公开(公告)号：US11095478B2

公开(公告)日：2021-08-17

申请号：US16109801

申请日：2018-08-23

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Ying Xie ,  Xin Wang

IPC: H04L12/46 ,  H04L29/06 ,  H04L12/741

Abstract: The present invention discloses an access control method, apparatus, and system, and belongs to the communications field. The method includes: receiving a virtual extensible local area network VXLAN request packet sent by an access device; parsing the VXLAN request packet to obtain an IP address of the access device and authentication information of a user; sending the IP address of the access device and the authentication information of the user to an authentication server, so that the authentication server authenticates the user; receiving an authentication result sent by the authentication server; and controlling the user according to the authentication result. According to the present invention, the user is authenticated according to access information of the user in a VXLAN scenario.

公开(公告)号：US10091108B2

公开(公告)日：2018-10-02

申请号：US15274522

申请日：2016-09-23

Applicant: Huawei Technologies Co., Ltd.

Inventor： Zhongfang Lin ,  Guangrui Wu ,  Ying Xie

IPC: H04L12/743 ,  H04L12/707 ,  H04L12/801 ,  H04L29/12 ,  H04L12/721

Abstract: A method for packet forwarding based on equal-cost multi-path and a network device, in order to resolve problems that are caused by inconsistent forwarding paths for packets in two directions of a same service flow in an equal-cost multi-path scenario. A first network device performs calculation on characteristic information in a packet using a hash algorithm to obtain a hash value, determines, according to a correspondence between hash values and path identifiers that is acquired in advance, a path identifier corresponding to the hash value, and forwards the packet to a second network device through a path that corresponds to the path identifier, where the path is one of the N equal-cost paths. There exist N equal-cost paths for packet forwarding between the first network device and the second network device. The same hash algorithm is configured on the two network devices respectively.

公开(公告)号：US20170093718A1

公开(公告)日：2017-03-30

申请号：US15274522

申请日：2016-09-23

Applicant: Huawei Technologies Co., Ltd.

Inventor： Zhongfang Lin ,  Guangrui Wu ,  Ying Xie

IPC: H04L12/743 ,  H04L12/801 ,  H04L29/12 ,  H04L12/707

CPC classification number: H04L45/7453 ,  H04L45/12 ,  H04L45/24 ,  H04L47/34 ,  H04L61/2007

Abstract: A method for packet forwarding based on equal-cost multi-path and a network device, in order to resolve problems that are caused by inconsistent forwarding paths for packets in two directions of a same service flow in an equal-cost multi-path scenario. A first network device performs calculation on characteristic information in a packet using a hash algorithm to obtain a hash value, determines, according to a correspondence between hash values and path identifiers that is acquired in advance, a path identifier corresponding to the hash value, and forwards the packet to a second network device through a path that corresponds to the path identifier, where the path is one of the N equal-cost paths. There exist N equal-cost paths for packet forwarding between the first network device and the second network device. The same hash algorithm is configured on the two network devices respectively.

公开(公告)号：US11528217B2

公开(公告)日：2022-12-13

申请号：US17100530

申请日：2020-11-20

Applicant: Huawei Technologies Co., Ltd.

Inventor： Dongdong Li ,  Pu Cheng ,  Ying Xie

IPC: H04L45/12 ,  H04L47/125

Abstract: This application provides a path switching method and a related apparatus. In the path switching process, an ECMP table includes a first ECMP index of a first path group and a second ECMP index of a second path group; when all paths in the first path group have failed, a path group identifier corresponding to the first ECMP index may be changed from valid to invalid in the ECMP table, indicating that all paths in the first path group are unavailable. In this case, a path group identifier corresponding to the second ECMP index is valid, indicating that the second path group includes an available path, thereby completing switching between an active path and a standby path. In this process, only an identifier corresponding to the ECMP index needs to be updated, and therefore, the time consumed is relatively short, and the path switching delay can be effectively reduced.

公开(公告)号：US20220255837A1

公开(公告)日：2022-08-11

申请号：US17731917

申请日：2022-04-28

Applicant: Huawei Technologies Co., Ltd.

Inventor： Yuezhuo Sun ,  Ying Xie ,  Yuan Gao

IPC: H04L45/02 ,  H04L45/76 ,  H04L12/46

Abstract: A first data center interconnection (DCI) device in a first data center receives a first packet from a Border Gateway Protocol Ethernet virtual private network (BGP EVPN) neighbor, where the first packet includes routing information of a first forwarding instance of an access device in the first data center and an export route target of the first forwarding instance. The first DCI device obtains a second forwarding instance that corresponds to the first packet, where an import route target of the second forwarding instance matches the export route target of the first forwarding instance. The first DCI device generates a second packet that includes routing information of the second forwarding instance and an export route target of the second forwarding instance, which includes a DCI interworking route target. The first DCI device sends the second packet to a second DCI device in a second data center.

公开(公告)号：US10771284B2

公开(公告)日：2020-09-08

申请号：US15176849

申请日：2016-06-08

Applicant: Huawei Technologies Co., Ltd.

