • This global VLAN can be included in the inter-switch packets forwarded in the provider network. In some embodiments, this global VLAN is removed when the packets leave the provider network.
  • the provider network is a fabric switch, and a respective switch in the provider network is a member switch of the fabric switch.
  • a fabric switch any number of switches coupled in an arbitrary topology may logically operate as a single switch.
  • the fabric switch can be an Ethernet fabric switch or a virtual cluster switch (VCS), which can operate as a single Ethernet switch. Any member switch may join or leave the fabric switch in "plug-and-play" mode without any manual configuration.
  • a respective switch in the fabric switch is a Transparent Interconnection of Lots of Links (TRILL) routing bridge (RBridge).
  • TRILL Transparent Interconnection of Lots of Links
  • a respective switch in the fabric switch is an Internet Protocol (IP) routing-capable switch (e.g., an IP router).
  • IP Internet Protocol
  • a fabric switch can include an arbitrary number of switches with individual addresses, can be based on an arbitrary topology, and does not require extensive manual configuration.
  • the switches can reside in the same location, or be distributed over different locations.
  • the term "fabric switch” refers to a number of interconnected physical switches which form a single, scalable logical switch. These physical switches are referred to as member switches of the fabric switch. In a fabric switch, any number of switches can be connected in an arbitrary topology, and the entire group of switches functions together as one single, logical switch. This feature makes it possible to use many smaller, inexpensive switches to construct a large fabric switch, which can be viewed as a single logical switch externally.
  • the present disclosure is presented using examples based on a fabric switch, embodiments of the present invention are not limited to a fabric switch. Embodiments of the present invention are relevant to any computing device that includes a plurality of devices operating as a single device.
  • VLAN refers to any virtualized network.
  • VLAN refers to a virtualized network within a physical network.
  • a VLAN isolates the virtualized network so that packets are only forwarded within the VLAN.
  • a VLAN associated with a packet received from an edge port of a switch can be referred to as an edge VLAN and a corresponding identifier or tag can be referred to as an edge VLAN tag.
  • identifier and “tag” are used interchangeably.
  • FIG. 1 illustrates an exemplary provider network with scalable and segregated network virtualization support, in accordance with an embodiment of the present invention.
  • a network 100 includes switches 101, 102, 103, 104, and 105. Switches 102 and 105 are coupled to end devices 142 and 144, respectively.
  • Network 100 can be a provider network, which provides connectivity to a datacenter.
  • a datacenter 120 is coupled with network 100 via switches 101 and 103.
  • a datacenter 130 is coupled with network 100 via switches 103 and 105.
  • Switches in fabric switch 100 use edge ports to communicate with end devices (e.g., non-member switches) and inter-switch ports to communicate with other member switches.
  • switch 105 is coupled to end device 144 via an edge port and to switches 101, 102, and 104 via inter-switch ports and one or more links.
  • Data communication via an edge port can be based on Ethernet and via an inter-switch port can be based on IP and/or TRILL protocol.
  • control message exchange via inter-switch ports can be based on a different protocol (e.g., Internet Protocol (IP) or Fibre Channel (FC) protocol).
  • IP Internet Protocol
  • FC Fibre Channel
  • a datacenter domain represents a set of associations between edge VLAN and global VLAN.
  • Datacenter domains also ensure that migrating virtual machines are associated with the correct global VLAN.
  • the virtual machines that need connectivity are in the same datacenter domain.
  • a global VLAN can be computed based on the datacenter domain identifier and an edge VLAN tag.
  • a switch of the provider network creates a datacenter domain, assigns ports to the datacenter domain, associates global VLANs with the corresponding virtual machines, and isolates data packets belonging to these global VLANs.
  • These virtual machines and their network policies are often configured in portgroups in a virtual machine manager (e.g., a vCenter).
  • portgroups from a respective virtual machine manager associated with a corresponding datacenter domain are often configured in portgroups in a virtual machine manager (e.g., a vCenter).
  • mapping between edge VLAN tag 202 and global VLAN tag 204 can further include a tenant identifier 216 (denoted with dotted line), which can be any information that can distinguish between tenants.
  • tenant identifier 216 include, but are not limited to, a generated identifier, a virtual or physical MAC address, an IP address, an IP sub-network (subnet), a logical or physical port identifier, a virtual switch identifier, a hypervisor identifier, and a combination thereof.
  • this mapping can also include a datacenter domain identifier 218 (denoted with dotted line) which can be any information that can distinguish between datacenter domains. This combination of edge VLAN tag 202, tenant identifier 216, and datacenter domain identifier 218 can be mapped to global VLAN tag 204.
  • the second non-obvious insight is that multiple global VLAN tags can be mapped to a single IVID.
  • a switch assigns a unique IVID for a global VLAN or an edge VLAN if the switch receives/forwards packets from/to an end device (e.g., end device 142) via an edge port.
  • an ingress switch may assign a unique IVID for a respective global VLAN whose packets are receives via an edge port.
  • an egress switch may assign a unique IVID for a respective edge VLAN whose packets are forwarded via an edge port.
  • the switch can map a set of global VLANs to a common "pass-through" IVID.
  • FIG. 2B illustrates exemplary direct mapping of a global VLAN to a virtual machine's MAC address, in accordance with an embodiment of the present invention.
  • the virtual machine can be associated with a global VLAN. If the virtual machine is not coupled to a vSwitch of a hypervisor, the virtual machine may not be associated with an edge VLAN.
  • the MAC address 220 of the virtual machine can directly be mapped to global VLAN 204. This allows segregation of traffic from that virtual machine in network 100.
  • a switch in network 100 upon generating a global VLAN tag, shares the global VLAN tag with other switches in network 100.
  • network 100 is a fabric switch
  • the switch can use internal messaging (e.g., a name service) for the fabric switch to generate a notification message.
  • the switch then includes the generated global VLAN tag in the notification message, determines an egress port for the notification message, and transmits the notification message via the egress port.
  • a respective switch in network 100 is aware of all global VLAN tags generated for network 100.
  • switch 103 can generate global VLAN tag 232 and switch 105 can generate global VLAN tag 236.
  • both switches 103 and 105 Upon exchanging notification messages, both switches 103 and 105 have global VLAN tags 232 and 236.
  • a respective global VLAN tag is unique in network 100.
  • a respective global VLAN tag can be mapped to an IVID.
  • switch 103 can store the mappings between global VLAN tags and its local IVIDs in table 254.
  • Table 254 includes mappings of global VLAN tags 231, 232, 233, 234, 235, and 236 to IVIDs 261, 262, 263, 264, 265, and 266, respectively. These IVIDs are local and internal to switch 103 and not included in a packet. In some embodiments, some of these mappings can include additional information as well, as described in conjunction with FIG. 2A. For example, mappings of global VLAN tags 231, 232, 233, 235, and 236 include additional information 241, 242, 243, 244, and 245, respectively.
  • switch 105 can store the mappings between global VLAN tags and its local IVIDs in table 256.
  • Table 256 includes mappings of global VLAN tags 231, 232, 233, 234, 235, and 236 to IVIDs 267, 262, 263, 268, 261, and 269, respectively. These IVIDs are local and internal to switch 105 and not included in a packet. Mappings of global VLAN tags 231, 232, 233, 234, and 236 include additional information 241, 247, 244, 248, and 246, respectively. However, global VLAN tag 235 is mapped to IVID 261, which does not include additional information.
  • switch 103 can store another table (not shown in FIG. 2B), which maps IVIDs 261, 262, 263, 264, 265, and 266 to corresponding egress ports, as described in conjunction with FIG. 2A.
  • switch 105 can store another table (not shown in FIG. 2B), which maps IVIDs 267, 262, 263, 268, 261, and 269 to corresponding egress ports, as described in conjunction with FIG. 2 A. This allows switches 103 and 105 to identify a global VLAN tag in an inter-switch packet, determine a corresponding IVID from tables 254 and 256, respectively, and determine an egress port for the packet.
  • switch 103 Upon receiving the packet, switch 103 obtains a corresponding global VLAN tag from table 252. If virtual machine 124 is associated with a tenant with identifier 282, the switch obtains the corresponding global VLAN tag 231. Switch 103 uses global VLAN tag 231 and additional information (e.g., a MAC address) to obtain IVID 261. If network 100 is a fabric switch, switch 103 encapsulates the packet in a fabric encapsulation to create an inter-switch packet and includes global VLAN tag 231 in the inter-switch packet.
  • additional information e.g., a MAC address
  • FIG. 3A presents a flowchart illustrating the process of a datacenter manager creating a datacenter domain for a datacenter, in accordance with an embodiment of the present invention.
  • the datacenter manager identifies one or more switches coupled to the datacenter (operation 302) and identifies ports of identified switches associated with the datacenter (operation 304).
  • the datacenter manager of datacenter 130 identifies switches 103 and 105 in operation 302, and identifies ports 162 and 164 in operation 304.
  • the datacenter manager then creates a datacenter domain comprising the identified ports (operation 306) and allocates a unique identifier to the datacenter domain (operation 308).
  • the operations in FIG. 3A can be repeated for a respective datacenter.
  • FIG. 3C presents a flowchart illustrating the process of a switch mapping a global VLAN to an IVID, in accordance with an embodiment of the present invention.
  • the switch identifies a global VLAN tag associated with the local switch (operation 352).
  • the switch optionally, obtains additional information associated with the global VLAN tag (operation 354) (denoted with dashed lines), and maps the global VLAN tag (and additional information) to an IVID, which is internal and local to the switch (operation 356).
  • the mapping may not include additional information, as described in conjunction with FIG. 2B.
  • a plurality of global VLAN tags can be mapped to the same IVID.
  • the switch can further map the IVID to an egress port (operation 358).
  • the switch stores one or both mappings in local tables (operation 360). Packet Forwardin2
  • the switch encapsulates the packet to an inter-switch packet (operation 410). If the switch is a member switch of a fabric switch, the switch can use fabric encapsulation (e.g., TRILL or IP encapsulation) to create the inter-switch packet.
  • fabric encapsulation e.g., TRILL or IP encapsulation
  • the switch identifies a global VLAN tag mapped to edge VLAN tag from a local table (operation 412), as described in conjunction with FIG. 2B.
  • the switch includes the global VLAN tag in the inter-switch packet (operation 414) and identifies an IVID mapped to the global VLAN tag (and additional information associated with the packet) (operation 416). Based on the identified IVID (operation 408 or 416), the switch identifies an egress port mapped to the identified IVID (operation 418) and transmits the packet via the identified egress port (operation 420).
  • FIG. 4B presents a flowchart illustrating the process of a switch forwarding a packet received from an inter-switch port based on scalable network virtualization, in accordance with an embodiment of the present invention.
  • the switch receives a packet from the inter-switch port (operation 452).
  • the switch checks whether the packet is destined to a local edge port (operation 454). If the packet is destined to a local edge port, the switch decapsulates the inter-switch packet to extract the inner edge packet (operation 456) and identifies an IVID mapped to an edge VLAN tag of the edge packet (and additional information associated with the edge packet) (operation 458).
  • the switch identifies a global VLAN tag from the packet (operation 464) and identifies an IVID mapped to the global VLAN tag (and additional information associated with the packet) (operation 466). Based on the identified IVID (operation 458 or 466), the switch identifies an egress port mapped to the identified IVID (operation 460) and transmits the packet via the identified egress port (operation 462).
  • Port Profiles i.e., if the packet is destined to an inter-switch port
  • a port profile which specifies a set of port configuration information and allows dynamically provisioning a port, specifically for a virtual machine.
  • a port profile can be created for that virtual machine, which is moved to a corresponding switch port as the virtual machine moves in the network.
  • a fabric switch can quickly detect when a virtual machine moves to a new location.
  • the port profile corresponding to the virtual machine can then be automatically applied to the new location (i.e., the new physical switch port to which the virtual machine couples). This way, the network can respond quickly to the dynamic location changes of virtual machines.
  • Port profiles are described in U.S. Patent Application No. 13/042,259 (Attorney Docket No.
  • a port profile can contain the entire configuration needed for a virtual machine to gain access to a LAN or WAN, which can include: Fibre Channel over Ethernet (FCoE) configuration, VLAN configuration, QoS related configuration, and security related
  • FCoE Fibre Channel over Ethernet
  • ACLs access control lists
  • a port profile can be capable of operating as a self contained configuration container. In other words, if a port profile is applied to a new switch without any additional configuration, the port profile should be sufficient to set the switch' s global and local (interface level) configuration and allow the switch to start carrying traffic.
  • edge VLAN membership which includes tagged VLANs and an untagged VLAN
  • global VLAN membership which includes mappings of global VLANs
  • ingress/egress VLAN filtering rules based on the VLAN membership.
  • a QoS configuration profile within a port profile can define:
  • scheduling profile such as weighted Round- Robin or strict-priority based queuing
  • g. mapping of an incoming frame's priority to strict-priority based or weighted Round-Robin traffic classes
  • FCoE configuration profile within a port profile defines the attributes needed for the port to support FCoE, which can include:
  • a security configuration profile within a port profile defines the security rules needed for the server port. However, the security rules can be different at different ports, so some of the locally configured ACLs can be allowed to override conflicting rules from a port profile.
  • a typical security profile can contain the following attributes:
  • each port profile can have one or more MAC addresses associated with it.
  • FIG. 5B illustrates exemplary port profile sets for scalable and segregated network virtualization, in accordance with an embodiment of the present invention.
  • port profile set 502 includes one or more port profiles.
  • Port profile set 502 includes port profile 552, which is associated with one or more MAC addresses. These MAC address can be virtual MAC addresses assigned to different virtual machines, such as the MAC address of virtual machine 126.
  • This port-profile-to-MAC address mapping information can be included in port profile 552, or can be maintained outside of port profile 552 (e.g., in a separate table).
  • Port profile set 502 is distributed throughout network 100.
  • a port profile can be activated for a port in three ways: (1) when a hypervisor binds a MAC address to a port profile identifier; (2) through regular MAC learning; and (3) through a manual configuration process via a management interface.
  • FIG. 6A presents a flowchart illustrating the process of a switch obtaining port profile sets associated with datacenters associated with the switch, in accordance with an embodiment of the present invention.
  • the switch identifies the datacenter domains associated with the local switch (operation 602).
  • the switch then obtains port profile sets associated with a respective datacenter domain (operation 604).
  • a switch can obtain the port profile sets from a user (e.g., via a message from an administrative station, a command line interface (CLI) command, or a web interface).
  • CLI command line interface
  • a switch can also received the port profiles from a user and generate the corresponding port profile sets based on a datacenter domain.
  • the switch then locally stores the port profile sets (operation 606)
  • FIG. 7 illustrates an exemplary architecture of a switch scalable and segregated network virtualization support, in accordance with an embodiment of the present invention.
  • a switch 700 includes a number of communication ports 702, a packet processor 710, a virtual network module 730, a forwarding module 720, and a storage device 750.
  • Packet processor 710 extracts and processes header information from the received frames.
  • Communication ports 702 can include inter-switch communication channels for communication within a fabric switch. This inter-switch communication channel can be implemented via a regular communication port and based on any open or proprietary format. Communication ports 702 can include one or more TRILL ports capable of receiving frames encapsulated in a TRILL header. Communication ports 702 can also include one or more IP ports capable of receiving IP packets. An IP port is capable of receiving an IP packet and can be configured with an IP address. Packet processor 710 can process TRILL-encapsulated frames and/or IP packets.
  • virtual network module 730 includes a global VLAN tag in a packet received via an ingress port among communication ports 702.
  • Forwarding module 720 identifies an egress port among communication ports 702 for the packet based on the global VLAN tag.
  • switch 700 also includes a tag management module 732, which generates the global VLAN tag based on the datacenter domain and the edge VLAN tag.
  • Fabric switch management module 760 can include the generated global VLAN tag in a notification message for the member switches of the fabric switch.
  • switch 700 also includes a port profile module 740, which applies a port profile to the ingress port of the packet in response to identifying the source MAC address of the packet in a port profile. This port profile can be in a port profile set associated with a corresponding data center domain.
  • modules can be implemented in hardware as well as in software.
  • these modules can be embodied in computer-executable instructions stored in a memory, which is coupled to one or more processors in switch 700. When executed, these instructions cause the processor(s) to perform the aforementioned functions.
  • the switch includes a virtual network module and a forwarding module.
  • the virtual network module includes a global VLAN tag in a packet.
  • the global VLAN tag is mapped to an edge VLAN tag in the packet and is associated with a datacenter domain.
  • the datacenter domain indicates a set of ports associated with a datacenter.
  • the forwarding module identifies an egress edge port for the packet based on the global VLAN tag.
  • the methods and processes described herein can be embodied as code and/or data, which can be stored in a computer-readable non-transitory storage medium.
  • code and/or data can be stored in a computer-readable non-transitory storage medium.
  • the computer system When a computer system reads and executes the code and/or data stored on the computer-readable non- transitory storage medium, the computer system performs the methods and processes embodied as data structures and code and stored within the medium.
  • the methods and processes described herein can be executed by and/or included in hardware modules or apparatus.
  • These modules or apparatus may include, but are not limited to, an application-specific integrated circuit (ASIC) chip, a field-programmable gate array (FPGA), a dedicated or shared processor that executes a particular software module or a piece of code at a particular time, and/or other programmable-logic devices now known or later developed.
  • ASIC application-specific integrated circuit
  • FPGA field-programmable gate array
  • a dedicated or shared processor that executes a particular software module or a piece of code at a particular time
  • other programmable-logic devices now known or later developed.

