WO2019157476A1 - Binding osi layer 3 ip connections to osi layer 2 for mesh networks - Google Patents

Abstract

Embodiments for transmitting data in a mesh network through a binding process that groups to reduce the complexity of connections between sets of nodes in a mesh network. The process implements the connections at the OSI Layer 2 data link layer. An Ethernet bridge is created to bind all the tunnel connection with a specific node. A virtual NIC is used to generate a MAC address. The NIC behaves as a switch in routing traffic from the MAC address to bound tunnels from the bridge. A new IP address is generated to represent the MAC address so that communication between newly generated IPs can then work with any Internet protocols.

Description

BINDING OSI LAYER 3 IP CONNECTIONS TO OSI LAYER 2

FOR MESH NETWORKS

CROSS-REFERENCE TO RELATED APPLICATIONS

[0001] This application claims the benefit of U.S. Provisional Application No.

62/629,601, filed February 12, 2018, and U.S. Provisional Application No. 62/644,188, filed

March 16, 2018.

TECHNICAL FIELD

[0002] Embodiments are generally directed to mesh networks, and more specifically to binding multiple OSI Layer 3 connections to network nodes using OSI Layer 2 addressing.

COPYRIGHT NOTICE

[0003] A portion of the disclosure of this patent document contains material which is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure, as it appears in the Patent and Trademark Office patent file or records, but otherwise reserves all copyright rights whatsoever.

BACKGROUND

[0004] In a mesh network, nodes connect directly and non-hierarchicaliy to as many other nodes as possible and cooperate to efficiently route data to and from clients. In a typical network, nodes may comprise bridges, switches, routers, and other infrastructure devices.

The inherent lack of dependency on one node allows for every node to participate in the relay of information. Mesh networks dynamically self-organize and self-configure, which helps reduce installation overhead and allows for a dynamic distribution of workloads to enable fault-tolerance and optimized performance. [0005] In a fully meshed network, each node is connected to every other node in the network. In a partial mesh network, certain nodes may be coupled to only some of the other nodes. Mesh networks can relay messages using either flooding or routing techniques.

With routing, a message is propagated along a path by hopping from node to node until it reaches its destination. To ensure inter-node connectivity, mesh networks allow for continuous connections and automatic routing around broken paths by using self- healing mechanisms such as shortest-path bridging and similar methods. Self-healing allows a routing-based network to operate when a node becomes disabled or unreliable. Mesh networks are thus generally very reliable as multiple paths may exist between a source and a destination.

[0006] While mesh networks (especially wireless mesh networks) are emerging as flexible and low-cost extensions or replacements of wired infrastructure networks, they do pose certain challenges and potential problems. For example, mesh networks can be complicated to set up, manage, and maintain. This complexity increases significantly with the addition of each extra node. Getting a mesh network to work properly is often very difficult, especially when it comes to managing latency. Message overhead is often a significant constraint in networks that employ multiple hops using the 802.11 (or similar) standard. Furthermore, present routing protocols are also generally unable to scale over a few hundred nodes and network coverage is constrained by the limited range of wireless user devices.

[0007] What is needed, therefore, is a mesh network architecture and control process that manages network complexity and reduces the complexity caused by adding nodes and scaling up the network.

[0008] The subject matter discussed in the background section should not be assumed to be prior art merely as a result of its mention in the background section. Similarly, a problem mentioned in the background section or associated with the subject matter of the background section should not be assumed to have been previously recognized in the prior art. The subject matter in the background section merely represents different approaches, which in and of themselves may also be inventions.

BRIEF DESCRIPTION OF THE DRAWINGS

[0009] In the following drawings like reference numerals designate like structural elements. Although the figures depict various examples, the one or more embodiments and implementations described herein are not limited to the examples depicted in the figures.

[0010] FIG. 1 illustrates a large-scale mesh network including wired and wireless links that implements a mesh network control process under some embodiments.

[0011] FIG. 2 illustrates an example mesh network implementing an OSI Layer 2 binding process, under some embodiments.

[0012] FIG. 3 illustrates an OSI sevendayer model including Layer 2 and Layer 3 protocols as used in a binding process, under some embodiments.

[0013] FIG. 4 illustrates a circuit binding node connections to OSI Layer 2, under some embodiments.

[0014] FIG. 5 illustrates the network of FIG. 4 expanded to show additional nodes for binding of multiple tunnels to a single virtual MAC address for a node.

[0015] FIG. 6 is a flowchart that illustrates a method of transmitting data over a mesh network using OSI Layer 2 binding, under an embodiment.

[0016] FIG. 7 illustrates implementing a secure Layer 2 tunnel for translating IP addresses to a MAC address in a binding process, under some embodiments.

[0017] FIG. 8A illustrates implementing a virtual bridge to bind OSI Layer 2, under some embodiments. [0018] FIG. 8B illustrates a multi-subnet virtual bridge system, under some embodiments.

[0019] FIG. 8C is a flowchart that illustrates a method of creating a virtual bridge, under some embodiments.

[0020] FIG. 9 illustrates an example medium-scale mesh network implementing OSI Layer 2 connection binding, under some embodiments.

[0021] FIG. 10 illustrates an example network that globally organizes and enables the formation of autonomous networks, under some embodiments.

[0022] FIG. 11 illustrates an implementation of a pipe in an OSI model, under some embodiments.

[0023] FIG. 12 is a block diagram of a computer system used to execute one or more software components of an OSI Layer 2 binding mechanism for mesh networks, under some embodiments.

DETAILED DESCRIPTION

[0024] A detailed description of one or more embodiments is provided below along with accompanying figures that illustrate the principles of the described embodiments. While aspects of the invention are described in conjunction with such embodiments, it should be understood that it is not limited to any one embodiment. On the contrary, the scope is limited only by the claims and the invention encompasses numerous alternatives, modifications, and equivalents. For the purpose of example, numerous specific details are set forth in the following description in order to provide a thorough understanding of the described embodiments, which may be practiced according to the claims without some or all of these specific details. For the purpose of clarity, technical material that is known in the technical fields related to the embodiments has not been described in detail so that the described embodiments are not unnecessarily obscured.

[0025] It should be appreciated that the described embodiments can be implemented in numerous ways, including as a process, an apparatus, a system, a device, a method, or a computer-readable medium such as a computer-readable storage medium containing computer-readable instructions or computer program code, or as a computer program product, comprising a computer-usable medium having a computer-readable program code embodied therein. In the context of this disclosure, a computer-usable medium or computer- readable medium may be any physical medium that can contain or store the program for use by or in connection with the instruction execution system, apparatus or device. For example, the computer-readable storage medium or computer-usable medium may be, but is not limited to, a random-access memory (RAM), read-only memory (ROM), or a persistent store, such as a mass storage device, hard drives, CDROM, DVDROM, tape, erasable

programmable read-only memory (EPROM or flash memory), or any magnetic,

electromagnetic, optical, or electrical means or system, apparatus or device for storing information. Alternatively, or additionally, the computer-readable storage medium or computer-usable medium may be any combination of these devices or even paper or another suitable medium upon which the program code is printed, as the program code can be electronically captured, via, for instance, optical scanning of the paper or other medium, then compiled, interpreted, or otherwise processed in a suitable manner, if necessary, and then stored in a computer memory.

