Subhasree Mandal - San Jose CA, US Subbaiah Venkata - Sunnyvale CA, US Leon Poutievski - Santa Clara CA, US Amit Gupta - San Jose CA, US Min Zhu - Palo Alto CA, US Rajiv Ramanathan - Cupertino CA, US James M. Wanderer - Palo Alto CA, US Joon Ong - Cupertino CA, US
International Classification:
H04L 12/56 H04L 12/28 H04L 12/26
US Classification:
370217, 370400, 370401
Abstract:
Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for semi-centralized routing. In one aspect, a computer-implemented method receives a network protocol packet at a router adapted for routing data packets to one or more additional routers. The network protocol packet conforms to a routing protocol that provides distributed routing computation. The method also sends the network protocol packet, through a controller, to a selected one of a plurality of route control servers. The method also processes the network control packet at the selected route control server to generate a routing computation result that conforms to the routing protocol. The method also generates routing information based on the routing computation. The routing information conforms to a control protocol that provides centralized routing computation. The method also sends the routing information to the router for routing of data packets based on the control protocol.
Vasant Sahay - Sunnyvale CA, US Biju Kunjukunju - Cupertino CA, US Nirmalendu Das - Cupertino CA, US Subhasree Mandal - San Jose CA, US David Levi - Knoxville TN, US Manoj Guglani - Fremont CA, US Philippe Michelet - Milpitas CA, US Ravi Kumar - Cupertino CA, US
International Classification:
H04L 9/32
US Classification:
726004000
Abstract:
A technique for providing secure network access is disclosed. In one particular exemplary embodiment, the technique may be realized as a method for providing secure network access. The method may comprise establishing a plurality of access zones in a network, wherein client devices assigned to different access zones have different access privileges and are isolated from one another. The method may also comprise assigning a client device to one of the plurality of access zones based on an assessment of a security context associated with the client device and a connection of the client device to the network.
Prefix-Aware Weighted Cost Multi-Path Group Reduction
- Mountain View CA, US Jiangbo Li - Sunnyvale CA, US Victor Lin - Fremont CA, US Subhasree Mandal - San Jose CA, US
International Classification:
H04L 12/741 H04L 12/801 H04L 12/707
Abstract:
Methods and systems for generating a forwarding table for a packet switch. The system includes a route manager for the packet switch, configured to identify a plurality of multi-path groups each corresponding to a respective initial set of routing entries in the forwarding table and generate, for one or more multi-path groups, at least one replacement set of routing entries with fewer routing entries than the initial set corresponding to the respective multi-path group. The route manager selects, based on a traffic reduction cost metric, one or more of the replacement sets of routing entries, each corresponding to a different respective multi-path group, and updates the forwarding table with the selected replacement sets. In some implementations, the traffic reduction cost metric includes a traffic characteristic. In some implementations, the packet switch participates in a software-defined network (SDN) and the route manager is part of an SDN controller.