939 results about "Address Resolution Protocol" patented technology

A method and an arrangement in an access network for preventing hosts (5;A,B) connected to the access network from communicating directly with each other. Said method comprises the steps of defining Virtual Local Area Networks, VLANs, in switches (3;12;12′;35,36,37;83) such that traffic arriving in the switches from said hosts is forced to an access router (1;11;11′;11″;81) and defining in the switches one asymmetrical downlink VLAN for downlink traffic from the access router to the hosts, said downlink VLAN being common to said hosts. According to the invention the method comprises the further steps of configuring the VLANs such that said hosts connected to the access network belong to the same IP subnet and configuring the access router to perform intra-subnet routing and to be an Address Resolution Protocol proxy.

A data center network system and a packet forwarding method thereof are provided. The data center network system includes a virtual bridge and an address resolution protocol (ARP) server. The virtual bridge intercepts an ARP request having an identification field and a destination IP address field and adds a corresponding virtual data center identification to the identification field of the ARP request and redirecting the ARP request to the ARP server. Additionally, the ARP server queries a corresponding MAC address according to an IP address recorded in the destination IP address field of the ARP request and the corresponding VDCID recorded in the identification field of the ARP request, and transmits the corresponding MAC address in response to the ARP request. Accordingly, the same private IP address can be reused in the data center network system.

Disclosed herein is a network device, such as a host computer, that simultaneously has two IP identities: a local IP identity on a local network (e.g., a non-virtual private network) to which the host computer is connected; and a remote IP identity on a second network (e.g., virtual private network) that is remote to the host. Only the remote IP identity is visible to the host operating system's network stack. Each IP identity has its own ARP cache and Address Resolution Protocol (ARP). The local ARP cache is managed with respect to a connection of the host to a local subnet (e.g., an Internet Service Provider (ISP) subnet) and the remote ARP cache is managed with respect to a remote subnet reachable through a gateway on the local subnet.

A method for enabling co-existence of multiple machines with identical addresses within a single data center network. The method includes assigning a unique pseudo identifier to each machine in the network that can be used for routing a packet to a destination machine, replacing a sender media access control address on an address resolution protocol request with a pseudo identifier of the sender at an edge network switch, retrieving a private network identifier from a mapping table based on the sender pseudo identifier and returning a pseudo identifier for the destination address based on the private network identifier, and replacing the pseudo identifier of the destination address with an actual identifier at a destination edge network switch for routing the packet to the destination machine.

A method is disclosed for preventing spoofing of network addresses. A binding is established between an Internet Protocol (IP) address, a Media Access Control (MAC) address, and a port. An Address Resolution Protocol (ARP) table is updated based on the binding.

Disclosed are mechanisms for facilitating the use of DHCP (dynamic host configuration protocol) binding data. In general, certain applications include mechanisms for intercepting data being sent from a node and then determining whether the data corresponds to a valid IP address and MAC address binding. Embodiments of the present invention provide mechanisms for sharing such DHCP binding data between routers (or other type of network devices) in a redundancy group so that any of the routers may take over the data inspection to validate DHCP bindings. In particular aspects of the invention, the DHCP binding data is validated in procedures related to DHCP snooping, dynamic ARP (address resolution protocol) inspection, and the like.

The invention discloses a method for building an MAC (Media Access Control) address table and a provider edge device. In the method, a PE (Provider Edge Device) receives a first service message by a PW (Pseudo Wire) connected with the PE; when the first received service message is confirmed to be a specific-type message, the building of the address table entry of the source MAC address of the first service message is cancelled, wherein the specific-type message is an unknown unicast message, a multicast message or the broadcasting message of a non-free ARP (Address Resolution Protocol) message. According to the scheme provided by the embodiment of the invention, the amount of the address table entries built by the PE is reduced so as to reduce the volume of the MAC address table.

A virtual networking system and method are disclosed. Switched Ethernet local area network semantics are provided over an underlying point to point mesh. Computer processor nodes may directly communicate via virtual interfaces over a switch fabric or they may communicate via an ethernet switch emulation. Address resolution protocol logic helps associate IP addresses with virtual interfaces while allowing computer processors to reply to ARP requests with virtual MAC addresses.

