Handling reflexive ACLs with virtual port-channel
US10530712B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Dec 9, 2016 |
| Grant date | Jan 7, 2020 |
| Priority date | — |
| Expiry date | Apr 27, 2037 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L45/74591
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Techniques for providing a reflexive access control list (ACL) on a virtual switch are provided. Embodiments receive a first packet corresponding to a first network flow and a second packet corresponding to a second network flow. Upon determining that a SYN flag is set within the first packet, a first entry is created in the reflexive ACL for the first network flow. Upon determining that the first packet was received over a client port of the first physical switch, the first packet is forwarded to a second physical switch within virtual switch. Upon determining that the second packet has a SYN flag enabled, a second entry is created in the reflexive ACL. Finally, upon determining that the second packet was received from the second physical switch, the second packet is forwarded over an uplink port to a destination defined by the second packet.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.