[0026] Applications, software programs or computer-readable instructions may be referred to as components or modules. Applications may be hardwired or hard coded in hardware or take the form of software executing on a general-purpose computer or be hardwired or hard coded in hardware such that when the software is loaded into and/or executed by the computer, the computer becomes an apparatus for practicing the invention. Applications may also be downloaded, in whole or in part, through the use of a software development kit or toolkit that enables the creation and implementation of the described embodiments. In this specification, these implementations, or any other form that the invention may take, may be referred to as techniques. In general, the order of the steps of disclosed processes may be altered within the scope of the described embodiments.

[0027] Embodiments are directed to a process and system of managing a mesh network by binding OSI Layer 2 and 3 protocols with respect to certain network elements in order to reduce complexities incurred with scaling up the network. FIG. 1 illustrates a large-scale mesh network that implements mesh network management process under some embodiments. As shown in FIG. 1, mesh network 100 comprises a number of network elements such as wireless and/or wired routers 101, computers (servers, desktops, laptops, etc.) 103, transmission interfaces, gateways 105, and the like. Network 100 includes different types of links, such as wireless links 112, wired links, and long-distance transmission links 112 that utilize antennas 107.

[0028] Each device or network element represents a node in the network and is coupled to at least one or more other nodes for transmission of messages (data packets) in accordance with defined routing protocols. In a wireless mesh network (WMN), mesh clients are typically computers (e.g., 111), laptop/notebook computers (e.g., 103), tablets, cell phones and other wireless devices while the mesh routers forward traffic to and from the gateways (e.g., 105), which may be connected to the Internet. The wireless protocols may be implemented using IEEE 802.1, Bluetooth, or any other appropriate wireless standard. The transmission links 112 may represent cellular communication links or any other telephonic or WAN/LAN network link, and wired links 114 may be implemented using copper, fiber, or any other appropriate hardwired link. FIG. 1 illustrates one example of a large-scale WMN, and embodiments are not so limited. A mesh network of any size, composition, and transmission media over some or all of the links may be used. Though network 100 illustrates a partial mesh network in which not every node is connected to every other node, a mesh network under embodiments may be a fully meshed network or partial network, or a hybrid network including full and/or partial sub-networks.

[0029] Network 100 may include any number of sub-networks that may be wired or wireless LAN or mesh networks containing different devices or network elements. Each device may be assigned a unique network address (e.g., "lO.x.y.z") that specifies a network, sub-network, and device identifier, or similar unique attribute. It should be noted that FIG. 1 illustrates an example network and many different network configurations and topographies are possible.

[0030] In mesh network 100, data packets are transmitted through hops from one device to another until they reach their destination using dynamic routing algorithms that are implemented in each device. Using dynamic routing, each device determines what to do with the data it receives, which is to either pass it on to the next device or keep it, depending on the protocol. Routing algorithms typically try to ensure that the data takes the most appropriate (fastest) route to its destination. Many different routing algorithms are generally available, and network 100 may be configured to operate with any appropriate algorithm, such as dynamic source routing (DSR), associativity-based routing (ABR), optimized link state routing (OLSR), Babel, or any other defined or ad hoc routing protocol using any appropriate routing provider and product. Embodiments may be configured to work with either flooding, routing, or hybrid (flooding/routing) protocols.

[0031] As stated above, it can often be difficult to efficiently manage mesh networks. Various management functions need to be performed, such as establishing connection existence, maintaining network quality, performing load balancing, and ensuring fault tolerance, among other network functions. For a mesh network, managing network complexity increases substantially with the addition of each node, especially in the case of fully meshed networks. In an embodiment, network 100 includes a server computer 102 that implements a network management process 104 that alleviates the issue of network complexity through a binding process that employs both Layer 2 (MAC) address and Layer 3 (IP) address schemes for at least some of the devices in the network.

[0032] FIG. 2 illustrates a simple example mesh network 200 comprising four nodes (n=4) in which each node is connected to every other node. Network 200 is provided as an example of a network implementing an OSI Layer 2 binding process under some

embodiments. As shown in FIG. 2, if any node wants to communicate with a specific other node, several network paths are available. For a full mesh network, the network topology formula is generally expressed as (n(n-l))/2, where n is the number of nodes in the network. For example, in network 200, if node A wants to communicate with node C, there are six total interfaces to node C including C itself and five possible paths from A to C:

A to C

A to B to C

A to D to C

A to D to B to C

A to B to D to C

[0033] For a full mesh network, all nodes (e.g., routers) have interfaces (ports) to all other nodes, and the network topology formula of direct connections is as given above. As the number of nodes, n, grows, the connection complexity increases substantially, so that for n=4, there are six connections, for n=5, there are 10 connections; for n=6, there are 15 connections, for n=7 there are 21 connections, and so on. [0034] It should be noted that FIG. 2 illustrates a simple four node network for simplicity and purposes of example and description only. Actual deployed networks using embodiments described herein may be more complex and of different configurations.

OSI Laver Binding

[0035] In an IP (Internet Protocol) network, such as a mesh network using the Internet, the management of nodes generally occurs at OSI Layer 3. FIG. 3 illustrates the OSI framework that is used under some embodiments. The OSI (Open Systems Interconnection) reference model describes how information from a software application in one computer moves through a network medium to a software application in another computer in a seven layer model. The OSI model specifies particular network functions with tasks involved with moving information assigned to each of the seven OSI layers. Each layer is self-contained so that the tasks assigned to each layer can be implemented independently. The layers from sender to receiver are in the following order (Layer 7 to Layer 1):

APPLICATION - PRESENTATION -SESSION - TRANSPORT - NETWORK - DATA LINK - PHYSICAL

[0036] The Application, Presentation and Session layers represent the software layers; the Transport layer is in the operating system, and the Network, Data Link, and Physical layers are the hardware layers.

[0037] FIG. 3 illustrates some different layers of the OSI model and their associated applications and functions. The physical layer (Layer 1) is concerned with the transmission of data bits over physical mediums. The data link layer (Layer 2) specifies transmission of frames between connected nodes on the physical layer. The network layer (Layer 3) describes addressing, routing and traffic control of a multi-node network. The transport layer (Layer 4) describes segmentation, acknowledgement and multiplexing between points on a network. Other OSI layers (not shown) include the session layer (Layer 5) that looks at the continuous exchange of data between two nodes; the presentation layer (Layer 6) which performs data compression and encryption / decryption between a network service and application; and the application layer (Layer 7) which does resource sharing, high level APIs and remote file access. A specific layer may be expressed, for example, as "Layer x" or "Lx".

[0038] As used herein and corresponding to known conventions, a MAC address or Media Access Control address of a device is a unique identifier assigned to a network interface controller (NIC) for communications at the Data Link layer of a network segment. MAC addresses are typically used in the medium access control protocol sublayer, and are usually presented as six groups of two hexadecimal digits. A MAC address may also be referred to as the burned-in address (BIA), hardware address or Ethernet hardware

address (EHA), or physical address. A node may have multiple NICs and each NIC must have a unique MAC address. MAC addresses are most often assigned by the manufacturer of a NIC and are stored in its hardware.

