Abstract: In one embodiment, a subnet-scoped multicast packet is received on an interface of a forwarding device that is connected to a host device of a subnet of a forwarding domain. The received subnet-scoped multicast packet is transmitted from one or more other interfaces of the forwarding device that are connected to one or more other host devices of the subnet. The received subnet-scoped multicast packet is also encapsulated with an additional header. The encapsulated subnet-scoped multicast packet is forwarded from the forwarding device to an intermediate router which routes the encapsulated subnet-scoped multicast packet to one or more other forwarding devices configured to decapsulate the encapsulated subnet-scoped multicast packet and transmit the decapsulated subnet-scoped multicast packet to one or more connected host devices of an additional portion of the subnet.

Abstract: A detection-based defense to a wireless network. Elements of the infrastructure, e.g., access points or scanning-only access points, detect intruders by detecting spoofed frames, such as from rogue access points. Access points include a signature, such as a message integrity check, with their management frames in a manner that enables neighboring access points to be able to validate the management frames, and to detect spoofed frames. When a neighboring access point receives a management frame, obtains a key for the access point sending the frame, and validates the management frame using the key.

Abstract: In one embodiment, a subnet-scoped multicast packet is received on an interface of a forwarding device that is connected to a host device of a subnet of a forwarding domain. The received subnet-scoped multicast packet is transmitted from one or more other interfaces of the forwarding device that are connected to one or more other host devices of the subnet. The received subnet-scoped multicast packet is also encapsulated with an additional header. The encapsulated subnet-scoped multicast packet is forwarded from the forwarding device to an intermediate router which routes the encapsulated subnet-scoped multicast packet to one or more other forwarding devices configured to decapsulate the encapsulated subnet-scoped multicast packet and transmit the decapsulated subnet-scoped multicast packet to one or more connected host devices of an additional portion of the subnet.

Abstract: In one embodiment, a subnet-scoped multicast packet is received on an interface of a forwarding device that is connected to a host device of a subnet of a forwarding domain. The received subnet-scoped multicast packet is transmitted from one or more other interfaces of the forwarding device that are connected to one or more other host devices of the subnet. The received subnet-scoped multicast packet is also encapsulated with an additional header. The encapsulated subnet-scoped multicast packet is forwarded from the forwarding device to an intermediate router which routes the encapsulated subnet-scoped multicast packet to one or more other forwarding devices configured to decapsulate the encapsulated subnet-scoped multicast packet and transmit the decapsulated subnet-scoped multicast packet to one or more connected host devices of an additional portion of the subnet.

Abstract: Various systems and methods for integrating ring-protocol-compatible devices into network configurations that also include non-ring-protocol-compatible devices are disclosed. One such method, which can be performed by a network node that supports a ring protocol, involves generating a ring protocol packet and sending that ring protocol packet to a neighboring node. The ring protocol packet includes information, and the presence of this information within the packet causes a network device that receives the ring protocol packet to drop the ring protocol packet unless the network device supports a ring protocol. The information can include a reserved address (e.g., in the destination address field of the packet) as well as a ring protocol identifier.

Abstract: Embodiments of an N-Port ID virtualization (NPIV) proxy module, NPIV proxy switching system, and methods are generally described herein. Other embodiments may be described and claimed. In some embodiments, login requests are distributed over a plurality of available N-ports to allow servers to be functionally coupled to F-ports of a plurality of fiber-channel (FC) switches. Fiber-channel identifiers (FCIDs) are assigned to the servers in response to the logon requests to provide single end-host operations for each of the servers.

Abstract: A detection-based defense to a wireless network. Elements of the infrastructure, e.g., access points or scanning-only access points, detect intruders by detecting spoofed frames, such as from rogue access points. Access points include a signature, such as a message integrity check, with their management frames in a manner that enables neighboring access points to be able to validate the management frames, and to detect spoofed frames. When a neighboring access point receives a management frame, obtains a key for the access point sending the frame, and validates the management frame using the key.

Abstract: A detection-based defense to a wireless network. Elements of the infrastructure, e.g., access points or scanning-only access points, detect intruders by detecting spoofed frames, such as from rogue access points. Access points include a signature, such as a message integrity check, with their management frames in a manner that enables neighboring access points to be able to validate the management frames, and to detect spoofed frames. When a neighboring access point receives a management frame, obtains a key for the access point sending the frame, and validates the management frame using the key.

Abstract: Various systems and methods for implementing virtual ports within ring networks are disclosed. For example, one method involves allocating a logical port that corresponds to a first port and a second port and instantiating a spanning tree protocol instance. The first port and the second port are both assigned to a first ring network. The spanning tree protocol instance selectively blocks the logical port; however, the spanning tree protocol instance is unable to block the first port independently of blocking the second port. Events (e.g., link failures and recoveries) that occur within the ring network are communicated to spanning tree by transitioning the state of the logical port in response to receiving a ring protocol control packet. The spanning tree protocol instance initiates a bridge protocol data unit (BPDU) exchange from the logical port in response to a transition in the state of the logical port.

