Detecting and preventing network loops

US 10,110,469 B2
Filed: 07/21/2016
Issued: 10/23/2018
Est. Priority Date: 07/21/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

identifying a port, on a network device, that is in a blocking state, the blocking state for dropping one or more types of packets and preventing the port from forwarding the one or more types of packets;

determining a first number of packets transmitted through the port by a hardware element on the network device;

determining a second number of control packets transmitted through the port by a CPU process on the network device;

determining whether the first number of packets is greater than the second number of control packets by at least a predetermined number;

when the first number of packets is greater than the second number of control packets by the at least the predetermined number, determining that the blocking state has failed to prevent the port from forwarding the one or more types of packets; and

correcting, in response to a positive outcome of the determining, the failed blocking state by;

disabling the port;

setting the port to a state that allows some traffic to pass while preventing other traffic from passing; and

/orre-configuring one or more links of the port;

wherein the predetermined number is zero or higher.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and non-transitory computer-readable storage media for detecting network loops. In some embodiments, a system can identify a port that is in a blocking state. The blocking state can be for dropping one or more types of packets and preventing the port from forwarding the one or more types of packets. The system can determine a number of packets transmitted through the port by a hardware layer on the system and a number of control packets transmitted through the port by a software layer on the system. The system can determine whether the number of packets is greater than the number of control packets. When the number of packets is greater than the number of control packets, the system can determine that the blocking state has failed to prevent the port from forwarding the one or more types of packets.

27 Citations

View as Search Results

20 Claims

1. A computer-implemented method comprising:
- identifying a port, on a network device, that is in a blocking state, the blocking state for dropping one or more types of packets and preventing the port from forwarding the one or more types of packets;
  
  determining a first number of packets transmitted through the port by a hardware element on the network device;
  
  determining a second number of control packets transmitted through the port by a CPU process on the network device;
  
  determining whether the first number of packets is greater than the second number of control packets by at least a predetermined number;
  
  when the first number of packets is greater than the second number of control packets by the at least the predetermined number, determining that the blocking state has failed to prevent the port from forwarding the one or more types of packets; and
  
  correcting, in response to a positive outcome of the determining, the failed blocking state by;
  
  disabling the port;
  
  setting the port to a state that allows some traffic to pass while preventing other traffic from passing; and
  
  /orre-configuring one or more links of the port;
  
  wherein the predetermined number is zero or higher.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 17, 18, 19, 20)
- - 2. The computer-implemented method of claim 1, wherein the control packets comprise at least one of bridge protocol data unit (BPDU) packets, link aggregation control protocol (LACP) packets, link layer discovery protocol (LLDP) packets, and cisco discovery protocol (CDP) packets.
  - 3. The computer-implemented method of claim 1, further comprising:
    - determining a third number of packets received, by the hardware element, through the port;
      
      determining a fourth number of control packets received, by the CPU process, through the port;
      
      determining a fifth number of received packets associated with the port that are dropped by the hardware element;
      
      determining whether a difference between the third number of packets received by the hardware element and the fifth number of packets dropped by the hardware element, is greater than the fourth number of control packets received by the CPU process; and
      
      when the difference is greater than the fourth number of control packets received, determining that the blocking state has failed to cause the port to drop the one or more types of packets.
  - 4. The computer-implemented method of claim 1, wherein the port is one of an access port or a trunk port, wherein all virtual local area networks (VLANs) configured on the trunk port are marked as blocked.
  - 5. The computer-implemented method of claim 1, wherein the port is associated with a first virtual local area network and a second virtual local area network, wherein the port is configured to block one or more types of packets associated with the virtual local area network and forward the one or more types of packets associated with the second virtual local area network, the method further comprising:
    - determining a third number of packets associated with the second virtual local area network that are transmitted through the port;
      
      subtracting the third number of packets associated with the second virtual local area network from the first number of packets transmitted through the port by the hardware element, to yield a subtracted number of packets;
      
      determining whether the subtracted number of packets is greater than a fourth number of control packets transmitted by the CPU process through the port that are associated with one or more blocked virtual local area networks; and
      
      when the subtracted number is greater than the fourth number of control packets, determining that the blocking state has failed to prevent the port from forwarding the one or more types of packets.
  - 6. The computer-implemented method of claim 1, wherein the port is associated with a first virtual local area network and a second virtual local area network, wherein the port is configured to block packets associated with the virtual local area network and forward packets associated with the second virtual local area network, the method further comprising:
    - determining a third number of packets received, by the hardware element, through the port;
      
      determining a fourth number of control packets received, by the CPU process, through the port, the fourth number of control packets being associated with one or more blocked virtual local area networks;
      
