Systems and methods for constrained forwarding based packet network connectivity
First Claim
Patent Images
1. An Ethernet switch, comprising:
- a virtual switch on a physical switch, wherein the virtual switch logically partitions the physical switch into separate switching domains, and wherein the virtual switch forwards traffic independently of other virtual switches on the physical switch; and
an Ethernet Tree (E-Tree) service instantiated via the virtual switch through a first private forwarding group and a second private forwarding group, wherein each of the first private forwarding group and the second private forwarding group includes a set of group-based associations and forwarding rules among logical interfaces of the virtual switch, wherein the E-Tree service utilizes three general categories of forwarding rules including private forwarding group-based rules, Virtual Local Area Network (VLAN)-based rules, and Access Control List (ACL)-based rules;
wherein Root User-Network Interface (UNI) ports are associated with the first private forwarding group and Leaf UNI ports are associated with the second private forwarding group;
wherein the first private forwarding group is configured to forward packets received on any of the Root UNI ports to any other Root UNI ports connected to the first private forwarding group and to the second private forwarding group for forwarding to any Leaf UNI ports connected to the second private forwarding group; and
wherein the second private forwarding group is configured to forward packets on any of the Leaf UNI ports to the first private forwarding group for forwarding to any Root UNI ports connected to the first private forwarding group.
6 Assignments
0 Petitions
Accused Products
Abstract
An Ethernet Tree (E-Tree) service is described instantiated on an Ethernet switch and in an Ethernet network. The E-Tree service is implemented using Private Forwarding Groups (PFGs), asymmetric Virtual Local Area Networks (VLANs), virtual switches, and port configurations. The use of PFGs in addition to asymmetric VLANs provides higher levels of security in the described E-Tree systems and methods. The E-Tree systems and methods also can utilize Access Control Lists (ACLs) at Network-Network Interfaces (NNIs) for controlling unknown unicasts from reaching wrong ports. The E-Tree systems and methods can also seamlessly interoperate with packet switches using an IEEE 802.1Q-2011 approach.
31 Citations
20 Claims
-
1. An Ethernet switch, comprising:
-
a virtual switch on a physical switch, wherein the virtual switch logically partitions the physical switch into separate switching domains, and wherein the virtual switch forwards traffic independently of other virtual switches on the physical switch; and an Ethernet Tree (E-Tree) service instantiated via the virtual switch through a first private forwarding group and a second private forwarding group, wherein each of the first private forwarding group and the second private forwarding group includes a set of group-based associations and forwarding rules among logical interfaces of the virtual switch, wherein the E-Tree service utilizes three general categories of forwarding rules including private forwarding group-based rules, Virtual Local Area Network (VLAN)-based rules, and Access Control List (ACL)-based rules; wherein Root User-Network Interface (UNI) ports are associated with the first private forwarding group and Leaf UNI ports are associated with the second private forwarding group; wherein the first private forwarding group is configured to forward packets received on any of the Root UNI ports to any other Root UNI ports connected to the first private forwarding group and to the second private forwarding group for forwarding to any Leaf UNI ports connected to the second private forwarding group; and wherein the second private forwarding group is configured to forward packets on any of the Leaf UNI ports to the first private forwarding group for forwarding to any Root UNI ports connected to the first private forwarding group. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. An Ethernet network, comprising:
-
an Ethernet Tree (E-Tree) service; a plurality of virtual switches interconnected to one another via Network-Network Interface (NNI) ports, wherein each of the plurality of virtual switches logically partitions a physical switch into separate switching domains, wherein each of the plurality of virtual switches forwards traffic independently of other virtual switches on the physical switch, wherein each of the plurality of virtual switches comprises a first private forwarding group and a second private forwarding group, and wherein each of the first private forwarding group and the second private forwarding group utilizes a set of group-based associations and forwarding rules; at least one Root User-Network Interface (UNI) port connected to the first private forwarding group of one of the plurality of virtual switches belonging to a particular service instance; and at least one Leaf UNI port connected to the second private forwarding group of one of the plurality of virtual switches belonging to the particular service instance; wherein the first private forwarding group is configured to forward packets received on any of the at least one Root UNI ports to any other Root UNI port connected to the first private forwarding group and to the associated second private forwarding group for forwarding to any Leaf UNI ports connected to the second private forwarding group; wherein the second private forwarding group is configured to forward packets received on any of the at least one Leaf UNI ports to the associated first private forwarding group for forwarding to any Root UNI ports connected to the first private forwarding group; and wherein the E-Tree service utilizes three general categories of forwarding rules including private forwarding group-based rules, Virtual Local Area Network (VLAN)-based rules, and Access Control List (ACL)-based rules. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A method, comprising:
-
receiving a first packet from a Root User-Network Interface (UNI) port at a first private forwarding group of a virtual switch; sending the first packet to any additional Root UNI port coupled to the first private forwarding group and to a second private forwarding group; sending the first packet from the second private forwarding group to any Leaf UNI port coupled to the second private forwarding group; sending the first packet to a Root Virtual Local Area Network (VLAN); receiving a second packet from a Leaf UNI port at the second private forwarding group of the virtual switch; sending the second packet from the second private forwarding group to the first private forwarding group; sending the second packet from the first private forwarding group to the Root UNI port and to the any additional Root UNI ports coupled to the first private forwarding group; and sending the second packet to a Leaf VLAN; wherein the virtual switch logically partitions a physical switch into separate switching domains, wherein the virtual switch forwards traffic independently of other virtual switches on the physical switch; and wherein the virtual switch operates in a network including an E-Tree service that utilizes three general categories of forwarding rules including private forwarding group-based rules, Virtual Local Area Network (VLAN)-based rules, and Access Control List (ACL)-based rules.
-
Specification