Chickayya G. Naik

Bio: Chickayya G. Naik is an academic researcher from Cisco Systems, Inc.. The author has contributed to research in topics: Multicast & Source-specific multicast. The author has an hindex of 8, co-authored 10 publications receiving 789 citations.

System and method for distributing multicasts in virtual local area networks

Abstract: The invention relates to a system and method for efficiently distributing multicast messages within computer networks configured to have one or more virtual local area network (VLAN) domains. A multicast network device (MND), having a plurality of interfaces, includes a multicast controller for efficiently distributing multicast messages among subscribing entities associated with various VLAN domains. The multicast controller, which is in communicating relationship with the interfaces, includes a VLAN assignment engine for assigning responsibility for the VLAN domains to the extent there are multiple MNDs. The multicast controller also accesses a multicast tag source to establish a plurality of novel VLAN tags for efficiently distributing multicast messages, including a sub-regional Multicast VLAN Identifier (MVLAN-ID) that encompasses all of the VLAN domains for which the respective MND is responsible, and one or more color-limited MVLAN-IDs that encompass all of the VLAN domains for which the MND is responsible except for one. The multicast controller then tags multicast messages with its sub-regional or a color-limited MVLAN-ID depending on whether the message is considered internal or external by the respective MND. The tagged messages are then forwarded for distribution to the subscribers associated with the various VLAN domains.

Method and apparatus for multicast switching using a centralized switching engine

Abstract: A technique implements forwarding operation shortcuts at a switch for multicast data traffic routed between subnetworks of a computer network. A first multicast frame is forwarded from the switch to a router, which peforms route processing and forwarding operations for a packet encapsulated within the frame. During execution of the operations, the router provides multicast flow and additional information concerning the routed packet to the switch in accordance with a novel multicast shortcut control protocol. The information is used by the switch to implement a novel multicast shortcut for subsequent frames received at the switch having the multicast packet flow.

Systems and methods for multicast switching in a private VLAN

Abstract: A Multicast Listener Discovery (MLD) protocol query and/or report snooping process is modified to appropriately map secondary PVLAN identifiers to corresponding primary PVLAN identifiers, thereby accommodating other system elements that are otherwise unaware of primary/secondary PVLAN distinctions. Special cases are also accommodated where reverse path forwarding (RPF) checks in support of multicast operation might otherwise fail due to primary/secondary PVLAN distinctions. Additional steps are taken to ensure that PVLAN information properly accounts for changes in configuration and/or location of various network hosts.

System and method for performing cascaded lookups to forward packets

Abstract: Cascading a lookup over multiple lookup tables when performing multicast forwarding involves accessing a first lookup table based on at least part of a multicast destination address included in a packet header. The first lookup table identifies the portion (e.g., one or more entries) of a second lookup table in response to a key generated from a first portion of the packet header. The portion of the second lookup table can be accessed based on a second portion of the packet header. The second lookup table identifies at least one output interface via which the packet should be output. Such systems and methods may, in some embodiments, allow existing hardware to be used to support a new addressing format that involves larger addresses than were previously supported by that hardware.

Admission control mechanism for multicast receivers

Abstract: A method and system for controlling admission of an end user to a multicast channel over a network implementing a source filtering protocol. Incoming packet traffic received by an edge router is snooped and, when a request to join a multicast channel is received, the traffic is analyzed. Any service policy associated with the traffic class is found and applied to packet traffic from the requesting user. The actions include accepting membership in a group associated with a multicast channel and pushing the packets to the end user. If the action is to deny membership, then the multicast packets are prevented from reaching the end user. In addition information is logged and may be used for billing purposes or for accumulating marketing or other such information. Also, the actions may be to limit the number of routing states, by denying admittance to a groups once a limit number of requests to join, or other such parameter, is reached. Such limiting will substantially prevent DOS attacks on a multicast router.

Architecture for distributed computing system and automated design, deployment, and management of distributed applications

Abstract: An architecture and methodology for designing, deploying, and managing a distributed application onto a distributed computing system is described.

System and method for source IP anti-spoofing security

Abstract: A system and method that provides for using source IP addresses and MAC addresses in a network to provide security against attempts by users of the network to use false source IP addresses in data packets. The system and method provide for analyzing MAC addresses and source IP addresses at the datalink (layer 2) level, and to use the information derived from such analysis to block access through a port where a host device is using a false, or spoofed, source IP address in transmitted data packets. Further, the system and method provide for validating initially learned source IP addresses, and for determining whether the number of unsuccessful attempts to validate new source IP addresses exceeds a threshold level, and where the number does exceed the threshold number the system and method can provide for operation in a possible attack mode.

Distributed logical l3 routing

Abstract: A novel method for logically routing a packet between a source machine that is in a first logical domain and a destination machine that is in a second logical domain is described. The method configures a managed switching element as a second-level managed switching element. The method configures a router in a host that includes the second-level managed switching element. The method communicatively couples the second-level managed switching element with the router. The method causes the router to route a packet when the router receives a packet from the first logical domain that is addressed to the second logical domain.

Method and apparatus for implementing and managing virtual switches

Abstract: In general, the present invention relates to a virtual platform in which one or more distributed virtual switches can be created for use in virtual networking. According to some aspects, the distributed virtual switch according to the invention provides the ability for virtual and physical machines to more readily, securely, and efficiently communicate with each other even if they are not located on the same physical host and/or in the same subnet or VLAN. According other aspects, the distributed virtual switches of the invention can support integration with traditional IP networks and support sophisticated IP technologies including NAT functionality, stateful firewalling, and notifying the IP network of workload migration. According to further aspects, the virtual platform of the invention creates one or more distributed virtual switches which may be allocated to a tenant, application, or other entity requiring isolation and/or independent configuration state. According to still further aspects, the virtual platform of the invention manages and/or uses VLAN or tunnels (e.g, GRE) to create a distributed virtual switch for a network while working with existing switches and routers in the network. The present invention finds utility in both enterprise networks, datacenters and other facilities.

Network load balancing with host status information

Abstract: In a first exemplary media implementation, one or more processor-accessible media include processor-executable instructions that, when executed, direct a system to perform actions that include: accumulating host status information at multiple hosts; and sending the accumulated host status information from the multiple hosts In a second exemplary media implementation, one or more processor-accessible media include processor-executable instructions that, when executed, direct a system to perform actions that include: receiving host status information from multiple hosts; and making load balancing decisions responsive to the received host status information In a third exemplary media implementation, one or more processor-accessible media include processor-executable instructions that, when executed, direct a system to perform actions that include: determining health and load information on a per application basis; and selecting an application from among multiple applications responsive to the health and load information