Inventor： Weiguo Hao ,  Ying Xie ,  Fengming Zhou

IPC: H04L12/46 ,  H04L12/721 ,  H04L12/703

Abstract: A troubleshooting method and apparatus for an edge routing bridge (RB) in a Transparent Interconnection of Lots of Links (TRILL) campus, which belong to the field of communications technologies, where the method includes detecting, by a first edge RB in a multi-homing access group, whether an access link of the first edge RB is faulty, and sending, by the first edge RB, a fault notification message to one or more other edge RBs except the first edge RB in the multi-homing access group using the TRILL campus, when the access link of the first edge RB is faulty, where the fault notification message is used to notify the one or more other edge RBs that the access link of the first edge RB is faulty, and hence effectively increase a network convergence speed and network reliability.

公开(公告)号：US09825861B2

公开(公告)日：2017-11-21

申请号：US14947485

申请日：2015-11-20

Applicant: Huawei Technologies Co., Ltd.

Inventor： Daolong Zhou ,  Ying Xie

IPC: H04L12/741 ,  H04L29/12 ,  H04L29/06 ,  H04L12/707 ,  H04L12/803 ,  H04L12/747

CPC classification number: H04L45/745 ,  H04L45/24 ,  H04L45/742 ,  H04L47/125 ,  H04L61/103 ,  H04L61/2007 ,  H04L61/6009 ,  H04L61/6022 ,  H04L61/6077 ,  H04L69/22

Abstract: A packet forwarding method, apparatus, and system in which a host receives a first packet sent by a gateway, and parses the first packet to obtain a source IP address and a source MAC address from the first packet; queries a host cache table, when a mapping relationship between the source IP address and the source MAC address does not exist in the host cache table, saves the mapping relationship between the source IP address and the source MAC address in the host cache table; the host generates a response packet according to the first packet, and queries the host cache table to acquire a first destination MAC address corresponding to a first destination IP address that is in the response packet; and forwards, according to the first destination MAC address, the response packet to an external network by using the gateway.

公开(公告)号：US09800591B2

公开(公告)日：2017-10-24

申请号：US14811591

申请日：2015-07-28

Applicant: Huawei Technologies Co., Ltd.

Inventor： Shuming Liu ,  Ying Xie

IPC: H04L29/06 ,  H04L12/66 ,  H04L12/64

CPC classification number: H04L63/1408 ,  H04L12/6418 ,  H04L12/66 ,  H04L63/02 ,  H04L63/14 ,  H04L63/1441

Abstract: The present invention provides a method for processing a packet on a TRILL network, relates to the field of communications, and can effectively defend against a network packet attack. The method includes: receiving a packet sent by a device on a network; if it is determined that the device is a trusted RB, giving up performing a security check on the packet coming from the device; and if it is determined that the device is not a trusted RB, performing a security check on the packet coming from the device. The present invention further provides a corresponding apparatus.

公开(公告)号：US20150188827A1

公开(公告)日：2015-07-02

申请号：US14569138

申请日：2014-12-12

Applicant: Huawei Technologies Co., Ltd.

Inventor： Xianming Li ,  Ying Xie ,  Shuming Liu

IPC: H04L12/851 ,  H04L12/24

CPC classification number: H04L47/2408 ,  H04L41/0806 ,  H04L41/0813 ,  H04L41/084 ,  H04L41/085 ,  H04L41/0893 ,  Y02D30/30

Abstract: A differentiated service (DS) domain generating method, a device, and a system. A network management device obtains device attribute information of multiple DS devices; determines according to the device attribute information of the multiple DS devices, a DS device that belongs to a first DS domain; and sends a notification message to the DS device that belongs to the first DS domain, so that the DS device that belongs to the first DS domain joins the first DS domain according to the notification message, thereby implementing automatic determining and generation of a DS domain, reducing workload of configuring quality of service (QoS) parameters in a DS domain including a relatively large number of devices, and improving efficiency in generating and maintaining the DS domain.

Abstract translation: 差异化服务（DS）域生成方法，设备和系统。 网络管理设备获取多个DS设备的设备属性信息; 根据多个DS设备的属性信息确定属于第一DS域的DS设备; 并向属于第一DS域的DS设备发送通知消息，使得属于第一DS域的DS设备根据通知消息加入第一DS域，从而实现DS域的自动确定和生成 ，降低了DS域中配置服务质量（QoS）参数的工作量，包括相对较多的设备，并提高了生成和维护DS域的效率。

公开(公告)号：US09667554B2

公开(公告)日：2017-05-30

申请号：US14569138

申请日：2014-12-12

Applicant: Huawei Technologies Co., Ltd.

Inventor： Xianming Li ,  Ying Xie ,  Shuming Liu

IPC: H04L12/28 ,  H04L12/851 ,  H04L12/24

CPC classification number: H04L47/2408 ,  H04L41/0806 ,  H04L41/0813 ,  H04L41/084 ,  H04L41/085 ,  H04L41/0893 ,  Y02D30/30

Abstract: A differentiated service (DS) domain generating method, a device, and a system. A network management device obtains device attribute information of multiple DS devices; determines according to the device attribute information of the multiple DS devices, a DS device that belongs to a first DS domain; and sends a notification message to the DS device that belongs to the first DS domain, so that the DS device that belongs to the first DS domain joins the first DS domain according to the notification message, thereby implementing automatic determining and generation of a DS domain, reducing workload of configuring quality of service (QoS) parameters in a DS domain including a relatively large number of devices, and improving efficiency in generating and maintaining the DS domain.