[0039] In the OSI model, layers 1, 2 and 3 are media layers while layers 4 along with layers 5, 6 and 7 are host layers. As shown in FIG. 3, the data link Layer 2 is a broadcast MAC level network. It provides error-free transfer of data frames between nodes over the Layer 1, where the data frames contain MAC addresses. Layer 2 establishes and terminates the logical link between nodes, provides frame traffic control, sequencing, acknowledgement, delimiting, and error-checking. The network Layer 3 provides segmented routing over IP network and control s operations of the subnet by deciding which physical path the data takes. It processes data packets that contain the IP addresses. Layer 3 provides routing, subnet traffic control, frame fragmentation, logical-physical address mapping, and usage accounting functions. The transport Layer 4 delivers messages in sequence and error-free. It provides flow control functions between hosts through message segmentation, acknowledgment, traffic control, and session multiplexing. [0040] l Jnder the OSI model 300, Layer 3 works on top of Layer 2, which works on top of Layer 1. While the actual data bits are transferred over the physical or wireless medium on Layer 1, frames are used to define the data between two nodes on a data link. When there are more than two nodes, an address or routing protocol is used to route and control the traffic flow. Thus, traditional switching operates at Layer 2 of the OSI model, where packets are sent to a specific switch port based on destination MAC addresses. Routing operates at Layer 3, where packets are sent to a specific next-hop IP address, based on destination IP addresses. Devices in the same Layer 2 segment do not need routing to reach local peers. The destination MAC address is resolved through an Address Resolution Protocol (ARP).

[0041] With respect to data addressing, Layer 2 defines the protocol to both establish and terminate a physical connection between two devices. Layer 2 works with the device MAC addresses, which are unique identifiers for the network adaptor present in each device. A MAC address is thus a fixed address to the network adaptor and cannot be changed on a device without changing the hardware adaptor. Layer 2 netwOrks forward all their traffic so data transmitted by one device on Layer 2 will be forwarded to all devices on the network. Such broadcast traffic is fast, but as the network grows it creates congestion and leads to inefficiency.

[0042] In contrast to Layer 2, Layer 3 works with IP addresses, which are essentially Teased’ or Assigned’ generally to the nodes by a DHCP (dynamic host configuration protocol) server. As IP addresses are a layer of abstraction higher than MAC addresses, traffic using this layer is generally slower than Layer 2. Furthermore, Layer 3 traffic restricts broadcast traffic through segmentation and restricting broadcast traffic to subnetworks. In a Layer 3 transmission, for each data package, the IP portion is read by stripping the data link layer (Layer 2) frame information and is then reassembled again. From there, the hop count is decremented, the header checksum recalculated and a routing lookup executed. In general, a Layer 2 network is more useful broadcasting information between two nodes in close proximity where a broader network would not be affected by congestion, while a Layer 3 network is better for managing network traffic over multiple sites and through the Internet because L3 network switches work with routing of IP addresses.

[0043] In an embodiment, the binding process 104 groups or "binds" connections in a mesh network to reduce the complexity of connections between sets of nodes in a mesh network. For example, in FIG. 2, all of the connections between nodes A and C can be bound together to look like one connection, thus significantly reducing connection complexity, such as by a factor of 5 to 1 in the case of full four-node mesh network 200. In an embodiment, this binding is performed by implementing the node connections at the OSI Layer 2 data link layer. An Ethernet bridge is created to bind all the tunnel connections with a specific node. A virtual NIC (network interface controller) is used to generate a single MAC address for the bound connections. The virtual NIC behaves as a switch in routing traffic from the MAC address to bound tunnels from the bridge. A new IP address is generated to represent the MAC. Communication between newly generated IP addresses will then work with any Internet protocols.

[0044] In general, a tunnel is defined as a communications link that uses a tunneling protocol to repackage data traffic into a different form for transmission between network nodes. A tunnel is a mechanism used to ship a foreign protocol across a network that normally would not support it. For example, a tunnel allows IP networks to send another protocol in the data portion of the IP datagram. In this case, the tunneling protocol uses the data portion of a packet (payload) to carry the packets that provide the service. In the OSI layered protocol model, it can be used to break the layering when using the payload to carry a service not normally provided by the network. In an embodiment, the tunnelling protocol of the OSI model of FIG. 1 uses the data link layer, such as using the Layer 2 Tunneling Protocol (L2TP). Other tunneling protocols can also be used, such as SSH (secure shell),

GRE (generic, routing encapsulation), and so on.

[0045] FIG. 4 illustrates a circuit binding node connections to OSI Layer 2, under some embodiments. As shown in diagram 400, node A 402 is coupled to node C 404 over network link 405, which may be a wired or wireless link in a mesh network. Communication over link 403 utilizes Layer 3 IP addresses assigned to nodes A and C. In an embodiment, nodes A and C are coupled to link 405 through respective virtual NIC (VNIC) devices 406 and 408, denoted as VNIC_A and VNIC_B. The coupling between the nodes and their respective VNICs each comprise an Ethernet bridge 403 and 405. These bridges operate on Layer 2 utilizing the MAC addresses for the respective nodes, A and C.

[0046] In general, a NIC (such as VNIC_A and VNIC_B) implements the electronic circuitry required to communicate using a specific physical and data link layers to enable the IP protocol. The NIC is both a physical layer and data link layer device, as it provides physical access to a networking medium and, for IEEE 802 and similar networks, provides a low-level addressing system through the use of MAC addresses that are uniquely assigned to network interfaces. In an embodiment, the virtual NIC is implemented by virtualizing hardware components of a standard physical NIC. Implementation of a virtual NIC is described in further detail below.

[0047] FIG. 4 is provided for example only, and is intended to illustrate one link between two nodes in a fully meshed network of any scale having any practical number of

interconnected nodes.

[0048] FIG. 5 illustrates the network of FIG. 4 expanded to show additional nodes for binding of multiple tunnels to a single virtual MAC address for a node. FIG. 4 illustrates the single direct link A - C between node A and node C, whereas FIG. 5 shows all of the possible links between nodes A and C for the mesh network 200 of FIG. 2. These links are as follows: A - C

A - B - C

A - D - C

A - D - B - C

A - B - D - C

[0049] The binding process of component 104 establishes Ethernet bridges between each pair of nodes in the network. These bridges effectively bind all the tunnel connections with a specific node. Thus, as shown in FIG. 5, the five possible connections between nodes A and C are bound to a single virtual MAC address in Layer 2 for the possibly different IP addresses of the individual links shown above. The virtual NIC for node A (VNIC_A) is used to generate the single virtual MAC address for the bound connections. The virtual NIC thus behaves as a switch in routing traffic from the MAC address to bound tunnels from the bridge for node A, and a new IP address is generated to represent the MAC for node A. Through this mechanism, data is essentially aggregated to form a virtual bridge.

[0050] As shown in example diagram 500 of FIG. 5, the tunnel connections between network peers are combined and bridged into a virtual network interface which is assigned for enforced OSI Layer 3 configuration data by the network to communicate among all of the network peers. This is somewhat similar to how modern operating systems (such as Linux or BSD) can create a virtual interface such as bridge interface through combining multiples physical network interface controllers (NIC) to achieve higher capacity and redundancy for network connectivity.

