专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

11. 发明授权

US07515525B2 Cooperative TCP / BGP window management for stateful switchover 有权
标题翻译：协同TCP / BGP窗口管理进行状态切换
公开(公告)号：US07515525B2
公开(公告)日：2009-04-07
申请号：US10948732
申请日：2004-09-22
申请人： Chandrashekhar Appanna , Anantha Ramaiah , Lester S. Bird
发明人： Chandrashekhar Appanna , Anantha Ramaiah , Lester S. Bird
IPC分类号： H04L12/26
CPC分类号： H04L47/27 , H04L45/04 , H04L45/586 , H04L69/40
摘要： A system and method for performing stateful switchover with reduced data, such as only metadata about a TCP window state. The metadata comprises a size of TCP packets used to send BGP messages, and which of those have been acknowledged by a neighbor networking device. The networking device comprises a BGP module to establish a BGP session between the networking device and a neighbor networking device. An active transport module within the networking device synchronizes with a standby transport module within the networking device by sending the metadata. A fault detector within the networking device initiates a stateful switchover from the active transport module to the standby transport module responsive to detecting a failure of a process and/or processor. The standby transport module uses the metadata to determine stateful metadata for preserving current BGP and TCP sessions of the networking device with dummy TCP packets having the same size ad sent TCP packets and containing safe BGP message data.
摘要翻译：一种用简单数据进行状态切换的系统和方法，例如仅关于TCP窗口状态的元数据。元数据包括用于发送BGP消息的TCP数据包的大小，以及哪些哪些已被邻居网络设备确认。网络设备包括BGP模块，用于在组网设备和邻居网络设备之间建立BGP会话。网络设备内的主动传输模块通过发送元数据与网络设备内的备用传输模块进行同步。响应于检测到过程和/或处理器的故障，网络设备内的故障检测器启动从主动传输模块到备用传输模块的状态切换。备用传输模块使用元数据来确定有状态元数据，用于保留具有相同大小的发送的TCP数据包并包含安全的BGP消息数据的伪TCP数据包的网络设备的当前BGP和TCP会话。

12. 发明申请

US20080170501A1 Enhancing transmission reliability of monitored data 有权
标题翻译：提高监控数据的传输可靠性
公开(公告)号：US20080170501A1
公开(公告)日：2008-07-17
申请号：US11655003
申请日：2007-01-17
申请人： Alpesh Patel , Anantha Ramaiah , Syam Sundar Appala , Praveen Joshi
发明人： Alpesh Patel , Anantha Ramaiah , Syam Sundar Appala , Praveen Joshi
IPC分类号： H04J1/16
CPC分类号： H04L69/16 , H04L1/1874 , H04L47/14 , H04L47/19 , H04L47/27 , H04L47/28 , H04L47/29 , H04L49/90 , H04L69/163 , H04W80/06
摘要： In one embodiment, an apparatus comprises logic encoded in one or more tangible media for enhancing transmission reliability of monitored data. The logic is operable to receive a plurality of segments for transmission over a TCP connection to a network node, where the TCP connection is associated with a transmit queue and a retransmit queue. The logic is also operable to detect a transmission anomaly on the TCP connection to the network node, and in response to detecting the transmission anomaly, is operable to perform any one of: store segments into a persistent buffer prior to transferring the segments into the transmit queue; copy segments from the retransmit queue into the persistent buffer, where the segments have been transmitted but not yet acknowledged by the network node; and copy segments from the transmit queue into the persistent buffer, where the segments have not yet been transmitted to the network node.
摘要翻译：在一个实施例中，装置包括在一个或多个有形介质中编码的逻辑，用于增强被监视数据的传输可靠性。该逻辑可操作以接收多个段以便通过TCP连接传输到网络节点，其中TCP连接与发送队列和重发队列相关联。该逻辑还可操作用于检测到与网络节点的TCP连接上的传输异常，并且响应于检测到传输异常，可操作以执行以下任何一个：在将段传送到传输之前将段存储到永久缓冲器中队列; 将所述重传队列中的段复制到所述持久缓冲器中，其中所述段已被发送但尚未被所述网络节点确认; 并将段从传输队列复制到持久缓冲区中，其中段尚未传送到网络节点。