Abstract

One embodiment of the present invention provides a switch 101, 102, 103, 104, 105 in a network 100. The switch includes a virtual network module and a forwarding module. The virtual network module includes a global virtual local area network (VLAN) tag in a packet. The global VLAN tag is mapped to an edge VLAN tag in the packet and is associated with a datacenter domain 172, 174, wherein a VLAN 152, 154 associated with a packet received from an edge port of the switch can be referred to as an edge VLAN and a corresponding identifier or tag can be referred to as an edge VLAN tag. The datacenter domain indicates a set of ports associated with a datacenter 120 130. The forwarding module identifies an egress edge port for the packet based on the global VLAN tag. Preferably, the global VLAN tag is mapped to an internal virtual identifier (IVID), which is internal and local to the switch. Moreover, the forwarding module preferably is further adapted to identify the egress edge port based on a mapping between the egress port and the internal virtual identifier. The global VLAN tag may be mapped to a media access control (MAC) address in the packet. In an embodiment, the switch is member of a TRILL network 100 (Transparent Interconnection of Lots of Links) and the global VLAN tag can be included in an encapsulation header such as a TRILL header.

Description

SCALABLE AND SEGREGATED NETWORK VIRTU ALIZATION
Inventors: Venkata R. K. Addanki, Sadasivudu Malladi, Chi L. Chong, and Kiran K. Gavini
BACKGROUND
Field
[0001] The present disclosure relates to communication networks. More specifically, the present disclosure relates to scalable network virtualization.
Related Art
[0002] The exponential growth of the Internet has made it a popular delivery medium for a variety of applications running on physical and virtual devices. Such applications have brought with them an increasing demand for bandwidth. As a result, equipment vendors race to build larger and faster switches with versatile capabilities, such as support for multi-tenancy, to move more traffic efficiently. However, the size of a switch cannot grow infinitely. It is limited by physical space, power consumption, and design complexity, to name a few factors. Furthermore, switches with higher capability are usually more complex and expensive. More importantly, because an overly large and complex system often does not provide economy of scale, simply increasing the size and capability of a switch may prove economically unviable due to the increased per-port cost.
[0003] A flexible way to improve the scalability of a switch system is to build a fabric switch. A fabric switch is a collection of individual member switches. These member switches form a single, logical switch that can have an arbitrary number of ports and an arbitrary topology. As demands grow, customers can adopt a "pay as you grow" approach to scale up the capacity of the fabric switch.
[0004] Meanwhile, layer-2 (e.g., Ethernet) switching technologies continue to evolve. More routing-like functionalities, which have traditionally been the characteristics of layer-3 (e.g., Internet Protocol or IP) networks, are migrating into layer-2. Notably, the recent development of the Transparent Interconnection of Lots of Links (TRILL) protocol allows Ethernet switches to function more like routing devices. TRILL overcomes the inherent inefficiency of the conventional spanning tree protocol, which forces layer-2 switches to be coupled in a logical spanning-tree topology to avoid looping. TRILL allows routing bridges (RBridges) to be coupled in an arbitrary topology without the risk of looping by implementing routing functions in switches and including a hop count in the TRILL header.
[0005] While a fabric switch brings many desirable features to a network, some issues remain unsolved in facilitating scalable and segregated network virtualization for a large number of tenants.
SUMMARY
[0006] One embodiment of the present invention provides a switch. The switch includes a virtual network module and a forwarding module. The virtual network module includes a global virtual local area network (VLAN) tag in a packet. The global VLAN tag is mapped to an edge VLAN tag in the packet and is associated with a datacenter domain. The datacenter domain indicates a set of ports associated with a datacenter. The forwarding module identifies an egress edge port for the packet based on the global VLAN tag.
[0007] In a variation on this embodiment, the global VLAN tag is mapped to an internal virtual identifier, which is internal and local to the switch. The forwarding module further identifies the egress edge port based on a mapping between the egress port and the internal virtual identifier.
[0008] In a variation on this embodiment, the edge VLAN tag is associated with a virtual machine. The virtual machine is allowed to migrate to the set of ports indicated by the datacenter domain.
[0009] In a variation on this embodiment, the packet does not include the edge VLAN tag, and the global VLAN tag is mapped to a media access control (MAC) address in the packet.
[0010] In a variation on this embodiment, the global VLAN tag is further mapped to one or more of: (i) a tenant identifier, which is information that can distinguish between tenants, and (ii) an identifier of the datacenter domain.
[0011] In a variation on this embodiment, the switch also includes a tag management module which generates the global VLAN tag based on the datacenter domain and the edge VLAN tag.
[0012] In a variation on this embodiment, the switch also includes a fabric switch management module which maintains a membership in a fabric switch. The fabric switch accommodates a plurality of member switches and operates as a single switch.
[0013] In a further variation, the fabric switch management module includes the global VLAN tag in a notification message for the member switches. The global VLAN tag is generated based on the datacenter domain and the edge VLAN tag. [0014] In a further variation, the switch also includes a port profile module which applies a port profile to the ingress port of the packet in response to identifying the source MAC address of the packet in a port profile.
[0015] In a further variation, the port profile is in a port profile set associated with the datacenter domain.
BRIEF DESCRIPTION OF THE FIGURES
[0016] FIG. 1 illustrates an exemplary provider network with scalable and segregated network virtualization support, in accordance with an embodiment of the present invention.
[0017] FIG. 2A illustrates exemplary mappings of global virtual local area networks
(VLANs), in accordance with an embodiment of the present invention.
[0018] FIG. 2B illustrates exemplary direct mapping of a global VLAN to a virtual machine's media access control (MAC) address, in accordance with an embodiment of the present invention.
[0019] FIG. 2C illustrates exemplary tables comprising mappings of global VLANs, in accordance with an embodiment of the present invention.
[0020] FIG. 3A presents a flowchart illustrating the process of a datacenter manager creating a datacenter domain for a datacenter, in accordance with an embodiment of the present invention.
[0021] FIG. 3B presents a flowchart illustrating the process of a switch mapping an edge VLAN tag to a global VLAN tag, in accordance with an embodiment of the present invention.
[0022] FIG. 3C presents a flowchart illustrating the process of a switch mapping a global VLAN to an internal virtual identifier (IVID), in accordance with an embodiment of the present invention.
[0023] FIG. 4A presents a flowchart illustrating the process of a switch forwarding a packet received from an edge port based on scalable and segregated network virtualization, in accordance with an embodiment of the present invention.
[0024] FIG. 4B presents a flowchart illustrating the process of a switch forwarding a packet received from an inter-switch port based on scalable and segregated network
virtualization, in accordance with an embodiment of the present invention.
[0025] FIG. 5A illustrates an exemplary provider network with port profile sets for scalable and segregated network virtualization, in accordance with an embodiment of the present invention. [0026] FIG. 5B illustrates exemplary port profile sets for scalable and segregated network virtualization, in accordance with an embodiment of the present invention.
[0027] FIG. 6A presents a flowchart illustrating the process of a switch obtaining port profile sets associated with datacenters associated with the switch, in accordance with an embodiment of the present invention.
[0028] FIG. 6B presents a flowchart illustrating the process of a switch applying a port profile from a port profile set based on a received packet, in accordance with an embodiment of the present invention.
[0029] FIG. 7 illustrates an exemplary architecture of a switch scalable and segregated network virtualization support, in accordance with an embodiment of the present invention.
[0030] In the figures, like reference numerals refer to the same figure elements.
DETAILED DESCRIPTION
[0031] The following description is presented to enable any person skilled in the art to make and use the invention, and is provided in the context of a particular application and its requirements. Various modifications to the disclosed embodiments will be readily apparent to those skilled in the art, and the general principles defined herein may be applied to other embodiments and applications without departing from the spirit and scope of the present invention. Thus, the present invention is not limited to the embodiments shown, but is to be accorded the widest scope consistent with the claims.
Overview
[0032] In embodiments of the present invention, the problem of facilitating scalable and segregated network virtualization is solved by mapping an edge virtual local area network (VLAN) to a large-scale global VLAN in a provider network. As a result, a respective tenant in a datacenter (DC) associated with the provider network can reuse the same edge VLAN used by another tenant, and therefore, can use a large number edge VLANs in a scalable way.
Furthermore, global VLANs can be distinct for a respective datacenter coupled the provider network, thereby allowing segregated network virtualization for different datacenters coupled to the same provider network. A global VLAN can be computed based on a datacenter domain identifier and an edge VLAN tag.
[0033] With existing technologies, a provider network typically uses a separate VLAN tag, which is referred to as service tag or S-tag, in addition to the edge VLAN tag (can also be referred to as customer tag or C-tag). However, since the length of an S-tag is typically the same as the length of a C-tag, the number of VLANs supported in the provider network still remains limited. On the other hand, the S-tag and the C-tag can be used together as a single identifier to extend the number of VLANs supported in the provider network. However, such identifier may not distinguish between datacenters coupled to the provider network and segregate the same edge VLANs of different datacenters.
[0034] To solve this problem, a respective switch in the provider network maps a respective edge VLAN of a respective tenant of a respective datacenter to a unique and distinct global VLAN. The number of supported global VLANs can be significantly larger than the number of edge VLANs. In some embodiments, the number of bits used to represent edge VLAN tags and global VLAN tags are 12 and 24, respectively. This global VLAN is distinct among edge VLANs of different tenants and datacenters. For example, the same edge VLAN used by two tenants are mapped to two distinct global VLANs in the provider network. As a result, a tenant can use an edge VLAN tag used by another tenant, and therefore, can use a large number of edge VLANs (e.g., up to the available number of edge VLANs represented by 12 bits). This global VLAN can be included in the inter-switch packets forwarded in the provider network. In some embodiments, this global VLAN is removed when the packets leave the provider network.
[0035] Furthermore, the same edge VLAN used at two different datacenters is mapped to two unique and distinct global VLANs. As a result, if a tenant's network is distributed in two datacenters and the tenant reuses the same edge VLAN, the traffic from different datacenters are segregated in the same provider network. Moreover, a global VLAN can be persistent in the provider network and is included in the inter-switch packets forwarded in the provider network. For example, if a virtual machine (VM) moves within a datacenter, the edge VLAN of the migrated virtual machine maps to the same global VLAN. In some embodiments, a respective switch in the provider network includes one or more port profiles comprising port configurations (e.g., edge and global VLAN policies), and applies a port profile upon detecting traffic from an associated end device.
[0036] In some embodiments, the provider network is a fabric switch, and a respective switch in the provider network is a member switch of the fabric switch. In a fabric switch, any number of switches coupled in an arbitrary topology may logically operate as a single switch. The fabric switch can be an Ethernet fabric switch or a virtual cluster switch (VCS), which can operate as a single Ethernet switch. Any member switch may join or leave the fabric switch in "plug-and-play" mode without any manual configuration. In some embodiments, a respective switch in the fabric switch is a Transparent Interconnection of Lots of Links (TRILL) routing bridge (RBridge). In some embodiments, a respective switch in the fabric switch is an Internet Protocol (IP) routing-capable switch (e.g., an IP router).
[0037] It should be noted that a fabric switch is not the same as conventional switch stacking. In switch stacking, multiple switches are interconnected at a common location (often within the same rack), based on a particular topology, and manually configured in a particular way. These stacked switches typically share a common address, e.g., an IP address, so they can be addressed as a single switch externally. Furthermore, switch stacking requires a significant amount of manual configuration of the ports and inter- switch links. The need for manual configuration prohibits switch stacking from being a viable option in building a large-scale switching system. The topology restriction imposed by switch stacking also limits the number of switches that can be stacked. This is because it is very difficult, if not impossible, to design a stack topology that allows the overall switch bandwidth to scale adequately with the number of switch units.
[0038] In contrast, a fabric switch can include an arbitrary number of switches with individual addresses, can be based on an arbitrary topology, and does not require extensive manual configuration. The switches can reside in the same location, or be distributed over different locations. These features overcome the inherent limitations of switch stacking and make it possible to build a large "switch farm," which can be treated as a single, logical switch. Due to the automatic configuration capabilities of the fabric switch, an individual physical switch can dynamically join or leave the fabric switch without disrupting services to the rest of the network.
[0039] Furthermore, the automatic and dynamic configurability of the fabric switch allows a network operator to build its switching system in a distributed and "pay-as-you-grow" fashion without sacrificing scalability. The fabric switch' s ability to respond to changing network conditions makes it an ideal solution in a virtual computing environment, where network loads often change with time.
[0040] In this disclosure, the term "fabric switch" refers to a number of interconnected physical switches which form a single, scalable logical switch. These physical switches are referred to as member switches of the fabric switch. In a fabric switch, any number of switches can be connected in an arbitrary topology, and the entire group of switches functions together as one single, logical switch. This feature makes it possible to use many smaller, inexpensive switches to construct a large fabric switch, which can be viewed as a single logical switch externally. Although the present disclosure is presented using examples based on a fabric switch, embodiments of the present invention are not limited to a fabric switch. Embodiments of the present invention are relevant to any computing device that includes a plurality of devices operating as a single device.
[0041] The term "end device" can refer to any device external to the provider network, which can be a fabric switch. Examples of an end device include, but are not limited to, a host machine, a conventional layer-2 switch, a layer-3 router, or any other type of network device. Additionally, an end device can be coupled to other switches or hosts further away from a layer-2 or layer-3 network. An end device can also be an aggregation point for a number of network devices to enter the fabric switch.
[0042] The term "switch" is used in a generic sense, and it can refer to any standalone or fabric switch operating in any network layer. "Switch" should not be interpreted as limiting embodiments of the present invention to layer-2 networks. Any device that can forward traffic to an external device or another switch can be referred to as a "switch." Any physical or virtual device (e.g., a virtual machine/switch operating on a computing device) that can forward traffic to an end device can be referred to as a "switch." Examples of a "switch" include, but are not limited to, a layer-2 switch, a layer-3 router, a TRILL RBridge, or a fabric switch comprising a plurality of similar or heterogeneous smaller physical and/or virtual switches.
[0043] The term "edge port" refers to a port in a provider network which exchanges data frames with a network device outside of the provider network (i.e., an edge port is not used for exchanging data frames with another switch of the provider network). The provider network can be a fabric switch and the switches in the provider network can be member switches of the fabric switch. The term "inter-switch port" refers to a port which sends/receives data frames among the switches of the provider network. The terms "interface" and "port" are used interchangeably.
[0044] The term "VLAN" is used in a generic sense and refers to any virtualized network. The term "VLAN" refers to a virtualized network within a physical network. A VLAN isolates the virtualized network so that packets are only forwarded within the VLAN. A VLAN associated with a packet received from an edge port of a switch can be referred to as an edge VLAN and a corresponding identifier or tag can be referred to as an edge VLAN tag. The terms "identifier" and "tag" are used interchangeably.
[0045] The term "switch identifier" refers to a group of bits that can be used to identify a switch. Examples of a switch identifier include, but are not limited to, a media access control (MAC) address, an Internet Protocol (IP) address, and an RBridge identifier. Note that the TRILL standard uses "RBridge ID" (RBridge identifier) to denote a 48-bit intermediate-system- to-intermediate-system (IS-IS) System ID assigned to an RBridge, and "RBridge nickname" to denote a 16-bit value that serves as an abbreviation for the "RBridge ID." In this disclosure, "switch identifier" is used as a generic term, is not limited to any bit format, and can refer to any format that can identify a switch. The term "RBridge identifier" is also used in a generic sense, is not limited to any bit format, and can refer to "RBridge ID," "RBridge nickname," or any other format that can identify an RBridge.
[0046] The term "packet" refers to a group of bits that can be transported together across a network. "Packet" should not be interpreted as limiting embodiments of the present invention to layer-3 networks. "Packet" can be replaced by other terminologies referring to a group of bits, such as "message," "frame," "cell," or "datagram."
Network Architecture
[0047] FIG. 1 illustrates an exemplary provider network with scalable and segregated network virtualization support, in accordance with an embodiment of the present invention. As illustrated in FIG. 1A, a network 100 includes switches 101, 102, 103, 104, and 105. Switches 102 and 105 are coupled to end devices 142 and 144, respectively. Network 100 can be a provider network, which provides connectivity to a datacenter. A datacenter 120 is coupled with network 100 via switches 101 and 103. Similarly, a datacenter 130 is coupled with network 100 via switches 103 and 105.
[0048] Datacenter 120 includes host machines 112 and 114, each of which hosts one or more virtual machines (i.e., one or more virtual machines run on host machines 112 and 114). For example, host machine 112 hosts virtual machine 122, and host machine 114 hosts virtual machines 124 and 126. Similarly, datacenter 130 includes host machines 116 and 118, each of which hosts one or more virtual machines. For example, host machine 116 hosts virtual machine 132, and host machine 118 hosts virtual machines 134 and 136. Virtual machines 122 and 124 of datacenter 120, and virtual machine 136 of datacenter 130 is in edge VLAN 152. Virtual machine 126 of datacenter 120, and virtual machines 132 and 134 of datacenter 130 is in edge VLAN 154.
[0049] In some embodiments, network 100 is a fabric switch and a respective switch in network 100 is a member switch of the fabric switch. A fabric switch is formed using a number of smaller physical switches. The automatic configuration capability provided by the control plane running on a respective member switch allows any number of switches to be connected in an arbitrary topology without requiring tedious manual configuration of the ports and links. This feature makes it possible to use many smaller, inexpensive switches to construct a large cluster switch, which can be viewed as a single switch externally. [0050] In some embodiments, fabric switch 100 is a TRILL network and a respective member switch of fabric switch 100, such as switch 105, is a TRILL RBridge. In some further embodiments, fabric switch 100 is an IP network and a respective member switch of fabric switch 100, such as switch 105, is an IP-capable switch, which calculates and maintains a local IP routing table (e.g., a routing information base or RIB), and is capable of forwarding packets based on its IP addresses.
[0051] Switches in fabric switch 100 use edge ports to communicate with end devices (e.g., non-member switches) and inter-switch ports to communicate with other member switches. For example, switch 105 is coupled to end device 144 via an edge port and to switches 101, 102, and 104 via inter-switch ports and one or more links. Data communication via an edge port can be based on Ethernet and via an inter-switch port can be based on IP and/or TRILL protocol. It should be noted that control message exchange via inter-switch ports can be based on a different protocol (e.g., Internet Protocol (IP) or Fibre Channel (FC) protocol).
[0052] During operation, a datacenter is represented as a datacenter domain (DCD). A datacenter domain represents a set of associations between edge VLAN and global VLAN.
Datacenter domains allow the proper mapping between edge VLAN and global VLAN.
Datacenter domains also ensure that migrating virtual machines are associated with the correct global VLAN. The virtual machines that need connectivity are in the same datacenter domain. A global VLAN can be computed based on the datacenter domain identifier and an edge VLAN tag. To achieve segregation of virtualized networks between different datacenters, a switch of the provider network creates a datacenter domain, assigns ports to the datacenter domain, associates global VLANs with the corresponding virtual machines, and isolates data packets belonging to these global VLANs. These virtual machines and their network policies are often configured in portgroups in a virtual machine manager (e.g., a vCenter). In some embodiments, portgroups from a respective virtual machine manager associated with a corresponding datacenter domain.
[0053] In some embodiments, a datacenter manager creates a corresponding datacenter domain. For example, the datacenter managers of datacenters 120 and 130, respectively, create corresponding datacenter domains 172 and 174, respectively. A datacenter domain be assigned a unique identifier, and include one or more ports of network 100 among which a virtual machine can migrate. These ports can be from an individual switch or from a plurality of switches in network 100. For example, datacenter domain 174 includes port 162 of switch 103 and port 164 of switch 105. This allows a virtual machine, such as virtual machine 134, to migrate between ports 162 and 164 (i.e., between host machines 116 and 118). As a result, virtual machine 134 may not migrate to a port, such as port 166, of a different datacenter domain 172. Ports 162 and 164 can be manually included in datacenter domain 174 or by a datacenter manager of datacenter 130.
[0054] If a plurality of datacenters participates in the same virtualized network without segregation, the same global VLAN can span the plurality of datacenters. For example, if datacenters 120 and 130 participates in edge VLAN 154 without segregation, the same global VLAN can be mapped to edge VLAN 154 for both datacenters 120 and 130. This global VLAN spans both datacenters 120 and 130. This global VLAN can be mapped to both datacenters 120 and 130, or can be created and mapped to datacenters 120 and 130 independently. This also allows partial segregation. For example, if edge VLAN 152 requires segregation, separate global VLANs can still be mapped to edge VLAN 152 for datacenters 120 and 130. In this way, packets of edge VLAN 152 is segregated for datacenters 120 and 130, but packets of edge VLAN 154 are not segregated in network 100.
[0055] With existing technologies, network 100 typically uses a separate VLAN tag, which is referred to as service tag or S-tag, in addition to the edge VLAN tag (can also be referred to as customer tag or C-tag). However, since the length of an S-tag is typically the same as the length of a C-tag, the number of VLANs supported in the provider network still remains limited. On the other hand, the S-tag and the C-tag can be used together as a single identifier to extend the number of VLANs supported in network 100. However, such identifier may not distinguish between datacenters 120 and 130 coupled to network 100 and segregate the same edge VLANs of different datacenters. For example, tags of edge VLAN 152 of datacenters 120 and 130 can be mapped to the same identifier in network 100 and traffic of edge VLAN 152 may not be segregated for datacenters 120 and 130.
[0056] To solve this problem, a respective switch in network 100 maps edge VLANs 152 and 154 to global VLANs. The global VLANs are distinct among edge VLANs of different tenants and datacenters. The number of supported global VLANs can be significantly larger than the number of edge VLANs in network 100. In some embodiments, the number of bits used to represent edge VLAN tags and global VLAN tags are 12 and 24, respectively. For example, edge VLAN 152 used by two tenants are mapped to two distinct global VLANs in network 100. As a result, a respective tenant can use edge VLAN 152, and therefore, can use a large number of edge VLANs (e.g., up to the available number of edge VLANs represented by 12 bits). The global VLAN mapped to edge VLAN 152 can be included in the packets within the provider network. As a result, switches in network 100 segregates these packets of the global VLAN from other traffic. In some embodiments, this global VLAN is removed when the packets leave network [0057] Furthermore, the same edge VLAN 152 used at datacenters 120 and 130 (i.e., configured in datacenter domain 172 and 174, respectively) is mapped to two distinct global VLANs. As a result, for the same edge VLAN 152, the traffic from different datacenters is segregated in network 100. Moreover, a global VLAN can be persistent in network 100 and is included in the packets forwarded in network 100. For example, if virtual machine 134 moves to host machine 116 in datacenter domain 174 (denoted with dotted lines), virtual machine 134 remains associated with edge VLAN 154 and maps to the same global VLAN.
Global VLAN mannings
[0058] In some embodiments, in the example in FIG. 1, switch 103 is coupled to datacenters 120 and 130, and is configured for edge VLANs 152 and 154. Hence, switch 103 can map tags of edge VLANs 152 and 154 to global VLAN tags such that a respective global VLAN tag is distinct for datacenters 120 and 130. FIG. 2A illustrates exemplary mappings of global virtual local area networks (VLANs), in accordance with an embodiment of the present invention. An edge packet (i.e., a packet received via an edge port of a switch in network 100) can include an edge VLAN tag 202 (e.g., a C-tag). A switch maps edge VLAN tag 202 to a global VLAN tag 204. If an edge packet includes edge VLAN tag 202, the switch includes global VLAN tag 204 in the corresponding inter-switch packet in network 100.
[0059] To segregate traffic among different tenants, mapping between edge VLAN tag 202 and global VLAN tag 204 can further include a tenant identifier 216 (denoted with dotted line), which can be any information that can distinguish between tenants. Examples of tenant identifier 216 include, but are not limited to, a generated identifier, a virtual or physical MAC address, an IP address, an IP sub-network (subnet), a logical or physical port identifier, a virtual switch identifier, a hypervisor identifier, and a combination thereof. Furthermore, to distinguish between different datacenter domains, this mapping can also include a datacenter domain identifier 218 (denoted with dotted line) which can be any information that can distinguish between datacenter domains. This combination of edge VLAN tag 202, tenant identifier 216, and datacenter domain identifier 218 can be mapped to global VLAN tag 204.
