MECHANISM FOR ENABLING LAYER TWO HOST ADDRESSES TO BE SHIELDED FROM THE SWITCHES IN A NETWORK

US 20110235639A1
Filed: 06/07/2011
Published: 09/29/2011
Est. Priority Date: 10/22/2008
Status: Active Grant

First Claim

Patent Images

1. A method performed by a border component interposed between a network of switches and a plurality of local hosts, the method comprising:

receiving, by the border component from a first local host of the plurality of local hosts, a first packet destined for a first destination host, wherein the first local host has a first layer 2 (L2) address and a first layer 3 (L3) address associated therewith, and wherein the first packet includes the first L2 address as a source L2 address for the first packet, and includes the first L3 address as a source L3 address for the first packet;

shielding, by the border component, the first L2 address from the network of switches by replacing the source L2 address for the first packet with a substitute L2 address associated with a communication channel of the border component; and

sending, by the border component, the first packet to the network of switches.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for shielding layer two host addresses (e.g., MAC addresses) from a network are provided. A border component interposed between a network of switches and multiple local hosts receives from a first local host a first packet destined for a first destination host. The first local host has a first layer 2 (L2) address and a first layer 3 (L3) address associated therewith. The first packet includes the first L2 address as a source L2 address for the first packet, and includes the first L3 address as a source L3 address for the first packet. The border component shields the first L2 address from the network of switches by replacing the source L2 address for the first packet with a substitute L2 address associated with a communication channel of the border component before sending the first packet to the network of switches.

27 Citations

View as Search Results

50 Claims

1. A method performed by a border component interposed between a network of switches and a plurality of local hosts, the method comprising:
- receiving, by the border component from a first local host of the plurality of local hosts, a first packet destined for a first destination host, wherein the first local host has a first layer 2 (L2) address and a first layer 3 (L3) address associated therewith, and wherein the first packet includes the first L2 address as a source L2 address for the first packet, and includes the first L3 address as a source L3 address for the first packet;
  
  shielding, by the border component, the first L2 address from the network of switches by replacing the source L2 address for the first packet with a substitute L2 address associated with a communication channel of the border component; and
  
  sending, by the border component, the first packet to the network of switches.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the first L2 address and the substitute L2 address comprise media access control (MAC) addresses, and wherein the first L3 address comprises an Internet Protocol (IP) address.
  - 3. The method of claim 1, further comprising:
    - receiving, by the border component from a second local host of the plurality of hosts, a second packet destined for a second destination host, wherein the second local host has a second L2 address and a second L3 address associated therewith, and wherein the second packet includes the second L2 address as a source L2 address for the second packet, and includes the second L3 address as a source L3 address for the second packet;
      
      shielding, by the border component, the second L2 address from the network of switches by replacing the source L2 address for the second packet with the substitute L2 address; and
      
      sending, by the border component, the second updated packet to the network of switches.
  - 4. The method of claim 3, further comprising:
    - receiving, from the network of switches, a third packet, wherein the third packet includes the first L3 address as a destination L3 address, and includes the substitute L2 address as a destination L2 address;
      
      accessing a data structure, wherein the data structure comprises a first set of information that indicates an association between the first L3 address and the first L2 address;
      
      determining, based at least partially upon the first L3 address in the third packet and the first set of information, that the destination L2 address for the third packet should be the first L2 address;
      
      deriving a third updated packet from the third packet, wherein deriving the third updated packet comprises replacing the substitute L2 address with the first L2 address, thereby making the first L2 address the destination L2 address for the third updated packet; and
      
      sending the third updated packet to the first local host.
  - 5. The method of claim 4, further comprising:
    - receiving, from the network of switches, a fourth packet, wherein the fourth packet includes the second L3 address as a destination L3 address, and includes the substitute L2 address as a destination L2 address;
      
      accessing the data structure, wherein the data structure comprises a second set of information that indicates an association between the second L3 address and the second L2 address;
      
      determining, based at least partially upon the second L3 address in the fourth packet and the second set of information, that the destination L2 address for the fourth packet should be the second L2 address;
      
      deriving a fourth updated packet from the fourth packet, wherein deriving the fourth updated packet comprises replacing the substitute L2 address with the second L2 address, thereby making the second L2 address the destination L2 address for the fourth updated packet; and
      
      sending the fourth updated packet to the second local host.

