Abstract
The present disclosure relates to reliable and fast deployment of Layer 2 (L2) security features including Internet Protocol (IP) Source Guard, Dynamic Address Resolution Protocol (ARP) Inspection, and Dynamic Neighbor Discovery Protocol (NDP) inspection with Dynamic Host Configuration Protocol (DHCP) snooping. The proposed approach dynamically detects a missing DHCP snooping binding entry and builds that using standard ARP and DHCP LEASEQUERY requests, avoiding manual intervention. It also minimizes traffic loss when DHCP snooping binding entry is missing due to failure conditions. The dynamically building the DHCP snooping binding table entry is performed without the need to wait for clients/hosts to renew IP address via DHCP. Proposed mechanism which allows operator to deploy/enable L2 security features DHCP snooping, IP Source Guard (IPSG), Dynamic ARP inspection (DAI), Dynamic NDP inspection (DNI) faster, reliably, and also minimizes traffic outage for valid hosts.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Recommended Citation
Anonymous, "Reliable and fast deployment of L2 security features including IP Source Guard, Dynamic ARP Inspection, and Dynamic NDP inspection with DHCP snooping", Technical Disclosure Commons, (September 01, 2024)
https://www.tdcommons.org/dpubs_series/7321