The invention discloses a method for handling an address resolution protocol (ARP) packet, and access equipment and a communication system thereof. The method comprises the following steps: access equipment receives an ARP packet through a lower interface, which carries an active Internet protocol (IP) address, a source media access control (MAC) address, a destination IP address and a destination MAC address; the access equipment judges whether the source IP address is the same as the IP address of gateway equipment configured on the lower interface, and the upper interface of the access equipment is connected with the gateway equipment; if the source IP address is the same as the IP address of gateway equipment, the access equipment discards the ARP packet; and if the source IP address is different from the IP address of gateway equipment, the access equipment forwards the ARP packet according to the destination IP address in the ARP packet. The embodiment of the invention can prevent the ARP packet which is deceived by an illegal host and passes through the gateway equipment of not performing ARP spoofing with respect to the gateway equipment, without imposing heavier load upon the gateway equipment.

A tunneling scheme includes the creation of tunnels having a source address and potentially multiple destination addresses. Each tunnel endpoint is divided into two sub-endpoints, where one sub-endpoint has a public network address and the other sub-endpoint has a private network address. Also included in the tunneling scheme is a static Address Resolution Protocol (ARP) table. The static ARP table contains information on virtual private network membership. More particularly, the static ARP table provides address resolution between public network addresses and private network addresses.

An address resolution protocol (ARP) cache management method. An ARP cache comprises a plurality of ARP tables. Each ARP table comprises a plurality of updatable entries. The method comprises: receiving an ARP message; looking up the pluralities of ARP tables to find a message-matching entry; choosing an ARP table for storing new entries; creating a new entry to overwrite an existing entry in the chosen ARP table if no message-matching entry is found after looking up the ARP tables.

A method for ensuring valid and secure peer-to-peer communications in a group structure. Specifically, the system of the present invention presents a method of ensuring secure peer-to-peer group formation, group member addition, group member eviction, group information distribution, etc. Such functionality may be distributed to the individual peers in the group to further enhance the overall security of the group while enhancing flexibility. The P2P group security allows every peer who is a valid member of the group to invite new members. The recipients of these invitations are then able to contact any member of the group to join the group, not only the inviter. Further, groups may function when the group creator is not online. Likewise, the method allows the creation of secure groups with users from different security domains, relying on their security credentials in those domains for initial authentication.

A method, an apparatus and an article of manufacture for enabling co-existence of multiple machines with identical addresses within a single data center network. The method includes assigning a unique pseudo identifier to each machine in the network that can be used for routing a packet to a destination machine, replacing a sender media access control address on an address resolution protocol request with a pseudo identifier of the sender at an edge network switch, retrieving a private network identifier from a mapping table based on the sender pseudo identifier and returning a pseudo identifier for the destination address based on the private network identifier, and replacing the pseudo identifier of the destination address with an actual identifier at a destination edge network switch for routing the packet to the destination machine.

In an address resolution system in a centralized network control environment including a plurality of software defined network (SDN) switches, an address resolution protocol (ARP) controller checks whether an ARP table has a MAC address corresponding to the destination IP address of an ARP request packet when the ARP request packet is received from a source host. An SDN controller determines whether to broadcast the ARP request packet according to the existence of the MAC address corresponding to the destination IP address in the ARP table.

An apparatus in a LAN has first and second hardware interfaces to connect to the LAN. First and second monitoring request messages are transmitted to one or more devices in a first VLAN and one or more devices in a second VLAN respectively, via both the first and second hardware interfaces. The monitoring request messages use the Address Resolution Protocol (ARP) or the Neighbor Discovery Protocol (NDP). First and second monitoring response messages are received via the first and/or second hardware interfaces in response to the first and second monitoring request messages respectively. A selection is made between the first and second hardware interfaces for performing data communication, based on the first and second monitoring response messages. The selection is performed independently for data communication via the first and second VLANs based on at least one characteristic of the first and second monitoring response messages respectively.

According to one embodiment, a network controller includes a data register which stores first data indicative of a data pattern of an address resolution protocol request packet including a network address of an information processing apparatus, and second data indicative of a data pattern of a wake-up packet for waking up the information processing apparatus, a comparison unit configured to compare a data pattern of an incoming packet with the first data and the second data, while the information processing apparatus is in a sleep state, a transmission unit configured to send, if the data pattern of the incoming packet agrees with the first data, the address resolution protocol reply packet to the network, and a wake-up signal output unit configured to output, if the data pattern of the incoming packet agrees with the second data, a wake-up signal for instructing wake-up to the information processing apparatus.

