METHOD AND MECHANISM FOR PORT REDIRECTS IN A NETWORK SWITCH

US 20090003317A1
Filed: 06/29/2007
Published: 01/01/2009
Est. Priority Date: 06/29/2007
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving a data packet at a switching device in a network, the data packet to be directed to one or more destinations in the network;

determining whether a condition of the network indicates that the received data packet is associated with a redirect port of the switching device, wherein the redirect port is associated with a network service configured to return a redirected data packet to the switching device based on an analysis of the redirected data packet;

determining whether the data packet is to be flooded from the switching device; and

redirecting the received data packet to the redirect port of the switching device, where a condition of the network indicates that the received data packet is associated with a redirect port of the switching device and where the data packet is not to be flooded from the switching device.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for selectively redirecting a data packet to a port on a switching device which is associated with a corresponding network service. In one embodiment, the data packet is redirected to an intrusion prevention service (IPS) for security analysis of the data packet. In another embodiment, the switching device performs a data link layer redirecting of the data packet based at least in part on whether the data packet is to be flooded from the switching device.

281 Citations

30 Claims

1. A method, comprising:
- receiving a data packet at a switching device in a network, the data packet to be directed to one or more destinations in the network;
  
  determining whether a condition of the network indicates that the received data packet is associated with a redirect port of the switching device, wherein the redirect port is associated with a network service configured to return a redirected data packet to the switching device based on an analysis of the redirected data packet;
  
  determining whether the data packet is to be flooded from the switching device; and
  
  redirecting the received data packet to the redirect port of the switching device, where a condition of the network indicates that the received data packet is associated with a redirect port of the switching device and where the data packet is not to be flooded from the switching device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the condition of the network includes a traffic type of the received data packet.
  - 3. The method of claim 1, wherein determining whether the data packet is to be flooded from the switching device comprises at least one of,determining that the received data packet includes a broadcast media access control (MAC) destination address, anddetermining that the received data packet includes a media access control (MAC) destination address which does not correspond to any entry in a forwarding database.
  - 4. The method of claim 1, wherein determining whether the data packet is to be flooded from the switch comprises determining that the received data packet includes an internet protocol (IP) multicast destination address.
  - 5. The method of claim 1, wherein the received data packet is to be flooded from the switch, the method further comprising:
    - flooding the received data packet from the switching device without sending the received data packet to any redirect port of the switching device.
  - 6. The method of claim 5, wherein flooding the received data packet from the switching device without sending the received data packet to any redirect port of the switching device comprises isolating the redirect port of the switching device from any flooding of data packets from the switching device.
  - 7. The method of claim 6, wherein isolating the redirect port of the switching device from any flooding of data packets from the switching device comprises excluding the redirect port of the switching device from a set of ports supporting a Virtual Local Area Network (VLAN).
  - 8. The method of claim 5, wherein a condition of the network indicates that the received data packet is associated with a redirect port of the switching device, and wherein flooding the received data packet from the switching device comprises replacing an indication that the data packet is to be sent to the redirect port of the switching device with an indication that the data packet is to be flooded to at least one other port of the switching device.
  - 9. The method of claim 8, wherein replacing an indication that the data packet is to be sent to the redirect port of the switching device with an indication that the data packet is to be flooded to at least one other port of the switching device comprises executing one or more commands stored in an sequence control table (SCT) to retrieve an identifier of the at least one other port of the switching device.
  - 10. The method of claim 5, wherein a condition of the network indicates that the received data packet is associated with a redirect port of the switching device, and wherein flooding the received data packet from the switching device comprises enforcing a rule of an access control list for the redirect port of the switching device, the rule to prevent redirection to the redirect port of the switching device of any data packets having an internet protocol (IP) multicast destination address.

11. A machine-readable medium having stored thereon a set of instructions which when executed by one or more processors cause the one or more processors to perform a method comprising:
- receiving a data packet at a switching device in a network, the data packet to be directed to one or more destinations in the network;
  
  determining whether a condition of the network indicates that the received data packet is associated with a redirect port of the switching device, wherein the redirect port is associated with a network service configured to return the redirected data packet to the switching device based on a result of an analysis of the redirected data packet;
  
  determining whether the data packet is to be flooded from the switching device; and
  
  redirecting the received data packet to the redirect port of the switching device, where a condition of the network indicates that the received data packet is associated with a redirect port of the switching device and where the data packet is not to be flooded from the switching device.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The machine-readable medium of claim 11, wherein the condition of the network includes a traffic type of the received data packet.
  - 13. The machine-readable medium of claim 11, wherein determining whether the data packet is to be flooded from the switching device comprises at least one of,determining whether the received data packet includes a broadcast media access control (MAC) destination address,determining whether the received data packet includes a media access control (MAC) destination address which does not correspond to any entry in a forwarding database, anddetermining whether the received data packet includes an internet protocol (IP) multicast destination address.
  - 14. The machine-readable medium of claim 11, wherein the received data packet is to be flooded from the switch, the method further comprising:
    - flooding the received data packet from the switching device without sending the received data packet to any redirect port of the switching device.
  - 15. The machine-readable medium of claim 14, wherein flooding the received data packet from the switching device without sending the received data packet to any redirect port of the switching device comprises excluding the redirect port of the switching device from a set of ports supporting a Virtual Local Area Network (VLAN).
  - 16. The machine-readable medium of claim 14, wherein a condition of the network indicates that the received data packet is associated with a redirect port of the switching device, and wherein flooding the received data packet from the switching device comprises replacing an indication that the data packet is to be sent to the redirect port of the switching device with an indication that the data packet is to be flooded to at least one other port of the switching device.

