Dynamic fabric systems and methods are disclosed for providing connections between endpoints of a communication network. An exemplary dynamic fabric system can include backplane lanes, a dynamic fabric device, and a control device. The dynamic fabric device can include local fabric lanes and a network interface device configurable to communicatively connect the local fabric lanes to a network. The dynamic fabric device can also include a local switch configurable forward messages to backplane lanes and an interconnect configurable to statically connect local fabric lanes and corresponding backplane lanes. The dynamic fabric device can also include a controller configurable to create or break these static connections. The control device can provide instructions to the dynamic fabric device to create or break the static connections based on changes in the number of active dynamic fabric devices installed in the dynamic fabric system.

Some embodiments of the invention provide a method for implementing a logical switching element that includes multiple logical ports through which the logical switching element receives and sends data packets. The method configures multiple managed forwarding elements to implement the logical switching element. The method also determines that port isolation has been enabled for the logical switching element. The method further provides a set of data directing the managed forwarding elements to drop a particular data packet received through a first logical port when the particular data packet is addressed to a second logical port different than the first logical port to implement the port isolation.

A storage system switching between mediation models within a storage system, where the switching between mediation models includes: determining, among one or more of the plurality of storage systems, a change in availability of a mediator service, wherein one or more of the plurality of storage systems are configured to request mediation from the mediator service in response to a fault; and communicating, among the plurality of storage systems and responsive to determining the change in availability of the mediator service, a fault response model to be used as an alternate to the mediator service among one or more of the plurality of storage systems.

A storage system switching between mediation models within a storage system, where the switching between mediation models includes: determining, among one or more of the plurality of storage systems, a change in availability of a mediator service, wherein one or more of the plurality of storage systems are configured to request mediation from the mediator service in response to a fault; and communicating, among the plurality of storage systems and responsive to determining the change in availability of the mediator service, a fault response model to be used as an alternate to the mediator service among one or more of the plurality of storage systems.

The present invention discloses a method for controlling transmission security of an industrial communication flow based on an SDN architecture. The method comprises: designing a flow security control module in a management controller, performing in-depth parsing on industrial communication flow data, matching the parsing result with each preset industrial rule policy, and executing a control processing operation of the industrial rule policy, to implement transmission control of an industrial communication flow. The management controller comprises an industrial rule policy database used for storing all industrial rule policies set by a user. An SDN switch maintains a structure of a flow table, and an industrial communication flow is forwarded according to the flow table. The flow table comprises a security control identifier used for indicating whether security transmission of this communication flow needs to be controlled. The present invention can detect the legality of an industrial communication data flow, to control access of industrial communication that does not conform to an industrial rule policy, so that the security and reliability of industrial control systems based on an SDN architecture are guaranteed.

A packet received by a network device via a network. A first portion of the packet is stored in a packet memory, the first portion including at least a payload of the packet. The packet is processed based on information from a header of the packet. After the packet is processed, a second portion of the packet is stored in the packet memory, the second portion including at least a portion of the header of the packet. When the packet is to be transmitted the first portion of the packet and the second portion of the packet are retrieved from the packet memory, and the first portion and the second portion are combined to generate a transmit packet. The transmit packet is forwarded to a port of the network device for transmission of the transmit packet via port of the network device

A method for establishing a communications path is provided. A routing path between a source port on a source switch and a destination port on a destination switch through intermediate switches is identified. A first message is sent to the source switch, the destination switch and the intermediate switches instructing the recipient switches to prepare for establishing a connection. In response to receiving a first set of acknowledgment messages from the recipient switches, a second message is sent to the destination switch and the intermediate switches instructing these switches to establish a connection to the destination port along the identified routing path. In response to receiving a second set of acknowledgment messages from the destination switch and each of the intermediate switches, a third message is sent to the source switch instructing it to establish a connection between the source port and the established connection to the destination port.

A data communication system includes a plurality of mutually-disjoint sets of switches, each set including multiple mutually-disjoint subsets of the switches in the set. Local links interconnect the switches within each of the subsets in a fully-connected topology, while none of the switches in any given subset are connected in a single hop to any of the switches in any other subset within the same set. Global links interconnect the sets of the switches, each global link connecting one switch in one of the sets to another switch in another one of the sets, such that each of the subsets in any given set of the switches is connected in a single hop by at least one global link to at least one of the subsets of every other set of the switches.

A data communication system includes a plurality of mutually-disjoint sets of switches, each set including multiple mutually-disjoint subsets of the switches in the set. Local links interconnect the switches within each of the subsets in a fully-connected topology, while none of the switches in any given subset are connected in a single hop to any of the switches in any other subset within the same set. Global links interconnect the sets of the switches, each global link connecting one switch in one of the sets to another switch in another one of the sets, such that each of the subsets in any given set of the switches is connected in a single hop by at least one global link to at least one of the subsets of every other set of the switches.

A computing platform executing an application may receive a response to a request for opening a network port for utilization by the application from a computing platform distinct from the computer platform executing the application. The computing platform executing the application may determine whether to open the network port for utilization by the application based on the response to the request. In some embodiments, the application may invoke at least one call to an application program interface (API) of an operating system (OS) running on the computing platform executing the application, and the request may be generated responsive to the at least one call to the API of the OS.