8844 results about "MAC address" patented technology

A method of asset control and workstation computer deployment that utilizes a dual port electronic memory identification RFID tag to hold serial number and hardware and software configuration profiles as well as user information. The RFID tag is mapped into the workstation computer memory space and can also be read and written by radio frequency signalling through a wired plug and access flap in a shipping carton. Serial numbers and MAC address is stored on the tag by the manufacturer. User information, workstation profile and software image information is stored onto the tag while the computer is being received for forwarding to the final workstation destination without the need to unpack and power up the computer. The information stored on the tag is used to allow automated system configuration and software downloading to the computer.

Frame contained destination information may be used by a switch to identify an appropriate output port for a given frame without performing a table access operation. This reduces the processing requirements of the switch to enable the switch to handle frames more efficiently. The frame contained destination information may be contained in the frame's local destination MAC addresses (DA) such that a portion of the DA directly indicates, for each switch that handles the frame, an output port for that switch. Different portions of the DA may be used by different switches, depending on where they are in the network hierarchy. Large switches may also use sub-fields within their allocated portion in the DA to identify internal switching components. A location resolution server may be provided to store and distribute IP and MAC addresses and respond to local ARP requests on the local domain.

Methods, systems and computer program products are provided for determining if a packet has a spoofed source Internet Protocol (IP) address. A source media access control (MAC) address of the packet and the source IP address are evaluated to determine if the source IP address of the packet has been bound to the source MAC address at a source device of the packet. The packet is determined to have a spoofed source IP address if the evaluation indicates that the source IP address is not bound to the source MAC address. Such an evaluation may be made for packets having a subnet of the source IP address which matches a subnet from which the packet originated.

Various embodiments relate to a Cloud Data Center, a system comprising the Cloud Data Center, and a related method. The Cloud Data Center may include a logical customer edge router to send packets between addresses in a private enterprise network and addresses in a logical network within a cloud network using Layer 2 protocol and MAC addressing. The logical network may have resources, known as virtual machines, allocated to the private enterprise network and may share a common IP address space with the private enterprise network. A directory at the Cloud Data Center may correlate the enterprise IP addresses of virtual machines with a MAC address, cloud IP address, and a location IP address within the logical network. The Cloud Data Center may double encapsulate packets with MAC, cloudIP, and locIP headers, when sending a packet to a destination in the logical network.

One embodiment of the present invention provides a switch system. The switch includes a port profile which specifies a set of port configuration information. During operation, a control mechanism within the switch detects a source MAC address of an incoming frame and determines that the MAC address is associated with the port profile. The control mechanism then applies the port profile to a switch port on which the frame is received.

According to some embodiments, systems and methods for binding dynamic host configuration and network access authentication are provided related to, inter alia, interactions between a PAA (PANA Authentication Agent) and a DHCP (Dynamic Host Configuration Protocol) server, such as, e.g., for synchronization between the PANA SA state and the DHCP SA state, such as, e.g., maintaining synchronization when a connection is lost. In some embodiments, systems and methods for binding network bridge and network access authentication are also provided related to, inter alia, interactions between a PAA and a layer-2 switch, such as, e.g., for avoiding service thefts and the like (such as, e.g., MAC address and/or IP address spoofing) in the context of, e.g., the above. In some other embodiments, systems and methods for bootstrapping multicast security from network access authentication protocol are also provided related to, inter alia, key management for protected IP multicast streams, such as, e.g., to avoid IP multicast streams unnecessarily received and/or processed by unauthorized receivers connected to the same layer 2 segment as authorized receivers in the context of, e.g., the above.

The discovery and configuration of devices of interest connected to the Ethernet by an Ethernet port is disclosed. To perform discovery, Client software in a management interface transmits packets including the address of the management interface and a port identifier to a known broadcast address, requesting the MAC address for all devices of interest. Server software in the devices of interest parse the broadcast packets and broadcast a packet containing a MAC address that uniquely identifies the devices of interest back to the Client. Once the MAC addresses are returned to the Client, the Client can then broadcast protocol packets requesting the configuration of a specific device of interest such as a new IP address. Once a device of interest is configured with at least an IP address, the device of interest can communicate using TCP/IP, and it can thereafter be managed using higher level tools and firmware.

A network virtualization layer for an information handling system in which a physical machine coupled to a network is divided into a plurality of logical partitions, each of which has a host system residing thereon. In response to receiving a set command from one of the host systems specifying a data link layer (layer 2) address, the virtualization layer associates the data link layer address with the host system and forwards to the host system data packets specifying the data link layer address as a destination address. Unicast packets are forwarded to the single host system specifying the destination address as an individual MAC address, while multicast packets are forwarded to each host system specifying the destination address as a group MAC address. A host system may also specify a virtual LAN (VLAN) ID, which is used to scope the forwarding of packets to host systems sharing that VLAN ID.