6. A border component configured to be interposed between a plurality of local hosts and a network of switches, comprising:
- a communication channel; and
  
  a communication manager configured to;
  
  receive, from a first local host of the plurality of local hosts coupled to the communication channel, a first packet destined for a first destination host, wherein the first local host has a first layer 2 (L2) address and a first layer 3 (L3) address associated therewith, and wherein the first packet includes the first L2 address as a source L2 address for the first packet, and includes the first L3 address as a source L3 address for the first packet;
  
  shield the first L2 address from the network of switches by replacing the source L2 address for the first packet with a substitute L2 address associated with the communication channel; and
  
  send, via the communication channel, the first packet to the network of switches.
- View Dependent Claims (7, 8)
- - 7. The border component of claim 6, wherein the first L2 address and the substitute L2 address comprise media access control (MAC) addresses, and wherein the first L3 address comprises an Internet Protocol (IP) address.
  - 8. The border component of claim 6, wherein the communication manager is further configured to:
    - receive, from a second local host of the plurality of local hosts coupled to the communication channel, a second packet destined for a second destination host, wherein the second host has a second L2 address and a second L3 address associated therewith, and wherein the second packet includes the second L2 address as a source L2 address for the second packet, and includes the second L3 address as a source L3 address for the second packet;
      
      shield the second L2 address from the network of switches by replacing the source L2 address for the second packet with the substitute L2 address; and
      
      send, via the communication channel, the second packet to the network of switches.

9. The border component of claim 9, wherein the communication manager is further configured to:
- receive, from the network of switches via the communication channel, a third packet, wherein the third packet includes the first L3 address as a destination L3 address, and includes the substitute L2 address as a destination L2 address;
  
  access a data structure, wherein the data structure comprises a first set of information that indicates an association between the first L3 address and the first L2 address;
  
  determine, based at least partially upon the first L3 address in the third packet and the first set of information, that the destination L2 address for the third packet should be the first L2 address;
  
  derive a third updated packet from the third packet, wherein deriving the third updated packet comprises replacing the substitute L2 address with the first L2 address, thereby making the first L2 address the destination L2 address for the third updated packet; and
  
  send, via the communication channel, the third updated packet to the first local host.
- View Dependent Claims (10)
- - 10. The border component of claim 9, wherein the communication manager is further configured to:
    - receive, from the network of switches via the communication channel, a fourth packet, wherein the fourth packet includes the second L3 address as a destination L3 address, and includes the substitute L2 address as a destination L2 address;
      
      access the data structure, wherein the data structure comprises a second set of information that indicates an association between the second L3 address and the second L2 address;
      
      determine, based at least partially upon the second L3 address in the fourth packet and the second set of information, that the destination L2 address for the fourth packet should be the second L2 address;
      
      derive a fourth updated packet from the fourth packet, wherein deriving the fourth updated packet comprises replacing the substitute L2 address with the second L2 address, thereby making the second L2 address the destination L2 address for the fourth updated packet; and
      
      send, via the communication channel, the fourth updated packet to the second local host.

11. A method performed by a border component interposed between a network of switches and a plurality of local hosts, the method comprising:
- receiving, by the border component from a first local host of the plurality of local hosts, a first request packet requesting a layer 2 (L2) address for a first target host, wherein the first local host has a first L2 address and a first layer 3 (L3) address associated therewith, wherein the first target host has a first target L3 address associated therewith, and wherein the first request packet includes the first L2 address as a source L2 address, includes the first L3 address as a sending L3 address, includes the first target L3 address as a target L3 address, and includes an indication that the first request packet is to be broadcasted;
  
  obtaining, by the border component, the first L2 address and the first L3 address associated with the first local host from the first request packet;
  
  updating, by the border component, a data structure to include a first set of information indicating an association between the first L3 address and the first L2 address;
  
  shielding, by the border component, the first L2 address from the network of switches by replacing the source L2 address of the firs request packet with a substitute L2 address associated with a communication channel of the border component; and
  