[0060] In some embodiments, the inter-switch packet is a fabric-encapsulated packet. Examples of fabric encapsulation include, but are not limited to, TRILL, IP, and a combination thereof. In some embodiments, the global VLAN tag is based on Fine Grained Labeling (FGL) comprising two tag segments 212 and 214. These tag segments together represent the bits of global VLAN tag 204. FGL is described in Internet Engineering Task Force (IETF) Request for Comments (RFC) 7172, titled "Transparent Interconnection of Lots of Links (TRILL): Fine- Grained Labeling," available at http://tools.ietf.org/html/rfc7172, which is incorporated by reference herein.
[0061] In some embodiments, the switch maps global VLAN tag 204 to an internal virtual identifier (IVID) 206. Forwarding in virtualized network based on IVID is described in U.S. Patent Application No. 13/044,301 (Attorney Docket No. BRCD-3042.1.US.NP), titled "Flooding Packets on a Per- Virtual-Network Basis," by inventors Shunjia Yu, Anoop Ghanwani, Phanidhar Koganti, and Dilip Chatwani, filed 09 March 2011, the disclosure of which is incorporated by reference herein.
[0062] When an edge packet is received by the switch via an edge port, the packet header is processed by the switch to determine the egress port, which can be either an edge port or an inter-switch port, via which the packet is to be forwarded. Oftentimes, a forwarding module of the switch (e.g., an integrated circuit specifically designed for performing forwarding lookups) is the bottleneck in the data path. Consequently, increasing the processing speed and decreasing the size and complexity of the forwarding module is usually very important. It should be noted that rVID 206 is internal and local to the switch, and is not included in a packet. For the same global VLAN tag 204, a corresponding rVID 206 can be different for different switches in network 100. In some embodiments, an IVID can also be mapped to an edge VLAN tag. This allows an egress switch to forward packets via an edge port.
[0063] In some embodiments, in addition to global VLAN tag 204, IVID 206 can be mapped to additional information 210 (denoted with dotted line), such as the port via which the packet is received and/or one or more fields (which may include the VPN identifier) in the packet. This IVID is mapped to an egress port 208 of the switch. A plurality of global VLAN tags can be mapped to the same IVID. An edge VLAN tag can also be mapped to an IVID. Upon determining IVID 206 for the packet, the switch forwards the packet via egress port 208 based on its mapping with IVID 206. The length (in terms of bits) of the IVID can be less than the combined length of the one or more fields in the packet's header, such as global VLAN tag 204, which are used for determining the IVID. This reduction in length can increase the processing speed of the forwarding module, and decrease the overall size and complexity of the
implementation.
[0064] There are at least two non-obvious insights that allow the mapping of global VLAN tag 204 (and additional information) to a shorter sized rVTD 206 without significantly affecting network virtualization functionality. The first non-obvious insight is that, even though a respective tenant is given the capability to create a large number of virtual networks based on global VLANs, it is unlikely that each and every tenant provisions a large number of virtual networks. For example, even though each tenant may be given the capability to create 4K VLANs using 12 bits of an edge VLAN tags, it is unlikely for a respective tenant to provision 4K VLANs. Hence, the IVID does not have to be long enough to handle cases in which a respective tenant provisions 4K VLANs. Note that the entire 4K VLAN address space is still available to a respective tenant.
[0065] The second non-obvious insight is that multiple global VLAN tags can be mapped to a single IVID. Note that a switch assigns a unique IVID for a global VLAN or an edge VLAN if the switch receives/forwards packets from/to an end device (e.g., end device 142) via an edge port. For example, an ingress switch may assign a unique IVID for a respective global VLAN whose packets are receives via an edge port. Similarly, an egress switch may assign a unique IVID for a respective edge VLAN whose packets are forwarded via an edge port. However, if the switch is not an ingress or egress switch for a set of global VLANs, the switch can map a set of global VLANs to a common "pass-through" IVID.
[0066] FIG. 2B illustrates exemplary direct mapping of a global VLAN to a virtual machine's MAC address, in accordance with an embodiment of the present invention. In some embodiments, if a virtual machine is not associated with an edge VLAN, the virtual machine can be associated with a global VLAN. If the virtual machine is not coupled to a vSwitch of a hypervisor, the virtual machine may not be associated with an edge VLAN. The MAC address 220 of the virtual machine can directly be mapped to global VLAN 204. This allows segregation of traffic from that virtual machine in network 100.
[0067] In some embodiments, the mappings in FIG. 2A are stored in tables. FIG. 2C illustrates exemplary tables comprising mappings of global VLANs, in accordance with an embodiment of the present invention. Suppose that edge VLANs 152 and 154 have edge VLAN tags 222 and 224, respectively, and datacenter domains 172 and 174 have identifiers 272 and 274, respectively. A table 252 of a switch in network 100 (e.g., switch 103) includes mappings of edge VLAN tags 222 and 224 to corresponding global VLAN tags. In some embodiments, this mapping also includes tenant identifiers and/or datacenter domain identifiers. Inclusion of this mapping allows table 252 to store mapping of edge VLAN tags associated with different tenants and datacenter domains to distinct global VLAN tags.
[0068] For example, for a tenant with tenant identifier 282 in datacenter domain 172, edge VLAN tags 222 and 224, and corresponding tenant identifier 282 and datacenter domain identifier 272, are mapped to global VLAN tags 231 and 232, respectively. Suppose that the same tenant also uses edge VLAN tag 224 in datacenter domain 174 (i.e., has edge VLAN 254 in datacenter 130). That edge VLAN tag 224, and corresponding tenant identifier 282 and datacenter domain identifier 274, is mapped to a different global VLAN tag 233. In this way, traffic from a tenant's same edge VLAN 154 at different datacenters can be segregated in network 100. It should be noted that the tenant with identifier 282 may not have edge VLAN 152 in datacenter 130.
[0069] Similarly, for a tenant with tenant identifier 284 in datacenter domain 174, edge VLAN tags 222 and 224, and corresponding tenant identifier 284 and datacenter domain identifier 274, are mapped to global VLAN tags 234 and 235, respectively. Suppose that the same datacenter domain also includes another tenant with identifier 286, which uses edge VLAN tag 224 in datacenter domain 174 (i.e., has edge VLAN 254 in datacenter 130). That edge VLAN tag 224, and corresponding tenant identifier 286 and datacenter domain identifier 274, is mapped to a different global VLAN tag 236. In this way, packets with the same edge VLAN tag 224 from different tenants within the same datacenter can be segregated in network 100. It should be noted that the tenant with identifier 286 may not have edge VLAN 152 in datacenter 130.
[0070] In some embodiments, a switch in network 100, upon generating a global VLAN tag, shares the global VLAN tag with other switches in network 100. If network 100 is a fabric switch, the switch can use internal messaging (e.g., a name service) for the fabric switch to generate a notification message. The switch then includes the generated global VLAN tag in the notification message, determines an egress port for the notification message, and transmits the notification message via the egress port. In this way, a respective switch in network 100 is aware of all global VLAN tags generated for network 100. For example, switch 103 can generate global VLAN tag 232 and switch 105 can generate global VLAN tag 236. Upon exchanging notification messages, both switches 103 and 105 have global VLAN tags 232 and 236. In some
embodiments, a respective global VLAN tag is unique in network 100.
[0071] A respective global VLAN tag can be mapped to an IVID. In this example, switch 103 can store the mappings between global VLAN tags and its local IVIDs in table 254. Table 254 includes mappings of global VLAN tags 231, 232, 233, 234, 235, and 236 to IVIDs 261, 262, 263, 264, 265, and 266, respectively. These IVIDs are local and internal to switch 103 and not included in a packet. In some embodiments, some of these mappings can include additional information as well, as described in conjunction with FIG. 2A. For example, mappings of global VLAN tags 231, 232, 233, 235, and 236 include additional information 241, 242, 243, 244, and 245, respectively. However, global VLAN tag 234 is mapped to IVID 264, which does not include additional information. It should be noted that additional information for different global VLAN tags, such as additional information 241 and 242, can be different. For example, additional information 241 can represent a MAC address and additional information 242 can represent an IP address.
[0072] Similarly, switch 105 can store the mappings between global VLAN tags and its local IVIDs in table 256. Table 256 includes mappings of global VLAN tags 231, 232, 233, 234, 235, and 236 to IVIDs 267, 262, 263, 268, 261, and 269, respectively. These IVIDs are local and internal to switch 105 and not included in a packet. Mappings of global VLAN tags 231, 232, 233, 234, and 236 include additional information 241, 247, 244, 248, and 246, respectively. However, global VLAN tag 235 is mapped to IVID 261, which does not include additional information. Since these IVIDs are local and internal to switch 105, the same global VLAN tag 231 and internal information 241 are mapped to different IVIDs 261 and 267 in switch 103 and 105, respectively. Furthermore, global VLAN tag 232 is associated with different additional information 242 and 247 for switch 103 and 105, respectively. On the other hand, additional information 244 is associated with global VLAN tag 235 in switch 103 and with global VLAN tag 233 in switch 105.
[0073] In some embodiments, switch 103 can store another table (not shown in FIG. 2B), which maps IVIDs 261, 262, 263, 264, 265, and 266 to corresponding egress ports, as described in conjunction with FIG. 2A. Similarly, switch 105 can store another table (not shown in FIG. 2B), which maps IVIDs 267, 262, 263, 268, 261, and 269 to corresponding egress ports, as described in conjunction with FIG. 2 A. This allows switches 103 and 105 to identify a global VLAN tag in an inter-switch packet, determine a corresponding IVID from tables 254 and 256, respectively, and determine an egress port for the packet.
[0074] In the example in FIG. 1, suppose that virtual machine 124 sends a packet toward end device 142. Since virtual machine 124 is in edge VLAN 152, the packet includes edge VLAN tag 222. Upon receiving the packet, switch 103 obtains a corresponding global VLAN tag from table 252. If virtual machine 124 is associated with a tenant with identifier 282, the switch obtains the corresponding global VLAN tag 231. Switch 103 uses global VLAN tag 231 and additional information (e.g., a MAC address) to obtain IVID 261. If network 100 is a fabric switch, switch 103 encapsulates the packet in a fabric encapsulation to create an inter-switch packet and includes global VLAN tag 231 in the inter-switch packet. This global VLAN tag can be included in fabric encapsulation header (e.g., in a TRILL or IP header), a shim header, or in the header of the inner edge packet. Since end device 142 is coupled to switch 102, the egress switch identifier of the inter-switch packet corresponds to switch 102. Switch 103 then uses rVTD 261 to determine an egress port for the inter-switch packet and transmits the packet to switch 102 via the determined egress port. Upon receiving the inter-switch packet, switch 102 determines the inter-switch packet to be destined to itself, removes the fabric encapsulation to obtain the inner edge packet, and forwards the edge packet to end device 142.
Initialization
[0075] FIG. 3A presents a flowchart illustrating the process of a datacenter manager creating a datacenter domain for a datacenter, in accordance with an embodiment of the present invention. During operation, the datacenter manager identifies one or more switches coupled to the datacenter (operation 302) and identifies ports of identified switches associated with the datacenter (operation 304). In the example in FIG. 1, the datacenter manager of datacenter 130 identifies switches 103 and 105 in operation 302, and identifies ports 162 and 164 in operation 304. The datacenter manager then creates a datacenter domain comprising the identified ports (operation 306) and allocates a unique identifier to the datacenter domain (operation 308). The operations in FIG. 3A can be repeated for a respective datacenter.
[0076] FIG. 3B presents a flowchart illustrating the process of a switch mapping an edge VLAN tag to a global VLAN tag, in accordance with an embodiment of the present invention. During operation, switch identifies an edge VLAN tag associated with the local switch (operation 332). The switch identifies a datacenter domain and, optionally, a tenant identifier for the edge VLAN tag (operation 334). The switch then maps the edge VLAN tag to a global VLAN tag such that the global VLAN tag is unique, and is distinct among the tenants and datacenter domains (operation 336), as described in conjunction with FIG. 2A. The switch then stores the mapping a local table (operation 338). The switch can repeat the operations of FIG. 3B for a respective edge VLAN associated with the switch. In some embodiments, the switch can map the MAC address of a physical or virtual end device to a global VLAN if the end device is not in an edge VLAN.
[0077] FIG. 3C presents a flowchart illustrating the process of a switch mapping a global VLAN to an IVID, in accordance with an embodiment of the present invention. During operation, the switch identifies a global VLAN tag associated with the local switch (operation 352). The switch, optionally, obtains additional information associated with the global VLAN tag (operation 354) (denoted with dashed lines), and maps the global VLAN tag (and additional information) to an IVID, which is internal and local to the switch (operation 356). It should be noted that the mapping may not include additional information, as described in conjunction with FIG. 2B. A plurality of global VLAN tags can be mapped to the same IVID. The switch can further map the IVID to an egress port (operation 358). The switch stores one or both mappings in local tables (operation 360). Packet Forwardin2
[0078] FIG. 4A presents a flowchart illustrating the process of a switch forwarding a packet received from an edge port based on scalable and segregated network virtualization, in accordance with an embodiment of the present invention. During operation, the switch receives a packet from an edge port (operation 402) and identifies an edge VLAN tag from the packet (operation 404). The switch checks whether the packet is destined to a local edge port (operation 406). If the packet is destined to a local edge port, the switch identifies an IVID mapped to an edge VLAN tag (and additional information associated with the packet) (operation 408). If not (i.e., if the packet is destined to an inter-switch port), the switch encapsulates the packet to an inter-switch packet (operation 410). If the switch is a member switch of a fabric switch, the switch can use fabric encapsulation (e.g., TRILL or IP encapsulation) to create the inter-switch packet.
[0079] The switch identifies a global VLAN tag mapped to edge VLAN tag from a local table (operation 412), as described in conjunction with FIG. 2B. The switch includes the global VLAN tag in the inter-switch packet (operation 414) and identifies an IVID mapped to the global VLAN tag (and additional information associated with the packet) (operation 416). Based on the identified IVID (operation 408 or 416), the switch identifies an egress port mapped to the identified IVID (operation 418) and transmits the packet via the identified egress port (operation 420).
[0080] FIG. 4B presents a flowchart illustrating the process of a switch forwarding a packet received from an inter-switch port based on scalable network virtualization, in accordance with an embodiment of the present invention. During operation, the switch receives a packet from the inter-switch port (operation 452). The switch checks whether the packet is destined to a local edge port (operation 454). If the packet is destined to a local edge port, the switch decapsulates the inter-switch packet to extract the inner edge packet (operation 456) and identifies an IVID mapped to an edge VLAN tag of the edge packet (and additional information associated with the edge packet) (operation 458).
[0081] If not (i.e., if the packet is destined to an inter-switch port), the switch identifies a global VLAN tag from the packet (operation 464) and identifies an IVID mapped to the global VLAN tag (and additional information associated with the packet) (operation 466). Based on the identified IVID (operation 458 or 466), the switch identifies an egress port mapped to the identified IVID (operation 460) and transmits the packet via the identified egress port (operation 462). Port Profiles
[0082] A port profile which specifies a set of port configuration information and allows dynamically provisioning a port, specifically for a virtual machine. A port profile can be created for that virtual machine, which is moved to a corresponding switch port as the virtual machine moves in the network. A fabric switch can quickly detect when a virtual machine moves to a new location. The port profile corresponding to the virtual machine can then be automatically applied to the new location (i.e., the new physical switch port to which the virtual machine couples). This way, the network can respond quickly to the dynamic location changes of virtual machines. Port profiles are described in U.S. Patent Application No. 13/042,259 (Attorney Docket No. BRCD-3012.1.US.NP), titled "Port Profile Management for Virtual Cluster Switching," by inventors Dilip Chatwani, Suresh Vobbilisetty, and Phanidhar Koganti, filed 07 March 2011, the disclosure of which is incorporated by reference herein.
[0083] A port profile can contain the entire configuration needed for a virtual machine to gain access to a LAN or WAN, which can include: Fibre Channel over Ethernet (FCoE) configuration, VLAN configuration, QoS related configuration, and security related
configuration, such as access control lists (ACLs). The list above is by no means complete or exhaustive. Furthermore, it is not necessary that a port profile contains every type of configuration information.
[0084] In one embodiment, a port profile can be capable of operating as a self contained configuration container. In other words, if a port profile is applied to a new switch without any additional configuration, the port profile should be sufficient to set the switch' s global and local (interface level) configuration and allow the switch to start carrying traffic.
[0085] A VLAN configuration profile within a port profile can define:
a. edge VLAN membership which includes tagged VLANs and an untagged VLAN; b. global VLAN membership which includes mappings of global VLANs; and c. ingress/egress VLAN filtering rules based on the VLAN membership.
[0086] A QoS configuration profile within a port profile can define:
d. mapping from an incoming frame's 802. lp priority to internal queue priority; (if the port is in QoS untrusted mode, all incoming frame's priorities would be mapped to the default best-effort priority)
e. mapping from an incoming frame's priority to outgoing priority;
f. scheduling profile, such as weighted Round- Robin or strict-priority based queuing; g. mapping of an incoming frame's priority to strict-priority based or weighted Round-Robin traffic classes;
h. flow control mechanisms on a strict-priority based or weight Round-Robin traffic class; and
i. limitations on multicast datarate.
[0087] An FCoE configuration profile within a port profile defines the attributes needed for the port to support FCoE, which can include:
j. FCoE VLAN;
k. FCMAP;
1. FCoE Priority; and
m. virtual Fabric ID.
[0088] A security configuration profile within a port profile defines the security rules needed for the server port. However, the security rules can be different at different ports, so some of the locally configured ACLs can be allowed to override conflicting rules from a port profile. A typical security profile can contain the following attributes:
n. Enable 802. lx with EAP TLV extensions for VM mobility; and
o. MAC based standard and extended ACLs.
[0089] FIG. 5A illustrates an exemplary provider network with port profile sets for scalable and segregated network virtualization, in accordance with an embodiment of the present invention. In this example, a switch segregates port profiles for a respective datacenter domain. During operation, switch 103 obtains port profile sets 502 and 504 for datacenters 120 and 130, respectively. In this way, the port profiles for virtual machines 124 and 126 are in port profile set 502. Similarly, the port profiles for virtual machines 132 and 134 are in port profile set 504, which is segregated from port profile set 502. To ensure segregation, port profile set 502 is not shared in datacenter 130, and port profile set 504 is not shared in datacenter 120.
[0090] In one embodiment, each port profile can have one or more MAC addresses associated with it. FIG. 5B illustrates exemplary port profile sets for scalable and segregated network virtualization, in accordance with an embodiment of the present invention. In this example, port profile set 502 includes one or more port profiles. Port profile set 502 includes port profile 552, which is associated with one or more MAC addresses. These MAC address can be virtual MAC addresses assigned to different virtual machines, such as the MAC address of virtual machine 126. This port-profile-to-MAC address mapping information can be included in port profile 552, or can be maintained outside of port profile 552 (e.g., in a separate table). Port profile set 502 is distributed throughout network 100. A port profile can be activated for a port in three ways: (1) when a hypervisor binds a MAC address to a port profile identifier; (2) through regular MAC learning; and (3) through a manual configuration process via a management interface.
[0091] In this example, port profile set 504 includes one or more port profiles. Port profile set 504 includes port profile 554, which is associated with one or more MAC addresses. These MAC address can be virtual MAC addresses assigned to different virtual machines, such as the MAC addresses of virtual machines 132 and 134. This port-profile-to-MAC address mapping information can be included in port profile 554, or can be maintained outside of port profile 554 (e.g., in a separate table). A set of virtual machines can be grouped in network 100 by associating them with one port profile. This group can be used to dictate forwarding between the virtual machines.
[0092] FIG. 6A presents a flowchart illustrating the process of a switch obtaining port profile sets associated with datacenters associated with the switch, in accordance with an embodiment of the present invention. During operation, the switch identifies the datacenter domains associated with the local switch (operation 602). The switch then obtains port profile sets associated with a respective datacenter domain (operation 604). A switch can obtain the port profile sets from a user (e.g., via a message from an administrative station, a command line interface (CLI) command, or a web interface). A switch can also received the port profiles from a user and generate the corresponding port profile sets based on a datacenter domain. The switch then locally stores the port profile sets (operation 606)
[0093] FIG. 6B presents a flowchart illustrating the process of a switch applying a port profile from a port profile set based on a received packet, in accordance with an embodiment of the present invention. During operation, the switch receives a packet from a local port (operation 652). The switch then obtains the source MAC address of the packet (operation 654) and identifies the datacenter domain associated with the source MAC address (operation 656). In some embodiments, the switch identifies the datacenter domain based on the ingress port via which the packet has been received (i.e., identifies the datacenter domain associated with the ingress port of the packet). The switch retrieves the port profile associated with the MAC address from the port profile set associated with the identified datacenter domain (operation 658). The switch then applies the received port profile to the local port (i.e., the ingress port of the packet) (operation 660).
Exemplary Switch [0094] FIG. 7 illustrates an exemplary architecture of a switch scalable and segregated network virtualization support, in accordance with an embodiment of the present invention. In this example, a switch 700 includes a number of communication ports 702, a packet processor 710, a virtual network module 730, a forwarding module 720, and a storage device 750. Packet processor 710 extracts and processes header information from the received frames.
[0095] In some embodiments, switch 700 may maintain a membership in a fabric switch, as described in conjunction with FIG. 1A, wherein switch 700 also includes a fabric switch management module 760. Fabric switch management module 760 maintains a configuration database in storage device 750 that maintains the configuration state of every switch within the fabric switch. Fabric switch management module 760 maintains the state of the fabric switch, which is used to join other switches. In some embodiments, switch 700 can be configured to operate in conjunction with a remote switch as an Ethernet switch.
[0096] Communication ports 702 can include inter-switch communication channels for communication within a fabric switch. This inter-switch communication channel can be implemented via a regular communication port and based on any open or proprietary format. Communication ports 702 can include one or more TRILL ports capable of receiving frames encapsulated in a TRILL header. Communication ports 702 can also include one or more IP ports capable of receiving IP packets. An IP port is capable of receiving an IP packet and can be configured with an IP address. Packet processor 710 can process TRILL-encapsulated frames and/or IP packets.
[0097] During operation, virtual network module 730 includes a global VLAN tag in a packet received via an ingress port among communication ports 702. Forwarding module 720 identifies an egress port among communication ports 702 for the packet based on the global VLAN tag. In some embodiments, switch 700 also includes a tag management module 732, which generates the global VLAN tag based on the datacenter domain and the edge VLAN tag. Fabric switch management module 760 can include the generated global VLAN tag in a notification message for the member switches of the fabric switch. In some embodiments, switch 700 also includes a port profile module 740, which applies a port profile to the ingress port of the packet in response to identifying the source MAC address of the packet in a port profile. This port profile can be in a port profile set associated with a corresponding data center domain.
[0098] Note that the above-mentioned modules can be implemented in hardware as well as in software. In one embodiment, these modules can be embodied in computer-executable instructions stored in a memory, which is coupled to one or more processors in switch 700. When executed, these instructions cause the processor(s) to perform the aforementioned functions.
[0099] In summary, embodiments of the present invention provide a switch and a method for facilitating scalable and segregated network virtualization. In one embodiment, the switch includes a virtual network module and a forwarding module. The virtual network module includes a global VLAN tag in a packet. The global VLAN tag is mapped to an edge VLAN tag in the packet and is associated with a datacenter domain. The datacenter domain indicates a set of ports associated with a datacenter. The forwarding module identifies an egress edge port for the packet based on the global VLAN tag.
[00100] The methods and processes described herein can be embodied as code and/or data, which can be stored in a computer-readable non-transitory storage medium. When a computer system reads and executes the code and/or data stored on the computer-readable non- transitory storage medium, the computer system performs the methods and processes embodied as data structures and code and stored within the medium.
[00101] The methods and processes described herein can be executed by and/or included in hardware modules or apparatus. These modules or apparatus may include, but are not limited to, an application-specific integrated circuit (ASIC) chip, a field-programmable gate array (FPGA), a dedicated or shared processor that executes a particular software module or a piece of code at a particular time, and/or other programmable-logic devices now known or later developed. When the hardware modules or apparatus are activated, they perform the methods and processes included within them.
[00102] The foregoing descriptions of embodiments of the present invention have been presented only for purposes of illustration and description. They are not intended to be exhaustive or to limit this disclosure. Accordingly, many modifications and variations will be apparent to practitioners skilled in the art. The scope of the present invention is defined by the appended claims.

