System and method for providing switch based subnet management packet (SMP) traffic protection in a middleware machine environment
First Claim
1. A method for providing switch based subnet management packet (SMP) traffic protection in a middleware machine environment operable on one or more microprocessors, comprising:
- storing a defined management key value in a secured memory of a network switch;
receiving, at the network switch, a plurality of SMPs destined for a subnet management agent (SMA);
filtering the plurality of SMPs using the network switch by,checking, in the network switch, whether each of the plurality of SMPs includes a management key value which matches the defined management key value,forwarding from the network switch to the subnet management agent, each of the plurality of SMPs which includes a management key value which matches the defined management key value,blocking, using the network switch, each of the plurality of SMPs which includes a management key value which does not match the defined management key value, andenforcing separate restrictions on SMPs sent from an external port to the SMA and SMPs received at the external port from the SMA.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method can provide switch based subnet management packet (SMP) traffic protection in a middleware machine environment. The middleware machine environment includes a network switch that operates to receive at least one SMP destined for a subnet management agent (SMA). The network switch can check whether the at least one SMP includes a correct management key, and prevent the at least one SMP from being forwarded to the destined SMA when at least one SMP does not include the correct management key. Furthermore, the network switch can specify a different management key for each external port and can enforce separate restrictions on ingress and egress SMP traffic at a particular external port.
100 Citations
20 Claims
-
1. A method for providing switch based subnet management packet (SMP) traffic protection in a middleware machine environment operable on one or more microprocessors, comprising:
-
storing a defined management key value in a secured memory of a network switch; receiving, at the network switch, a plurality of SMPs destined for a subnet management agent (SMA); filtering the plurality of SMPs using the network switch by, checking, in the network switch, whether each of the plurality of SMPs includes a management key value which matches the defined management key value, forwarding from the network switch to the subnet management agent, each of the plurality of SMPs which includes a management key value which matches the defined management key value, blocking, using the network switch, each of the plurality of SMPs which includes a management key value which does not match the defined management key value, and enforcing separate restrictions on SMPs sent from an external port to the SMA and SMPs received at the external port from the SMA. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for providing switch based subnet management packet traffic protection in a middleware machine environment, comprising:
-
one or more microprocessors; a subnet management agent (SMA) component; a network switch running on said one or more microprocessors and having a secured memory, wherein the network switch operates to store a defined management key value in the secured memory; receive a plurality of SMPs destined for the subnet management agent (SMA); and filter the plurality of SMPs by, checking, whether each of the plurality of SMPs includes a management key value which matches the defined management key value, forwarding to the subnet management agent, each of the plurality of SMPs which includes a management key value which matches the defined management key value, blocking each of the plurality of SMPs which includes a management key value which does not match the defined management key value, and enforcing separate restrictions on SMPs sent from an external port to the SMA and SMPs received at the external port from the SMA. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A non-transitory machine readable storage medium having instructions stored thereon for providing switch based subnet management packet (SMP) traffic protection in a middleware machine environment that when executed cause a system to perform steps comprising:
-
storing a defined management key value in a secured memory of a network switch; receiving, at the network switch, a plurality of SMPs destined for a subnet management agent (SMA); filtering the plurality of SMPs using the network switch by, checking, in the network switch, whether each of the plurality of SMPs includes a management key value which matches the defined management key value, forwarding from the network switch to the subnet management agent, each of the plurality of SMPs which includes a management key value which matches the defined management key value, blocking, using the network switch, each of the plurality of SMPs which includes a management key value which does not match the defined management key value, and enforcing separate restrictions on SMPs sent from an external port to the SMA and SMPs received at the external port from the SMA.
-
Specification