      determining a fifth number of received packets associated with the port that are dropped by the hardware element, the fifth number of received packets being associated with the one or more blocked virtual local area networks;
      
      determining a sixth number of packets associated with the second virtual local area network that are received through the port;
      
      subtracting the sixth number of packets associated with the second virtual local area network and the fifth number of received packets associated with the port that are dropped by the hardware element, from the third number of packets received through the port by the hardware element, to yield a subtracted number of packets;
      
      determining whether the subtracted number of packets is greater than the fourth number of control packets received by the CPU process through the port; and
      
      when the subtracted number is greater than the fourth number of control packets received by the CPU process, determining that the blocking state has failed to cause the port to drop the one or more types of packets.
  - 7. The computer-implemented method of claim 1, wherein the first number of packets transmitted comprises a rate of packets transmitted, and wherein the second number of control packets transmitted comprise a rate of control packets received.
  - 8. The computer-implemented method of claim 1, wherein the one or more types of packets comprises all packets excluding the control packets, wherein the hardware element comprises an application specific integrated circuit.
  - 17. The computer-implemented method of claim 1, wherein the control packets comprise at least one of bridge protocol data unit (BPDU) packets, link aggregation control protocol (LACP) packets, link layer discovery protocol (LLDP) packets, and cisco discovery protocol (CDP) packets.
  - 18. The computer-implemented method of claim 1, further comprising:
    - determining a third number of packets received, by the hardware element, through the port;
      
      determining a fourth number of control packets received, by the CPU process, through the port;
      
      determining a fifth number of received packets associated with the port that are dropped by the hardware element;
      
      determining whether a difference between the third number of packets received by the hardware element and the fifth number of packets dropped by the hardware element, is greater than the fourth number of control packets received by the CPU process; and
      
      when the difference is greater than the fourth number of control packets received, determining that the blocking state has failed to cause the port to drop the one or more types of packets.
  - 19. The computer-implemented method of claim 1, wherein the port is one of an access port or a trunk port, wherein all virtual local area networks (VLANs) configured on the trunk port are marked as blocked.
  - 20. The computer-implemented method of claim 1, wherein the port is associated with a first virtual local area network and a second virtual local area network, wherein the port is configured to block one or more types of packets associated with the virtual local area network and forward the one or more types of packets associated with the second virtual local area network, the method further comprising:
    - determining a third number of packets associated with the second virtual local area network that are transmitted through the port;
      
      subtracting the third number of packets associated with the second virtual local area network from the first number of packets transmitted through the port by the hardware element, to yield a subtracted number of packets;
      
      determining whether the subtracted number of packets is greater than a fourth number of control packets transmitted by the CPU process through the port that are associated with one or more blocked virtual local area networks; and
      
      when the subtracted number is greater than the fourth number of control packets, determining that the blocking state has failed to prevent the port from forwarding the one or more types of packets.

9. A network device comprising:
- one or more processors; and
  
  a computer-readable storage medium having stored therein instructions which, when executed by the one or more processors, cause the one or more processors to perform operations comprising;
  
  identifying a port on the network device that is in a blocking state, the blocking state for dropping one or more types of packets and preventing the port from forwarding the one or more types of packets;
  
  determining a first number of packets transmitted through the port by a hardware element on the network device;
  
  determining a second number of control packets transmitted through the port by a CPU process on the network device;
  
  determining whether the first number of packets is greater than the second number of control packets by at least a predetermined number; and
  
  when the first number of packets is greater than the second number of control packets by the at least the predetermined number, detecting an error associated with the blocking state, the error comprising a failure to prevent the port from forwarding the one or more types of packets; and
  
  correcting, in response to a positive outcome of the determining, the failed blocking state by;
  
  disabling the port;
  
  setting the port to a state that allows some traffic to pass while preventing other traffic from passing; and
  
  /orre-configuring one or more links of the port;
  
  wherein the predetermined number is zero or higher.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The network device of claim 9, wherein the control packets comprise at least one of bridge protocol data unit (BPDU) packets, link aggregation control protocol (LACP) packets, link layer discovery protocol (LLDP) packets, and cisco discovery protocol (CDP) packets.
  - 11. The network device of claim 9, the computer-readable medium having stored therein instructions which, when executed by the one or more processors, cause the one or more processors to perform operations comprising:
    - determining a third number of packets received, by the hardware element, through the port;
      
      determining a fourth number of control packets received, by the CPU process, through the port;
      
      determining a fifth number of received packets associated with the port that are dropped by the hardware element;
      
      determining whether a difference between the third number of packets received by the hardware element and the fifth number of packets dropped by the hardware element, is greater than the fourth number of control packets received by the CPU process; and
      
