Scalable handling of bgp route information in vxlan with evpn control plane
US-2016285761-A1 · Sep 29, 2016 · US
System and method of dynamic establishment of virtual private networks using border gateway protocol ethernet virtual private networks technology
US10469595B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10469595-B2 |
| Application number | US-201715436670-A |
| Country | US |
| Kind code | B2 |
| Filing date | Feb 17, 2017 |
| Priority date | Feb 17, 2017 |
| Publication date | Nov 5, 2019 |
| Grant date | Nov 5, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method and apparatus of a network element that dynamically establishes a first virtual private network (VPN) tunnel is described. In an exemplary embodiment, the network element detects data destined for a first private subnet. In response to the detecting, the network element determines that a next hop for the data does not have an established VPN tunnel that allows access to the first private subnet. The network element further establishes the VPN tunnel and sends the data using the VPN tunnel.
First claim
Opening claim text (preview).
What is claimed is: 1. A non-transitory machine-readable medium having executable instructions to cause one or more processing units to perform a method to dynamically establish a first virtual private network (VPN) tunnel, the method comprising: detecting, with a first branch network element, data destined for a first private subnet; in response to the detecting, determining that a next hop for the data does not have an established VPN tunnel that allows access to the first private subnet; establishing the VPN tunnel from the first branch network element to a second branch network element providing access to the first private subnet, the VPN tunnel bypassing a hub network element; and sending the data using the VPN tunnel. 2. The machine-readable medium of claim 1 , wherein the VPN tunnel is secure tunnel. 3. The machine-readable medium of claim 2 , wherein the IPSec tunnel uses IPSec transport mode and the data is encapsulated for transport in the Virtual Extended Local Area Network (VXLAN). 4. The machine-readable medium of claim 1 , wherein the VPN tunnel is established between the first and second branch network elements across a public Internet Protocol network. 5. The machine-readable medium of claim 1 , further comprising: receiving, with the first branch network element, private subnet forwarding information for the first private subnet; and installing the private subnet forwarding information in a forwarding information base of the first branch network element. 6. The machine-readable medium of claim 5 , wherein first branch network element receives the private subnet forwarding information from a route reflector. 7. The machine-readable medium of claim 5 , wherein the private subnet forwarding information is distributed by Border Gateway Protocol Virtual Extended Local Area Network. 8. The machine-readable medium of claim 5 , further comprising: establishing a second VPN tunnel between the hub network element and the first branch network element, wherein the first branch network element receives the private subnet forwarding information via the hub network element. 9. The machine-readable medium of claim 6 , further comprising: sending a second private subnet forwarding information to the hub network element, wherein the first branch network element provides access to a device in a second private subnet. 10. The machine-readable medium of claim 1 , wherein the detecting the data comprises: detecting that a flow of the data is at or above a threshold. 11. A method to dynamically establish a first virtual private network (VPN) tunnel, the method comprising: detecting, with a first branch network element, data destined for a first private subnet; in response to the detecting, determining that a next hop for the data does not have an established VPN tunnel that allows access to the first private subnet; establishing the VPN tunnel from the first branch network element to a second branch network element providing access to the first private subnet, the VPN tunnel bypassing a hub network element; and sending the data using the VPN tunnel. 12. The method of claim 11 , wherein the VPN tunnel is secure tunnel. 13. The method of claim 12 , wherein the IPSec tunnel uses IPSec transport mode and the data is encapsulated for transport in the Virtual Extended Local Area Network (VXLAN). 14. The method of claim 11 , wherein the VPN tunnel is established between the first and second branch network elements across a public Internet Protocol network. 15. The method of claim 11 , further comprising: receiving, with the first branch network element, private subnet forwarding information for the first private subnet; and installing the private subnet forwarding information in a forwarding information base of the first branch network element. 16. The method of claim 15 , wherein first branch network element receives the private subnet forwarding information from a route reflector. 17. The method of claim 15 , further comprising: establishing a second VPN tunnel between the hub network element and the first branch network element, wherein the first branch network element receives the private subnet forwarding information via the hub network element; and sending a second private subnet forwarding information to the hub network element, wherein the first branch network element provides access to a device in a second private subnet. 18. The method of claim 11 , wherein the detecting the data comprises: detecting that a flow of the data is at or above a threshold.
Assignees
Inventors
Classifications
Virtual LANs, VLANs, e.g. virtual private networks [VPN] (LAN interconnection over a bridge based backbone H04L12/462; encapsulation techniques H04L12/4633; routing of packets H04L45/00; packet switches H04L49/00; virtual private networks for security H04L63/0272) · CPC title
Virtual private networks · CPC title
- H04L67/141Primary
Setup of application sessions (admission control or resource allocation in data switching networks H04L47/70) · CPC title
Interconnection of networks using encapsulation techniques, e.g. tunneling · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10469595B2 cover?
- A method and apparatus of a network element that dynamically establishes a first virtual private network (VPN) tunnel is described. In an exemplary embodiment, the network element detects data destined for a first private subnet. In response to the detecting, the network element determines that a next hop for the data does not have an established VPN tunnel that allows access to the first priva…
- Who is the assignee on this patent?
- Arista Networks Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L67/141. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Nov 05 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).