Systems and methods for constrained forwarding based packet network connectivity

US 8,929,254 B2
Filed: 10/30/2012
Issued: 01/06/2015
Est. Priority Date: 10/30/2012
Status: Active Grant

First Claim

Patent Images

1. An Ethernet switch, comprising:

a virtual switch on a physical switch, wherein the virtual switch logically partitions the physical switch into separate switching domains, and wherein the virtual switch forwards traffic independently of other virtual switches on the physical switch; and

an Ethernet Tree (E-Tree) service instantiated via the virtual switch through a first private forwarding group and a second private forwarding group, wherein each of the first private forwarding group and the second private forwarding group includes a set of group-based associations and forwarding rules among logical interfaces of the virtual switch, wherein the E-Tree service utilizes three general categories of forwarding rules including private forwarding group-based rules, Virtual Local Area Network (VLAN)-based rules, and Access Control List (ACL)-based rules;

wherein Root User-Network Interface (UNI) ports are associated with the first private forwarding group and Leaf UNI ports are associated with the second private forwarding group;

wherein the first private forwarding group is configured to forward packets received on any of the Root UNI ports to any other Root UNI ports connected to the first private forwarding group and to the second private forwarding group for forwarding to any Leaf UNI ports connected to the second private forwarding group; and

wherein the second private forwarding group is configured to forward packets on any of the Leaf UNI ports to the first private forwarding group for forwarding to any Root UNI ports connected to the first private forwarding group.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An Ethernet Tree (E-Tree) service is described instantiated on an Ethernet switch and in an Ethernet network. The E-Tree service is implemented using Private Forwarding Groups (PFGs), asymmetric Virtual Local Area Networks (VLANs), virtual switches, and port configurations. The use of PFGs in addition to asymmetric VLANs provides higher levels of security in the described E-Tree systems and methods. The E-Tree systems and methods also can utilize Access Control Lists (ACLs) at Network-Network Interfaces (NNIs) for controlling unknown unicasts from reaching wrong ports. The E-Tree systems and methods can also seamlessly interoperate with packet switches using an IEEE 802.1Q-2011 approach.

31 Citations

View as Search Results

20 Claims

1. An Ethernet switch, comprising:
- a virtual switch on a physical switch, wherein the virtual switch logically partitions the physical switch into separate switching domains, and wherein the virtual switch forwards traffic independently of other virtual switches on the physical switch; and
  
  an Ethernet Tree (E-Tree) service instantiated via the virtual switch through a first private forwarding group and a second private forwarding group, wherein each of the first private forwarding group and the second private forwarding group includes a set of group-based associations and forwarding rules among logical interfaces of the virtual switch, wherein the E-Tree service utilizes three general categories of forwarding rules including private forwarding group-based rules, Virtual Local Area Network (VLAN)-based rules, and Access Control List (ACL)-based rules;
  
  wherein Root User-Network Interface (UNI) ports are associated with the first private forwarding group and Leaf UNI ports are associated with the second private forwarding group;
  
  wherein the first private forwarding group is configured to forward packets received on any of the Root UNI ports to any other Root UNI ports connected to the first private forwarding group and to the second private forwarding group for forwarding to any Leaf UNI ports connected to the second private forwarding group; and
  
  wherein the second private forwarding group is configured to forward packets on any of the Leaf UNI ports to the first private forwarding group for forwarding to any Root UNI ports connected to the first private forwarding group.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The Ethernet switch of claim 1, further comprising:
    - a Network-Network Interface (NNI) port connected to the virtual switch;
      
      a Root Virtual Local Area Network (VLAN) on the NNI port connected to the first private forwarding group; and
      