[0051] In an embodiment, the individual OSI Layer 2 tunnel connection that implements the bridge connections 403 and 405 is referred to as a pipe, and more specifically as a "Marconi Pipe" (mPipe), such as that provided by Marconi Inc. of San Francisco, CA. Since the network peers are connected and bridged through OSI Layer 2 tunnels, this bridge mechanism provides similar redundancy and recoverability in physical network layers. For example, if one of the direct network Layer 2 tunnel connections with a peer node is disconnected, (unintentionally or intentionally), the network utilizes the Layer 2 protocol address resolution protocol (ARP) to find an alternative OSI Layer 3 path to transmit the data, while the lost or disconnected Layer 2 tunnel connection is recovered or replaced with other network service nodes.

[0052] In an embodiment, the Ethernet bridge mechanism is implemented through a secure Layer 2 tunnel/pipe that uses a virtual network device driver, such as a TUN/TAP (or similar) driver to facilitate virtual Layer 2 communication which allows for multiple tunnels to be created from one device. For this embodiment, TUN and TAP are virtual network kernel devices where the TUN (Network Tunnel) simulates a network layer device and operates with Layer 3 (IP) packets, and the TAP (Network Tap) simulates a link layer device and operates with Layer 2 packets, like Ethernet frames. TUN is generally used with routing, while TAP is used for creating a network bridge. Packets sent via a TUN/TAP device are delivered to a user-space program that attaches itself to the device. The program may also pass packets into a TUN/TAP device. In this case the TUN/TAP device delivers (or "injects") these packets to the operating system network stack, thus emulating their reception from an external source. It should be noted that any other virtualization or tunnel mechanism may be used, such as a secure shell (SSH) tunnel, or proprietary_' (e.g., mPipe) method.

[0053] Although embodiments are described with respect to TUN/TAP drivers, it should be noted that other virtual network device drivers can also be used, such as a MacVTap or other drivers that provide or simplify virtualized bridged networking.

[0054] FIG. 6 is a flowchart that illustrates a method of transmitting data over a mesh network using OSI Layer 2 binding, under an embodiment. FIG. 6 illustrates an overall method in which the binding process 104 groups connections to each node in a mesh network to reduce the complexity of connections between sets of nodes. As shown in FIG. 2, each node may have any number of connections depending on the scale of the network, as identified in step 602. The binding process establishes a secure tunnel over OSI Layer 3 using IP addresses for each identified connection, step 604. As shown in step 606, an Ethernet bridge based utilizing a VNIC is created to bind all the tunnel connections with the specific node. The VNIC generates a single MAC address in Layer 2 for the bound connections and behaves as a switch to route traffic from the MAC address to bound tunnels from the bridge. In step 608, a new IP address is generated to represent the MAC address. The network then transmits data to the node using the MAC address, 610. In this way, communication between the newly generated IP addresses in Layer 3 is performed using a single MAC address in Layer 2, thus effectively binding all of the connections to the node in a single Layer 2 connection.

[0055] FIG. 7 illustrates implementing a secure Layer 2 tunnel for translating IP addresses to a MAC address in a binding process, under some embodiments. Diagram 700 of FIG. 7 illustrates the establishment of a secure tunnel over Layer 3 using IP addresses for the identified connections to the node, as shown in step 604 of FIG. 6. In diagram 700, node 702 represents a processing element executing an OS (e.g., Linux) process. There are five connections 701 into the node, each from paths coupling a number of other nodes in the network. For example, the connections could represent the different paths to node C from node A (A - C, A - D, etc.) as illustrated above in FIG. 5. Each connection specifies an IP address (IP Address 1, IP Address 2, etc.). In an embodiment, the bridge 704 combines these IP addresses to generate a single MAC address as in the following formula:

/ (IPi, IP₂, IP₃, ..., IPn) => MAC address [0056] The Layer 2 MAC address generated in bridge 704 is thereafter used by all connections 701 when other nodes transmit data to node 702 in a manner that effectively or virtually aggregates node connections to emulate Layer 2.

[0057] In an embodiment, the function (f) represents a process whereby the system generates its own MAC address randomly and uses internal forwarding databases to forward Ethernet frames to ports. In the bridge, it maintains unicast MAC address and port relationship tables to forward frames. Therefore, there is no actual merging or aggregating function for MAC addresses into one MAC address, but rather an abstract aggregation of data paths through this self-generated MAC address, as explained in greater detail below.

Bridge NIC Implementation

[0058] In an embodiment, the virtual MAC address mechanism illustrated in FIGS. 4 and 5 is implemented through a bridge NIC architecture. In an embodiment a bridge NIC or bridge device in the system (sometimes referred to as *nix) is a Layer 2 virtual device that can neither transmit nor receive anything by itself unless it is bonded with real devices. In an embodiment, this bonding may be through a proprietary (mPipe) or virtual device, or simulated/emulated OSI tunnel virtual device. In terms of bridge components, there are four parts; (1) a sets of ports, (2) control plane logic, (3) forwarding plane logic, and (4) a MAC address learning database or table. With respect to the set of network ports or interfaces, in an embodiment, mPipe or tunnels are connected to the ports. In a typical case, the network ports or interfaces can be anything used for forwarding traffic between edge switches to other hosts in network. With respect to the control plane, this element detects STP (spanning tree protocol) to prevent loops in the network by calculating a minimum spanning tree; it also maintains a MAC address/port (routing) table. With respect to the forwarding plane, this element processes incoming Ethernet frames from ports and forwards frames based on the MAC address routing databases. The MAC address/port database tracks host locations in the local address network (LAN) This database or databases may be implemented as a routing table associating MAC and IP or other addresses in a standard or proprietary database or tabular format.

[0059] Upon receiving an Ethernet frame, the bridge NIC looks up the MAC address table and if it cannot find a given MAC address, it bridges or broadcasts the frame to all ports except the port where the frame originated. In an embodiment, a standard IEEE 802D

L2/switch discovery process such as that known as ARP (Address Resolution Protocol), or similar may be used.

[0060] The merging or aggregating of exiting MAC addresses of tunnel or virtual devices as shown in FIG. 5 is implemented by the bridge NIC generating its own MAC address randomly and using internal forwarding databases to forward Ethernet frames to the ports. In the bridge, it maintains unicast MAC address and port relationship tables to forward the frames.

[0061] FIG. 8A illustrates implementing a virtual bridge to bind OSI Layer 2, under some embodiments. As shown in FIG. 8A, an operating system layer 804 resides between an application layer 802 and hardware 806. The virtual bridge element 808 is implemented in the operating system layer 804 to communicate with a NIC device 810 which resides between the OS and hardware layers. As per standard networking implementations, the NIC 810 has an associated MAC address. The virtual bridge 808 includes a routing table 809 that implements the MAC address table referenced above. The virtual bridge also has an associated virtual MAC (VMAC or vMAC) address. Communication 812 between the virtual bridge 808 and the NIC 810 is provided by packet forwarding protocols 812. The NIC 810 communicates to other nodes using its MAC address over Layer 3 tunnels or tunnel links

814 [0062] FIG. 8C is a flowchart that illustrates a method of creating a virtual bridge, under some embodiments. The process starts in step 822 by allocating a data structure (struct net_device) with a private data area for driver initialization and operations. A standard known data structure such as defined in

/linux/v3. I0. l05/source/include/linux/netdevice.h#L1040 may be used, or alternatively, any appropriate proprietary data structure may be used.