  sending, by the border component, the first request packet to the network of switches to be broadcasted throughout the network of switches.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, wherein the first L2 address and the substitute L2 address comprise media access control (MAC) addresses, and wherein the first L3 address and the first target L3 address comprise Internet Protocol (IP) addresses.
  - 13. The method of claim 11, further comprising:
    - receiving, from a second local host of the plurality of local hosts, a second request packet requesting a L2 address for a second target host, wherein the second host has a second L2 address and a second L3 address associated therewith, wherein the second target host has a second target L3 address associated therewith, and wherein the second request packet includes the second L2 address as a source L2 address, includes the second L3 address as a sending L3 address, includes the second target L3 address as a target L3 address, and includes an indication that the second request packet is to be broadcasted;
      
      obtaining the second L2 address and the second L3 address associated with the second host from the second request packet;
      
      updating the data structure to include a second set of information indicating an association between the second L3 address and the second L2 address;
      
      shielding, by the border component, the second L2 address from the network of switches by replacing the source L2 address of the second request packet with the substitute L2 address associated with the communication channel of the border component; and
      
      sending the second request packet to the network of switches to be broadcasted throughout the network of switches.
  - 14. The method of claim 13, further comprising:
    - receiving, from the network of switches, a first reply packet which is a reply to the first updated request packet, wherein the first reply packet includes the first L3 address, includes the substitute L2 address as a destination L2 address, includes the first target L3 address, and includes a first requested L2 address for the first target host;
      
      accessing the data structure;
      
      determining, based at least partially upon the first L3 address in the first reply packet and the first set of information in the data structure, that the destination L2 address for the first reply packet should be the first L2 address;
      
      deriving a first updated reply packet from the first reply packet, wherein deriving the first updated reply packet comprises replacing the substitute L2 address with the first L2 address, thereby making the first L2 address the destination L2 address for the first updated reply packet; and
      
      sending the first updated reply packet to the first local host.
  - 15. The method of claim 14, wherein the first requested L2 address included in the first reply packet for the first target host is not the target host'"'"'s real L2 address but rather is an L2 address associated with a communication channel of another border component to which the first target host is coupled.
  - 16. The method of claim 14, further comprising:
    - receiving, from the network of switches, a second reply packet which is a reply to the second updated request packet, wherein the second reply packet includes the second L3 address, includes the substitute L2 address as a destination L2 address, includes the second target L3 address, and includes a second requested L2 address for the second target host;
      
      accessing the data structure;
      
      determining, based at least partially upon the second L3 address in the second reply packet and the second set of information in the data structure, that the destination L2 address for the second reply packet should be the second L2 address;
      
      deriving a second updated reply packet from the second reply packet, wherein deriving the second updated reply packet comprises replacing the substitute L2 address with the second L2 address, thereby making the second L2 address the destination L2 address for the second updated reply packet; and
      
      sending the second updated reply packet to the second local host.
  - 17. The method of claim 11, wherein the first request packet includes an indication that the first request packet is a standard address request packet, and wherein deriving the first updated request packet further comprises:
    - including in the first request packet an indication that the first request packet is a non-standard address request packet.
  - 18. The method of claim 17, further comprising:
    - receiving, from the first local host, a second request packet requesting a L2 address for the first target host, wherein the second request packet includes the first L2 address as a source L2 address, includes the first L3 address as a sending L3 address, includes the first target L3 address as a target L3 address, includes an indication that the second request packet is a standard address request packet, and includes an indication that the second request packet is to be broadcasted;
      
      determining that the second request packet is a second request from the first local host for a L2 address for the first target host, thereby determining that the first local host has not received a reply to the first request packet;
      
      in response to a determination that the first local host has not received a reply to the first request packet, shielding the first L2 address from the network of switches by replacing the source L2 address of the second request packet with the substitute L2 address associated with the communication channel of the border component and maintaining an indication in the second request packet that the second packet is standard address request packet; and
      
      sending the second request packet to the network of switches to be broadcasted throughout the network of switches.
  - 19. The method of claim 14, wherein the first request packet includes an indication that the first request packet is a standard address request packet, and wherein the method further comprises including in the first request packet an indication that the first request packet is a non-standard address request packet.
  - 20. The method of claim 19, wherein the first reply packet includes an indication that the first reply packet is a non-standard address reply packet, and wherein the method further comprises including in the first reply packet an indication that the first reply packet is a standard address reply packet.