      a Leaf VLAN on the NNI port connected to the second private forwarding group.
  - 3. The Ethernet switch of claim 2, wherein the first private forwarding group is configured to forward packets received on any of the Root UNI ports to the Root VLAN on the NNI port;
    - andwherein the second private forwarding group is configured to forward packets received on any of the Leaf UNI ports to the Leaf VLAN.
  - 4. The Ethernet switch of claim 2, wherein the first private forwarding group is configured to forward packets received on the Root VLAN to any of the Root UNI ports and to the second private forwarding group for forwarding to any of the Leaf UNI ports connected to the second private forwarding group;
    - andwherein the second private forwarding group is configured to forward packets received on the Leaf VLAN to the first private forwarding group for forwarding to any of the Root UNI ports.
  - 5. The Ethernet switch of claim 2, further comprising:
    - an Access Control List for the NNI port associated with each of the Root VLAN and the Leaf VLAN;
      
      wherein, based on the Access Control List, the Root VLAN allows a packet if its associated source address is of customer equipment at a Root UNI.
  - 6. The Ethernet switch of claim 5, wherein, based on the Access Control List, the Leaf VLAN denies a packet if it'"'"'s associated source address is of customer equipment at a Root UNI.
  - 7. The Ethernet switch of claim 2, wherein the virtual switch is configured for one of shared VLAN learning and control plane techniques for establishing forwarding tables on each of the Root VLAN and the Leaf VLAN.
  - 8. The Ethernet switch of claim 2, wherein the virtual switch is configured to:
    - push a Service VLAN identifier of the Root VLAN on a packet when the packet is ingressing at a Root UNI port;
      
      push a Service VLAN identifier of the Leaf VLAN on a packet when the packet is ingressing at a Leaf UNI port;
      
      pop a Service VLAN identifier of the Root VLAN or the Leaf VLAN on a packet when the packet is egressing at a Root UNI port; and
      
      pop a Service VLAN identifier of the Root VLAN on a packet when the packet is egressing at a Leaf UNI port.
  - 9. The Ethernet switch of claim 2, wherein the virtual switch is configured to:
    - communicate with a second Ethernet switch via the Root VLAN and the Leaf VLAN, wherein the second Ethernet switch operates the E-Tree service in accordance with IEEE 802.1Q-2011.
  - 10. The Ethernet switch of claim 1, wherein the first private forwarding group and the second private forwarding group are each implemented in hardware of the physical switch via network processor code.
  - 11. The Ethernet switch of claim 1, further comprising:
    - at least two of the Root UNI ports are located on different hardware in the Ethernet switch but commonly attached to the first private forwarding group.

12. An Ethernet network, comprising:
- an Ethernet Tree (E-Tree) service;
  
  a plurality of virtual switches interconnected to one another via Network-Network Interface (NNI) ports, wherein each of the plurality of virtual switches logically partitions a physical switch into separate switching domains, wherein each of the plurality of virtual switches forwards traffic independently of other virtual switches on the physical switch, wherein each of the plurality of virtual switches comprises a first private forwarding group and a second private forwarding group, and wherein each of the first private forwarding group and the second private forwarding group utilizes a set of group-based associations and forwarding rules;
  
  at least one Root User-Network Interface (UNI) port connected to the first private forwarding group of one of the plurality of virtual switches belonging to a particular service instance; and
  
  at least one Leaf UNI port connected to the second private forwarding group of one of the plurality of virtual switches belonging to the particular service instance;
  
  wherein the first private forwarding group is configured to forward packets received on any of the at least one Root UNI ports to any other Root UNI port connected to the first private forwarding group and to the associated second private forwarding group for forwarding to any Leaf UNI ports connected to the second private forwarding group;
  
  wherein the second private forwarding group is configured to forward packets received on any of the at least one Leaf UNI ports to the associated first private forwarding group for forwarding to any Root UNI ports connected to the first private forwarding group; and
  
  wherein the E-Tree service utilizes three general categories of forwarding rules including private forwarding group-based rules, Virtual Local Area Network (VLAN)-based rules, and Access Control List (ACL)-based rules.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The Ethernet network of claim 12, further comprising:
    - a Root Virtual Local Area Network (VLAN) connecting the first private forwarding groups of each of the plurality of switches therebetween; and
      