The present invention is for automatic reconfiguration of industrial networked devices. More particularly, the system described herein facilitates use of TCP/IP networks, such as Ethernet, as an alternative for industrial fieldbus or device buses by removing the need to perform significant reconfiguration of devices such as I/O modules, sensors, or transducers under field replacement situations. The present invention uses a monitor agent to track the IP and MAC addresses of networked devices as well as port information. If a device fails, maintenance personnel make an in-field replacement of the failed device and the monitor agent automatically reassigns the IP address to the replacement device.

A method for disseminating MAC addresses for discovered network devices through a plurality of network switches which cooperate to enable maintaining multiple active paths between such devices. Where a plurality of network switches cooperate through load balancing protocols to enable simultaneous use of multiple paths between, protocols of the present invention permit newly discovered MAC addresses attached to ports of an edge switch to be disseminated through the network switches. When an edge switch detects a device having a previously unknown MAC address, a MAC address information packet is generated and disseminated from the edge switch the other switched of the same load balance domain. The packet is preferably, in effect, broadcast using the pruned broadcast tree constructed and maintained by other protocols related to the present invention.

A method for discovering addressing information within a network switch for an unknown MAC address received as a destination address of a packet. Where prior techniques flooded the network with the received packet, switch to switch protocols of the present invention reduce the volume of such overhead network traffic required to discover the addressing information. In particular, the present invention propagates query messages through network switches in a load balance domain (a group of switches cooperable in accordance with the protocols described herein). The query messages are propagated using a pruned broadcast tree to reduce the number of transmissions required to reach all switches in the load balance domain. The propagated query message eventual elicits a response from the device which owns the previously unknown destination address. Switches and devices outside the load balance domain are similarly probed for the unknown destination address using link level test messages which elicit a response from the device owning the unknown address without impacting the network higher layer protocols. These techniques reduce the volume of network traffic required to obtain the desired addressing information by forcing the response from the device owning the previously unknown destination address and constructing a unicast path to that device. Creating the unicast path obviates the need to flood the unknown destination address on the network.

A device and method for allocating the same Internet protocol (IP) address to all information terminals or hosts connected to a specific local network, which allows the hosts in the local network to gain access to the Internet while the hosts share a single IP address. The device includes a dynamic host configuration protocol (DHCP) client, a local access point, and a DHCP server spoofer. The DHCP client is allocated an IP address through a DHCP message communication with an Internet service provider. The Internet service provider includes a DHCP server for allocating IP addresses to the hosts and an Internet access gateway. The local access point includes a hardware address port translation (HAPT) module and a local IP address translation (LIAT) module. The HAPT module modifies a source medium access control (MAC) II address and port number of a frame received from each host, stores the modified result in a HAPT table, and recovers a destination MAC address and port number of a frame received from the Internet service provider, referring to the HAPT table. The LIAT module prevents a collision occurring because the hosts have the same public IP address. The DHCP server spoofer implements a DHCP server function to allocate an IP address to each host.

A multiple key, multiple tiered network security system, method and apparatus provides at least three levels of security. The first level of security includes physical (MAC) address authentication of a user device being attached to the network, such as a user device being attached to a port of a network access device. The second level includes authentication of the user of the user device, such as user authentication in accordance with the IEEE 802.1x standard. The third level includes dynamic assignment of a user policy to the port based on the identity of the user, wherein the user policy is used to selectively control access to the port. The user policy may identify or include an access control list (ACL) or MAC address filter. Also, the user policy is not dynamically assigned if insufficient system resources are available to do so. Failure to pass a lower security level results in a denial of access to subsequent levels of authentication.

A data center network system and a packet forwarding method thereof are provided. The data center network system includes a virtual bridge and an address resolution protocol (ARP) server. The virtual bridge intercepts an ARP request having an identification field and a destination IP address field and adds a corresponding virtual data center identification to the identification field of the ARP request and redirecting the ARP request to the ARP server. Additionally, the ARP server queries a corresponding MAC address according to an IP address recorded in the destination IP address field of the ARP request and the corresponding VDCID recorded in the identification field of the ARP request, and transmits the corresponding MAC address in response to the ARP request. Accordingly, the same private IP address can be reused in the data center network system.

