BFD over VxLAN on vPC uplinks
First Claim
1. A method, comprising:
- receiving, by a primary virtual port channel (vPC) node, a packet from a remote node;
determining, by the primary vPC node, the packet includes a media access control (MAC) address corresponding to either the primary vPC node or a secondary vPC node and at least one inner packet identifier;
identifying, by the primary vPC node, an access control list (ACL) entry from a set of access control list entries based on the at least one inner packet identifier;
based on an identified access control list (ACL) entry, generating, by the primary vPC node, a copy of the packet; and
based on the determined MAC address and after generating a copy of the packet, transmitting, by the primary vPC node to the secondary vPC node, the packet;
receiving, by the primary vPC node, a second packet;
authorizing, by the primary vPC node in response to determining the secondary vPC node generated a copy of the second packet, receipt of the second packet;
restricting by the primary vPC node in response to determining the secondary vPC node did not generate a copy of the second packet, receipt of the second packet.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed are systems, methods, and computer-readable storage media for synchronizing the secondary vPC node to the primary vPC node in a BFD protocol over a VxLAN channel with a remote node. In some embodiments of the present technology a primary vPC node can receive a packet from the remote node. The primary vPC node can then determine the packet includes either a MAC address corresponding to the primary vPC node or a secondary vPC node, and at least one inner packet identifier. Additionally, the primary networking switch can identify an access control list (ACL) entry from a set of ACL entries based on the at least one inner packet identifier. Subsequently, based on the ACL entry, the primary vPC node can generate a copy of the packet. After which, the primary vPC node can transmit the packet to the secondary vPC node.
-
Citations
14 Claims
-
1. A method, comprising:
-
receiving, by a primary virtual port channel (vPC) node, a packet from a remote node; determining, by the primary vPC node, the packet includes a media access control (MAC) address corresponding to either the primary vPC node or a secondary vPC node and at least one inner packet identifier; identifying, by the primary vPC node, an access control list (ACL) entry from a set of access control list entries based on the at least one inner packet identifier; based on an identified access control list (ACL) entry, generating, by the primary vPC node, a copy of the packet; and based on the determined MAC address and after generating a copy of the packet, transmitting, by the primary vPC node to the secondary vPC node, the packet; receiving, by the primary vPC node, a second packet; authorizing, by the primary vPC node in response to determining the secondary vPC node generated a copy of the second packet, receipt of the second packet; restricting by the primary vPC node in response to determining the secondary vPC node did not generate a copy of the second packet, receipt of the second packet. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A non-transitory computer-readable medium containing instructions that, when executed by a primary vPC node, cause the primary vPC node to:
-
receive a packet from a remote node; determine the packet includes a media access control (MAC) address corresponding to either the primary vPC node or a secondary vPC node, and at least one inner packet identifier; identify an access control list (ACL) entry from a set of access control list entries based on the at least one inner packet identifier, the access control list entry including an instruction to copy the packet; based on the identified access control list (ACL), generate a copy of the packet; and
based on the determined MAC address and after generating a copy of the packet transmit the packet to the secondary vPC node;receive, by the primary vPC node, a second packet; authorize, by the primary vPC node in response to determining the secondary vPC node generated a copy of the second packet, receipt of the second packet; restrict by the primary vPC node in response to determining the secondary vPC node did not generate a copy of the second packet, receipt of the second packet. - View Dependent Claims (7, 8)
-
-
9. A computing system comprising:
- a remote node;
a dual-homed virtual tunnel endpoint (VTEP), the dual-homed VTEP including a primary network switch and a secondary network switch; a processor; and
memory containing instructions that, when executed by the processor, cause the secondary network switch to;receive a packet from the remote node; determine the packet includes a media access control (MAC) address corresponding to either the primary network switch or the secondary network switch and at least one inner packet identifier; identify an access control list (ACL) entry from a set of access control list entries based on the at least one inner packet identifier, the access control list entry including an instruction to copy the packet; based on the identified ACL entry, generate a copy of the packet; and based on the determined MAC address and after generating a copy of the packet, transmit the packet to the primary network switch; receive, by the primary vPC node, a second packet; authorize, by the primary vPC node in response to determining the secondary vPC node generated a copy of the second packet, receipt of the second packet; restrict by the primary vPC node in response to determining the secondary vPC node did not generate a copy of the second packet, receipt of the second packet. - View Dependent Claims (10, 11, 12, 13, 14)
- a remote node;
Specification