21. A border component configured to be interposed between a plurality of local hosts and a network of switches, comprising:
- a communication channel; and
  
  a communication manager configured to;
  
  receive, from a first local host of the plurality of local hosts coupled to the communication channel, a first request packet requesting a layer 2 (L2) address for a first target host, wherein the first local host has a first L2 address and a first layer 3 (L3) address associated therewith, wherein the first target host has a first target L3 address associated therewith, and wherein the first request packet includes the first L2 address as a source L2 address, includes the first L3 address as a sending L3 address, includes the first target L3 address as a target L3 address, and includes an indication that the first request packet is to be broadcasted;
  
  obtain the first L2 address and the first L3 address associated with the first host from the first request packet;
  
  update a data structure to include a first set of information indicating an association between the first L3 address and the first L2 address;
  
  shield the first L2 address from the network of switches by replacing the source L2 address of the first request packet with a substitute L2 address associated with a communication channel of the border component; and
  
  send, via the communication channel, the first request packet to the network of switches to be broadcasted throughout the network of switches.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. The border component of claim 21, wherein the first L2 address and the substitute L2 address comprise media access control (MAC) addresses, and wherein the first L3 address and the first target L3 address comprise Internet Protocol (IP) addresses.
  - 23. The border component of claim 21, wherein the communication manager is further configured to:
    - receive, from a second local host of the plurality of local hosts coupled to the communication channel, a second request packet requesting a L2 address for a second target host, wherein the second host has a second L2 address and a second L3 address associated therewith, wherein the second target host has a second target L3 address associated therewith, and wherein the second request packet includes the second L2 address as a source L2 address, includes the second L3 address as a sending L3 address, includes the second target L3 address as a target L3 address, and includes an indication that the second request packet is to be broadcasted;
      
      obtain the second L2 address and the second L3 address associated with the second host from the second request packet;
      
      update the data structure to include a second set of information indicating an association between the second L3 address and the second L2 address;
      
      shield the second L2 address from the network of switches by replacing the source L2 address of the second request packet with the substitute L2 address associated with the communication channel of the border component; and
      
      send, via the communication channel, the second request packet to the network of switches to be broadcasted throughout the network of switches.
  - 24. The border component of claim 23, wherein the communication manger is further configured to:
    - receive, from the network of switches via the communication channel, a first reply packet which is a reply to the first request packet, wherein the first reply packet includes the first L3 address, includes the substitute L2 address as a destination L2 address, includes the first target L3 address, and includes a first requested L2 address for the first target host;
      
      access the data structure;
      
      determine, based at least partially upon the first L3 address in the first reply packet and the first set of information in the data structure, that the destination L2 address for the first reply packet should be the first L2 address;
      
      derive a first updated reply packet from the first reply packet, wherein deriving the first updated reply packet comprises replacing the substitute L2 address with the first L2 address, thereby making the first L2 address the destination L2 address for the first updated reply packet; and
      
      send, via the communication channel, the first updated reply packet to the first local host.
  - 25. The border component of claim 24, wherein the first requested L2 address included in the first reply packet for the first target host is not the target host'"'"'s real L2 address but rather is an L2 address associated with a communication channel of another border component to which the first target host is coupled.
  - 26. The border component of claim 24, wherein the communication manager is further configured to:
    - receive, from the network of switches via the communication channel, a second reply packet which is a reply to the second request packet, wherein the second reply packet includes the second L3 address, includes the substitute L2 address as a destination L2 address, includes the second target L3 address, and includes a second requested L2 address for the second target host;
      
      access the data structure;
      
      determine, based at least partially upon the second L3 address in the second reply packet and the second set of information in the data structure, that the destination L2 address for the second reply packet should be the second L2 address;
      
      derive a second updated reply packet from the second reply packet, wherein deriving the second updated reply packet comprises replacing the substitute L2 address with the second L2 address, thereby making the second L2 address the destination L2 address for the second updated reply packet; and
      