A technique for connecting New Network Devices (NNDs) to an existing communication network. The NND caches the MAC address of an Original (or “Old”) Network Device, then gratuitously transmits Address Resolution Protocol (ARP) responses on behalf of the OND, but pointing to its own MAC address. This, in effect, allows the NND to insert itself in the path of packets originally destined for the OND. After performing its designated operations such as filtering, compression, caching, file serving, virus scanning, etc., any remaining packets can still be forwarded to the OND for further processing. In this event, the packets are forwarded by the NND to the OND as MAC layer frames using the OND's MAC address only and not its IP address. In the event that the NND fails, no special steps need to be taken, as the OND will eventually receive traffic again as it responds to further ARP requests.

Some embodiments provide a novel method of configuring a managed hardware forwarding element (MHFE) that implements a logical forwarding element (LFE) of a logical network to handle address resolution requests (e.g., Address Resolution Protocol (ARP) requests) for multiple addresses (e.g., IP addresses) associated with a single network interface of the logical network. The method identifies a physical port of the MHFE with which the multiple addresses are to be associated. The physical port is coupled to an end machine (e.g., a virtual machine, server, container, etc.) of the logical network. The method then modifies associations stored at the MHFE to associate the physical port with the multiple addresses.

Methods of processing an address resolution protocol (ARP) response in connection with a data control switch are presented including: receiving an ARP response, the ARP response having an ARP response MAC address and a corresponding ARP response IP address; and dropping the ARP response when: the ARP response MAC address matches any of a plurality of ARP entry MAC addresses residing in an ARP table, and the corresponding ARP response IP address does not match a corresponding ARP entry IP address. In some embodiments, methods further include: creating an ARP entry corresponding to the ARP response in the ARP table when: the ARP response MAC address does not match any of the plurality of ARP entry MAC addresses.

The invention discloses a method for sending an ARP (Address Resolution Protocol) message in a VxLAN (Virtual Extensible LAN), a VTEP (VxLAN Tunnel Endpoint) and a VxLAN controller so that a problem that resource waste is generated because messages are sent in a multicast method is eliminated. The method for sending the ARP message mainly includes that: a source VTEP receives an ARP message of a source virtual machine (VM), wherein the APP message is used for requesting a media access control MAC address of a target VM and the ARP message carries the IP address of the target VM; the IP address of the target VM, carried in the APP message is acquired; a query request is sent to the VxLAN controller so as to acquire the IP address of a target VTEP, wherein the query request carries the IP address of the target VM; the IP address of the target VTEP is acquired from the VxLAN controller; the APP message is packaged according to the IP address of the target VTEP so that a VxLAM message is generated; and the VxLAM message is sent to the target VTEP.

A heterogeneous point-to-point links involves different technologies at it two ends, e.g., Ethernet at one end and ATM or Frame Relay at the other end. If two IP systems are connected via a heterogeneous point-to-point link, each may be using different address learning techniques. It is up to the Provider Edge devices to make these different techniques inter-work. A novel provider edge device and procedures that the edge device it to perform for forwarding packets properly are described. According to the invention, the provider edge device uses a broadcast address to forward the packet in one direction toward a customer edge device. In another direction, the provider edge device responds to an ARP request from the customer edge device with its own MAC address so that it can receive a packet from the customer edge device.

An embodiment of the invention provides a method for virtual machine migration in a network. The method comprises: before a virtual machine migrating from a second entity gateway to a first entity gateway, the first entity gateway configuring a virtual gateway IP address; after the virtual machine migrating from a second entity gateway to a first entity gateway, the first entity gateway receiving a free address resolution protocol (ARP) message sent by the virtual machine, the free ARP message comprising an IP address of the virtual machine and an MAC address; the first entity gateway generating routing of the virtual machine according to the IP address of the virtual machine; and the first entity gateway issuing the routing of the virtual machine to a data center. The embodiment of the invention also provides an entity gateway and a system for virtual machine migration. Through the technical scheme provided in the embodiment, when the virtual machine migrates, default gateway configured in the virtual machine does not need reconfiguration. The virtual machine cannot aware changes of the gateway, so that a problem of flow interruption in a process of the virtual machine migration caused by gateway changing is prevented.