Abstract: A method for transmitting MAC frames. The method includes receiving, by a first switch in the MLAG domain, a first media access control (MAC) frame from an external device, wherein the external device is directly connected to the first switch, where the MLAG domain consists of the first switch and the second switch. The method further includes making a first determination that the external device is not a singly-connected external device and based on the first determination, encapsulating the first MAC frame in a first VXLAN frame using a first virtual tunnel endpoint (VTEP), where the first VXLAN frame comprises a virtual VTEP Internet Protocol (IP) address, where the virtual VTEP IP address is associated with the MLAG domain. The method further includes transmitting the first VXLAN frame to an IP fabric, where the first switch is directly connected to the IP fabric.

Abstract: In general, the invention relates to a method for programming a network device to perform routing of data packets between and/or within networks. More specifically, the method provides a more efficient process for updating the forwarding equivalence class (FEC) table with minimal impacting of the mappings in the forward information base (FIB) of the network device.

Abstract: In general, embodiments of the invention relate to a method of programming a data plane forwarding information base (FIB). The method includes obtaining, by a FIB entry optimizer in a control plane, a new entry to be loaded into the data plane FIB, making a first determination, by the FIB entry optimizer, that the data plane FIB is not full; and based on the first determination: loading, by the FIB entry optimizer, the new entry into the data plane FIB.

Abstract: In general, embodiments of the invention relate to routing packets between servers in different layer 2 domains. More specifically, embodiments of the invention relate to using overlay routing mechanisms in an Internet Protocol (IP) fabric to enable communication between servers in different layer 2 domains to communication. The overlay routing mechanisms may include direct routing, indirect routing, naked routing, or a combination thereof (e.g., hybrid routing).

Abstract: A method and system for applying a network policy in a virtual extensible local area network (VXLAN) environment. The method includes receiving, at a network device, a VXLAN frame that includes a source VXLAN network identifier (VNI). The network device includes a first network policy. The method also includes examining the VXLAN frame to determine the source VNI; obtaining, based on the source VNI, the first network policy; and processing the VXLAN frame based on the application of the first network policy.

Abstract: A method and apparatus of a device that triggers a pause watchdog is described. In an exemplary embodiment, the device receives a pause message from a second network element on a first network element, where the pause message indicates that data should not be transmitted by the first network element. The device additionally triggers a pause watchdog on the first network element if the pause message is above a pause watchdog threshold, where the pause watchdog reduces the effect of the pause message.

Abstract: A method and system for securing a VXLAN environment, including configuring a default network policy, associated with interfaces of the network device, for dropping all VXLAN frames including a VXLAN attribute; obtaining, by the network device, registered VTEP identifiers; determining, using the registered VTEP identifiers, that an interface of the network device is operatively connected to a registered VTEP associated with a registered VTEP identifier; disassociating the default network policy from the interface based on the determination; receiving, at the interface, a frame; performing a first verification that the frame is a VXLAN frame by examining the frame to determine that the frame includes the VXLAN attribute; performing a second verification to determine that the VXLAN frame includes a registered VTEP identifier; allowing, based on the first verification and the second verification, the network device to process the VXLAN frame; and processing the VXLAN frame.

Abstract: A method and apparatus of a device that notifies another device of a failed device is described. In an exemplary embodiment, a network element detects that a first device is unavailable, where the network element couples the first device to the second device. In response to detecting that the first device is unavailable, the network element configures a proxy for the first device. The network element additionally receives network data that is destined for the first device, where the second device originated the network data. If the proxy can process the network data, the network element transmits a response to the second device from the proxy, where the response indicates that the first device is unavailable, where the first response includes an address of the first device. If the proxy cannot process the network data, the network element drops the network data.

Abstract: A method and apparatus of a network element that authenticates a field replaceable unit of the network element is described. The network element authenticates a field replaceable unit of the network element by generating a nonce. In addition, the network element generates a signature using a nonce and a private encryption key that is securely stored in the field replaceable unit. The network element further verifies the signature using a public encryption key that is a pair to the private encryption key and is not securely stored in the field replaceable unit. If the field replaceable unit is verified, the network element uses the field replaceable unit to operate the network element. Otherwise, the network element disables the field replaceable unit.

Abstract: A method and system for sharing host entries between virtual tunnel endpoints (VTEPs). The method includes making a first determination that an NLHE is present in a locally learned host entry table on a VTEP where the NHLE is associated with a first timestamp, and making a second determination that a first entry corresponding to the NHLE is present in a Host-Specific Portion of Global Host Entry Table (HSPT) on the VTEP, where the first entry is associated with a second timestamp. Based on the second determination, making a third determination, using the timestamps, that the NHLE is more recent than the first entry and based on the third determination updating an active forwarding table on the first VTEP to include a second entry corresponding to the NHLE and to remove the first entry and sending the NHLE to a VXLAN controller operatively connected to the VTEP.