Claims

What Is Claimed Is:
1. A switch, comprising:
a virtual network module adapted to include a global virtual local area network (VLAN) tag in a packet, wherein the global VLAN tag is mapped to an edge VLAN tag in the packet and is associated with a datacenter domain, which indicates a set of ports associated with a datacenter; and
a forwarding module adapted to identify an egress edge port for the packet based on the global VLAN tag.
2. The switch of claim 1, wherein the global VLAN tag is mapped to an internal virtual identifier, which is internal and local to the switch; and
wherein the forwarding module is further adapted to identify the egress edge port based on a mapping between the egress port and the internal virtual identifier.
3. The switch of claim 1, wherein the edge VLAN tag is associated with a virtual machine; and
wherein the virtual machine is allowed to migrate to the set of ports indicated by the datacenter domain.
4. The switch of claim 1, wherein the packet does not include the edge VLAN tag; and
wherein the global VLAN tag is mapped to a media access control (MAC) address in the packet.
5. The switch of claim 1, wherein the global VLAN tag is further mapped to one or more of:
a tenant identifier, which is information that can distinguish between tenants; and an identifier of the datacenter domain.
6. The switch of claim 1, further comprising a tag management module adapted to generate the global VLAN tag based on the datacenter domain and the edge VLAN tag.
7. The switch of claim 1, further comprising a fabric switch management module adapted to maintain a membership in a fabric switch, wherein the fabric switch is adapted to accommodate a plurality of member switches and operates as a single switch.
8. The switch of claim 7, wherein the fabric switch management module is further adapted to include the global VLAN tag in a notification message for the member switches, wherein the global VLAN tag is generated based on the datacenter domain and the edge VLAN tag.
9. The switch of claim 7, further comprising a port profile module adapted to apply a port profile to the ingress port of the packet in response to identifying the source MAC address of the packet in a port profile.
10. The switch of claim 9, wherein the port profile is in a port profile set associated with the datacenter domain.
11. A computer-executable method, comprising:
including a global virtual local area network (VLAN) tag in a packet, wherein the global VLAN tag is mapped to an edge VLAN tag in the packet and is associated with a datacenter domain, which indicates a set of ports associated with a datacenter; and
identifying an egress edge port for the packet based on the global VLAN tag.
12. The method of claim 11, wherein the global VLAN tag is mapped to an internal virtual identifier, which is internal and local to the switch; and
wherein the method further comprises identifying the egress edge port based on a mapping between the egress port and the internal virtual identifier.
13. The method of claim 11, wherein the edge VLAN tag is associated with a virtual machine; and
wherein the virtual machine is allowed to migrate to the set of ports indicated by the datacenter domain.
14. The method of claim 11, wherein the packet does not include the edge VLAN tag; and
wherein the global VLAN tag is mapped to a media access control (MAC) address in the packet.
15. The method of claim 11, wherein the global VLAN tag is further mapped to one or more of:
a tenant identifier, which is information that can distinguish between tenants; and an identifier of the datacenter domain.
16. The method of claim 11, further comprising generating the global VLAN tag based on the datacenter domain and the edge VLAN tag.
17. The method of claim 11, further comprising maintaining a membership in a fabric switch, wherein the fabric switch is adapted to accommodate a plurality of member switches and operates as a single switch.
18. The method of claim 17, further comprising including the global VLAN tag in a notification message for the member switches, wherein the global VLAN tag is generated based on the datacenter domain and the edge VLAN tag.
19. The method of claim 17, further comprising applying a port profile to the ingress port of the packet in response to identifying the source MAC address of the packet in a port profile.
20. The method of claim 19, wherein the port profile is in a port profile set associated with the datacenter domain.
21. A computing system, comprising:
a processor; and
a non-transitory computer-readable storage medium storing instructions which when executed by the processor causes the processor to perform a method, the method comprising:
including a global virtual local area network (VLAN) tag in a packet, wherein the global VLAN tag is mapped to an edge VLAN tag in the packet and is associated with a datacenter domain, which indicates a
set of ports associated with a datacenter; and
identifying an egress edge port for the packet based on the global VLAN tag.
22. The computing system of claim 21, wherein the global VLAN tag is mapped to an internal virtual identifier, which is internal and local to the switch; and
wherein the method further comprises identifying the egress edge port based on a mapping between the egress port and the internal virtual identifier.
23. The computing system of claim 21, wherein the packet does not include the edge VLAN tag; and
wherein the global VLAN tag is mapped to a media access control (MAC) address in the packet.
24. The computing system of claim 21, wherein the method further comprises maintaining a membership in a fabric switch, wherein the fabric switch is adapted to
accommodate a plurality of member switches and operates as a single switch.
25. The computing system of claim 24, wherein the method further comprises applying a port profile to the ingress port of the packet in response to identifying the source MAC address of the packet in a port profile, wherein the port profile is in a port profile set associated with the datacenter domain.
PCT/US2014/041774 2013-06-10 2014-06-10 Scalable and segregated network virtualization WO2014201040A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CN201480043860.1A CN105519046B (en) 2013-06-10 2014-06-10 Scalable and separate type network virtualization
EP14738940.7A EP3008860B1 (en) 2013-06-10 2014-06-10 Switch and a method for facilitating scalable and segregated network virtualization
EP17181928.7A EP3261301B1 (en) 2013-06-10 2014-06-10 Scalable and segregated network virtualization