      send, via the communication channel, the second updated reply packet to the second local host.
  - 27. The border component of claim 21, wherein the first request packet includes an indication that the first request packet is a standard address request packet, and wherein the method further comprises including in the first request packet an indication that the first request packet is a non-standard address request packet.
  - 28. The border component of claim 27, wherein the communication manager is further configured to:
    - receive, from the first local host coupled to the communication channel, a second request packet requesting a L2 address for the first target host, wherein the second request packet includes the first L2 address as a source L2 address, includes the first L3 address as a sending L3 address, includes the first target L3 address as a target L3 address, includes an indication that the second request packet is a standard address request packet, and includes an indication that the second request packet is to be broadcasted;
      
      determine that the second request packet is a second request from the first local host for a L2 address for the first target host, thereby determining that the first local host has not received a reply to the first request packet;
      
      shield, in response to a determination that the first host has not received a reply to the first updated request packet, the first L2 address from the network of switches by replacing the source L2 address of the second request packet with the substitute L2 address associated with the communication channel of the border component and maintaining an indication in the second request packet that the second updated packet is a standard address request packet; and
      
      send, via the communication channel, the second request packet to the network of switches to be broadcasted throughout the network of switches.
  - 29. The border component of claim 24, wherein the first request packet includes an indication that the first request packet is a standard address request packet, and wherein the method further comprises including in the first request packet an indication that the first request packet is a non-standard address request packet.
  - 30. The border component of claim 29, wherein the first reply packet includes an indication that the first reply packet is a non-standard address reply packet, and wherein deriving the first updated reply packet further comprises:
    - including in the first updated reply packet an indication that the first updated reply packet is a standard address reply packet.

31. A method performed by a border component interposed between a network of switches and a plurality of local hosts, the method comprising:
- receiving, by the border component from the network of switches via a communication channel, a request packet requesting a layer 2 (L2) address for a target host of the plurality of local hosts, wherein the target host has a first target layer 3 (L3) address associated therewith, and wherein the request packet includes a first L2 address as a source L2 address, includes a first L3 address as a sending L3 address, includes the first target L3 address as the L3 address for the target host for which a requested L2 address is being requested, includes an indication as to whether the request packet is a standard or non-standard address request packet, and includes an indication that the request packet is to be broadcasted;
  
  determining, by the border component, whether the request packet is a standard address request packet;
  
  in response to a determination, by the border component, that the request packet is a standard address request packet;
  
  broadcasting, by the border component, the request packet to all of the plurality of local hosts coupled to the communication channel;
  
  receiving, by the border component, a first reply packet from the target host, wherein the target host has a target host L2 address associated therewith, and wherein the first reply packet includes the first L3 address, includes the first L2 address as a destination address, includes the first target L3 address, includes the target host L2 address as the requested L2 address for the target host, and includes the target host L2 address as a source L2 address;
  
  shielding, by the border component, the target host L2 address by deriving a first updated reply packet from the first reply packet, wherein deriving the first updated reply packet comprises replacing the source L2 address of the first reply packet with a substitute L2 address associated with the communication channel; and
  
  sending, by the border component, the first updated reply packet to the network of switches via the communication channel.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 32. The method of claim 31, wherein the first L2 address, the target host L2 address, and the substitute L2 address comprise media access control (MAC) addresses, and wherein the first L3 address and the first target L3 address comprise Internet Protocol (IP) addresses.
  - 33. The method of claim 31, further comprising:
    - obtaining from the first reply packet the first target L3 address and the target host L2 address; and
      
      updating a data structure to include a set of information indicating an association between the first target L3 address and the target host L2 address.
  - 34. The method of claim 31, wherein the first reply packet includes an indication that the first reply packet is a standard address reply packet, and wherein deriving the first updated reply packet further comprises:
    - including an indication in the first updated reply packet that the first updated reply packet is a non-standard address reply packet.
  - 35. The method of claim 31, further comprising:
    - in response to a determination that the request packet is a non-standard address request packet;
      
      determining whether the target host is a host of the plurality of local hosts coupled to the communication channel;
      