A power-save method for a network with an access point and an associated power-save client. The access point buffers wireless data that includes a unicast frame and a multicast frame. A periodic scheduled beacon message is transmitted with a unicast indication element and a multicast indication element. The unicast element instructs a client to remain awake to receive a buffered unicast frame, which includes a destination MAC address. The multicast element instructs a client to remain awake following the beacon to receive a buffered multicast frame, which includes a destination multicast address designating a multicast group of which the client is a member. At least one beacon message is designated as a multicast delivery beacon. The buffered multicast frame is transmitted following the designated multicast beacon. The multicast element contains a list of entries, each entry corresponding to either a multicast MAC address, multicast IP address, or client identifier.

Information handling system network addresses are managed to support a consistent MAC address for iSCSI and fibre channel host bus adapter. For example, a management controller retrieves a MAC address from persistent memory, such as a network location, and assigns the MAC address to a non-persistent memory of a predetermined information handling system network component so that the MAC address remains consistent even if the network component is replaced. For example, an offload engine that supports network communications with iSCSI receives a MAC address from a network location and applies the MAC address for use by a host bus adapter. Alternatively, an offload engine supports Fibre Channel with World Wide Name or World Wide Identifier address assignments.

Some embodiments provide a novel method for load balancing data messages that are sent by a source compute node (SCN) to one or more different groups of destination compute nodes (DCNs). In some embodiments, the method deploys a load balancer in the source compute node's egress datapath. This load balancer receives each data message sent from the source compute node, and determines whether the data message is addressed to one of the DCN groups for which the load balancer spreads the data traffic to balance the load across (e.g., data traffic directed to) the DCNs in the group. When the received data message is not addressed to one of the load balanced DCN groups, the load balancer forwards the received data message to its addressed destination. On the other hand, when the received data message is addressed to one of load balancer's DCN groups, the load balancer identifies a DCN in the addressed DCN group that should receive the data message, and directs the data message to the identified DCN. To direct the data message to the identified DCN, the load balancer in some embodiments changes the destination address (e.g., the destination IP address, destination port, destination MAC address, etc.) in the data message from the address of the identified DCN group to the address (e.g., the destination IP address) of the identified DCN.

A virtual network is overlaid upon physical networks. The virtual network is a layer-2 network that appears to expand an organization's LAN using virtual MAC addresses. A VN device driver shim intercepts LAN packets and their virtual MAC and IP addresses and encapsulates them with physical packets that can be routed over the Internet. As new nodes are created, a VN switch table is expanded so that all nodes on the virtual network can reach the new node. A copy of the VN switch table is stored on each node by a virtual network management daemon on the node. A VN configuration controller in a central server updates the VN switch tables. Organizations can expand their virtual network as nodes are created at remote cloud computing providers without action by the staff at the cloud computing provider. Hybrid cloud virtual networks include on-premises physical and virtual-machine nodes, and off-premises guest nodes and instances.

A method for automatically provisioning a WiFi-equipped machine-to-machine (M2M) device is disclosed. A WiFi M2M gateway identifies a WiFi network identifier broadcast by a powered-on M2M device in WiFi ad hoc mode through a scanning procedure and joins the ad hoc network defined by the M2M device. The WiFi M2M gateway obtains device information (e.g., MAC address) of the M2M device. The WiFi M2M gateway transmits a command to the M2M device to switch from ad hoc mode to infrastructure mode. The WiFi M2M gateway registers the M2M device with an M2M server associated with a service provider based on the device information of the M2M device. The WiFi M2M gateway receives a fully qualified domain name (FQDN) associated with the M2M device from the M2M server.

In a computer system by using an ARP response packet in which a MAC address of a physical server is set as a transmission source MAC address, the MAC address of the physical server corresponding to a target VIP address included in an ARP request packet from a terminal device, a controller executes a proxy response to the ARP request packet to notify the terminal device of the MAC address of the physical server which is the access destination of the terminal device. In addition, the controller sets a flow entry to the switch, the flow entry regulating that a reception packet, which is transmitted from the terminal device and in which the MAC address is set as a destination MAC address, is made to be forwarded to a communication route to the physical server. Accordingly, a server which is an access destination of a terminal device can be arbitrarily set while increase of costs is suppressed in a high-speed network environment.

A method, system and program product for managing assignment of virtual physical addresses. The method includes requesting, using a services function provided by a virtual machine operating system, a MAC address assignment for a real device and searching, in a MAC assignment table created and stored within a virtual memory space, to determine whether or not an explicit MAC address is assigned to the device. If an explicit MAC address is determined to be assigned to the device, retrieving the explicit MAC address upon verifying that the MAC address is not in use by another device and forwarding, using the services function, the explicit MAC address retrieved for assignment to the real device. If an explicit MAC address is not assigned to the device, retrieving an available MAC address from a MAC address pool table and forwarding the available MAC address retrieved for assignment to the real device.