13. 发明授权

US07257840B2 Preventing network data injection attacks using duplicate-ACK and reassembly gap approaches 有权
标题翻译：使用重复ACK和重组间隙方法防止网络数据注入攻击
公开(公告)号：US07257840B2
公开(公告)日：2007-08-14
申请号：US10815218
申请日：2004-03-30
申请人： Anantha Ramaiah , Randall Stewart , Peter Lei , Patrick Mahan
发明人： Anantha Ramaiah , Randall Stewart , Peter Lei , Patrick Mahan
IPC分类号： G06F11/30 , G01R31/08 , G06F11/00 , G06F15/16 , G08C15/00 , H04J3/14 , H04J1/16 , H04L12/26
CPC分类号： H04L63/1466 , G06F21/552 , H04L47/27 , H04L47/29 , H04L47/323 , H04L47/34 , H04L63/1416 , H04L63/1458 , H04L69/16 , H04L69/163
摘要： Approaches for preventing TCP data injection attacks in packet-switched networks are disclosed. An ACK message or dummy segment is sent to verify the authenticity of the data in the re-assembly buffer, and to help discard spurious data faster. These approaches involve the sender in detection of spurious data, and make improved use of mechanisms for processing ACK messages that are native to typical TCP implementations. The latter approach may be implemented without modification of the sender's TCP implementation. Further, the receiver's TCP implementation maintains compatibility with RFC 793.
摘要翻译：公开了在分组交换网络中防止TCP数据注入攻击的方法。发送ACK消息或虚拟段以验证重新组装缓冲区中的数据的真实性，并帮助更快地丢弃伪数据。这些方法涉及发送方检测虚假数据，并且改进了用于处理典型TCP实现本身的ACK消息的机制。可以在不修改发送者的TCP实现的情况下实现后一种方法。此外，接收机的TCP实现保持与RFC 793的兼容性。

14. 发明申请

US20060262734A1 Transport protocol connection synchronization 有权
标题翻译：传输协议连接同步
公开(公告)号：US20060262734A1
公开(公告)日：2006-11-23
申请号：US11134686
申请日：2005-05-19
申请人： Chandrashekhar Appanna , Anantha Ramaiah
发明人： Chandrashekhar Appanna , Anantha Ramaiah
IPC分类号： H04L12/28 , H04L12/56
CPC分类号： H04L69/16 , H04L45/121 , H04L69/14 , H04L69/161 , H04L69/163 , H04L69/326
摘要： A system and method supporting synchronization of replicated transport layer connections in a redundant processor telecommunications network element. One method involves receiving, at a network element comprising an active transport protocol process coupled to a standby transport protocol process, information identifying a newly created transport layer connection maintained at the active transport protocol process; assigning a unique connection identifier to the transport layer connection; sending the unique connection identifier, in association with other, protocol-specific connection identifying information, to the standby protocol process; and sending, to the standby transport protocol process, one or more messages comprising one or more properties or statistics associated with the transport layer connection, wherein the messages identify the transport layer connection using the unique connection identifier.
摘要翻译：支持冗余处理器电信网络元件中复制传输层连接同步的系统和方法。一种方法包括在包括与备用传输协议过程相关联的活动传输协议进程的网络元件处接收标识在活动传输协议过程中维护的新创建的传输层连接的信息; 向传输层连接分配唯一的连接标识符; 将与所述协议特定连接识别信息相关联的唯一连接标识符发送到所述备用协议进程; 以及向所述备用传输协议进程发送包括与所述传输层连接相关联的一个或多个属性或统计信息的一个或多个消息，其中所述消息使用所述唯一连接标识符标识所述传输层连接。