      in response to an affirmative determination, shielding the target host L2 address by deriving a second reply packet from the request packet, wherein deriving the second reply packet comprises replacing the source L2 address of the reply packet with the substitute L2 address associated with the communication channel, inserting the substitute L2 address into the second reply packet to represent the requested L2 address for the target host, and making the first L2 address the destination L2 address for the second reply packet; and
      
      sending the second reply packet to the network of switches via the communication channel.
  - 36. The method of claim 35, wherein said determining whether the target host is a host of the plurality of local hosts coupled to the communication channel comprises:
    - accessing a data structure; and
      
      determining whether the data structure includes a set of information that includes the first target L3 address of the target host.
  - 37. The method of claim 35, wherein deriving the second reply packet further comprises:
    - including an indication in the second reply packet that the second reply packet is a non-standard address reply packet.
  - 38. The method of claim 31, further comprising:
    - in response to a determination that the request packet is a non-standard address request packet;
      
      determining whether the target host is a host of the plurality of local hosts coupled to the communication channel; and
      
      in response to a negative determination, dropping the request packet.
  - 39. The method of claim 31, further comprising:
    - in response to a determination that the request packet is a non-standard address request packet;
      
      determining whether the target host is a host of the plurality of local hosts coupled to the communication channel;
      
      in response to an affirmative determination, deriving an updated request packet from the request packet, wherein deriving the updated request packet comprises including an indication in the updated request packet that the updated request packet is a standard address request packet;
      
      sending the updated request packet to the target host;
      
      receiving a second reply packet from the target host, wherein the second reply packet includes the first L3 address, includes the first L2 address as a destination address, includes the first target L3 address, includes the target host L2 address as the requested L2 address for the target host, and includes the target host L2 address as a source L2 address;
      
      deriving a second updated reply packet from the second reply packet, wherein deriving the second updated reply packet comprises replacing the target host L2 address with the substitute L2 address associated with the communication channel, thereby making the substitute L2 address the requested L2 address for the target host, and making the substitute L2 address the source L2 address for the second updated reply packet; and
      
      sending the second updated reply packet to the network of switches via the communication channel.
  - 40. The method of claim 39, wherein the second reply packet includes an indication that the second reply packet is a standard address reply packet, and wherein deriving the second updated reply packet further comprises:
    - including an indication in the second updated reply packet that the second updated reply packet is a non-standard address reply packet.

41. A border component configured to be interposed between a plurality of local hosts and a network of switches, comprising:
- a communication channel; and
  
  a communication manager configured to;
  
  receive, from the network of switches via the communication channel, a request packet requesting a layer 2 (L2) address for a target host, wherein the target host has a first target layer 3 (L3) address associated therewith, and wherein the request packet includes a first L2 address as a source L2 address, includes a first L3 address as a sending L3 address, includes the first target L3 address as the L3 address for the target host for which a requested L2 address is being requested, includes an indication as to whether the request packet is a standard or non-standard address request packet, and includes an indication that the request packet is to be broadcasted;
  
  determine whether the request packet is a standard address request packet;
  
  in response to a determination that the request packet is a standard address request packet;
  
  broadcast the request packet to all of the plurality of local hosts coupled to the communication channel;
  
  receive a first reply packet from the target host, wherein the target host has a target host L2 address associated therewith, and wherein the first reply packet includes the first L3 address, includes the first L2 address as a destination address, includes the first target L3 address, includes the target host L2 address as the requested L2 address for the target host, and includes the target host L2 address as a source L2 address;
  
  shield the target host L2 address by deriving a first updated reply packet from the first reply packet, wherein deriving the first updated reply packet comprises replacing the source L2 address of the first reply packet with a substitute L2 address associated with the communication channel; and
  
  send the first updated reply packet to the network of switches via the communication channel.
- View Dependent Claims (42, 43, 44, 45, 46, 47, 48, 49, 50)
- - 42. The border component of claim 41, wherein the first L2 address, the target host L2 address, and the substitute L2 address comprise media access control (MAC) addresses, and wherein the first L3 address and the first target L3 address comprise Internet Protocol (IP) addresses.
  - 43. The border component of claim 41, wherein the communication manager is further configured to:
    - obtain from the first reply packet the first target L3 address and the target host L2 address; and
      
