Securing management operations in a communication fabric

US 7,721,324 B1
Filed: 03/18/2004
Issued: 05/18/2010
Est. Priority Date: 03/18/2004
Status: Active Grant

First Claim

Patent Images

1. An automated method of preventing an endnode in a communication fabric from receiving an unauthorized communication, comprising:

establishing a first category of management communications to include;

a request from a manager node to an endnode; and

a reply from the manager node to a request from an endnode;

establishing a second category of management communications to include;

a reply from an endnode to a request from the manager node; and

a request from an endnode to the manager node; and

at a switching device coupled to a first endnode;

receiving from the communication fabric a management communication packet addressed to the first endnode;

determining whether the first endnode is a trusted endnode;

determining whether the management communication is a first category management communication; and

responsive to the first endnode not being a trusted endnode and the management communication not being a first category management communication, discarding the management communication.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for preventing untrusted nodes from sending or receiving management communications. In an environment such as an InfiniBand communication fabric, a management packet (e.g., a packet traversing virtual lane 15) is one of four types: 1) Request from a manager node (e.g., Subnet Manager or SM) to an endnode; 2) Reply from an endnode to a request from the manager; 3) Request from an endnode to the manager; and 4) Reply from the manager to the endnode. Switches (and other routing devices) are configured to allow untrusted nodes to send management packets of types 2 and 3 only, and to receive management packets of types 1 and 4 only. Trusted nodes (e.g., manager nodes, switches) can send and receive all types. Each port of a switch or routing device has an associated indicator reflecting the level of trust afforded the node or switch coupled to the port.

Citations

28 Claims

1. An automated method of preventing an endnode in a communication fabric from receiving an unauthorized communication, comprising:
- establishing a first category of management communications to include;
  
  a request from a manager node to an endnode; and
  
  a reply from the manager node to a request from an endnode;
  
  establishing a second category of management communications to include;
  
  a reply from an endnode to a request from the manager node; and
  
  a request from an endnode to the manager node; and
  
  at a switching device coupled to a first endnode;
  
  receiving from the communication fabric a management communication packet addressed to the first endnode;
  
  determining whether the first endnode is a trusted endnode;
  
  determining whether the management communication is a first category management communication; and
  
  responsive to the first endnode not being a trusted endnode and the management communication not being a first category management communication, discarding the management communication.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising:
    - classifying each endnode in the communication fabric as either trusted or untrusted.
  - 3. The method of claim 2, wherein said classifying comprises:
    - associating with each port of the switching device an indicator configured to indicate whether a node coupled to the port is trusted.
  - 4. The method of claim 2, wherein said classifying comprises:
    - classifying the first endnode as a trusted endnode if the first endnode is a manager node.
  - 5. The method of claim 2, wherein said classifying comprises:
    - classifying the first endnode as an untrusted endnode if the first endnode is not configured to act as a manager node.
  - 6. The method of claim 1, wherein said determining comprises:
    - reading an indicator associated with a port of the switch to which the first endnode is coupled;
      
      wherein said indicator is configured to indicate whether the first endnode is trusted.
  - 7. The method of claim 1, further comprising, at the switching device:
    - responsive to the first endnode being a trusted endnode, forwarding the management communication to the first endnode regardless of the category of the management communication.
  - 8. The method of claim 1, further comprising, at the switching device:
    - receiving a second management communication from the first endnode; and
      
      responsive to the management communication not being a second category management communication, discarding the second management communication.
  - 9. The method of claim 1, wherein the communication fabric comprises a subnet of an InfiniBand communication fabric.
  - 10. The method of claim 9, wherein a management communication comprises a communication transmitted on virtual lane 15 of the InfiniBand communication fabric.

11. A computer readable storage medium for storing instructions that, when executed by a computer, cause the computer to perform a method of preventing an endnode in a communication fabric from receiving an unauthorized communication, comprising:
- establishing a first category of management communications to include;
  
  a request from a manager node to an endnode; and
  
  a reply from the manager node to a request from an endnode;
  
  establishing a second category of management communications to include;
  
  a reply from an endnode to a request from the manager node; and
  
  a request from an endnode to the manager node; and
  
  at a switching device coupled to a first endnode;
  
  receiving from the communication fabric a management communication addressed to the first endnode;
  
  determining whether the first endnode is a trusted endnode;
  
  determining whether the management communication is a first category management communication; and
  
  responsive to the first endnode not being a trusted endnode and the management communication not being a first category management communication, discarding the management communication.

