VMware, Inc.
CENTRALIZED CAPABILITY SYSTEM FOR PROGRAMMABLE SWITCHES

Abstract:

Embodiments described herein involve resource protection in a network. Embodiments include receiving, by a switch, a grant message from a first computing entity including a key and an indication of a first capability granted to a second computing entity to perform one or more operations with respect to a resource. Embodiments include generating, by the switch, an entry in a capability table based on the grant message. Embodiments include receiving, by the switch, a request from the second computing entity to perform an operation of the one or more operations with respect to the resource, wherein the request comprises the key. Embodiments include confirming, by the switch, that the second computing entity is permitted to perform the operation based on the key and the entry in the capability table. Embodiments include transmitting, by the switch, the request to the first computing entity in response to the confirming.