Managing rogue devices through a network backhaul

US 10,542,035 B2
Filed: 06/15/2018
Issued: 01/21/2020
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. The method performed by a switch in a network backhaul comprising:

receiving from a network backhaul rogue device management system in the network backhaul, a rogue device message including a media access control (MAC) address of a rogue device;

providing the rogue device message to a plurality of switches in the network backhaul;

in response to the rogue device message, flushing entries of a forwarding table of a switch of the plurality of switches, the entries of the forwarding table associated with MAC addresses of devices in a network, respectively, for routing traffic;

in response to the rogue device message, adding an entry associated with the MAC address to a rogue monitor table, entries of the rogue monitor table associated with MAC addresses of devices in the network, respectively, for monitoring rogue devices;

monitoring the forwarding table and the rogue monitor table to determine whether a MAC address of an entry included in the rogue monitor table is aged out and whether a new MAC address newly included in an entry of the forwarding table is included in the rogue monitor table;

upon determining that a MAC address included in an entry of the forwarding table is aged out, sending a rogue aged MAC message including aged device data that contains the aged MAC address to the network backhaul rogue device management system, so as to cause the network backhaul rogue device management system to update a status of an access point (AP) associated with the aged device data as out-of-net;

upon determining that the new MAC address is included in the rogue monitor table, sending a rogue learned MAC message including new learned device data that contains the new MAC address to the network backhaul rogue device management system, so as to cause the network backhaul rogue device management system to update a status of an AP associated with the new learned device data as in-net;

performing mitigation of the rogue device using a nearest switch in the backhaul network to the rogue device;

further comprising;

receiving from the network backhaul rogue device management system, a rogue update message including a MAC address of a rogue device that has been determined to be valid;

in response to the rogue update message, removing an entry associated with the MAC address of the valid rogue device from the rogue monitor table.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Managing rogue devices in a network through a network backhaul. A rogue device is detected in a network and a rogue device message that includes the rogue device is sent to a plurality of switches in a backhaul of the network. The rogue device is added into a rogue monitor table. Whether the rogue device is In-Net or Out-Of-Net is determined using forwarding tables of the plurality of switches in the backhaul of the network and the rogue monitor table. Mitigation is performed using a nearest switch to the rogue device of the plurality of switches in the backhaul of the network if it is determined that the rogue device is In-Net.

266 Citations

18 Claims

1. The method performed by a switch in a network backhaul comprising:
- receiving from a network backhaul rogue device management system in the network backhaul, a rogue device message including a media access control (MAC) address of a rogue device;
  
  providing the rogue device message to a plurality of switches in the network backhaul;
  
  in response to the rogue device message, flushing entries of a forwarding table of a switch of the plurality of switches, the entries of the forwarding table associated with MAC addresses of devices in a network, respectively, for routing traffic;
  
  in response to the rogue device message, adding an entry associated with the MAC address to a rogue monitor table, entries of the rogue monitor table associated with MAC addresses of devices in the network, respectively, for monitoring rogue devices;
  
  monitoring the forwarding table and the rogue monitor table to determine whether a MAC address of an entry included in the rogue monitor table is aged out and whether a new MAC address newly included in an entry of the forwarding table is included in the rogue monitor table;
  
  upon determining that a MAC address included in an entry of the forwarding table is aged out, sending a rogue aged MAC message including aged device data that contains the aged MAC address to the network backhaul rogue device management system, so as to cause the network backhaul rogue device management system to update a status of an access point (AP) associated with the aged device data as out-of-net;
  
  upon determining that the new MAC address is included in the rogue monitor table, sending a rogue learned MAC message including new learned device data that contains the new MAC address to the network backhaul rogue device management system, so as to cause the network backhaul rogue device management system to update a status of an AP associated with the new learned device data as in-net;
  
  performing mitigation of the rogue device using a nearest switch in the backhaul network to the rogue device;
  
  further comprising;
  
  receiving from the network backhaul rogue device management system, a rogue update message including a MAC address of a rogue device that has been determined to be valid;
  
  in response to the rogue update message, removing an entry associated with the MAC address of the valid rogue device from the rogue monitor table.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - receiving from the network backhaul rogue device management system, a rogue update message including a MAC address of a rogue device connected to a rogue AP that has been determined to be valid;
      
      in response to the rogue update message, removing an entry associated with the MAC address of the rogue device connected to the valid rogue AP from the rogue monitor table.
  - 3. The method of claim 1, further comprising:
    - receiving from the network backhaul rogue device management system, a rogue update message including a MAC address of a rogue device that has been determined to be out-of-net;
      
