Abstract

The protocols typically used by overlay technologies, such as Ethernet Virtual Private Network (EVPN), Virtual Extensible Local Area Network (VxLAN), Network Virtualization Overlays (NVO3), etc. are not designed to perform Media Access Control (MAC) learning validation. Thus, overlay environments may be subject to Denial-of-Service (DOS attacks), MAC spoofing, and other potential attacks/issues. Presented herein are techniques to facilitate a centralized service that performs MAC learning, referred to herein as "MAC Learning-as-a-Service" (MLaaS), such that MAC addresses, Internet Protocol (IP) addresses, and network virtualization edge (NVE) devices can be learned for an overlay environment. Such techniques as presented herein can provide for increasing the MAC scale when compared to network devices, can facilitate providing MAC/AP address priorities in Ternary Content-Addressable Memory (TCAM) of NVE devices based on certain device groups, can facilitate efficient MAC/IP address validation via machine learning and simulated direct probing, and can prevent traffic loss during MAC movement, which can be predicted through machine learning.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.

Download

Share

COinS