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US201361833376P 2013-06-10 2013-06-10
US61/833,376 2013-06-10
US14/299,206 2014-06-09
US14/299,206 US9699001B2 (en) 2013-06-10 2014-06-09 Scalable and segregated network virtualization

Publications (1)

Publication Number Publication Date
WO2014201040A1 true WO2014201040A1 (en) 2014-12-18

Family

ID=52005432

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2014/041774 WO2014201040A1 (en) 2013-06-10 2014-06-10 Scalable and segregated network virtualization

Country Status (4)

Country Link
US (1) US9699001B2 (en)
EP (2) EP3008860B1 (en)
CN (1) CN105519046B (en)
WO (1) WO2014201040A1 (en)

Families Citing this family (48)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9270486B2 (en) 2010-06-07 2016-02-23 Brocade Communications Systems, Inc. Name services for virtual cluster switching
US9716672B2 (en) 2010-05-28 2017-07-25 Brocade Communications Systems, Inc. Distributed configuration management for virtual cluster switching
US9769016B2 (en) 2010-06-07 2017-09-19 Brocade Communications Systems, Inc. Advanced link tracking for virtual cluster switching
US8867552B2 (en) 2010-05-03 2014-10-21 Brocade Communications Systems, Inc. Virtual cluster switching
US9807031B2 (en) 2010-07-16 2017-10-31 Brocade Communications Systems, Inc. System and method for network configuration
US9450870B2 (en) 2011-11-10 2016-09-20 Brocade Communications Systems, Inc. System and method for flow management in software-defined networks
US9374301B2 (en) 2012-05-18 2016-06-21 Brocade Communications Systems, Inc. Network feedback in software-defined networks
US9401872B2 (en) 2012-11-16 2016-07-26 Brocade Communications Systems, Inc. Virtual link aggregations across multiple fabric switches
US9565099B2 (en) 2013-03-01 2017-02-07 Brocade Communications Systems, Inc. Spanning tree in fabric switches
US9699082B2 (en) * 2013-08-27 2017-07-04 Cisco Technology, Inc. Inter-domain network tenant identifier
WO2015054902A1 (en) * 2013-10-18 2015-04-23 华为技术有限公司 Method, controller, forwarding device, and network system for forwarding packets
US9912612B2 (en) 2013-10-28 2018-03-06 Brocade Communications Systems LLC Extended ethernet fabric switches
CN104717150B (en) * 2013-12-13 2019-06-11 中兴通讯股份有限公司 Switch and packet discarding method
US9548873B2 (en) 2014-02-10 2017-01-17 Brocade Communications Systems, Inc. Virtual extensible LAN tunnel keepalives
US10581758B2 (en) 2014-03-19 2020-03-03 Avago Technologies International Sales Pte. Limited Distributed hot standby links for vLAG
US10476698B2 (en) 2014-03-20 2019-11-12 Avago Technologies International Sales Pte. Limited Redundent virtual link aggregation group
US10063473B2 (en) 2014-04-30 2018-08-28 Brocade Communications Systems LLC Method and system for facilitating switch virtualization in a network of interconnected switches
US9800471B2 (en) * 2014-05-13 2017-10-24 Brocade Communications Systems, Inc. Network extension groups of global VLANs in a fabric switch
US10616108B2 (en) 2014-07-29 2020-04-07 Avago Technologies International Sales Pte. Limited Scalable MAC address virtualization
US9807007B2 (en) 2014-08-11 2017-10-31 Brocade Communications Systems, Inc. Progressive MAC address learning
US10841360B2 (en) 2014-12-08 2020-11-17 Umbra Technologies Ltd. System and method for content retrieval from remote network regions
US9942097B2 (en) 2015-01-05 2018-04-10 Brocade Communications Systems LLC Power management in a network of interconnected switches
US10003552B2 (en) 2015-01-05 2018-06-19 Brocade Communications Systems, Llc. Distributed bidirectional forwarding detection protocol (D-BFD) for cluster of interconnected switches
WO2016110785A1 (en) 2015-01-06 2016-07-14 Umbra Technologies Ltd. System and method for neutral application programming interface
CN107409079B (en) * 2015-01-28 2021-05-07 安博科技有限公司 System and method for global virtual network
US10038592B2 (en) 2015-03-17 2018-07-31 Brocade Communications Systems LLC Identifier assignment to a new switch in a switch group
US10574482B2 (en) 2015-04-07 2020-02-25 Umbra Technologies Ltd. Multi-perimeter firewall in the cloud
US10579406B2 (en) 2015-04-08 2020-03-03 Avago Technologies International Sales Pte. Limited Dynamic orchestration of overlay tunnels
US9628379B2 (en) 2015-06-01 2017-04-18 Cisco Technology, Inc. Large scale residential cloud based application centric infrastructures
JP2018517372A (en) 2015-06-11 2018-06-28 アンブラ テクノロジーズ リミテッドUmbra Technologies Ltd. Method and system for integration of multiple protocols in a network tapestry
US10277736B2 (en) 2015-07-30 2019-04-30 At&T Intellectual Property I, L.P. Methods, systems, and computer readable storage devices for determining whether to handle a request for communication services by a physical telephone number mapping service or a virtual telephone number mapping service
US9888127B2 (en) 2015-07-30 2018-02-06 At&T Intellectual Property I, L.P. Methods, systems, and computer readable storage devices for adjusting the use of virtual resources providing communication services based on load
US9851999B2 (en) 2015-07-30 2017-12-26 At&T Intellectual Property I, L.P. Methods, systems, and computer readable storage devices for handling virtualization of a physical telephone number mapping service
US9866521B2 (en) 2015-07-30 2018-01-09 At&T Intellectual Property L.L.P. Methods, systems, and computer readable storage devices for determining whether to forward requests from a physical telephone number mapping service server to a virtual telephone number mapping service server
US10439929B2 (en) 2015-07-31 2019-10-08 Avago Technologies International Sales Pte. Limited Graceful recovery of a multicast-enabled switch
US10171303B2 (en) 2015-09-16 2019-01-01 Avago Technologies International Sales Pte. Limited IP-based interconnection of switches with a logical chassis
US9912614B2 (en) 2015-12-07 2018-03-06 Brocade Communications Systems LLC Interconnection of switches based on hierarchical overlay tunneling
EP4167547A1 (en) 2015-12-11 2023-04-19 Umbra Technologies Ltd. System and method for information slingshot over a network tapestry and granularity of a tick
US10931575B2 (en) 2016-04-13 2021-02-23 Nokia Technologies Oy Multi-tenant virtual private network based on an overlay network
EP3449617B1 (en) 2016-04-26 2021-08-18 Umbra Technologies Ltd. Network slinghop via tapestry slingshot
US10326830B1 (en) * 2016-09-02 2019-06-18 Amazon Technologies, Inc. Multipath tunneling to a service offered at several datacenters
US10237090B2 (en) 2016-10-28 2019-03-19 Avago Technologies International Sales Pte. Limited Rule-based network identifier mapping
US10277535B2 (en) 2017-03-31 2019-04-30 Hewlett Packard Enterprise Development Lp Network switch systems including logical switches
US10728268B1 (en) * 2018-04-10 2020-07-28 Trend Micro Incorporated Methods and apparatus for intrusion prevention using global and local feature extraction contexts
US11102296B2 (en) * 2018-04-30 2021-08-24 International Business Machines Corporation Big bang approach in datacenter migrations
US11233692B2 (en) * 2020-03-19 2022-01-25 Dell Products L.P. Out-of-band-management systems and methods for integrated serial console and ethernet access
CN113472562B (en) * 2020-03-31 2023-09-01 华为技术有限公司 Equipment management method, device and computer system
US11582227B2 (en) 2020-12-22 2023-02-14 Microsoft Technology Licensing, Llc Securing network access at edge sites using trusted network devices

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050220096A1 (en) * 2004-04-06 2005-10-06 Robert Friskney Traffic engineering in frame-based carrier networks
US20110299413A1 (en) * 2010-06-02 2011-12-08 Brocade Communications Systems, Inc. Port profile management for virtual cluster switching
US20110299531A1 (en) * 2010-06-08 2011-12-08 Brocade Communications Systems, Inc. Flooding packets on a per-virtual-network basis
WO2014031781A1 (en) * 2012-08-21 2014-02-27 Brocade Communications Systems, Inc. Global vlans for fabric switches