      in response to the rogue update message, removing an entry associated with the MAC address of the out-of-net rogue device from the rogue monitor table.
  - 4. The method of claim 1, further comprising:
    - receiving from the network backhaul rogue device management system, a rogue update message including a MAC address of a rogue device that has been determined to be out-of-net;
      
      in response to the rogue update message, removing an entry associated with the MAC address of the out-of-net rogue device from the forwarding table.
  - 5. The method of claim 1, further comprising:
    - receiving from the network backhaul rogue device management system, a rogue update message including a MAC address of a rogue device connected to a rogue AP that has been determined to be out-of-net;
      
      in response to the rogue update message, removing an entry associated with the MAC address of the rogue device connected to the out-of-net rogue AP from the rogue monitor table.
  - 6. The method of claim 1, further comprising:
    - receiving from the network backhaul rogue device management system, a rogue update message including a MAC address of a rogue device connected to a rogue AP that has been determined to be out-of-net;
      
      in response to the rogue update message, removing an entry associated with the MAC address of the rogue device connected to the out-of-net rogue AP from the forwarding table.
  - 7. The method of claim 1, further comprising:
    - the rogue monitor table, initiating a probe procedure to determine at least one nearest switch to a device of the new MAC address, wherein the rogue learned MAC message also includes a MAC address of the at least one nearest switch.
  - 8. The method of claim 1, further comprising, upon determining that the new MAC address is included in the rogue monitor table, initiating a probe procedure to determine at least one nearest switch to a device of the new MAC address, wherein the probe procedure comprises:
    - generating a probe message with an initial hop number;
      
      sending the probe message with the initial hop number to at least one next switch;
      
      receiving probe responses that include an increased hop number;
      
      determining that a switch that sent a probe response with a largest increased hop number is the nearest switch.
  - 9. The method of claim 1, further comprising, upon determining that the new MAC address is included in the rogue monitor table, initiating a probe procedure to determine at least one nearest switch to a device of the new MAC address, wherein the probe procedure comprises:
    - generating a probe message with an initial hop number;
      
      sending the probe message with the initial hop number to at least one next switch;
      
      determining that the switch that sent the probe message is the nearest switch when a probe response that includes an increased hop number is not received from the at least one next switch.

10. A switch for a network backhaul comprising one or more processors and memory storing instructions, when executed by the one or more processors, configured to cause the one or more processors to:
- receive from a network backhaul rogue device management system in the network backhaul, a rogue device message including a media access control (MAC) address of a rogue device;
  
  in response to the rogue device message, flush entries of a forwarding table of the switch, the entries of the forwarding table associated with MAC addresses of devices in a network, respectively, for routing traffic;
  
  in response to the rogue device message, add an entry associated with the MAC address to a rogue monitor table, entries of the rogue monitor table associated with MAC addresses of devices in the network, respectively, for monitoring rogue devices;
  
  monitor the forwarding table and the rogue monitor table to determine whether a MAC address of an entry included in the rogue monitor table is aged out and whether a new MAC address newly included in an entry of the forwarding table is included in the rogue monitor table;
  
  upon determining that a MAC address included in an entry of the forwarding table is aged out, send a rogue aged MAC message including aged device data that contains the aged MAC address to the network backhaul rogue device management system, so as to cause the network backhaul rogue device management system to update a status of an access point (AP) associated with the aged device data as out-of-net;
  
  upon determining that the new MAC address is included in the rogue monitor table, send a rogue learned MAC message including new learned device data that contains the new MAC address to the network backhaul rogue device management system, so as to cause the network backhaul rogue device management system to update a status of an AP associated with the new learned device data as in-net;
  
  wherein the instructions are further configured to cause the one or more processors to;
  
  receive from the network backhaul rogue device management system, a rogue update message including a MAC address of a rogue device that has been determined to be valid;
  
  in response to the rogue update message, remove an entry associated with the MAC address of the valid rogue device from the rogue monitor table.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The switch of claim 10, wherein the instructions are further configured to cause the one or more processors to:
    - receive from the network backhaul rogue device management system, a rogue update message including a MAC address of a rogue device connected to a rogue AP that has been determined to be valid;
      
      in response to the rogue update message, remove an entry associated with the MAC address of the rogue device connected to the valid rogue AP from the rogue monitor table.
  - 12. The switch of claim 10, wherein the instructions are further configured to cause the one or more processors to:
    - receive from the network backhaul rogue device management system, a rogue update message including a MAC address of a rogue device that has been determined to be out-of-net;
      