[0063] The process then generates a random hardware address that is not multicast, step 824. This is an Ethernet address that is assigned to net_device struct defined in step 822. The address is configured to follow the IEEE 802 standard, such as in

/linux/v3.10. l05/source/include/linux/etherdevice.h#L155. An example address is a 6-byte array that contains the Ethernet Address. Example programming code to perform this is as follows

get_random_hytes ( addr, ETH ALEN) ;

addr[0] &= Oxfe ; / * clear multicast bit */

addr[0] i = 0x02; /* set local assignment bit (IEEE802) */

[0064] In example case, it uses whichever operating system provided system function for generating random bytes which can be used for Ethernet Address. The process then sets up remaining Ethernet related parameters in net_device that will be used within operations, step 826. It then sets up remaining bridge related parameters defined by IEEE 802 which includes hardware features, step 828.

[0065] In an embodiment, these parameters may implement at least part of the IEEE 802. ID MAC Bridges standard that includes bridging, spanning tree (STP), and others as standardized by the IEEE 802.1 working group. STP is a network protocol that builds a loop- free logical topology for Ethernet networks. The basic function of STP is to prevent bridge loops and the resulting broadcast radiation. It also allows a network to include backup links to provide fault tolerance if an active link fails. The STP process creates a spanning tree within a network of connected Layer 2 bridges, and disables those links that are not part of the spanning tree, leaving a single active path between any two network nodes.

[0066] In terras of Ethernet frame processing in the bridge or mPipe, it follows the typical pattern for IEEE 802D, i.e., lookup and forwarding Ethernet frames in and from tunnels. Frames first come in, and as each frame is received, the bridge performs a lookup/update in the MAC address database/forwarding table. The forwarding decision for each port is decided based on the MAC address/port table. Any broadcasting frame action is taken based on the local MAC address/port mapping table. In this manner, the bridge is used to act like a switch to simplify frame forwarding and peer discover}- in multiples virtualized OSI Layer 2 tunnels.

[0067] Various different switching methods may be used within the Layer 2 switching method described herein. In general, LAN switches are characterized by the forwarding method that they support, such as a store-and-forward switch, cut-through switch, or fragment-free switch. In the store-and-forward switching method, error checking is performed against the frame, and any frame with errors is discarded. With the cut-through switching method, no error checking is performed against the frame, which makes

forwarding the frame through the switch faster than store-and-forward switches.

Routing Table and Addressing

[0068] As shown in FIG. 8A, the virtual bridge includes a routing table 809. In an embodiment, this table provides ARP-to-MAC Address to IP mapping for switching/routing. This is how the virtual bridge keep track of MAC addresses with port numbers. The MAC learning database provides Layer 2 information only. Below is provided example

programming code for implementing a routing table under some example embodiments. root@n0:~# brctl showmacs br42

port no mac addr is local? ageing timer

1 0a : 39 : 65 : 96 : la : cd no 0.40 1 Oe : f5 : ca : d7 : 0c : 30 no 188.39

2 3a:lb:44:17:a6:19 yes 0.00

2 3a:lb:44:17:a6:19 yes 0.00

1 3c : c5 : 11 : de : eb : e6 no 32.40

1 ae : 2a : 3a : ca : Of : ea no 290.40

1 de:f6:b5:76:4f:71 yes 0.00

1 de:f6:b5:76:4f:71 yes 0.00 root@n0:~# brctl show

bridge name bridge id STP enabled interfaces

br21 8000.000000000000 yes

br42 8000.3alb4417a619 yes tapll tap13 ex> This is what OS /ill see L2, L3 information.

root@n0:~# arp

Address HWtype HWaddress Flaas Mask Iface

192.168.10.203. com ether fe:00:01:37:6e:d2

ens3

192.168.10.169. com ether fe : 00 : 01 : 37 : 6e : d2

ens3

192.168.10.173.com ether fe : 00 : 01 : 37 : 6e : d2

ens3

192.168.11.149. com ether fe : 00 : 01 : 37 : 6e : d2

ens3

192.168.10.17. com ether fe : 00 : 01 : 37 : 6e : d2

ens3

192.168.ll.72.com ether fe : 00 : 01 : 37 : 6e : d2

ens3

192.168.10.57.com ether fe : 00 : 01 : 37 : 6e : d2

ens3

192.168.11 143. com ether fe : 00 : 01 : 37 : 6e : d2

ens3

192.168.10.222.com ether fe : 00 : 01 : 37 : 6e : d2 r_' ens3

192.168.11.0. com ether fe : 00 : 01 : 37 : 6e : d2

ens3 132.168.ll.129.com ether fe : 00 : 01 : 37 : 6e : d2

ens3

192.168.11.78. com ether fe:00:01:37:6e:d2

ens3

132.168.ll.133.com ether fe : 00 : 01 : 37 : 6e : d2 C ens3

192.168.10.1 ether fe: 00 : 01 : 37 : 6e :d2 C ens3

172.20.20.12 ( incomplete )

192.168. ll.228.com ether fe:00:01:37:6e:d2 C

10.42.0.12 ether Oa: 39 : 65 : 96 : la : cd C br42

192.168.10.167. com ether fe: 00 : 01 : 37 : 6e :d2 C ens3

192.168.ll.24.com ether fe : 00 : 01 : 37 : 6e : d2 C ens3

192.168.10.16. com ether fe:00:01:37:6e:d2 C

192.168.10.79. com ether fe : 00 : 01 : 37 : 6e : d2 C ens3

192.168.11.208. com ether fe:00:01:37:6e:d2 C ens3

192.168.10.127.com ether fe : 00 : 01 : 37 : 6e : d 2 C ens3

172.20.20.11 ( incomplete ) br21

192.168.11 ,63. com ether fe : 00 : 01 : 37 : 6e : d2 C ens3

192.168.11.75. com ether fe:00:01:37:6e:d2 C ens3

10.42.0.11 ether 16 : a£ : a2 : 56 : d8 : 70 C br42

132.168.10.107.com ether fe : 00 : 01 : 37 : 6e : d2 C ens3

192.168.11.199. com ether fe : 00 : 01 : 37 : 6e : d2 C ens3

[0069] In the above example code, the br42 data element is created by a marconid binary through a bridge driver in the kernel. The tap* interfaces are created through a TUN/TAP, MaeVTap or other virtual network device driver in kernel to emulate/simulate Layer 2 tunnel though an identifier (marconid), which represents network ports or interface in bridge. Each tap interface represents one mPipe connection.