Family Cites Families (432)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US829529A (en) 1906-01-31 1906-08-28 John N Keathley Cotton-chopper.
US5309433A (en) 1992-06-18 1994-05-03 International Business Machines Corp. Methods and apparatus for routing packets in packet transmission networks
KR100287045B1 (en) 1992-07-06 2001-04-16 존 비. 메이슨 Method and system for naming/binding object
US5390173A (en) 1992-10-22 1995-02-14 Digital Equipment Corporation Packet format in hub for packet data communications system
US5802278A (en) 1995-05-10 1998-09-01 3Com Corporation Bridge/router architecture for high performance scalable networking
US5684800A (en) 1995-11-15 1997-11-04 Cabletron Systems, Inc. Method for establishing restricted broadcast groups in a switched network
US5983278A (en) 1996-04-19 1999-11-09 Lucent Technologies Inc. Low-loss, fair bandwidth allocation flow control in a packet switch
US6085238A (en) 1996-04-23 2000-07-04 Matsushita Electric Works, Ltd. Virtual LAN system
US5878232A (en) 1996-12-27 1999-03-02 Compaq Computer Corporation Dynamic reconfiguration of network device's virtual LANs using the root identifiers and root ports determined by a spanning tree procedure
US20010005527A1 (en) 1997-03-31 2001-06-28 Kathleen Michelle Vaeth Thin film fabrication
US6331983B1 (en) 1997-05-06 2001-12-18 Enterasys Networks, Inc. Multicast switching
US6041042A (en) 1997-05-27 2000-03-21 Cabletron Systems, Inc. Remote port mirroring system and method thereof
US5959968A (en) 1997-07-30 1999-09-28 Cisco Systems, Inc. Port aggregation protocol
US6185214B1 (en) 1997-09-11 2001-02-06 3Com Corporation Use of code vectors for frame forwarding in a bridge/router
JP3075251B2 (en) 1998-03-05 2000-08-14 日本電気株式会社 Virtual Path Bandwidth Distribution System in Asynchronous Transfer Mode Switching Network
US7430164B2 (en) 1998-05-04 2008-09-30 Hewlett-Packard Development Company, L.P. Path recovery on failure in load balancing switch protocols
US5973278A (en) 1998-05-07 1999-10-26 Eaton Corporation Snap acting charge/discharge and open/closed indicators displaying states of electrical switching apparatus
US6560229B1 (en) 1998-07-08 2003-05-06 Broadcom Corporation Network switching architecture with multiple table synchronization, and forwarding of both IP and IPX packets
US6792500B1 (en) 1998-07-08 2004-09-14 Broadcom Corporation Apparatus and method for managing memory defects
IL125272A0 (en) 1998-07-08 1999-03-12 Galileo Technology Ltd Vlan protocol
EP0993156B1 (en) 1998-10-05 2007-01-03 Alcatel Network switching device with forwarding database tables populated based on use
US6185241B1 (en) 1998-10-29 2001-02-06 Xerox Corporation Metal spatial filter to enhance model reflectivity in a vertical cavity surface emitting laser
US6438106B1 (en) 1998-12-22 2002-08-20 Nortel Networks Limited Inter-class schedulers utilizing statistical priority guaranteed queuing and generic cell-rate algorithm priority guaranteed queuing
US6771610B1 (en) 1999-01-19 2004-08-03 3Com Corporation Spanning tree with protocol for bypassing port state transition timers
US6542266B1 (en) 1999-06-24 2003-04-01 Qwest Communications International Inc. System and method for providing broadband data service
JP4148605B2 (en) 1999-08-06 2008-09-10 富士通株式会社 Network system and server
US6498781B1 (en) 1999-08-13 2002-12-24 International Business Machines Corporation Self-tuning link aggregation system
EP2267008B1 (en) 1999-08-25 2014-07-02 Allergan, Inc. Activatable recombinant neurotoxins
US7061877B1 (en) 1999-09-10 2006-06-13 Georgia Tech Reseach Corporation System and method for providing high speed wireless media access
AU2001245335A1 (en) 2000-02-22 2001-09-03 Top Layer Networks, Inc. System and method for flow mirroring in a network switch
JP2001313670A (en) 2000-04-28 2001-11-09 Oki Electric Ind Co Ltd Method for managing network
AU2001256635A1 (en) 2000-05-11 2001-11-20 Firemedia Communications (Israel) Ltd. Three-dimensional switch providing packet routing between multiple multimedia buses
JP4168574B2 (en) 2000-06-02 2008-10-22 株式会社日立製作所 Packet transfer apparatus, packet transfer control method, and packet transfer apparatus setting method
WO2002003614A2 (en) 2000-06-29 2002-01-10 Cachestream Corporation Virtual multicasting
US7924837B1 (en) 2000-07-31 2011-04-12 Avaya Communication Israel Ltd. IP multicast in VLAN environment
US6633761B1 (en) 2000-08-11 2003-10-14 Reefedge, Inc. Enabling seamless user mobility in a short-range wireless networking environment
US6870840B1 (en) 2000-08-16 2005-03-22 Alcatel Distributed source learning for data communication switch
US8619793B2 (en) 2000-08-21 2013-12-31 Rockstar Consortium Us Lp Dynamic assignment of traffic classes to a priority queue in a packet forwarding device
US7373425B2 (en) 2000-08-22 2008-05-13 Conexant Systems, Inc. High-speed MAC address search engine
CA2355473A1 (en) 2000-09-29 2002-03-29 Linghsiao Wang Buffer management for support of quality-of-service guarantees and data flow control in data switching
US6937576B1 (en) 2000-10-17 2005-08-30 Cisco Technology, Inc. Multiple instance spanning tree protocol
JP2002135410A (en) 2000-10-26 2002-05-10 Kddi Research & Development Laboratories Inc Access network system
US6957269B2 (en) 2001-01-03 2005-10-18 Advanced Micro Devices, Inc. Method and apparatus for performing priority-based flow control
US6912592B2 (en) 2001-01-05 2005-06-28 Extreme Networks, Inc. Method and system of aggregate multiple VLANs in a metropolitan area network
CA2436710C (en) 2001-01-31 2011-06-14 Lancope, Inc. Network port profiling
US7016352B1 (en) 2001-03-23 2006-03-21 Advanced Micro Devices, Inc. Address modification within a switching device in a packet-switched network
US7450595B1 (en) 2001-05-01 2008-11-11 At&T Corp. Method and system for managing multiple networks over a set of ports
US7102996B1 (en) 2001-05-24 2006-09-05 F5 Networks, Inc. Method and system for scaling network traffic managers
US20070116422A1 (en) 2001-06-06 2007-05-24 Reynolds Thomas A Photoresponsive polyimide based fiber
US6956824B2 (en) 2001-06-14 2005-10-18 Tropic Networks Inc. Extension of link aggregation protocols over the network
US20040001433A1 (en) 2001-07-18 2004-01-01 Gram Charles Andrew Interactive control of network devices
US7382787B1 (en) 2001-07-30 2008-06-03 Cisco Technology, Inc. Packet routing and switching device
WO2003015352A1 (en) 2001-08-01 2003-02-20 Nokia Corporation Apparatus and method for flow scheduling based on priorities in a mobile network
JP2003069573A (en) 2001-08-23 2003-03-07 Allied Tereshisu Kk System and method for managing network equipment using information recording medium
US7173934B2 (en) 2001-09-10 2007-02-06 Nortel Networks Limited System, device, and method for improving communication network reliability using trunk splitting
US20030084219A1 (en) 2001-10-26 2003-05-01 Maxxan Systems, Inc. System, apparatus and method for address forwarding for a computer network
US20070094465A1 (en) 2001-12-26 2007-04-26 Cisco Technology, Inc., A Corporation Of California Mirroring mechanisms for storage area networks and network based virtualization
US20030123393A1 (en) 2002-01-03 2003-07-03 Feuerstraeter Mark T. Method and apparatus for priority based flow control in an ethernet architecture
US7327748B2 (en) 2002-01-28 2008-02-05 Alcatel Lucent Enterprise switching device and method
WO2003071749A1 (en) 2002-02-20 2003-08-28 Mitsubishi Denki Kabushiki Kaisha Mobile body network
US7688960B1 (en) 2002-02-26 2010-03-30 Sprint Communications Company L.P. Method and system for separating business and device logic in a computing network system
US7606938B2 (en) 2002-03-01 2009-10-20 Enterasys Networks, Inc. Verified device locations in a data network
US20030174706A1 (en) 2002-03-15 2003-09-18 Broadcom Corporation Fastpath implementation for transparent local area network (LAN) services over multiprotocol label switching (MPLS)
US7315545B1 (en) 2002-03-29 2008-01-01 Nortel Networks Limited Method and apparatus to support differential internet data packet treatment in a base station controller
TW550902B (en) 2002-04-03 2003-09-01 Accton Technology Corp Method of setting network configuration and device and system thereof
US7209435B1 (en) 2002-04-16 2007-04-24 Foundry Networks, Inc. System and method for providing network route redundancy across Layer 2 devices
US20030208616A1 (en) 2002-05-01 2003-11-06 Blade Software, Inc. System and method for testing computer network access and traffic control systems
US20090279558A1 (en) 2002-05-06 2009-11-12 Ian Edward Davis Network routing apparatus for enhanced efficiency and monitoring capability
US7206288B2 (en) 2002-06-12 2007-04-17 Cisco Technology, Inc. Methods and apparatus for characterizing a route in fibre channel fabric
US20040003094A1 (en) 2002-06-27 2004-01-01 Michael See Method and apparatus for mirroring traffic over a network
FI113127B (en) 2002-06-28 2004-02-27 Ssh Comm Security Corp Broadcast packet handling method for gateway computer, involves encapsulating packet into form acceptable for transmission over Internet protocol security protected connection and transmitting packet to logical network segment
US7330897B2 (en) 2002-07-09 2008-02-12 International Business Machines Corporation Methods and apparatus for storage area network component registration
US7453888B2 (en) 2002-08-27 2008-11-18 Alcatel Lucent Stackable virtual local area network provisioning in bridged networks
US7316031B2 (en) 2002-09-06 2008-01-01 Capital One Financial Corporation System and method for remotely monitoring wireless networks
DE60334126D1 (en) 2002-10-04 2010-10-21 Ericsson Telefon Ab L M ISOLATION OF HOSTS ASSOCIATED WITH AN ACCESS NETWORK
US7647427B1 (en) 2002-10-18 2010-01-12 Foundry Networks, Inc. Redundancy support for network address translation (NAT)
US7292581B2 (en) 2002-10-24 2007-11-06 Cisco Technology, Inc. Large-scale layer 2 metropolitan area network
JP2006505992A (en) 2002-11-08 2006-02-16 コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ Method and apparatus for permitting remote access in a data network
US7424014B2 (en) 2002-11-12 2008-09-09 Cisco Technology, Inc. System and method for local packet transport services within distributed routers
US7397794B1 (en) 2002-11-21 2008-07-08 Juniper Networks, Inc. Systems and methods for implementing virtual switch planes in a physical switch fabric
KR100480366B1 (en) 2002-12-24 2005-03-31 한국전자통신연구원 A system for VLAN configuration of E-PON and method thereof, its program stored recording medium
US7417950B2 (en) 2003-02-03 2008-08-26 Ciena Corporation Method and apparatus for performing data flow ingress/egress admission control in a provider network
JP4256693B2 (en) 2003-02-18 2009-04-22 株式会社日立製作所 Computer system, I / O device, and virtual sharing method of I / O device
US20040225725A1 (en) 2003-02-19 2004-11-11 Nec Corporation Network system, learning bridge node, learning method and its program
US20040165595A1 (en) 2003-02-25 2004-08-26 At&T Corp. Discovery and integrity testing method in an ethernet domain
US7411973B2 (en) 2003-03-11 2008-08-12 Broadcom Corporation System and method for interfacing with a management system
US7486674B2 (en) 2003-04-28 2009-02-03 Alcatel-Lucent Usa Inc. Data mirroring in a service
US7370346B2 (en) 2003-04-29 2008-05-06 Hewlett-Packard Development Company, L.P. Method and apparatus for access security services
US7561590B1 (en) 2003-05-05 2009-07-14 Marvell International Ltd. Network switch having virtual input queues for flow control
US7516487B1 (en) 2003-05-21 2009-04-07 Foundry Networks, Inc. System and method for source IP anti-spoofing security
JP4449903B2 (en) 2003-06-11 2010-04-14 日本電気株式会社 Router device and network connection method
US7480258B1 (en) 2003-07-03 2009-01-20 Cisco Technology, Inc. Cross stack rapid transition protocol
US7463579B2 (en) 2003-07-11 2008-12-09 Nortel Networks Limited Routed split multilink trunking
JP4123088B2 (en) 2003-08-06 2008-07-23 株式会社日立製作所 Storage network management apparatus and method
US7380025B1 (en) 2003-10-07 2008-05-27 Cisco Technology, Inc. Method and apparatus providing role-based configuration of a port of a network element
US20050105538A1 (en) 2003-10-14 2005-05-19 Ananda Perera Switching system with distributed switching fabric
US8179808B2 (en) 2003-10-31 2012-05-15 Brocade Communication Systems, Inc. Network path tracing method
US8050180B2 (en) 2003-10-31 2011-11-01 Brocade Communications Systems, Inc. Network path tracing method
WO2005050950A1 (en) 2003-11-13 2005-06-02 Cryptek, Inc. System and method for traversing access control metadata across multiple network domains
US7558273B1 (en) 2003-12-23 2009-07-07 Extreme Networks, Inc. Methods and systems for associating and translating virtual local area network (VLAN) tags
US7443856B2 (en) 2004-01-14 2008-10-28 Lucent Technologies Inc. Managing processing utilization in a network node
US7701948B2 (en) 2004-01-20 2010-04-20 Nortel Networks Limited Metro ethernet service enhancements
US8804728B2 (en) 2004-01-20 2014-08-12 Rockstar Consortium Us Lp Ethernet differentiated services conditioning
US7333508B2 (en) 2004-01-20 2008-02-19 Nortel Networks Limited Method and system for Ethernet and frame relay network interworking
US7310664B1 (en) 2004-02-06 2007-12-18 Extreme Networks Unified, configurable, adaptive, network architecture
US7843906B1 (en) 2004-02-13 2010-11-30 Habanero Holdings, Inc. Storage gateway initiator for fabric-backplane enterprise servers
US7843907B1 (en) 2004-02-13 2010-11-30 Habanero Holdings, Inc. Storage gateway target for fabric-backplane enterprise servers
US7860097B1 (en) 2004-02-13 2010-12-28 Habanero Holdings, Inc. Fabric-backplane enterprise servers with VNICs and VLANs
US8090805B1 (en) 2004-02-17 2012-01-03 Cisco Technology, Inc. System and method for performing cascaded lookups to forward packets
US7477894B1 (en) 2004-02-23 2009-01-13 Foundry Networks, Inc. Methods and apparatus for handling wireless roaming among and across wireless area networks
US20050195813A1 (en) 2004-02-23 2005-09-08 Sinett Corporation Unified architecture for wired and wireless networks
US7690040B2 (en) 2004-03-10 2010-03-30 Enterasys Networks, Inc. Method for network traffic mirroring with data privacy
US7792920B2 (en) 2004-04-30 2010-09-07 Vulcan Inc. Network-accessible control of one or more media devices
JP4373271B2 (en) 2004-05-14 2009-11-25 富士通株式会社 Method and program for grasping network configuration of virtual LAN in node network
GB2414623B (en) 2004-05-27 2006-05-17 3Com Corp Distributed bridging with synchronization of forwarding databases
JP4397292B2 (en) 2004-07-09 2010-01-13 富士通株式会社 Control packet loop prevention method and bridge device using the same
FR2873524B1 (en) 2004-07-22 2006-10-27 Alcatel Sa LOCAL NETWORK WITH VIRTUAL GROUP (S) OF HEART EQUIPMENT WHICH IS CLEAR AT THE LEVEL TWO SWITCHING
US7466712B2 (en) 2004-07-30 2008-12-16 Brocade Communications Systems, Inc. System and method for providing proxy and translation domains in a fibre channel router
EP1782293A2 (en) 2004-08-20 2007-05-09 Enterasys Networks, Inc. System, method and apparatus for traffic mirror setup, service and security in communication networks
US7463597B1 (en) 2004-08-27 2008-12-09 Juniper Networks, Inc. Spanning tree protocol synchronization within virtual private networks
US7558219B1 (en) 2004-08-30 2009-07-07 Juniper Networks, Inc. Multicast trees for virtual private local area network (LAN) service multicast
US8116307B1 (en) 2004-09-23 2012-02-14 Juniper Networks, Inc. Packet structure for mirrored traffic flow
US7764768B2 (en) 2004-10-06 2010-07-27 Alcatel-Lucent Usa Inc. Providing CALEA/legal intercept information to law enforcement agencies for internet protocol multimedia subsystems (IMS)
US7508757B2 (en) 2004-10-15 2009-03-24 Alcatel Lucent Network with MAC table overflow protection
US7801125B2 (en) 2004-10-22 2010-09-21 Cisco Technology, Inc. Forwarding table reduction and multipath network forwarding
US8238347B2 (en) 2004-10-22 2012-08-07 Cisco Technology, Inc. Fibre channel over ethernet
GB2419701A (en) 2004-10-29 2006-05-03 Hewlett Packard Development Co Virtual overlay infrastructure with dynamic control of mapping
US8700799B2 (en) 2004-11-12 2014-04-15 Brocade Communications Systems, Inc. Methods, devices and systems with improved zone merge operation by operating on a switch basis
EP1657853A1 (en) 2004-11-12 2006-05-17 STMicroelectronics (Research & Development) Limited Roaming network stations using a MAC address identifier to select a new access point
US8005084B2 (en) 2004-11-30 2011-08-23 Broadcom Corporation Mirroring in a network device
US7502319B2 (en) 2004-12-10 2009-03-10 Electronics And Telecommunications Research Institute Ethernet packet transmission apparatus and method
US7808992B2 (en) 2004-12-30 2010-10-05 Cisco Technology, Inc. Platform independent implementation of private VLANS
US20070036178A1 (en) 2005-02-02 2007-02-15 Susan Hares Layer 2 virtual switching environment
US20060184937A1 (en) 2005-02-11 2006-08-17 Timothy Abels System and method for centralized software management in virtual machines
US7586895B2 (en) 2005-04-01 2009-09-08 Cisco Technology, Inc. Performing extended lookups on MAC-based tables including level 3 multicast group destination addresses
US7673068B2 (en) 2005-04-18 2010-03-02 Alcatel Lucent Method and system for implementing a high availability VLAN
GB2425681A (en) 2005-04-27 2006-11-01 3Com Corporaton Access control by Dynamic Host Configuration Protocol snooping
US7835370B2 (en) 2005-04-28 2010-11-16 Cisco Technology, Inc. System and method for DSL subscriber identification over ethernet network
US8751649B2 (en) 2005-06-07 2014-06-10 Extreme Networks Port management system
US20060285499A1 (en) 2005-06-17 2006-12-21 Broadcom Corporation Loop detection for a network device
US7571447B2 (en) 2005-06-20 2009-08-04 International Business Machines Corporation Loose coupling of web services
GB0516158D0 (en) 2005-08-05 2005-09-14 Univ Montfort An apparatus and method for `non-contact' electrical impedance imaging
US7937756B2 (en) 2005-08-19 2011-05-03 Cpacket Networks, Inc. Apparatus and method for facilitating network security
US20070053294A1 (en) 2005-09-02 2007-03-08 Michael Ho Network load balancing apparatus, systems, and methods
EP1924864B1 (en) 2005-09-12 2015-03-04 Rockstar Consortium US LP Forwarding plane data communications channel for ethernet transport networks
US9143841B2 (en) 2005-09-29 2015-09-22 Brocade Communications Systems, Inc. Federated management of intelligent service modules
DE102005048585A1 (en) 2005-10-06 2007-04-12 Robert Bosch Gmbh Subscriber and communication controller of a communication system and method for implementing a gateway functionality in a subscriber of a communication system
CN100442772C (en) 2005-10-19 2008-12-10 华为技术有限公司 Bridge-connection transmitting method
US9497600B2 (en) 2005-10-28 2016-11-15 Hewlett Packard Enterprise Development Lp Service chaining
US7697528B2 (en) 2005-11-01 2010-04-13 Nortel Networks Limited Multilink trunking for encapsulated traffic
DE602005022638D1 (en) 2005-12-12 2010-09-09 Ericsson Telefon Ab L M METHOD AND DEVICES FOR SPECIFYING THE SERVICE QUALITY WHEN TRANSMITTING DATA PACKAGES
US7716240B2 (en) 2005-12-29 2010-05-11 Nextlabs, Inc. Techniques and system to deploy policies intelligently
US7835378B2 (en) 2006-02-02 2010-11-16 Cisco Technology, Inc. Root node redundancy for multipoint-to-multipoint transport trees
US20070177597A1 (en) 2006-02-02 2007-08-02 Yu Ju Ethernet connection-based forwarding process
US7639605B2 (en) 2006-02-08 2009-12-29 Cisco Technology, Inc. System and method for detecting and recovering from virtual switch link failures
US7885398B2 (en) 2006-03-06 2011-02-08 Alcatel Lucent Multiple criteria based load balancing
US8189575B2 (en) 2006-03-13 2012-05-29 Rockstar Bidco, L.P. Modular scalable switch architecture
US7962566B2 (en) 2006-03-27 2011-06-14 Sap Ag Optimized session management for fast session failover and load balancing
CN101064682B (en) 2006-04-29 2010-08-04 华为技术有限公司 Optical network terminal and its packet processing method thereof
US7948977B2 (en) 2006-05-05 2011-05-24 Broadcom Corporation Packet routing with payload analysis, encapsulation and service module vectoring
US8160080B1 (en) 2006-05-08 2012-04-17 Marvell Israel (M.I.S.L.) Ltd. Implementation of reliable synchronization of distributed databases
JP2007318553A (en) 2006-05-26 2007-12-06 Fujitsu Ltd Network managing method
US8018938B1 (en) 2006-06-02 2011-09-13 World Wide Packets, Inc. Translating between a switching format and a transport format
JP4834493B2 (en) 2006-08-25 2011-12-14 アラクサラネットワークス株式会社 Network relay device and method for controlling network relay device
CN100583825C (en) 2006-08-30 2010-01-20 华为技术有限公司 Method of generating symmetrical tree in the shortest path bridge
US8169912B2 (en) 2006-08-31 2012-05-01 Futurewei Technologies, Inc. System for dynamic bandwidth adjustment and trading among peers
US8396945B2 (en) 2006-09-11 2013-03-12 Alcatel Lucent Network management system with adaptive sampled proactive diagnostic capabilities
US20080080517A1 (en) 2006-09-28 2008-04-03 At & T Corp. System and method for forwarding traffic data in an MPLS VPN
US9178793B1 (en) 2006-09-29 2015-11-03 Yahoo! Inc. Engine for processing content rules associated with locations in a page
US8208463B2 (en) 2006-10-24 2012-06-26 Cisco Technology, Inc. Subnet scoped multicast / broadcast packet distribution mechanism over a routed network
US7697556B2 (en) 2006-10-26 2010-04-13 Telefonaktiebolaget L M Ericsson (Publ) MAC (media access control) tunneling and control and method
US7720889B1 (en) 2006-10-31 2010-05-18 Netapp, Inc. System and method for nearly in-band search indexing
WO2008056838A1 (en) 2006-11-08 2008-05-15 Chang Hwan Cho System and method for controlling network traffic
US20080112400A1 (en) 2006-11-15 2008-05-15 Futurewei Technologies, Inc. System for Providing Both Traditional and Traffic Engineering Enabled Services
US7599901B2 (en) 2006-12-06 2009-10-06 Microsoft Corporation Processing data-centric business models
US20080181243A1 (en) 2006-12-15 2008-07-31 Brocade Communications Systems, Inc. Ethernet forwarding in high performance fabrics
US20080159277A1 (en) 2006-12-15 2008-07-03 Brocade Communications Systems, Inc. Ethernet over fibre channel
US8973098B2 (en) 2007-01-11 2015-03-03 International Business Machines Corporation System and method for virtualized resource configuration
US7706255B1 (en) 2007-01-29 2010-04-27 Solace Systems, Inc. Communications apparatus with redundant switching or backpressure mechanism
US20080181196A1 (en) 2007-01-31 2008-07-31 Alcatel Lucent Link aggregation across multiple chassis
WO2008099446A1 (en) 2007-02-06 2008-08-21 Mitsubishi Electric Corporation Communication system, communication device, wireless base station and wireless terminal station
JP4259581B2 (en) 2007-02-07 2009-04-30 日立電線株式会社 Switching hub and LAN system
US7796594B2 (en) 2007-02-14 2010-09-14 Marvell Semiconductor, Inc. Logical bridging system and method
US9661112B2 (en) 2007-02-22 2017-05-23 International Business Machines Corporation System and methods for providing server virtualization assistance
US8140696B2 (en) 2007-03-12 2012-03-20 International Business Machines Corporation Layering serial attached small computer system interface (SAS) over ethernet
US8077721B2 (en) 2007-03-15 2011-12-13 Cisco Technology, Inc. Methods and apparatus providing two stage tunneling
US7916741B2 (en) 2007-04-02 2011-03-29 William Marsh Rice University System and method for preventing count-to-infinity problems in ethernet networks
US8078704B2 (en) 2007-04-12 2011-12-13 Hewlett-Packard Development Company, L.P. Provisioning of a service environment using web services
US8301686B1 (en) 2007-04-16 2012-10-30 Citrix Systems, Inc. Systems and methods for decentralized computing
US7873038B2 (en) 2007-04-30 2011-01-18 Hewlett-Packard Development Company, L.P. Packet processing
EP1995543A1 (en) 2007-05-10 2008-11-26 AGC Flat Glass Europe SA Heat exchanger for oxygen
US7724674B2 (en) 2007-05-16 2010-05-25 Simula Innovations As Deadlock free network routing
JP4862743B2 (en) 2007-05-17 2012-01-25 日本電気株式会社 Node, communication method and node program
US20080298248A1 (en) 2007-05-28 2008-12-04 Guenter Roeck Method and Apparatus For Computer Network Bandwidth Control and Congestion Management
US7945941B2 (en) 2007-06-01 2011-05-17 Cisco Technology, Inc. Flexible access control policy enforcement
US8054833B2 (en) 2007-06-05 2011-11-08 Hewlett-Packard Development Company, L.P. Packet mirroring
US20080310342A1 (en) 2007-06-12 2008-12-18 Cisco Technology, Inc. Addressing Messages in a Two-Tier Network
US7898959B1 (en) 2007-06-28 2011-03-01 Marvell Israel (Misl) Ltd. Method for weighted load-balancing among network interfaces
US8615008B2 (en) 2007-07-11 2013-12-24 Foundry Networks Llc Duplicating network traffic through transparent VLAN flooding
GB0713785D0 (en) 2007-07-16 2007-08-22 Cellfire Security Technologies Voice over IP system
US7836332B2 (en) 2007-07-18 2010-11-16 Hitachi, Ltd. Method and apparatus for managing virtual ports on storage systems
US20090044270A1 (en) 2007-08-07 2009-02-12 Asaf Shelly Network element and an infrastructure for a network risk management system
US7864712B2 (en) 2007-07-20 2011-01-04 Cisco Technology, Inc. Preventing loops in networks operating different protocols to provide loop-free topology
US8166205B2 (en) 2007-07-31 2012-04-24 Cisco Technology, Inc. Overlay transport virtualization
US7729296B1 (en) 2007-09-07 2010-06-01 Force 10 Networks, Inc. Distributed BPDU processing for spanning tree protocols
US20090080345A1 (en) 2007-09-21 2009-03-26 Ericsson, Inc. Efficient multipoint distribution tree construction for shortest path bridging
US8798056B2 (en) 2007-09-24 2014-08-05 Intel Corporation Method and system for virtual port communications
US20090079560A1 (en) 2007-09-26 2009-03-26 General Electric Company Remotely monitoring railroad equipment using network protocols
EP2193630B1 (en) 2007-09-26 2015-08-26 Nicira, Inc. Network operating system for managing and securing networks
US7751329B2 (en) 2007-10-03 2010-07-06 Avaya Inc. Providing an abstraction layer in a cluster switch that includes plural switches
JP5030063B2 (en) 2007-10-05 2012-09-19 本田技研工業株式会社 Navigation device and navigation system
US7975033B2 (en) 2007-10-23 2011-07-05 Virtudatacenter Holdings, L.L.C. System and method for initializing and maintaining a series of virtual local area networks contained in a clustered computer system
US8949392B2 (en) 2007-11-07 2015-02-03 Brocade Communications Systems, Inc. Workload management with network dynamics
WO2009064407A1 (en) 2007-11-16 2009-05-22 Ericsson Ab Method and system for telecommunications including self-organizing scalable ethernet using is-is hierarchy
US8117495B2 (en) 2007-11-26 2012-02-14 Stratus Technologies Bermuda Ltd Systems and methods of high availability cluster environment failover protection
EP2274897B1 (en) 2007-11-26 2012-01-11 Telefonaktiebolaget LM Ericsson (publ) Technique for address resolution in a data transmission network
US8194674B1 (en) 2007-12-20 2012-06-05 Quest Software, Inc. System and method for aggregating communications and for translating between overlapping internal network addresses and unique external network addresses
US7796593B1 (en) 2007-12-21 2010-09-14 Juniper Networks, Inc. Router using internal flood groups for flooding VPLS traffic
US7860093B2 (en) 2007-12-24 2010-12-28 Cisco Technology, Inc. Fast multicast convergence at secondary designated router or designated forwarder
CN101471899A (en) 2007-12-26 2009-07-01 上海贝尔阿尔卡特股份有限公司 Network data access method, access gateway and system capable of supporting sensor