      a Leaf VLAN connecting the second private forwarding groups of each of the plurality of switches therebetween.
  - 14. The Ethernet network of claim 13, wherein, for each of the plurality of virtual switches, the first private forwarding group is configured to forward packets received on any Root UNI port to the Root VLAN;
    - andwherein, for each of the plurality of virtual switches, the second private forwarding group is configured to forward packets received on any Leaf UNI port to the Leaf VLAN.
  - 15. The Ethernet network of claim 13, wherein, for each of the plurality of virtual switches, the first private forwarding group is configured to forward packets received on the Root VLAN to any Root UNI port connected thereto and to the associated second private forwarding group for forwarding to any Leaf UNI port connected to the associated second private forwarding group;
    - andwherein, for each of the plurality of virtual switches, the second private forwarding group is configured to forward packets received on the Leaf VLAN to the associated first private forwarding group for forwarding to any Root UNI ports connected thereto.
  - 16. The Ethernet network of claim 13, further comprising:
    - an Access Control List associated with each of the Root VLAN and the Leaf VLAN;
      
      wherein, based on the Access Control List, the Root VLAN allows a packet if its associated source address is of customer equipment at a Root UNI; and
      
      wherein, based on the Access Control List, the Leaf VLAN denies a packet if its associated source address is of customer equipment at a Root UNI.
  - 17. The Ethernet network of claim 13, wherein each of the plurality of virtual switches is configured for shared VLAN learning and control plane techniques for establishing forwarding tables on each of the Root VLAN and the Leaf VLAN.
  - 18. The Ethernet network of claim 13, wherein each of the plurality of virtual switches is configured to:
    - push a Service VLAN identifier of the Root VLAN on a packet when the packet is ingressing at a Root UNI port;
      
      push a Service VLAN identifier of the Leaf VLAN on a packet when the packet is ingressing at a Leaf UNI port;
      
      pop a Service VLAN identifier of the Root VLAN or the Leaf VLAN on a packet when the packet is egressing at a Root UNI port; and
      
      pop a Service VLAN identifier of the Root VLAN on a packet when the packet is egressing at a Leaf UNI port.
  - 19. The Ethernet network of claim 13, further comprising:
    - an Ethernet node communicatively coupled to the plurality of virtual switches via the Root VLAN and the Leaf VLAN, wherein the Ethernet node operates the E-Tree service in accordance with IEEE 802.1Q-2011.

20. A method, comprising:
- receiving a first packet from a Root User-Network Interface (UNI) port at a first private forwarding group of a virtual switch;
  
  sending the first packet to any additional Root UNI port coupled to the first private forwarding group and to a second private forwarding group;
  
  sending the first packet from the second private forwarding group to any Leaf UNI port coupled to the second private forwarding group;
  
  sending the first packet to a Root Virtual Local Area Network (VLAN);
  
  receiving a second packet from a Leaf UNI port at the second private forwarding group of the virtual switch;
  
  sending the second packet from the second private forwarding group to the first private forwarding group;
  
  sending the second packet from the first private forwarding group to the Root UNI port and to the any additional Root UNI ports coupled to the first private forwarding group; and
  
  sending the second packet to a Leaf VLAN;
  
  wherein the virtual switch logically partitions a physical switch into separate switching domains, wherein the virtual switch forwards traffic independently of other virtual switches on the physical switch; and
  
  wherein the virtual switch operates in a network including an E-Tree service that utilizes three general categories of forwarding rules including private forwarding group-based rules, Virtual Local Area Network (VLAN)-based rules, and Access Control List (ACL)-based rules.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ciena Corporation
Original Assignee
Ciena Corporation
Inventors
Hu, Jie, Ranganathan, Raghuraman, Gilson, David
Primary Examiner(s)
Marcelo, Melvin
Assistant Examiner(s)
SOLINSKY, PETER G

Application Number

US13/664,003
Publication Number

US 20140119239A1
Time in Patent Office

798 Days
Field of Search

370/256, 370/408
US Class Current

370/256
CPC Class Codes

H04L 12/413 with random access, e.g. ca...

H04L 12/4641 Virtual LANs, VLANs, e.g. v...

Systems and methods for constrained forwarding based packet network connectivity

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

31 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for constrained forwarding based packet network connectivity

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links