      in response to the rogue update message, remove an entry associated with the MAC address of the out-of-net rogue device from the rogue monitor table.
  - 13. The switch of claim 10, wherein the instructions are further configured to cause the one or more processors to:
    - receive from the network backhaul rogue device management system, a rogue update message including a MAC address of a rogue device that has been determined to be out-of-net;
      
      in response to the rogue update message, remove an entry associated with the MAC address of the out-of-net rogue device from the forwarding table.
  - 14. The switch of claim 10, wherein the instructions are further configured to cause the one or more processors to:
    - receive from the network backhaul rogue device management system, a rogue update message including a MAC address of a rogue device connected to a rogue AP that has been determined to be out-of-net;
      
      in response to the rogue update message, remove an entry associated with the MAC address of the rogue device connected to the out-of-net rogue AP from the rogue monitor table.
  - 15. The switch of claim 10, wherein the instructions are further configured to cause the one or more processors to:
    - receive from the network backhaul rogue device management system, a rogue update message including a MAC address of a rogue device connected to a rogue AP that has been determined to be out-of-net;
      
      in response to the rogue update message, remove an entry associated with the MAC address of the rogue device connected to the out-of-net rogue AP from the forwarding table.
  - 16. The switch of claim 10, wherein the instructions are further configured to cause the one or more processors to initiate, upon determining that the new MAC address is included in the rogue monitor table, a probe procedure to determine at least one nearest switch to a device of the new MAC address, wherein the rogue learned MAC message also includes a MAC address of the at least one nearest switch.
  - 17. The switch of claim 10, wherein the instructions are further configured to cause the one or more processors to initiate, upon determining that the new MAC address is included in the rogue monitor table, a probe procedure to determine at least one nearest switch to a device of the new MAC address, wherein the probe procedure comprises:
    - generating a probe message with an initial hop number;
      
      sending the probe message with the initial hop number to at least one next switch;
      
      in response to at least one probe response that includes an increased hop number, determining that a switch that sent a probe response with a largest increased hop number is the nearest switch;
      
      determining that the switch that sent the probe message is the nearest switch when no probe response that includes the increased hop number is received from the at least one next switch.

18. A system comprising:
- a means for receiving from a network backhaul rogue device management system in the network backhaul, a rogue device message including a media access control (MAC) address of a rogue device;
  
  a means for flushing entries of a forwarding table of the switch, the entries of the forwarding table associated with MAC addresses of devices in a network, respectively, for routing traffic, in response to the rogue device message;
  
  a means for adding an entry associated with the MAC address to a rogue monitor table, entries of the rogue monitor table associated with MAC addresses of devices in the network, respectively, for monitoring rogue devices, in response to the rogue device message;
  
  a means for monitoring the forwarding table and the rogue monitor table to determine whether a MAC address of an entry included in the rogue monitor table is aged out and whether a new MAC address newly included in an entry of the forwarding table is included in the rogue monitor table;
  
  a means for sending, upon determining that a MAC address included in an entry of the forwarding table is aged out, a rogue aged MAC message including aged device data that contains the aged MAC address to the network backhaul rogue device management system, so as to cause the network backhaul rogue device management system to update a status of an access point (AP) associated with the aged device data as out-of-net;
  
  a means for sending, upon determining that the new MAC address is included in the rogue monitor table, a rogue learned MAC message including new learned device data that contains the new MAC address to the network backhaul rogue device management system, so as to cause the network backhaul rogue device management system to update a status of an AP associated with the new learned device data as in-net;
  
  a means for receiving from the network backhaul rogue device management system, a rogue update message including a MAC address of a rogue device that has been determined to be valid;
  
  a means for, in response to the rogue update message, removing an entry associated with the MAC address of the valid rogue device from the rogue monitor table.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Extreme Networks, Inc.
Original Assignee
Aerohive Networks Incorporated (Extreme Networks, Inc.)
Inventors
Zeng, Jianlin, Li, Mingliang, Fan, Peng
Primary Examiner(s)
Sholeman, Abu S
Assistant Examiner(s)
Le, Thanh T

Application Number

US16/010,288
Publication Number

US 20180302432A1
Time in Patent Office

585 Days
Field of Search

726 23
US Class Current
CPC Class Codes

H04L 63/0236   Filtering by address, proto...

H04L 63/101   Access control lists [ACL]

H04L 63/1408   by monitoring network traff...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1441   Countermeasures against mal...

H04W 12/122   Counter-measures against at...

Managing rogue devices through a network backhaul

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

266 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Managing rogue devices through a network backhaul

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

266 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links