Abstract: A method for virtual extensible local area network (VXLAN) encapsulation. The method includes receiving a first augmented MAC frame on a first ingress port of a first network device, where the first augmented MAC frame includes a first egress port ID (EPID), a first ingress port ID (IPID), and a first MAC frame. The method further includes identifying a first destination VXLAN tunnel endpoint (VTEP) internet protocol (IP) address based on the first EPID, where the first destination VTEP IP address is associated with a first destination VTEP. The method further includes identifying a source VTEP IP address based on the first IPID, performing VXLAN encapsulation of the first MAC frame to obtain a VXLAN frame, and sending the VXLAN frame to the first destination VTEP via a first egress port of the first network device.

Abstract: A method for processing state information updates. The method includes receiving, by a coordination point, a plurality of state information from a plurality of network elements; processing at least one of the plurality of state information to generate a result; and applying the result to at least one of the plurality of network elements in order to modify an operation of the at least one of the plurality of network elements.

Abstract: A system and method for route health injection using virtual tunnel endpoints. The method includes detecting, by a virtual tunnel endpoint (VTEP), that a new host is connected to the VTEP, where the VTEP is executing on the network device. The method further includes, based on the detecting, generating by the VTEP, a new route for the new host, where the new route is at least a longer match for the new host than currently existing routes for the new host, and providing the new route to a default gateway for the new host.

Abstract: A method for virtual extensible local area network (VXLAN) encapsulation. The method includes receiving a first augmented MAC frame on a first ingress port of a first network device, where the first augmented MAC frame includes a first egress port ID (EPID), a first ingress port ID (IPID), and a first MAC frame. The method further includes identifying a first destination VXLAN tunnel endpoint (VTEP) internet protocol (IP) address based on the first EPID, where the first destination VTEP IP address is associated with a first destination VTEP. The method further includes identifying a source VTEP IP address based on the first IPID, performing VXLAN encapsulation of the first MAC frame to obtain a VXLAN frame, and sending the VXLAN frame to the first destination VTEP via a first egress port of the first network device.

Abstract: In general, embodiments of the invention relate to routing packets between hosts or virtual machines in different layer 2 domains. More specifically, embodiments of the invention relate to using overlay routing mechanisms in an Internet Protocol (IP) fabric to enable communication between hosts or virtual machines in different layer 2 domains to communication. The overlay routing mechanisms may include direct routing, indirect routing, naked routing, or a combination thereof (e.g., hybrid routing).

Abstract: A method and system for securing a VXLAN environment, including configuring a default network policy, associated with interfaces of the network device, for dropping all VXLAN frames including a VXLAN attribute; obtaining, by the network device, registered VTEP identifiers; determining, using the registered VTEP identifiers, that an interface of the network device is operatively connected to a registered VTEP associated with a registered VTEP identifier; disassociating the default network policy from the interface based on the determination; receiving, at the interface, a frame; performing a first verification that the frame is a VXLAN frame by examining the frame to determine that the frame includes the VXLAN attribute; performing a second verification to determine that the VXLAN frame includes a registered VTEP identifier; allowing, based on the first verification and the second verification, the network device to process the VXLAN frame; and processing the VXLAN frame.

Abstract: A method for active network fabric management. The method includes receiving a probe packet by a termination beacon, where the probe packet is associated with a stream, the stream is identified using an origin beacon identification (ID) for an origin beacon, a stream source IP address, a stream destination IP address, an L2 origin interface, and a TTL value or an IP Hop value. The method further includes generating, after receiving the probe packet and after the expiration of a probe rate request (PRR) refresh timer, a rate control packet (RCP) by the termination beacon where the RCP includes a PRR for the stream, and sending the RCP to the origin beacon using an origin beacon IP address, where the origin beacon IP address is different than the stream source IP address.

Abstract: A method for active network fabric management. The method includes receiving a probe packet by a termination beacon, where the probe packet is associated with a stream, the stream is identified using an origin beacon identification (ID) for an origin beacon, a stream source IP address, a stream destination IP address, an L2 origin interface, and a TTL value or an IP Hop value. The method further includes generating, after receiving the probe packet and after the expiration of a probe rate request (PRR) refresh timer, a rate control packet (RCP) by the termination beacon where the RCP includes a PRR for the stream, and sending the RCP to the origin beacon using an origin beacon IP address, where the origin beacon IP address is different than the stream source IP address.

Abstract: In general, embodiments of the invention relate to routing packets between hosts or virtual machines in different layer 2 domains. More specifically, embodiments of the invention relate to using overlay routing mechanisms in an Internet Protocol (IP) fabric to enable communication between hosts or virtual machines in different layer 2 domains to communication. The overlay routing mechanisms may include direct routing, indirect routing, naked routing, or a combination thereof (e.g., hybrid routing).

Abstract: A method and system for securing a VXLAN environment, including configuring a default network policy, associated with interfaces of the network device, for dropping all VXLAN frames including a VXLAN attribute; obtaining, by the network device, registered VTEP identifiers; determining, using the registered VTEP identifiers, that an interface of the network device is operatively connected to a registered VTEP associated with a registered VTEP identifier; disassociating the default network policy from the interface based on the determination; receiving, at the interface, a frame; performing a first verification that the frame is a VXLAN frame by examining the frame to determine that the frame includes the VXLAN attribute; performing a second verification to determine that the VXLAN frame includes a registered VTEP identifier; allowing, based on the first verification and the second verification, the network device to process the VXLAN frame; and processing the VXLAN frame.