12. An automated method of preventing an endnode in a communication fabric from sending an unauthorized communication, comprising:
- establishing a first category of management communications to include;
  
  a request from a manager node to an endnode; and
  
  a reply from the manager node to a request from an endnode;
  
  establishing a second category of management communications to include;
  
  a reply from an endnode to a request from the manager node; and
  
  a request from an endnode to the manager node; and
  
  at a switching device coupled to a first endnode;
  
  receiving from a first endnode a management communication addressed to a second endnode in the communication fabric;
  
  determining whether the first endnode is a trusted endnode;
  
  determining whether the management communication is a second category management communication; and
  
  responsive to the first endnode not being a trusted endnode and the management communication not being a second category management communication, discarding the management communication.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 13. The method of claim 12, further comprising:
    - classifying each endnode in the communication fabric as either trusted or untrusted.
  - 14. The method of claim 12, wherein said classifying comprises:
    - associating with each port of the switching device an indicator configured to indicate whether a node coupled to the port is trusted.
  - 15. The method of claim 12, wherein said classifying comprises:
    - responsive to the first endnode being a manager node, classifying the first endnode as a trusted endnode.
  - 16. The method of claim 12, wherein said classifying comprises:
    - responsive to the first endnode not being configured to act as a manager node, classifying the first endnode as an untrusted endnode.
  - 17. The method of claim 12, wherein said determining comprises:
    - reading an indicator associated with a port of the switch to which the first endnode is coupled;
      
      wherein said indicator is configured to indicate whether the first endnode is trusted.
  - 18. The method of claim 12, further comprising, at the switching device:
    - responsive to the first endnode being a trusted endnode, forwarding the management communication toward the second endnode regardless of the category of the management communication.
  - 19. The method of claim 12, further comprising, at the switching device:
    - receiving a second management communication addressed to the first endnode; and
      
      responsive to the management communication not being a first category management communication, discarding the second management communication.
  - 20. The method of claim 12, wherein the communication fabric comprises a subnet of an InfiniBand communication fabric.
  - 21. The method of claim 20, wherein a management communication comprises a communication transmitted on virtual lane 15 of the InfiniBand communication fabric.

22. A computer readable storage medium for storing instructions that, when executed by a computer, cause the computer to perform a method of preventing an endnode in a communication fabric from sending an unauthorized communication, comprising:
- establishing a first category of management communications to include;
  
  a request from a manager node to an endnode; and
  
  a reply from the manager node to a request from an endnode;
  
  establishing a second category of management communications to include;
  
  a reply from an endnode to a request from the manager node; and
  
  a request from an endnode to the manager node; and
  
  at a switching device coupled to a first endnode;
  
  receiving from a first endnode a management communication addressed to a second endnode in the communication fabric;
  
  determining whether the first endnode is a trusted endnode;
  
  determining whether the management communication is a second category management communication based; and
  
  responsive to the first endnode not being a trusted endnode, discarding the management communication if the management communication is not a second category management communication.

23. An apparatus for preventing a node in a communication fabric from engaging in unauthorized communication, the apparatus comprising:
- a switching device configured to route management communications through the communication fabric, wherein;
  
  a type one management communication comprises requests from a manager node to endnodes and replies from the manager node to requests from endnodes; and
  
  a type two management communication comprises replies from endnodes to requests from the manager node and requests from endnodes to the manager node;
  
  for each port of the switching device, an indicator configured to indicate whether an endnode coupled to the port is trusted;
  
  wherein a first management communication addressed to a first endnode coupled to a first port of the switching device is discarded responsive to the first endnode not being a trusted endnode and the first management communication not being a type one management communication; and
  
  wherein a second management communication received from the first endnode is discarded responsive to the first endnode not being a trusted endnode and the second management communication not being a type two management communication.
- View Dependent Claims (24, 25, 26, 27, 28)
- - 24. The apparatus of claim 23, further comprising:
    - a secure channel configured to allow a management node to configure said indicators.
  - 25. The apparatus of claim 23, wherein:
    - for each port coupled to another switching element, said indicator is set to indicate the other switching element is trusted.
  - 26. The apparatus of claim 23, wherein:
    - for each port coupled to a management node, said indicator is set to indicate the management node is trusted.
  - 27. The apparatus of claim 23, wherein:
    - for each port coupled to an endnode that is not configured to act as a management node, said indicator is set to indicate the endnode is not trusted.
  - 28. The apparatus of claim 23, wherein:
    - the communication fabric comprises an InfiniBand communication fabric; and
      
      a management communication comprises a communication transmitted over virtual lane 15 of the InfiniBand communication fabric.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Oracle America, Inc. (Oracle Corporation)
Inventors
Jackson, Christopher J.
Primary Examiner(s)
Moise; Emmanuel L
Assistant Examiner(s)
Gelagay; Shewaye

Application Number

US10/803,497
Time in Patent Office

2,252 Days
Field of Search

726/4
US Class Current

726/4
CPC Class Codes

H04L 41/28   Restricting access to netwo...

H04L 41/40   using virtualisation of net...

H04L 49/35   Switches specially adapted ...

H04L 49/358   Infiniband Switches

H04L 63/20   for managing network securi...

Securing management operations in a communication fabric

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Securing management operations in a communication fabric

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links