[0070] FIG. 8A illustrates an example of a single subnet embodiment. Alternatively, any practical number of subnets may be created by adding additional virtual bridges and NICs. FIG. 8B illustrates a multi-subnet virtual bridge system, under some embodiments and using the same three-layer architecture of FIG. 8A. Diagram 820 illustrates a two subnet embodiment in which the OS layer 804 includes two virtual bridges VB I and VB2 each accessed through their own respective virtual MAC addresses to sendee applications in layer 802. Any number of NICs may be provided between the OS 804 layer and the hardware 806, such as three NICs (NIC I, NIC2, NIC3) as illustrated in diagram 820. The connections between VB2 and NIC2 create a first subnet (Subnet 1) and the connections between VB1 and NICs 1 and 2 create a second subnet (Subnet 2). As can be seen in FIG. 8B, any number of YB and NIC elements and combination of connections among them can be used to create any practical number of subnets in a multi-subnet implementation.

[0071] FIG. 9 illustrates an example medium-scale mesh network implementing OSI Layer 2 connection binding, under some embodiments. Diagram 900 of FIG. 9 illustrates the binding of connections for a first set of nodes 902 relative to a second set of nodes 904 through data links 903. For purposes of example, the first set of nodes 902 are labeled nodes A, B, C, and D; and the second set of nodes 904 are labeled X, Y, and Z. Using the binding process 104, node A can communicate with node Y (for example) through any of the bound links 903 including links through other nodes. This means that if a path between node A and node B that is being used goes down, traffic will automatically be routed between Node A and Y through another path, including a path that hops between other nodes in node set 902 and/or 903.

[0072] The Layer 2 binding architecture described herein provides several benefits including simplified lattice network management, hardware-less routing, dynamic network capacity, and connection fault tolerance. The simplified management feature is provided by the fact that the VNIC and bridge mechanism reduces complexity by abstracting

communication connection between nodes. As illustrated in FIG. 5, the multiple (e.g., 5) different connections between nodes A and C are essentially abstracted to a single connection referenced by a single MAC address. Hardware-less routing is provided through the fact that network traffic can now be routed between directly between nodes without discovery via traditional central routers. Fault tolerance is enabled by virtue of the fact that failover is automatically included since multiple connections are now abstracted into one connection. Dynamic network capacity is provided through additional connections or“tunnels” that can be included in a binding to increase capacity between nodes.

Smart Contract Network Protocol

[0073] In an embodiment, the Layer 2 binding process 104 described herein is used in a large scale mesh network utilizing a protocol, referred to as the "Marconi Protocol" that defines the rules and provides the primitives by which peers can securely connect and communicate in order to form and participate in the network "Marconi Network," which can be a global-scale network in which nodes can join and leave at will using the mechanism of smart contracts. This protocol supports wireless networks and peer-to- peer mesh networks, and managing connections between nodes and ensuring performant traffic routing in such networks can be challenging since the number of possible connections grows as 0(n²) where n is the number of nodes. To reduce this complexity, the binding process 104 combines and binds multiple OSI Layer 2

connections in a given network node into a single virtual network interface with OSI Layer 3 configuration data, similar to how operating systems can bridge multiple physical network interface controllers to achieve higher capacity and redundancy for network connectivity. This binding removes complexity for node and network operators as well as for developers writing smart packet applications. It also provides connection redundancy and fault tolerance in case a network link is lost, and increases throughput since it grants the ability to distribute outgoing traffic over multiple paths.

[0074] The Marconi protocol facilitates secure network communication and smart contracts for network packets. It is designed down to Layer 2 of the OSI model and works with wired and wireless standards. It is interoperable with existing Internet infrastructures and provides enhanced Layer 2 and Layer 3 functionality, such as transmission layer security. In an embodiment, there are three main components of the protocol.

[0075] The first component is the Marconi Pipe (mPipe), which provides a secure communication channel for transporting network traffic between peers. The pipes are established all the way down to Layer 2 of the OSI model and provide encryption, routing, and processing capabilities. The second component is a system of smart packet contracts allowing network packets to be routed and processed using smart contracts. This technology unlocks numerous use-cases for smart decentralized networking applications such as software-defined networking, intrusion detection and prevention systems, content delivery networks, and distributed virtual private networks. The third component is the Marconi link, which works with wired standards to allow the protocol to be used as an overlay on existing internet infrastructure. With Marconi Link, the protocol has also been designed to be used with wireless protocols such as Bluetooth, Wi-Fi, and the U-NII-3 radio band to power scalable mesh networks, both public and private.

[0076] FIG. 10 illustrates an example Marconi network that globally organizes and enables the formation of autonomous networks, under some embodiments. The network connects peers 1001 (which may be infrastructure service nodes, Internet-enabled computing devices, or network end users) through smart contracts 1002 that are agreements between these peers defining how much data will be exchanged, for how long, what types of smart packet contracts will be enabled, and at what fuel price.

The connections can be implemented through mPipes 1003 or wireless Marconi links 1004.

[0077] In an embodiment, individuals, network operators, and Internet service providers can participate in the network by contributing their band-width or compute resources to the network. In return for contributing resources and processing smart packet contracts, network nodes periodically receive network tokens that serve as the base unit for distributed networking and computing, the fuel consumed for network usage, administration, and smart contract processing.

[0078] While the Marconi Network can interoperate with existing internet infrastructure, it is also self-sustaining, capable of obviating existing network infrastructure by forming direct peer-to-peer connections to facilitate wireless mesh networks that remove the need for hardware switches, routers, and bridges. In essence, the Marconi Network enables and incentivizes users to assemble and securely exchange network infrastructure resources without the physical, financial, and regulatory limitations that hinder traditional approaches to building, connecting, operating, and maintaining network infrastructure at scale. End users can utilize the network to access the Internet or nearby compute power, either by procuring tokens or by mining them through operating a contributing service node. Developers can utilize the network to create and deploy intelligent, decentralized networking applications that can be run by end users or service nodes. Private institutions and enterprises can utilize the network and the platform its built on to manage their infrastructure and develop smart distributed networking and cybersecurity services.

[0079] The mPipe (Marconi pipe) 1003 implements a virtualized data link layer which provides a communication channel, or pipe, for transporting network traffic between peers. Conceptually this is similar to the Layer 2 Tunneling Protocol (L2TP). These pipes are a fundamental building block of the Marconi Network, and because they are established all the way down to Layer 2 of the OSI model, they allow several important capabilities such as custom packet routing and processing, increased security via packet-level encryption, and easy discovery of neighboring peers transmitting on the same local medium. FIG. 11 illustrates an implementation of an mPipe, under some embodiments. FIG. 11 shows the hierarchy of the seven OSI Layers 1102 with an mPipe 1104 implemented between drivers in Layer 2.

[0080] When creating a pipe, a secure connection is formed between two peers by using a Diffie-Hellman (or similar) exchange to create three shared secrets: one for data encryption, one for checksums to achieve data integrity, and one used as a seed. Each peer combines this seed with the current time truncated to a pre-defmed granularity (e.g., one minute) to obtain a new seed that changes over time. This in turn, is used to mutate the data encryption secret and data integrity secret based on the current time interval, similar to a time-based one-time password (TOTP), to help harden the data stream against attacks such as traffic pattern analysis.

[0081] A system of symmetric keys is used for performance. Packets will constantly be traversing many pipes, and useful cryptographic operations as defined in the Advanced Encryption Standard (AES) are directly supported in the instructions sets of many hardware components. The mPipe operates at the level of a network driver and can thus be very performant both in terms encryption/decryption, as well as in terms of packet-level processing. This enables several interesting network features, such as packet relay, packet throttling, and packet inspection.