15. 发明申请

US20050160478A1 Preventing network data injection attacks 有权
标题翻译：防止网络数据注入攻击
公开(公告)号：US20050160478A1
公开(公告)日：2005-07-21
申请号：US10792146
申请日：2004-03-02
申请人： Anantha Ramaiah , Randall Stewart , Peter Lei , Patrick Mahan
发明人： Anantha Ramaiah , Randall Stewart , Peter Lei , Patrick Mahan
IPC分类号： G06F11/30 , G06F15/173 , H04L9/00 , H04L9/32 , H04L12/56 , H04L29/06
CPC分类号： H04L63/1416 , H04L47/27 , H04L47/29 , H04L47/323 , H04L47/34 , H04L63/1458 , H04L69/16 , H04L69/163
摘要： Approaches for preventing TCP data injection attacks in packet-switched networks are disclosed. A first approach provides for dropping received segments that carry ACK values smaller than the next unacknowledged sequence number expected minus the maximum window size. This approach helps keep spurious injected segments out of the TCP re-assembly buffer. In a second approach, heuristics are used to examine the sequence number of a newly arrived segment, and when the sequence number is the next expected, then the newly arrived segment is used and the contents of the re-assembly buffer are not considered. Further, if the data payload of the newly arrived segment overlaps in sequential order with segments already in the re-assembly buffer, the overlapped segments in the re-assembly buffer are considered spurious and are discarded. Thus, this approach helps remove spurious data from the re-assembly buffer if the first approach somehow fails to prevent the data from entering the re-assembly buffer.
摘要翻译：公开了在分组交换网络中防止TCP数据注入攻击的方法。第一种方法提供丢弃接收的段，其携带ACK值小于预期的下一个未确认序列号减去最大窗口大小。这种方法有助于将伪注入的段保留在TCP重新组装缓冲区之外。在第二种方法中，启发式用于检查新到达的段的序列号，当序列号是下一个预期序列号时，则使用新到达的段，并且不考虑重新组装缓冲区的内容。此外，如果新到达的段的数据有效载荷与已经在重新组装缓冲区中的段按顺序重叠，则重组缓冲区中的重叠段被认为是虚假的并被丢弃。因此，如果第一种方法无法防止数据进入重新组装缓冲区，则此方法有助于从重新组装缓冲区中清除虚假数据。

16. 发明授权

US08705394B2 BGP slow peer detection 有权
标题翻译： BGP慢对等体检测
公开(公告)号：US08705394B2
公开(公告)日：2014-04-22
申请号：US13100181
申请日：2011-05-03
申请人： Balaji Pitta Venkatachalapathy , Isidor Kouvelas , Keyur P. Patel , Anantha Ramaiah
发明人： Balaji Pitta Venkatachalapathy , Isidor Kouvelas , Keyur P. Patel , Anantha Ramaiah
IPC分类号： H04L12/56 , H04L12/26
CPC分类号： H04L41/12 , H04L41/0893 , H04L43/00 , H04L43/0852 , H04L45/02 , H04L45/023 , H04L45/04
摘要： In one embodiment, a router selects a particular peer from an original update group used with an Exterior Gateway Protocol (EGP) such as Border Gateway Protocol (BGP). The original update group includes a plurality of peers of the router that share a same outbound policy and that receive common update messages, from the router, of routing table information. The router determines that the particular peer is a potential slow peer based on a first type of indicia, wherein a slow peer is a peer that cannot keep up with a rate at which the router generates update messages over a prolonged period of time. The router confirms that one or more second types of indicia are consistent with the particular peer being a slow peer. In response to the confirmation, the router determines that the particular peer is a slow peer.
摘要翻译：在一个实施例中，路由器从与诸如边界网关协议（BGP）的外部网关协议（EGP）一起使用的原始更新组中选择特定对等体。原始更新组包括共享相同出站策略并且从路由器接收路由表信息的公共更新消息的路由器的多个对等体。路由器基于第一类型的标记确定特定对等体是潜在的慢对等体，其中慢对等体是不能跟上路由器在较长时间段内生成更新消息的速率的对等体。路由器确认一个或多个第二类型的标记与特定的对等体是慢对等体一致。响应于确认，路由器确定特定对等体是慢对等体。