US8018841B2 (en) 2007-12-31 2011-09-13 Ciena Corporation Interworking an ethernet ring network and an ethernet network with traffic engineered trunks
JP2009187368A (en) 2008-02-07 2009-08-20 Hitachi Ltd Method for controlling sharing of usb port
US20090245137A1 (en) 2008-03-03 2009-10-01 Green Hills Software, Inc. Highly available virtual stacking architecture
US20090222879A1 (en) 2008-03-03 2009-09-03 Microsoft Corporation Super policy in information protection systems
US20110044352A1 (en) 2008-03-04 2011-02-24 France Telecom Technique for determining a point-to-multipoint tree linking a root node to a plurality of leaf nodes
US8230069B2 (en) 2008-03-04 2012-07-24 International Business Machines Corporation Server and storage-aware method for selecting virtual machine migration targets
US7801137B2 (en) 2008-03-11 2010-09-21 Cisco Technology, Inc. Receiver-based construction of point-to-multipoint trees using path computation elements in a computer network
US7792148B2 (en) 2008-03-31 2010-09-07 International Business Machines Corporation Virtual fibre channel over Ethernet switch
JP5622285B2 (en) 2008-03-31 2014-11-12 バーテックスファーマシューティカルズ インコーポレイテッドVertex Pharmaceuticalsincorporated Pyridyl derivatives as CFTR modulators
US8743740B2 (en) 2008-04-08 2014-06-03 At&T Intellectual Property I, L.P. Methods and apparatus to implement a partial mesh virtual private local area network service
US7911982B1 (en) 2008-05-01 2011-03-22 Juniper Networks, Inc. Configuring networks including spanning trees
US8625615B2 (en) 2008-05-16 2014-01-07 Nec Corporation PCI express switch, PCI express system, and network control method
US8195774B2 (en) 2008-05-23 2012-06-05 Vmware, Inc. Distributed virtual switch for virtualized computer systems
US8160063B2 (en) 2008-06-09 2012-04-17 Microsoft Corporation Data center interconnect and traffic engineering
US8565248B2 (en) 2008-06-26 2013-10-22 Cisco Technology, Inc. Pure control-plane approach for on-path connection admission control operations in multiprotocol label switching virtual private networks
US7873711B2 (en) 2008-06-27 2011-01-18 International Business Machines Corporation Method, system and program product for managing assignment of MAC addresses in a virtual machine environment
US7941539B2 (en) 2008-06-30 2011-05-10 Oracle America, Inc. Method and system for creating a virtual router in a blade chassis to maintain connectivity
KR101508794B1 (en) 2008-07-09 2015-04-06 삼성전자주식회사 Method for selectively securing records in a ndef message
US8102791B2 (en) 2008-07-25 2012-01-24 Newport Media, Inc. Interleaver address generation in turbo decoders for mobile multimedia multicast system communication systems
US8102781B2 (en) 2008-07-31 2012-01-24 Cisco Technology, Inc. Dynamic distribution of virtual machines in a communication network
CN101645880B (en) 2008-08-06 2013-09-11 华为技术有限公司 Method and device for forwarding data frame based on line bundle
US9426095B2 (en) 2008-08-28 2016-08-23 International Business Machines Corporation Apparatus and method of switching packets between virtual ports
US8259569B2 (en) 2008-09-09 2012-09-04 Cisco Technology, Inc. Differentiated services for unicast and multicast frames in layer 2 topologies
US8134922B2 (en) 2008-09-12 2012-03-13 Cisco Technology, Inc. Reducing flooding in a bridged network
US8392606B2 (en) 2008-09-23 2013-03-05 Synapse Wireless, Inc. Wireless networks and methods using multiple valid network identifiers
US8223633B2 (en) 2008-10-03 2012-07-17 Brocade Communications Systems, Inc. Port trunking at a fabric boundary
US7944812B2 (en) 2008-10-20 2011-05-17 International Business Machines Corporation Redundant intermediary switch solution for detecting and managing fibre channel over ethernet FCoE switch failures
US8571052B2 (en) 2008-10-24 2013-10-29 International Business Machines Corporation Determining the configuration of an ethernet fabric
US9100269B2 (en) 2008-10-28 2015-08-04 Rpx Clearinghouse Llc Provisioned provider link state bridging (PLSB) with routed back-up
US7962647B2 (en) 2008-11-24 2011-06-14 Vmware, Inc. Application delivery control module for virtual network switch
US8316113B2 (en) 2008-12-19 2012-11-20 Watchguard Technologies, Inc. Cluster architecture and configuration for network security devices
US7929554B2 (en) 2008-12-23 2011-04-19 Cisco Technology, Inc. Optimized forwarding for provider backbone bridges with both I and B components (IB-PBB)
US8509248B2 (en) 2008-12-29 2013-08-13 Juniper Networks, Inc. Routing frames in a computer network using bridge identifiers
US8054832B1 (en) 2008-12-30 2011-11-08 Juniper Networks, Inc. Methods and apparatus for routing between virtual resources based on a routing location policy
US8565118B2 (en) 2008-12-30 2013-10-22 Juniper Networks, Inc. Methods and apparatus for distributed dynamic network provisioning
US8255496B2 (en) 2008-12-30 2012-08-28 Juniper Networks, Inc. Method and apparatus for determining a network topology during network provisioning
US8331362B2 (en) 2008-12-30 2012-12-11 Juniper Networks, Inc. Methods and apparatus for distributed dynamic network provisioning
US7820853B2 (en) 2008-12-31 2010-10-26 Celanese International Corporation Integrated process for the production of vinyl acetate from acetic acid via ethyl acetate
US8336079B2 (en) 2008-12-31 2012-12-18 Hytrust, Inc. Intelligent security control system for virtualized ecosystems
CN101459618B (en) 2009-01-06 2011-01-19 北京航空航天大学 Data packet forwarding method and device for virtual machine network
US9043621B2 (en) 2009-01-21 2015-05-26 Hitachi, Ltd. Power-saving network management server, network system, and method of determining supply of power
JP5168166B2 (en) 2009-01-21 2013-03-21 富士通株式会社 Communication apparatus and communication control method
JP2010177722A (en) 2009-01-27 2010-08-12 Nec Corp Switch apparatus, card, management method of fdb information, and program
US8098572B2 (en) 2009-02-03 2012-01-17 Google Inc. Interface monitoring for link aggregation
AU2010213547B9 (en) 2009-02-13 2015-06-04 Adc Telecommunications, Inc. Aggregation of physical layer information related to a network
US8213336B2 (en) 2009-02-23 2012-07-03 Cisco Technology, Inc. Distributed data center access switch
US8274980B2 (en) 2009-02-26 2012-09-25 International Business Machines Corporation Ethernet link aggregation
US7787480B1 (en) 2009-03-04 2010-08-31 Juniper Networks, Inc. Routing frames in a trill network using service VLAN identifiers
US8238340B2 (en) 2009-03-06 2012-08-07 Futurewei Technologies, Inc. Transport multiplexer—mechanisms to force ethernet traffic from one domain to be switched in a different (external) domain
JP5408243B2 (en) 2009-03-09 2014-02-05 日本電気株式会社 OpenFlow communication system and OpenFlow communication method
US8155150B1 (en) 2009-03-11 2012-04-10 Juniper Networks, Inc. Cooperative MAC learning/aging in highly distributed forwarding system
US7912091B1 (en) 2009-03-18 2011-03-22 Extreme Networks, Inc. Traffic forwarding in a traffic-engineered link aggregation group
US8665886B2 (en) 2009-03-26 2014-03-04 Brocade Communications Systems, Inc. Redundant host connection in a routed network
US8918631B1 (en) 2009-03-31 2014-12-23 Juniper Networks, Inc. Methods and apparatus for dynamic automated configuration within a control plane of a switch fabric
CA3204215A1 (en) 2009-04-01 2010-10-07 Nicira, Inc. Method and apparatus for implementing and managing virtual switches
US8213313B1 (en) 2009-04-15 2012-07-03 Tellabs Operations, Inc. Methods and apparatus for shared layer 3 application card in multi-service router
US8000336B2 (en) 2009-04-21 2011-08-16 Voltaire Ltd. Spanning tree root selection in a hierarchical network
US8116213B2 (en) 2009-04-24 2012-02-14 Verizon Patent And Licensing Inc. Tracing routes and protocols
US9727508B2 (en) 2009-04-27 2017-08-08 Intel Corporation Address learning and aging for network bridging in a network processor
US8027354B1 (en) 2009-04-29 2011-09-27 Cisco Technology, Inc. Network consolidation for virtualized servers
US8874709B2 (en) 2009-05-01 2014-10-28 Futurewei Technologies, Inc. Automatic subnet creation in networks that support dynamic ethernet-local area network services for use by operation, administration, and maintenance
US8429647B2 (en) 2009-05-06 2013-04-23 Vmware, Inc. Virtual machine migration across network by publishing routes to the associated virtual networks via virtual router after the start of migration of the virtual machine
US20100287262A1 (en) 2009-05-08 2010-11-11 Uri Elzur Method and system for guaranteed end-to-end data flows in a local networking domain
US9282057B2 (en) 2009-05-11 2016-03-08 Brocade Communication Systems, Inc. Flexible stacking port
US8351431B2 (en) 2009-05-13 2013-01-08 Avaya Inc. Method and apparatus for providing fast reroute of a multicast packet within a network element to an available port associated with a multi-link trunk
US8472443B2 (en) 2009-05-15 2013-06-25 Cisco Technology Port grouping for association with virtual interfaces
US8165122B2 (en) 2009-05-26 2012-04-24 Alcatel Lucent System and method for converting unicast client requests into multicast client requests
US8170038B2 (en) 2009-05-27 2012-05-01 International Business Machines Corporation Two-layer switch apparatus to avoid first layer inter-switch link data traffic in steering packets through bump-in-the-wire service applications
US8174984B2 (en) 2009-05-29 2012-05-08 Oracle America, Inc. Managing traffic on virtualized lanes between a network switch and a virtual machine
US7944860B2 (en) 2009-06-04 2011-05-17 Cisco Technology, Inc. Preventing loss of network traffic due to inconsistent configurations within the network
US8199753B2 (en) 2009-06-05 2012-06-12 Juniper Networks, Inc. Forwarding frames in a computer network using shortest path bridging
US8102760B2 (en) 2009-06-30 2012-01-24 Alcatel Lucent Method for reconvergence after failure in a dual-homing network environment
US8351352B1 (en) 2009-07-15 2013-01-08 Eastlake Iii Donald E Methods and apparatus for RBridge hop-by-hop compression and frame aggregation
EP2454887B1 (en) 2009-07-16 2013-09-11 Telefonaktiebolaget LM Ericsson (publ) Technique for providing an asymmetric multipoint call between a plurality of network nodes
US8204061B1 (en) 2009-07-23 2012-06-19 Cisco Technology, Inc. Virtual port channel switches with distributed control planes
US8125928B2 (en) 2009-07-24 2012-02-28 Juniper Networks, Inc. Routing frames in a shortest path computer network for a multi-homed legacy bridge node
US8341725B2 (en) 2009-07-30 2012-12-25 Calix, Inc. Secure DHCP processing for layer two access networks
US8503329B2 (en) 2009-08-05 2013-08-06 Cisco Technology, Inc. Signaling of attachment circuit status and automatic discovery of inter-chassis communication peers
US8504690B2 (en) 2009-08-07 2013-08-06 Broadcom Corporation Method and system for managing network power policy and configuration of data center bridging
US8175107B1 (en) 2009-08-18 2012-05-08 Hewlett-Packard Development Company, L.P. Network routing based on MAC address subnetting
IL200504A0 (en) 2009-08-20 2011-08-01 Eci Telecom Ltd Technique for dual homing interconnection between communication networks
US8369332B2 (en) 2009-08-21 2013-02-05 Alcatel Lucent Server-side load balancing using parent-child link aggregation groups
US8706905B1 (en) 2009-08-24 2014-04-22 Qlogic, Corporation Method and system for routing information in a network
US8339994B2 (en) 2009-08-27 2012-12-25 Brocade Communications Systems, Inc. Defining an optimal topology for a group of logical switches
US8583503B2 (en) * 2009-09-04 2013-11-12 Equinix, Inc. On line web portal for private network service providers
US8369347B2 (en) 2009-09-14 2013-02-05 Futurewei Technologies, Inc. Fiber channel over Ethernet and fiber channel switching based on Ethernet switch fabrics
US8599850B2 (en) 2009-09-21 2013-12-03 Brocade Communications Systems, Inc. Provisioning single or multistage networks using ethernet service instances (ESIs)
US8914598B2 (en) 2009-09-24 2014-12-16 Vmware, Inc. Distributed storage resource scheduler and load balancer
US8599864B2 (en) 2009-10-08 2013-12-03 Brocade Communications Systems, Inc. Transit switches in a network of logical switches
US20110085560A1 (en) 2009-10-12 2011-04-14 Dell Products L.P. System and Method for Implementing a Virtual Switch
US8693485B2 (en) 2009-10-14 2014-04-08 Dell Products, Lp Virtualization aware network switch
EP2497234B1 (en) 2009-11-02 2018-09-19 Marvell World Trade Ltd. Network device and method based on virtual interfaces
US9668230B2 (en) 2009-11-10 2017-05-30 Avago Technologies General Ip (Singapore) Pte. Ltd. Security integration between a wireless and a wired network using a wireless gateway proxy
CN102088388B (en) 2009-12-02 2014-04-02 上海贝尔股份有限公司 Method and equipment for automatically distributing/acquiring virtual local area network configuration information
US7937438B1 (en) 2009-12-07 2011-05-03 Amazon Technologies, Inc. Using virtual networking devices to manage external connections
US20110134802A1 (en) 2009-12-09 2011-06-09 Cisco Technology, Inc. Determining A Routing Tree For Networks With Different Routing Protocols
US8705513B2 (en) 2009-12-15 2014-04-22 At&T Intellectual Property I, L.P. Methods and apparatus to communicatively couple virtual private networks to virtual machines within distributive computing networks
US8270420B2 (en) 2009-12-15 2012-09-18 Hewlett-Packard Development Company, L.P. iSCSI to FCoE gateway
WO2011074516A1 (en) 2009-12-15 2011-06-23 日本電気株式会社 Network system, method for controlling same, and controller
US8295291B1 (en) 2009-12-21 2012-10-23 Juniper Networks, Inc. Computation of next hops within layer two networks
US8161156B2 (en) 2009-12-30 2012-04-17 Verizon Patent And Licensing, Inc. Feature delivery packets for peer-to-peer based feature network
WO2011081020A1 (en) 2010-01-04 2011-07-07 日本電気株式会社 Network system, controller, network control method
US8446817B2 (en) 2010-01-19 2013-05-21 Cisco Technology, Inc. Distributed virtual fibre channel over Ethernet forwarder
JP5493926B2 (en) 2010-02-01 2014-05-14 日本電気株式会社 Interface control method, interface control method, and interface control program
US8619595B2 (en) 2010-02-05 2013-12-31 Cisco Technology, Inc. Fault isolation in trill networks
CN102158386B (en) 2010-02-11 2015-06-03 威睿公司 Distributed load balance for system management program
US8996720B2 (en) 2010-03-16 2015-03-31 Brocade Communications Systems, Inc. Method and apparatus for mirroring frames to a remote diagnostic system
US8873401B2 (en) 2010-03-16 2014-10-28 Futurewei Technologies, Inc. Service prioritization in link state controlled layer two networks
US8369335B2 (en) 2010-03-24 2013-02-05 Brocade Communications Systems, Inc. Method and system for extending routing domain to non-routing end stations
US8249069B2 (en) 2010-03-30 2012-08-21 Cisco Technology, Inc. Forwarding multi-destination packets in a network with virtual port channels
JP5190084B2 (en) 2010-03-30 2013-04-24 株式会社日立製作所 Virtual machine migration method and system
US8599854B2 (en) 2010-04-16 2013-12-03 Cisco Technology, Inc. Method of identifying destination in a virtual environment
US8971342B2 (en) 2010-04-19 2015-03-03 Nec Corporation Switch and flow table controlling method
US8611352B2 (en) 2010-04-20 2013-12-17 Marvell World Trade Ltd. System and method for adapting a packet processing pipeline
US8345692B2 (en) 2010-04-27 2013-01-01 Cisco Technology, Inc. Virtual switching overlay for cloud computing
US8989186B2 (en) 2010-06-08 2015-03-24 Brocade Communication Systems, Inc. Virtual port grouping for virtual cluster switching
WO2011140028A1 (en) 2010-05-03 2011-11-10 Brocade Communications Systems, Inc. Virtual cluster switching
US8867552B2 (en) 2010-05-03 2014-10-21 Brocade Communications Systems, Inc. Virtual cluster switching
US8625616B2 (en) 2010-05-11 2014-01-07 Brocade Communications Systems, Inc. Converged network extension
US9270486B2 (en) 2010-06-07 2016-02-23 Brocade Communications Systems, Inc. Name services for virtual cluster switching
US9231890B2 (en) 2010-06-08 2016-01-05 Brocade Communications Systems, Inc. Traffic management for virtual cluster switching
US8520595B2 (en) 2010-05-04 2013-08-27 Cisco Technology, Inc. Routing to the access layer to support mobility of internet protocol devices
US8335236B2 (en) 2010-05-06 2012-12-18 Cisco Technology, Inc. FCoE isolated port channels and FCoE session resynchronization in vPC/MCEC environments using DCBXP
US8503307B2 (en) 2010-05-10 2013-08-06 Hewlett-Packard Development Company, L.P. Distributing decision making in a centralized flow routing system
US8724456B1 (en) 2010-05-19 2014-05-13 Juniper Networks, Inc. Network path selection for multi-homed edges to ensure end-to-end resiliency
US9491085B2 (en) 2010-05-24 2016-11-08 At&T Intellectual Property I, L.P. Methods and apparatus to route control packets based on address partitioning
US8667171B2 (en) 2010-05-28 2014-03-04 Microsoft Corporation Virtual data center allocation with bandwidth guarantees
CA2781060C (en) 2010-05-28 2016-03-08 Huawei Technologies Co., Ltd. Virtual layer 2 and mechanism to make it scalable
US8446914B2 (en) 2010-06-08 2013-05-21 Brocade Communications Systems, Inc. Method and system for link aggregation across multiple switches
US10033650B2 (en) 2010-06-08 2018-07-24 Brocade Communication Systems Llc Preserving quality of service across trill networks
US9608833B2 (en) 2010-06-08 2017-03-28 Brocade Communications Systems, Inc. Supporting multiple multicast trees in trill networks
US9628293B2 (en) 2010-06-08 2017-04-18 Brocade Communications Systems, Inc. Network layer multicasting in trill networks
US20110299533A1 (en) 2010-06-08 2011-12-08 Brocade Communications Systems, Inc. Internal virtual network identifier and internal policy identifier
US9246703B2 (en) 2010-06-08 2016-01-26 Brocade Communications Systems, Inc. Remote port mirroring
US8619788B1 (en) 2010-06-14 2013-12-31 Juniper Networks, Inc. Performing scalable L2 wholesale services in computer networks
US8897134B2 (en) 2010-06-25 2014-11-25 Telefonaktiebolaget L M Ericsson (Publ) Notifying a controller of a change to a packet forwarding configuration of a network element over a communication channel
SG10201505168TA (en) 2010-06-29 2015-09-29 Huawei Tech Co Ltd Asymmetric network address encapsulation
US8958292B2 (en) 2010-07-06 2015-02-17 Nicira, Inc. Network control apparatus and method with port security controls
US8588081B2 (en) 2010-07-14 2013-11-19 Cisco Technology, Inc. Monitoring a flow set to detect faults
US8451717B2 (en) 2010-07-30 2013-05-28 Alcatel Lucent Method and apparatus for rapid switchover from primary to standby multicast trees
US8873551B2 (en) 2010-07-30 2014-10-28 Cisco Technology, Inc. Multi-destination forwarding in network clouds which include emulated switches
US8472447B2 (en) 2010-08-04 2013-06-25 Alcatel Lucent IP multicast snooping and routing with multi-chassis link aggregation
US8767735B2 (en) 2010-08-04 2014-07-01 Alcatel Lucent System and method for multi-chassis link aggregation
US9049098B2 (en) 2010-08-05 2015-06-02 Cisco Technology, Inc. Discovery of services provided by application nodes in a network
US8599794B2 (en) 2010-09-08 2013-12-03 Intel Corporation Enhanced base station and method for communicating through an enhanced distributed antenna system (eDAS)
US8718071B2 (en) 2010-09-10 2014-05-06 Futurewei Technologies, Inc. Method to pass virtual local area network information in virtual station interface discovery and configuration protocol
US8665267B2 (en) 2010-09-24 2014-03-04 Adobe Systems Incorporated System and method for generating 3D surface patches from unconstrained 3D curves
US8705502B2 (en) 2010-10-20 2014-04-22 Cisco Technology, Inc. Using encapsulation to enable 802.1 bridging across 802.11 links
US20120099602A1 (en) 2010-10-25 2012-04-26 Brocade Communications Systems, Inc. End-to-end virtualization
US8634297B2 (en) 2010-11-01 2014-01-21 Cisco Technology, Inc. Probing specific customer flow in layer-2 multipath networks
CN102148749B (en) 2010-11-05 2013-11-06 华为技术有限公司 Method and device for extending switch port
US8583978B2 (en) 2010-11-09 2013-11-12 Cisco Technology, Inc. Multicast message retransmission
US8762668B2 (en) 2010-11-18 2014-06-24 Hitachi, Ltd. Multipath switching over multiple storage systems
US8660005B2 (en) 2010-11-30 2014-02-25 Marvell Israel (M.I.S.L) Ltd. Load balancing hash computation for network switches
US8705526B1 (en) 2010-12-03 2014-04-22 Juniper Networks, Inc. Extending VPLS support for CE lag multi-homing
US8806031B1 (en) 2010-12-15 2014-08-12 Juniper Networks, Inc. Systems and methods for automatically detecting network elements
US8521884B2 (en) 2010-12-15 2013-08-27 Industrial Technology Research Institute Network system and method of address resolution
US20120163164A1 (en) 2010-12-27 2012-06-28 Brocade Communications Systems, Inc. Method and system for remote load balancing in high-availability networks
US8559335B2 (en) 2011-01-07 2013-10-15 Jeda Networks, Inc. Methods for creating virtual links between fibre channel over ethernet nodes for converged network adapters
CN102098237B (en) 2011-01-27 2012-11-28 大唐移动通信设备有限公司 Gateway equipment, method for using gateway equipment and information transmission method and equipment
US8776207B2 (en) 2011-02-16 2014-07-08 Fortinet, Inc. Load balancing in a network with session information
US9246810B2 (en) 2011-03-11 2016-01-26 Broadcom Corporation Hash-based load balancing with per-hop seeding
US8755383B2 (en) 2011-03-21 2014-06-17 Avaya, Inc. Usage of masked ethernet addresses between transparent interconnect of lots of links (TRILL) routing bridges
US8964537B2 (en) 2011-03-30 2015-02-24 Fujitsu Limited Method and system for egress policy indications
WO2012149105A1 (en) 2011-04-26 2012-11-01 Dell Force10 Multi-chassis link aggregation on network devices
US9054999B2 (en) 2012-05-09 2015-06-09 International Business Machines Corporation Static TRILL routing
US20120287785A1 (en) 2011-05-14 2012-11-15 International Business Machines Corporation Data traffic handling in a distributed fabric protocol (dfp) switching network architecture
US8605626B2 (en) 2011-05-18 2013-12-10 Cisco Technology, Inc. Method and apparatus for preserving extensions in multi-vendor trill networks
US20120294192A1 (en) 2011-05-19 2012-11-22 Hitachi, Ltd. Method and apparatus of connectivity discovery between network switch and server based on vlan identifiers
CN103444135B (en) * 2011-06-02 2016-10-12 慧与发展有限责任合伙企业 Network virtualization method and virtualization network
US9497073B2 (en) 2011-06-17 2016-11-15 International Business Machines Corporation Distributed link aggregation group (LAG) for a layer 2 fabric
CN102232279B (en) 2011-06-17 2013-09-11 华为技术有限公司 Method for detecting loop position in Ethernet, and Ethernet switching device
US9736065B2 (en) 2011-06-24 2017-08-15 Cisco Technology, Inc. Level of hierarchy in MST for traffic localization and load balancing
US9380132B2 (en) 2011-06-27 2016-06-28 Marvell Israel (M.I.S.L.) Ltd. FCoE over trill
US8537810B2 (en) 2011-06-29 2013-09-17 Telefonaktiebolaget L M Ericsson (Publ) E-tree using two pseudowires between edge routers with enhanced learning methods and systems
US8559302B2 (en) 2011-06-29 2013-10-15 Fujitsu Limited Systems and methods for distributed service protection across plug-in units
US20130003738A1 (en) 2011-06-29 2013-01-03 Brocade Communications Systems, Inc. Trill based router redundancy
US20130003549A1 (en) 2011-06-30 2013-01-03 Broadcom Corporation Resilient Hashing for Load Balancing of Traffic Flows
EP2712128B1 (en) 2011-07-06 2016-01-13 Huawei Technologies Co., Ltd. Message processing method and related device thereof
US8467375B2 (en) 2011-07-07 2013-06-18 Ciena Corporation Hybrid packet-optical private network systems and methods
US8705551B2 (en) 2011-07-27 2014-04-22 Fujitsu Limited Method and system for management of flood traffic over multiple 0:N link aggregation groups
US20130034015A1 (en) 2011-08-05 2013-02-07 International Business Machines Corporation Automated network configuration in a dynamic virtual environment
US8966499B2 (en) 2011-09-09 2015-02-24 Microsoft Technology Licensing, Llc Virtual switch extensibility
US9185056B2 (en) 2011-09-20 2015-11-10 Big Switch Networks, Inc. System and methods for controlling network traffic through virtual switches
US8804736B1 (en) 2011-09-23 2014-08-12 Juniper Networks, Inc. Network tunneling using a label stack delimiter
JP5836042B2 (en) 2011-10-04 2015-12-24 株式会社日立製作所 Management server program
CN102378176B (en) 2011-10-18 2015-07-01 京信通信系统(中国)有限公司 GSM (Global System for Mobile communications) network access system
US8885643B2 (en) 2011-11-04 2014-11-11 Futurewei Technologies, Inc. Method for multicast flow routing selection
US9450870B2 (en) 2011-11-10 2016-09-20 Brocade Communications Systems, Inc. System and method for flow management in software-defined networks
CN103139037B (en) 2011-11-30 2016-05-18 国际商业机器公司 For realizing the method and apparatus of VLAN flexibly
US8942139B2 (en) 2011-12-07 2015-01-27 International Business Machines Corporation Support for converged traffic over ethernet link aggregation (LAG)
US8995272B2 (en) 2012-01-26 2015-03-31 Brocade Communication Systems, Inc. Link aggregation in software-defined networks
EP2817934A1 (en) 2012-02-22 2014-12-31 Nokia Solutions and Networks Oy Controlling access
US9059912B2 (en) 2012-02-27 2015-06-16 Verizon Patent And Licensing Inc. Traffic policing for MPLS-based network
US9154416B2 (en) 2012-03-22 2015-10-06 Brocade Communications Systems, Inc. Overlay tunnel in a fabric switch
CN102594711B (en) 2012-03-28 2014-11-26 杭州华三通信技术有限公司 Message forwarding method and edge device therefor
EP2833576A4 (en) 2012-03-28 2015-02-04 Fujitsu Optical Components Ltd Lan multiplexer apparatus
US9184995B2 (en) 2012-04-11 2015-11-10 Gigamon Inc. Traffic visibility in an open networking environment
US8989188B2 (en) 2012-05-10 2015-03-24 Cisco Technology, Inc. Preventing leaks among private virtual local area network ports due to configuration changes in a headless mode
US9106578B2 (en) 2012-05-31 2015-08-11 Hewlett-Packard Development Company, L.P. Core network architecture
US9143439B2 (en) 2012-07-23 2015-09-22 Cisco Technology, Inc. System and method for cluster link aggregation control in a network environment
CN102801599B (en) 2012-07-26 2015-09-30 华为技术有限公司 A kind of communication means and system
US8855117B2 (en) 2012-08-08 2014-10-07 Cisco Technology, Inc. Scalable media access control protocol synchronization techniques for fabric extender based emulated switch deployments
US8937865B1 (en) 2012-08-21 2015-01-20 Juniper Networks, Inc. Scheduling traffic over aggregated bundles of links
US20140059225A1 (en) 2012-08-21 2014-02-27 Iosif Gasparakis Network controller for remote system management
EP2891277B1 (en) 2012-09-26 2017-08-09 Huawei Technologies Co., Ltd. Overlay virtual gateway for overlay networks
US9438447B2 (en) 2012-12-18 2016-09-06 International Business Machines Corporation Flow distribution algorithm for aggregated links in an ethernet switch
US9251115B2 (en) 2013-03-07 2016-02-02 Citrix Systems, Inc. Dynamic configuration in cloud computing environments
US9401818B2 (en) 2013-03-15 2016-07-26 Brocade Communications Systems, Inc. Scalable gateways for a fabric switch
US10404621B2 (en) 2013-03-15 2019-09-03 Oracle International Corporation Scalable InfiniBand packet-routing technique
US9059909B2 (en) 2013-06-04 2015-06-16 Dell Products L.P. System and method for configuration of link aggregation groups
US9912612B2 (en) 2013-10-28 2018-03-06 Brocade Communications Systems LLC Extended ethernet fabric switches

