公开(公告)号：US20220345404A1

公开(公告)日：2022-10-27

申请号：US17859335

申请日：2022-07-07

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Yonglong Fang ,  Hongwei HE

IPC: H04L45/745 ,  H04L12/46

Abstract: A first network device is provided, comprising a memory storing instructions and a routing table comprising a plurality of routing entries. Each routing entry comprises a site prefix and a corresponding site identifier. The first network device further comprises at least one processor in communication with the memory. The at least one processor is configured, upon execution of the instructions, to perform the steps of: receive a first data packet, the first data packet carrying a destination address, the first network device being deployed in a first site; determine a target routing entry from the routing table based on the destination address, the destination address matching a site prefix comprised in the target routing entry, a site identifier comprised in the target routing entry identifying a second site; and send the first data packet to a second site network device deployed in the second site.

公开(公告)号：US20240205205A1

公开(公告)日：2024-06-20

申请号：US18589743

申请日：2024-02-28

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Jianqiang HOU ,  Hongwei HE

IPC: H04L9/40 ,  H04L45/00 ,  H04L45/741

CPC classification number: H04L63/0485 ,  H04L45/34 ,  H04L45/741

Abstract: A packet sending method, a network device, and a program product are disclosed, and pertain to the field of segment routing technologies. The method includes: A network device sends a packet which includes a segment routing header SRH and a payload, the SRH includes an encrypted field and an unencrypted field, the encrypted field includes at least an encrypted SID list, and the SID list indicates a transmission path of the packet. A SID list in an SRH of an SRv6 packet transmitted over a POP network is encrypted, thereby protecting SID information from being leaked. In addition, an intermediate node on a packet transmission path only needs to decrypt an encrypted field in the SRH to determine a next hop from the SID list, and does not need to decrypt the payload. This improves forwarding efficiency of the network device and protects secure transmission of the payload.

公开(公告)号：US20220345400A1

公开(公告)日：2022-10-27

申请号：US17859387

申请日：2022-07-07

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Hongwei HE ,  Yonglong FANG ,  Qi YU

IPC: H04L45/00 ,  H04L12/46

Abstract: A first network device of a plurality of network devices is provided. The first network device is configured to receive a first data packet from a second site; search a flow table stored in the first network device for a target flow entry whose flow identifier is of a first data flow, each entry comprises a flow identifier and a corresponding outbound interface identifier, the target flow entry is created when the first site sends a second data flow to the second site, a source address of the second data flow is a destination address of the first data flow, and a destination address of the second data flow is a source address of the first data flow; and if the target flow entry is found, send the first data packet through an interface corresponding to an outbound interface identifier in the target flow entry.

公开(公告)号：US20200021558A1

公开(公告)日：2020-01-16

申请号：US16581826

申请日：2019-09-25

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Weiping XU ,  Hua LONG ,  Hongwei HE ,  Shucheng LIU ,  Yuanlong JIANG

IPC: H04L29/12 ,  H04L12/46 ,  H04L12/721

Abstract: An embodiment provides a packet transmission method and apparatus, to resolve a problem that occurs when a packet cannot traverse a NAT device when VTEPs communicate with each other through the NAT device. The method is applied to a VXLAN including a first VTEP, a second VTEP, and a NAT device. The method includes: performing, by the first VTEP, VXLAN encapsulation on a first packet, obtaining a second packet; sending, by the first VTEP, the second packet to the second VTEP through the NAT device; and performing, by the second VTEP, VXLAN decapsulation on the received second packet, to obtain the first packet. The first packet is a packet to be sent by the first VTEP, a destination port number of the second packet is obtained based on a destination IP address of the second packet, and a source port number of the second packet is a preset port number.