A method of recording layer-2 (L2) mappings created for workloads executing on a plurality of hosts in a first database managed by a network management server: upon receipt of a first mapping reported by a first host, determining that the first mapping is not recorded in the first database; and in response to the determining that the received first mapping is not recorded in the first database, generating a first timestamp and persisting a first record in the first database that includes the first mapping and the first timestamp.

A method of recording layer-2 (L2) mappings created for workloads executing on a plurality of hosts in a first database managed by a network management server: upon receipt of a first mapping reported by a first host, determining that the first mapping is not recorded in the first database; and in response to the determining that the received first mapping is not recorded in the first database, generating a first timestamp and persisting a first record in the first database that includes the first mapping and the first timestamp.

Systems and methods for increasing layer 2 visibility of layer 3 network devices so as to facilitate implementation of device-oriented policy actions by layer 3 network devices are provided. According to one embodiment, unique physical addresses of one or more host devices are retrieved by a dynamic host configuration protocol (DHCP) agent that is operatively coupled with a DHCP server. The physical addresses are mapped to corresponding Internet Protocol (IP) addresses assigned by the DHCP server to the one or more host devices. The mapping is relayed directly or indirectly to a network security device. Network traffic management/security policies are defined within the network security device corresponding to at least one of the unique physical addresses.

A network device is configured to provide, via an Ethernet segment with a customer network, active-active multi-homing L2 virtual bridge connectivity to the customer network using an EVPN instance (EVI) and L3 routing using an IRB interface that is a L3 routing interface assigned to the EVI; to receive, from a peer PE device of the EVPN instance, an EVPN route comprising an L2-L3 binding for a customer device of the customer network and associating the L2-L3 binding with the Ethernet segment, the L2-L3 binding comprising an L2 and an L3 address assigned to the customer device, wherein the peer PE device provides, with the network device and via the Ethernet segment, active-active multi-homing L2 virtual bridge connectivity to the customer network; and to forward, via the Ethernet segment and based at least on the L2-L3 binding received from the peer PE device, an L3 packet to the customer device.

Modular industrial automation device and method for configuring a modular industrial automation device, wherein in order to configure the modular industrial automation device which includes a central unit and at least one communication module which each comprise a router module and a routing configuration unit, the routing configuration units transmit routing information stored in their routing table to routing configuration units of other router modules, and the routing configuration units update their respective routing table based on routing information which is received from routing configuration units of other router modules and relates to routes to IPv4 subnetworks assigned to other router modules, a default gateway and a connection between the associated router module and a backplane bus system.

Systems, methods and devices for location-based services are disclosed in the present invention. A multiplicity of network devices, a database, and a server platform in network-based communication. The database stores a space-network model binding IP addresses and physical locations. The server platform is operable to generate at least one geofence in the space-network model and specify entitlements for the location-based services within the at least one geofence. The at least one geofence and specific entitlement are stored to the database. The multiplicity of network devices is configured to learn the space-network model and the at least one geofence and perform tasks based on the entitlements specified for the location-based services within the at least one geofence.

Aspects of the embodiments are directed to receiving an address resolution protocol (ARP) request message from a requesting virtual machine, the ARP request message comprising a request for a destination address for a destination virtual machine, wherein the destination address comprises one or both of a destination hardware address or a destination media access control address; augmenting the ARP request message with a network service header (NSH), the NSH identifying an ARP service function; and forwarding the augmented ARP request to the ARP service function.

MITM attacks are detected by intercepting network configuration traffic (name resolution, DHCP, ARP, ICMP, etc.) in order to obtain a description of network components. A computer system generates artificial requests for network configuration information and monitors responses. Multiple responses indicate a MITM attack. Responses that are different from previously-recorded responses also indicate a MITM attack. MITM attacks may be confirmed by transmitting fake credentials to a source of a response to a request for network configuration information. If the fake credentials are accepted or are subsequently used in an access attempt, then a MITM attack may be confirmed.

Techniques are disclosed relating to creating and managing an information flow within a multi-layer computer network. In various embodiments, a computer system in a first layer within a multi-layer computer network, maintains state information defining an information flow within the multi-layer computer network. In various embodiments, the computer system assigns a particular action (that is included in the information flow) to be performed at a second, different layer of the multi-layer computer network. In various embodiments, the computer system generates program instructions to perform the particular action. The program instructions may be generated using device information accessible to the computer system and indicative of characteristics of a computer system within the second layer. In various embodiments, the computer system in the first layer causes the program instructions to be sent to the computer system in the second layer to perform the particular action as part of the defined information flow.

A network communication device includes a plurality of ports, a memory, and a processor. The plurality of ports is configured to receive a packet. A memory is configured to store a first lookup table and a second lookup table. An entry of the first lookup table includes a flag field. An entry of the second lookup table includes an entry address of the first lookup table. The processor is coupled to the memory and the plurality of ports. The network communication device is configured to: analyze the packet by a software or hardware to obtain a source Media Access Control (MAC) address; obtain, according to the source MAC address of the packet, the entry of the first lookup table; read the flag field of the entry; and determine, according to the flag field, whether the entry is referred by the second lookup table.