Abstract: A detection-based defense to a wireless network. Elements of the infrastructure, e.g., access points or scanning-only access points, detect intruders by detecting spoofed frames, such as from rogue access points. Access points include a signature, such as a message integrity check, with their management frames in a manner that enables neighboring access points to be able to validate the management frames, and to detect spoofed frames. When a neighboring access point receives a management frame, obtains a key for the access point sending the frame, and validates the management frame using the key.

Abstract: In one embodiment, a subnet-scoped multicast packet is received on an interface of a forwarding device that is connected to a host device of a subnet of a forwarding domain. The received subnet-scoped multicast packet is transmitted from one or more other interfaces of the forwarding device that are connected to one or more other host devices of the subnet. The received subnet-scoped multicast packet is also encapsulated with an additional header. The encapsulated subnet-scoped multicast packet is forwarded from the forwarding device to an intermediate router which routes the encapsulated subnet-scoped multicast packet to one or more other forwarding devices configured to decapsulate the encapsulated subnet-scoped multicast packet and transmit the decapsulated subnet-scoped multicast packet to one or more connected host devices of an additional portion of the subnet.

Abstract: In one embodiment, receiving a data packet in a data forwarding domain, encapsulating a header to the received data packet, and routing the encapsulated data packet in the data forwarding domain over a distribution tree are provided.

Abstract: A detection-based defense to a wireless network. Elements of the infrastructure, e.g., access points or scanning-only access points, detect intruders by detecting spoofed frames, such as from rogue access points. Access points include a signature, such as a message integrity check, with their management frames in a manner that enables neighboring access points to be able to validate the management frames, and to detect spoofed frames. When a neighboring access point receives a management frame, obtains a key for the access point sending the frame, and validates the management frame using the key.

Abstract: Various systems and methods for integrating ring-protocol-compatible devices into network configurations that also include non-ring-protocol-compatible devices are disclosed. One such method, which can be performed by a network node that supports a ring protocol, involves generating a ring protocol packet and sending that ring protocol packet to a neighboring node. The ring protocol packet includes information, and the presence of this information within the packet causes a network device that receives the ring protocol packet to drop the ring protocol packet unless the network device supports a ring protocol. The information can include a reserved address (e.g., in the destination address field of the packet) as well as a ring protocol identifier.

Abstract: Various systems and methods for integrating ring-protocol-compatible devices into network configurations that also include non-ring-protocol-compatible devices are disclosed. One such method, which can be performed by a network node that supports a ring protocol, involves generating a ring protocol packet and sending that ring protocol packet to a neighboring node. The ring protocol packet includes information, and the presence of this information within the packet causes a network device that receives the ring protocol packet to drop the ring protocol packet unless the network device supports a ring protocol. The information can include a reserved address (e.g., in the destination address field of the packet) as well as a ring protocol identifier.

Abstract: Various systems and methods are disclosed for providing support for responding to location protocol queries within a network node. One such method involves associating a location with a network identity by associating a network port with a network identity and also associating the network port with the location. The association between the network port and the network identity is created in response to a network identity, which can include an IP address, being assigned to a device coupled to the network port by an identity protocol such as DHCP. The packet is sent in response to detecting a request for the device's location. The method can be performed by various devices, including a first hop node coupled to the device, a location server, and an identity server.

Abstract: This invention provides for an apparatus and method to isolate ports on layer 2 switches on the same VLAN to restrict traffic flow. The apparatus comprises a switch having said plurality of ports, each port configured as a protected port or a non-protected port. An address table memory stores an address table having a destination address and port number pair. A forwarding map generator generates a forwarding map which is responsive to a destination address of a data packet. The method for isolating ports on a layer 2 switch comprises configuring each of the ports on the layer 2 switch as a protected port or a non-protected port. A destination address on an data packet is matched with a physical address on said layer 2 switch and a forwarding map is generated for the data packet based upon the destination address on the data packet.

Abstract: In one embodiment, detecting data traffic from a host device in a data forwarding domain, injecting a host route associated with the detected data traffic, and updating a forwarding table associated with the host route are provided.

Abstract: Various systems and methods for implementing virtual ports within ring networks are disclosed. For example, one method involves allocating a logical port that corresponds to a first port and a second port and instantiating a spanning tree protocol instance. The first port and the second port are both assigned to a first ring network. The spanning tree protocol instance selectively blocks the logical port; however, the spanning tree protocol instance is unable to block the first port independently of blocking the second port. Events (e.g., link failures and recoveries) that occur within the ring network are communicated to spanning tree by transitioning the state of the logical port in response to receiving a ring protocol control packet. The spanning tree protocol instance initiates a bridge protocol data unit (BPDU) exchange from the logical port in response to a transition in the state of the logical port.

Abstract: One embodiment in accordance with the invention is a method that includes detecting a failure in a ring network and transmitting a multicast message across the ring network that includes information regarding the failure. Additionally, a new ring master of the ring network is designated. Furthermore, a ring port coupled to the failure is blocked.