[0082] With respect to the smart contract component, with smart packet contracts, developers have the ability to run smart contracts against network packets to do smart routing and packet processing. The Marconi network provides a platform where developers can create decentralized networking applications using smart packet contracts.

System Implementation

[0083] As described above, in an embodiment, system 100 includes a Layer 2 binding mechanism that may be implemented as a computer implemented software process, or as a hardware component, or both in a computer such as server 102 in FIG. 1. As such, it may be an executable module executed by the one or more computers in the network, or it may be embodied as a hardware component or circuit provided in the system. The network environment of FIG. 1 may comprise any number of individual client-server networks coupled over the Internet or similar large-scale network or portion thereof. Each node in the network(s) comprises a computing device capable of executing software code to perform the processing steps described herein. FIG. 12 is a block diagram of a computer system used to execute one or more software components of process 104, under some embodiments. The computer system 1000 includes a monitor 1011, keyboard 1017, and mass storage devices 1020. Computer system 1000 further includes subsystems such as central processor 1010, system memory 1015, input/output (I/O) controller 1021, display adapter 1025, serial or universal serial bus (USB) port 1030, network interface 1035, and speaker 1040. The system may also be used with computer systems with additional or fewer subsystems. For example, a computer system could include more than one processor 1010 (i.e., a multiprocessor system) or a system may include a cache memory.

[0084] Arrows such as 1045 represent the system bus architecture of computer system 1000. However, these arrows are illustrative of any interconnection scheme serving to link the subsystems. For example, speaker 1040 could be connected to the other subsystems through a port or have an internal direct connection to central processor 1010. The processor may include multiple processors or a multicore processor, which may permit parallel processing of information. Computer system 1000 is an example of a computer system suitable for use with the present system. Other configurations of subsystems suitable for use with the present invention will be readily apparent to one of ordinary skill in the art.

[0085] Computer software products may be written in any of various suitable programming languages. The computer software product may be an independent application with data input and data display modules. Alternatively, the computer software products may be classes that may be instantiated as distributed objects. The computer software products may also be component software.

[0086] Embodiments include a method of transmitting data in a mesh network, comprising: creating, for each node in the mesh network, an Ethernet bridge to bind all tunnel connections to the node; deploying a virtual network interface controller (NIC) with each node to generate a single media access controller (MAC) address assigned to all bound tunnel connections for the node; and transmitting data over the virtual Ethernet bridge using an emulated OSI Layer 2 protocol by transmitting data between pairs of network interface controllers (NICs) between each node using OSI Layers 3 and 4 protocols. The method may further comprise binding multiple NICs within a single physical device, or clienting a subnet with each virtual bridge to mesh Layer 2 subnets. The method may also comprise merging subnets by binding virtual NICs.

[0087] In the above method, the tunnel connections comprise a Layer 2 tunnel that uses a virtual network device driver such as a TUN/TAP or MacVTap driver to facilitate virtual Layer 2 communication allowing for multiple tunnels to be created from each device. For a TUN/TAP driver, it may be virtual network kernel devices where the TUN (Network Tunnel) simulates a network layer device and operates with Layer 3 (IP) packets, and the TAP (Network Tap) simulates a link layer device and operates with Layer 2 packets. In this method, the Ethernet bridge provides redundancy in physical network layers of the OSI (open systems interconnection) network model by, in the event of disconnection of a Layer 2 tunnel connection, utilizing a Layer 2 protocol address resolution protocol (ARP) to find an alternative OSI Layer 3 path to transmit the data, while the disconnected Layer 2 tunnel connection is recovered or replaced with other network service nodes. The Ethernet bridge may comprise a sets of ports, control plane logic, forwarding plane logic, and a MAC address learning database.

[0088] The mesh network may be a large-scale network implementing a smart contract based protocol to route and process network packets among nodes of the mesh network.

[0089] Embodiments are further directed to a method of transmitting data in a mesh network having a number of interconnected nodes, comprising: identifying all connections to a node from all other connected nodes in the network; establishing a connection over OSI Layer 3 using Internet Protocol (IP) addresses for each identified connection; creating a bridge to the node to generate a single media access controller (MAC) address for the node using OSI Layer 2 protocol; generating a new IP address to represent the single MAC address; and transmitting data to the node over all the identified connections using the new IP address. In this method, the bridge combines the IP addresses for each identified connection to generate the single MAC address using the following formula:

/ (IPi, IP₂, IP₃, ., IPn) =i> MAC address

wherein the function (J) represents a process wherein the network generates its own MAC address randomly and uses internal forwarding databases to forward Ethernet frames to ports, and wherein the bridge maintains unicast MAC address and port relationship tables to forward frames. The bridge may be an Ethernet bridge created to bind all tunnel connections with the node.

[0090] This method may further comprise using a virtual NIC (network interface controller) to generate a single MAC address for bound connections node, wherein the virtual NIC behaves as a switch in routing traffic from the single MAC address to bound tunnels from the Ethernet bridge. The tunnel connections may comprise a Layer 2 tunnel that uses a virtual network device driver, such as a TUN/TAP or MacVTap driver to facilitate virtual Layer 2 communication allowing for multiple tunnels to be created from the nodes. [0091] Embodiments are yet further directed to a system transmitting data in a mesh network having a number of interconnected nodes, comprising: a first processor component identifying all connections to a node from all other connected nodes in the network and establishing a connection over OSI Layer 3 using Internet Protocol (IP) addresses for each identified connection; an Ethernet bridge to the node generating a single media access controller (MAC) address for the node using OSI Layer 2 protocol; and a second processor component generating a new IP address to represent the single MAC address, and

transmitting data to the node over all the identified connections using the new IP address. In this system, the Ethernet bridge combines the IP addresses for each identified connection to generate the single MAC address using the following formula:

/ (IPi, IP₂, IP₃, ..., IPn) => MAC address

wherein the function (J) represents a process wherein the network generates its own MAC address randomly and uses internal forwarding databases to forward Ethernet frames to ports, and wherein the Ethernet bridge maintains unicast MAC address and port relationship tables to forward frames.

[0092] In this system, the Ethernet bridge binds all tunnel connections with the node and comprises a sets of ports, control plane logic, forwarding plane logic, and a M AC address learning database. It also may further comprise a virtual NIC (network interface controller) generating a single MAC address for bound connections node, wherein the virtual NIC behaves as a switch in routing traffic from the single MAC address to bound tunnels from the Ethernet bridge; and the mesh network may be a large-scale network implementing a smart contract based protocol to route and process network packets among nodes of the mesh network.

[0093] Although certain embodiments have been described and illustrated with respect to certain example network topographies and node names and configurations, it should be understood that embodiments are not so limited, and any practical network topography is possible, and node names and configurations may be used. Likewise, certain specific programming syntax and data structures are provided herein. Such examples are intended to be for illustration only, and embodiments are not so limited. Any appropriate alternative language or programming convention may be used by those of ordinary skill in the art to achieve the functionality described.