17. A switching device comprising:
- a redirect port associated with a network service configured to return a redirected data packet to the switching device based on an analysis of the redirected data packet;
  
  a flow handler to determine whether a data packet is to be flooded from the switching device;
  
  a traffic selector to determine whether a condition of a network indicates that the data packet is associated with the redirect port; and
  
  a switching mechanism to redirect the data packet to the redirect port, where a condition of a network indicates that the data packet is associated with the redirect port, and where the data packet is not to be flooded from the switching device.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The switching device of claim 17, wherein the condition of the network includes a traffic type of the data packet.
  - 19. The switching device of claim 17, wherein determining whether the data packet is to be flooded from the switching device comprises at least one of,determining whether the received data packet includes a broadcast media access control (MAC) destination address,determining whether the received data packet includes a media access control (MAC) destination address which does not correspond to any entry in a forwarding database, anddetermining whether the received data packet includes an internet protocol (IP) multicast destination address.
  - 20. The switching device of claim 17 wherein the data packet is to be flooded from the switch, the switching mechanism further to flood the received data packet from the switching device without sending the data packet to the redirect port.
  - 21. The switching device of claim 20, wherein flooding the received data packet from the switching device without sending the received data packet to the redirect port comprises excluding the redirect port from a set of ports supporting a Virtual Local Area Network (VLAN).
  - 22. The switching device of claim 20, wherein a condition of the network indicates that the received data packet is associated with a redirect port of the switching device, and wherein flooding the received data packet from the switching device comprises replacing an indication that the data packet is to be sent to the redirect port of the switching device with an indication that the data packet is to be flooded to at least one other port of the switching device.

23. A system comprising:
- a switching device having,a redirect port, anda switching mechanism to redirect a data packet to the redirect port, where a condition of a network indicates that the data packet is associated with the redirect port, and where the data packet is not to be flooded from the switching device;
  
  a network service to receive the redirected data packet from the redirect port of the switching device, the network service further to return the redirected data packet to the switching device based on an analysis of the redirected data packet; and
  
  a serial bus coupling the switching device to the network service.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
- - 24. The system of claim 23, wherein the condition of the network includes a traffic type of the data packet.
  - 25. The system of claim 23, wherein the data packet is not to be flooded from the switching device unless:
    - the data packet includes a broadcast media access control (MAC) destination address,the data packet includes a media access control (MAC) destination address which does not correspond to any entry in a forwarding database of the switching device, orthe data packet includes an internet protocol (IP) multicast destination address.
  - 26. The system of claim 23, wherein the data packet is to be flooded from the switch, the switching mechanism further to flood the received data packet from the switching device without sending the data packet to the redirect port.
  - 27. The system of claim 26, wherein flooding the received data packet from the switching device without sending the received data packet to the redirect port comprises excluding the redirect port from a set of ports supporting a Virtual Local Area Network (VLAN).
  - 28. The system of claim 26, wherein a condition of the network indicates that the received data packet is associated with a redirect port of the switching device, and wherein flooding the received data packet from the switching device comprises replacing an indication that the data packet is to be sent to the redirect port of the switching device with an indication that the data packet is to be flooded to at least one other port of the switching device.
  - 29. The system of claim 28, wherein replacing an indication that the data packet is to be sent to the redirect port of the switching device with an indication that the data packet is to be flooded to at least one other port of the switching device comprises executing one or more commands stored in an sequence control table (SCT) to retrieve an identifier of the at least one other port of the switching device.
  - 30. The system of claim 26, wherein a condition of the network indicates that the received data packet is associated with a redirect port of the switching device, and wherein flooding the received data packet from the switching device comprises enforcing a rule of an access control list for the redirect port of the switching device, the rule to prevent redirection to the redirect port of the switching device of any data packets having an internet protocol (IP) multicast destination address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Extreme Networks, Inc.
Original Assignee
Extreme Networks, Inc.
Inventors
Krishnan, Ram, Kasralikar, Rahul S.

Granted Patent

US 8,135,007 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/352
CPC Class Codes

H04L 49/25   Routing or path finding in ...

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

METHOD AND MECHANISM FOR PORT REDIRECTS IN A NETWORK SWITCH

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

281 Citations

30 Claims

Specification

Use Cases

Quick Links

Others

METHOD AND MECHANISM FOR PORT REDIRECTS IN A NETWORK SWITCH

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

281 Citations

30 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others