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050220096A1 (en) * 2004-04-06 2005-10-06 Robert Friskney Traffic engineering in frame-based carrier networks
US20110299413A1 (en) * 2010-06-02 2011-12-08 Brocade Communications Systems, Inc. Port profile management for virtual cluster switching
US20110299531A1 (en) * 2010-06-08 2011-12-08 Brocade Communications Systems, Inc. Flooding packets on a per-virtual-network basis
WO2014031781A1 (en) * 2012-08-21 2014-02-27 Brocade Communications Systems, Inc. Global vlans for fabric switches

Also Published As

Publication number Publication date
US9699001B2 (en) 2017-07-04
US20140362859A1 (en) 2014-12-11
EP3261301A1 (en) 2017-12-27
CN105519046A (en) 2016-04-20
EP3008860B1 (en) 2017-08-30
CN105519046B (en) 2019-03-08
EP3008860A1 (en) 2016-04-20
EP3261301B1 (en) 2019-01-30

Similar Documents

Publication Publication Date Title
US9699001B2 (en) Scalable and segregated network virtualization
US9602430B2 (en) Global VLANs for fabric switches
US10044568B2 (en) Network extension groups of global VLANs in a fabric switch
EP3533189B1 (en) Rule-based network identifier mapping
US9544219B2 (en) Global VLAN services
US10284469B2 (en) Progressive MAC address learning
EP2874359B1 (en) Extended ethernet fabric switches
US10063473B2 (en) Method and system for facilitating switch virtualization in a network of interconnected switches
US10038627B2 (en) Selective rule management based on traffic visibility in a tunnel
US10579406B2 (en) Dynamic orchestration of overlay tunnels
US8995435B2 (en) Port profile analytics
WO2017209863A1 (en) Selective rule management based on traffic visibility in a tunnel

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14738940

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

REEP Request for entry into the european phase

Ref document number: 2014738940

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2014738940

Country of ref document: EP