      when the difference is greater than the fourth number of control packets received, detecting an error associated with the blocking state, the error comprising a failure by the port to drop the one or more types of packets during the blocking state.
  - 12. The network device of claim 9, wherein the port is associated with a first virtual local area network and a second virtual local area network, wherein the port is configured to block one or more types of packets associated with the first virtual local area network and forward the one or more types of packets associated with the second virtual local area network, the computer-readable medium having stored therein instructions which, when executed by the one or more processors, cause the one or more processors to perform operations comprising:
    - determining a third number of packets associated with the second virtual local area network that are transmitted through the port;
      
      subtracting the third number of packets associated with the second virtual local area network from the first number of packets transmitted through the port by the hardware element, to yield an adjusted number of packets;
      
      determining whether the adjusted number of packets is greater than a fourth number of control packets transmitted by the CPU process through the port that are associated with one or more blocked virtual local area networks; and
      
      when the adjusted number is greater than the second number, detecting an error during the blocking state, the error comprising a failure to prevent the port from forwarding the one or more types of packets.
  - 13. The network device of claim 9, wherein the port is associated with a first virtual local area network and a second virtual local area network, wherein the port is configured to block one or more types of packets associated with the first virtual local area network and forward one or more types of packets associated with the second virtual local area network.
  - 14. The network device of claim 13, wherein the computer-readable medium stores additional instructions which, when executed by the one or more processors, cause the one or more processors to perform operations comprising:
    - determining a number of packets received, by the hardware element, through the port;
      
      determining a number of control packets received, by the CPU process, through the port, the number of control packets received by the CPU process being associated with one or more blocked virtual local area networks;
      
      determining a number of received packets associated with the port that are dropped by the hardware element, the received packets being associated with one or more blocked virtual local area networks;
      
      determining a number of packets associated with the second virtual local area network that are received through the port;
      
      subtracting the number of packets associated with the second virtual local area network and the number of received packets associated with the port that are dropped by the hardware element, from the number of packets received through the port by the hardware element, to yield a subtracted number of packets;
      
      determine whether the subtracted number of packets is greater than the number of control packets received by the CPU process through the port; and
      
      when the subtracted number is greater than the number of control packets received by the CPU process, determining that the blocking state has failed to cause the port to drop the one or more types of packets.
  - 15. The network device of claim 14, wherein the one or more types of packets comprises all packets excluding the control packets, wherein the hardware element comprises an application specific integrated circuit.

16. A non-transitory computer-readable storage medium having stored therein instructions which, when executed by a processor, cause the processor to perform operations comprising:
- identifying a port, on a network device, that is in a blocking state, the blocking state for dropping one or more types of packets and preventing the port from forwarding the one or more types of packets;
  
  determining a first number of packets transmitted through the port by a hardware element on the network device;
  
  determining a second number of control packets transmitted through the port by a CPU process on the network device;
  
  determining whether the first number of packets is greater than the second number of control packets by at least a predetermined number;
  
  when the first number of packets is greater than the second number of control packets by the at least the predetermined number, determining that the blocking state has failed to prevent the port from forwarding the one or more types of packets; and
  
  correcting, in response to a positive outcome of the determining, the failed blocking state by;
  
  disabling the port;
  
  setting the port to a state that allows some traffic to pass while preventing other traffic from passing; and
  
  /orre-configuring one or more links of the port;
  
  wherein the predetermined number is zero or higher.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Manthiramoorthy, Natarajan, Srinivasan, Venkatesh, Narayanan, Swaminathan, Mehta, Ambrish Niranjan, Singh, Anand Kumar, Chodey, Anulekha
Primary Examiner(s)
Haque, Abu-Sayeed

Application Number

US15/216,666
Publication Number

US 20180026871A1
Time in Patent Office

824 Days
Field of Search
US Class Current
CPC Class Codes

H04L 12/437   Ring fault isolation or rec...

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 2101/622   Layer-2 addresses, e.g. med...

H04L 43/08   Monitoring or testing based...

H04L 43/20   the monitoring system or th...

H04L 45/18   Loop-free operations

H04L 45/28   using route fault recovery

H04L 45/32   Flooding denial of service ...

H04L 45/48   Routing tree calculation

H04L 45/488   using root node determination

H04L 47/20   Traffic policing

H04L 49/354   for supporting virtual loca...

H04L 5/0012   Hopping in multicarrier sys...

H04L 69/324   in the data link layer [OSI...

Y02D 30/00   Reducing energy consumption...

Detecting and preventing network loops

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

27 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Detecting and preventing network loops

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links