      update a data structure to include a set of information indicating an association between the first target L3 address and the target host L2 address.
  - 44. The border component of claim 41, wherein the first reply packet includes an indication that the first reply packet is a standard address reply packet, and wherein deriving the first updated reply packet further comprises:
    - including an indication in the first updated reply packet that the first updated reply packet is a non-standard address reply packet.
  - 45. The border component of claim 41, wherein the communication manager is further configured to:
    - in response to a determination that the request packet is a non-standard address request packet;
      
      determine whether the target host is a host of the plurality of local hosts that is coupled to the communication channel;
      
      in response to an affirmative determination, shielding the target host L2 address by deriving a second reply packet from the request packet, wherein deriving the second reply packet comprises replacing the source L2 address of the reply packet with the substitute L2 address associated with the communication channel, inserting the substitute L2 address into the second reply packet to represent the requested L2 address for the target host, and making the first L2 address the destination L2 address for the second reply packet; and
      
      send the second reply packet to the network of switches via the communication channel.
  - 46. The border component of claim 45, wherein determining whether the target host is a host that is coupled to the communication channel comprises:
    - accessing a data structure; and
      
      determining whether the data structure includes a set of information that includes the first target L3 address of the target host.
  - 47. The border component of claim 45, wherein deriving the second reply packet further comprises:
    - including an indication in the second reply packet that the second reply packet is a non-standard address reply packet.
  - 48. The border component of claim 41, wherein the communication manager is further configured to:
    - in response to a determination that the request packet is a non-standard address request packet;
      
      determine whether the target host is a host of the plurality of local hosts coupled to the communication channel; and
      
      in response to a negative determination, drop the request packet.
  - 49. The border component of claim 41, wherein the communication manager is further configured to:
    - in response to a determination that the request packet is a non-standard address request packet;
      
      determine whether the target host is a host of the plurality of local hosts coupled to the communication channel;
      
      in response to an affirmative determination, derive an updated request packet from the request packet, wherein deriving the updated request packet comprises including an indication in the updated request packet that the updated request packet is a standard address request packet;
      
      send the updated request packet to the target host;
      
      receive a second reply packet from the target host, wherein the second reply packet includes the first L3 address, includes the first L2 address as a destination address, includes the first target L3 address, includes the target host L2 address as the requested L2 address for the target host, and includes the target host L2 address as a source L2 address;
      
      shielding the target host L2 address by deriving a second updated reply packet from the second reply packet, wherein deriving the second updated reply packet comprises replacing the source L2 address of the second reply packet with the substitute L2 address associated with the communication channel, and making the substitute L2 address the source L2 address for the second updated reply packet; and
      
      send the second updated reply packet to the network of switches via the communication channel.
  - 50. The border component of claim 49, wherein the second reply packet includes an indication that the second reply packet is a standard address reply packet, and wherein deriving the second updated reply packet further comprises:
    - including an indication in the second updated reply packet that the second updated reply packet is a non-standard address reply packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fortinet Inc.
Original Assignee
Fortinet Inc.
Inventors
Mihelich, Joseph R., Tanaka, Bert H.

Granted Patent

US 8,498,293 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/390
CPC Class Codes

H04L 12/4625   Single bridge functionality...

H04L 12/56   Packet switching systems

H04L 2101/622   Layer-2 addresses, e.g. med...

H04L 45/00   Routing or path finding of ...

H04L 45/66   Layer 2 routing, e.g. in Et...

H04L 45/74   Address processing for routing

H04L 49/25   Routing or path finding in ...

H04L 49/351   for local area network [LAN...

H04L 61/2596   Translation of addresses of...

MECHANISM FOR ENABLING LAYER TWO HOST ADDRESSES TO BE SHIELDED FROM THE SWITCHES IN A NETWORK

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

27 Citations

50 Claims

Specification

Solutions

Use Cases

Quick Links

MECHANISM FOR ENABLING LAYER TWO HOST ADDRESSES TO BE SHIELDED FROM THE SWITCHES IN A NETWORK

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

50 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links