[0094] Embodiments as described herein may be applied to mesh networks of any scale (full or partial), and may also be applied to any other physical, virtual or hybrid

physical/virtual network, such as a very large-scale wide area network (WAN), metropolitan area network (MAN), or cloud based network system. Aspects of the one or more embodiments described herein may be implemented on one or more computers executing software instructions, and the computers may be networked in a client-server arrangement or similar distributed computer network. The network provides connectivity to the various systems, components, and resources, and may be implemented using protocols such as Transmission Control Protocol (TCP) and/or Internet Protocol (IP), well known in the relevant arts.

[0095] For the sake of clarity, the processes and methods herein have been illustrated with a specific flow, but it should be understood that other sequences may be possible and that some may be performed in parallel, without departing from the spirit of the invention. Additionally, steps may be subdivided or combined. As disclosed herein, software written in accordance with the present invention may be stored in some form of computer-readable medium, such as memory or CD-ROM, or transmitted over a network, and executed by a processor. More than one computer may be used, such as by using multiple computers in a parallel or load-sharing arrangement or distributing tasks across multiple computers such that, as a whole, they perform the functions of the components identified herein; i.e., they take the place of a single computer. Various functions described above may be performed by a single process or groups of processes, on a single computer or distributed over several computers. Processes may invoke other processes to handle certain tasks.

[0096] Unless the context clearly requires otherwise, throughout the description and the claims, the words“comprise,”“comprising,” and the like are to be construed in an inclusive sense as opposed to an exclusive or exhaustive sense; that is to say, in a sense of“including, but not limited to.” Words using the singular or plural number also include the plural or singular number respectively. Additionally, the words“herein,”“hereunder,”“above,” “below,” and words of similar import refer to this application as a whole and not to any particular portions of this application. When the word“or” is used in reference to a list of two or more items, that word covers all of the following interpretations of the word: any of the items in the list, all of the items in the list and any combination of the items in the list.

[0097] All references cited herein are intended to be incorporated by reference. While one or more implementations have been described by way of example and in terms of the specific embodiments, it is to be understood that one or more implementations are not limited to the disclosed embodiments. To the contrary, it is intended to cover various modifications and similar arrangements as would be apparent to those skilled in the art. Therefore, the scope of the appended claims should be accorded the broadest interpretation so as to encompass all such modifications and similar arrangements.

Claims

CLAIMS What is claimed is:

1. A method of transmitting data in a mesh network, comprising:

creating, for each node in the mesh network, an Ethernet bridge to bind all tunnel connections to the node;

deploying a virtual network interface controller (NIC) with each node to generate a single media access controller (MAC) address assigned to all bound tunnel connections for the node; and

transmitting data over the virtual Ethernet bridge using an emulated OSI Layer 2 protocol by transmitting data between pairs of network interface controllers (NICs) between each node using OSI Layers 3 and 4 protocols.

2. The method of claim 1 further comprising binding multiple NICs within a single physical device.

3. The method of claim 1 further comprising clienting a subnet with each virtual bridge to mesh layer 2 subnets.

4. The method of claim 1 further comprising merging subnets by binding virtual NICs.

5. The method of claim 1 wherein the tunnel connections comprise a Layer 2 tunnel that uses a virtual network device driver to facilitate virtual Layer 2 communication allowing for multiple tunnels to be created from each device.

6. The method of claim 5 wherein the virtual network device driver comprises one of a TUN/TAP driver or MacVTap driver, and if a TUN/TAP driver, the driver comprises virtual network kernel devices where the TUN (Network Tunnel) simulates a network layer device and operates with Layer 3 (IP) packets, and the TAP (Network Tap) simulates a link layer device and operates with Layer 2 packets.

7. The method of claim 1 wherein the Ethernet bridge provides redundancy in physical network layers of the OSI (open systems interconnection) network model by, in the event of disconnection of a Layer 2 tunnel connection, utilizing a Layer 2 protocol address resolution protocol (ARP) to find an alternative OSI Layer 3 path to transmit the data, while the disconnected Layer 2 tunnel connection is recovered or replaced with other network service nodes.

8. The method of claim 7 wherein the Ethernet bridge comprises a sets of ports, control plane logic, forwarding plane logic, and a MAC address learning database.

9. The method of claim 1 wherein the mesh network comprises a large-scale network implementing a smart contract based protocol to route and process network packets among nodes of the mesh network.

10. A method of transmitting data in a mesh network having a number of interconnected nodes, comprising:

identifying all connections to a node from all other connected nodes in the network; establishing a connection over OSI Layer 3 using Internet Protocol (IP) addresses for each identified connection; creating a bridge to the node to generate a single media access controller (MAC) address for the node using OSI Layer 2 protocol;

generating a new IP address to represent the single MAC address; and

transmitting data to the node over all the identified connections using the new IP address.

11. The method of claim 10 wherein the bridge combines the IP addresses for each identified connection to generate the single MAC address using the following formula:

/ (IPi, IP₂, IP₃, ..., IPn) => MAC address

12. The method of claim 11 wherein the function (J) represents a process wherein the network generates its own MAC address randomly and uses internal forwarding databases to forward Ethernet frames to ports, and wherein the bridge maintains unicast MAC address and port relationship tables to forward frames.

13. The method of claim 10 wherein the bridge comprises an Ethernet bridge created to bind all tunnel connections with the node.

14. The method of claim 13 further comprising using a virtual NIC (network interface controller) to generate a single MAC address for bound connections node, wherein the virtual NIC behaves as a switch in routing traffic from the single MAC address to bound tunnels from the Ethernet bridge.

15. The method of claim 14 wherein the tunnel connections comprise a Layer 2 tunnel that uses a virtual network device driver to facilitate virtual Layer 2 communication allowing for multiple tunnels to be created from the nodes, and comprising one of a TUN/TAP and a MacVTap driver.

16. A system transmitting data in a mesh network having a number of interconnected nodes, comprising:

a first processor component identifying all connections to a node from all other connected nodes in the network and establishing a connection over OSI Layer 3 using Internet Protocol (IP) addresses for each identified connection;

an Ethernet bridge to the node generating a single media access controller (MAC) address for the node using OSI Layer 2 protocol; and

a second processor component generating a new IP address to represent the single MAC address, and transmitting data to the node over all the identified connections using the new IP address.

17. The system of claim 16 wherein the Ethernet bridge combines the IP addresses for each identified connection to generate the single MAC address using the following formula:

/(IPi, IP₂, IP₃, ..., IPn) => MAC address

and wherein the function (f) represents a process wherein the network generates its own

MAC address randomly and uses internal forwarding databases to forward Ethernet frames to ports, and wherein the Ethernet bridge maintains unicast MAC address and port relationship tables to forward frames.

18. The system of claim 17 wherein the Ethernet bridge binds all tunnel connections with the node and comprises a sets of ports, control plane logic, forwarding plane logic, and a MAC address learning database.

19. The system of claim 18 further comprising a virtual NIC (network interface controller) generating a single MAC address for bound connections node, wherein the virtual NIC behaves as a switch in routing traffic from the single MAC address to bound tunnels from the Ethernet bridge.

20. The system of claim 16 wherein the mesh network comprises a large-scale network implementing a smart contract based protocol to route and process network packets among nodes of the mesh network.