17. 发明授权

US07801135B2 Transport protocol connection synchronization 有权
标题翻译：传输协议连接同步
公开(公告)号：US07801135B2
公开(公告)日：2010-09-21
申请号：US11134686
申请日：2005-05-19
申请人： Chandrashekhar Appanna , Anantha Ramaiah
发明人： Chandrashekhar Appanna , Anantha Ramaiah
IPC分类号： H04L12/56
CPC分类号： H04L69/16 , H04L45/121 , H04L69/14 , H04L69/161 , H04L69/163 , H04L69/326
摘要： A system and method supporting synchronization of replicated transport layer connections in a redundant processor telecommunications network element. One method involves receiving, at a network element comprising an active transport protocol process coupled to a standby transport protocol process, information identifying a newly created transport layer connection maintained at the active transport protocol process; assigning a unique connection identifier to the transport layer connection; sending the unique connection identifier, in association with other, protocol-specific connection identifying information, to the standby protocol process; and sending, to the standby transport protocol process, one or more messages comprising one or more properties or statistics associated with the transport layer connection, wherein the messages identify the transport layer connection using the unique connection identifier.
摘要翻译：支持冗余处理器电信网络元件中复制传输层连接同步的系统和方法。一种方法包括在包括与备用传输协议过程相关联的活动传输协议进程的网络元件处接收标识在活动传输协议过程中维护的新创建的传输层连接的信息; 向传输层连接分配唯一的连接标识符; 将与所述协议特定连接识别信息相关联的唯一连接标识符发送到所述备用协议进程; 以及向所述备用传输协议进程发送包括与所述传输层连接相关联的一个或多个属性或统计信息的一个或多个消息，其中所述消息使用所述唯一连接标识符标识所述传输层连接。

18. 发明授权

US07650635B2 Method and apparatus for preventing network attacks by authenticating internet control message protocol packets 有权
标题翻译：通过认证互联网控制消息协议包来防止网络攻击的方法和装置
公开(公告)号：US07650635B2
公开(公告)日：2010-01-19
申请号：US10820980
申请日：2004-04-07
申请人： Amol Khare , Mitesh Dalal , Anantha Ramaiah , Sharad Ahlawat
发明人： Amol Khare , Mitesh Dalal , Anantha Ramaiah , Sharad Ahlawat
IPC分类号： G06F9/00 , G06F15/16 , G06F17/00 , G06F12/00 , G06F12/14 , G06F13/00 , G06F12/16 , G11C11/00 , G08B23/00 , G06F15/173
CPC分类号： H04L63/12 , H04L63/1458 , H04L63/1466
摘要： A method of preventing an attack on a network, the method comprising the computer-implemented steps of receiving an ICMP packet that includes a copy of a header associated with a connection in a connection-oriented transport protocol; obtaining a packet sequence value from the header; determining if the packet sequence value is valid; and updating a parameter value associated with the transport protocol connection only if the packet sequence value is determined to be valid. Use of the disclosed method enables authenticating ICMP packets so that responsive measures of a network element, such as adjusting an MTU value, are performed only when the ICMP packet is determined to be authentic.
摘要翻译：一种防止对网络的攻击的方法，所述方法包括计算机实现的步骤，用于接收包括与面向连接的传输协议中的连接相关联的报头的副本的ICMP分组; 从头部获取分组序列值; 确定分组序列值是否有效; 以及仅当所述分组序列值被确定为有效时，才更新与所述传输协议连接相关联的参数值。使用所公开的方法使得能够认证ICMP分组，使得仅当确定ICMP分组是可信的时候才执行诸如调整MTU值的网元的响应度量。

19. 发明授权

US07623464B2 Rapid protocol failure detection 有权
标题翻译：快速协议故障检测
公开(公告)号：US07623464B2
公开(公告)日：2009-11-24
申请号：US10888122
申请日：2004-07-09
申请人： Chandrashekhar Appanna , Anantha Ramaiah , Ruchi Kapoor
发明人： Chandrashekhar Appanna , Anantha Ramaiah , Ruchi Kapoor
IPC分类号： G01R31/08
CPC分类号： H04L41/06 , H04L43/0811 , H04L45/00 , H04L45/04 , H04L45/22 , H04L45/28 , H04L67/14 , H04L69/16 , H04L69/163 , H04L69/40
摘要： A method is disclosed for rapidly detecting a protocol failure. In one embodiment, the method includes receiving an indication that a first process has failed. The first process having been engaged in communications over one or more network connections with a second process. A packet is formed, such that the packet appears to have been formed by the first process. The packet includes one or more data values, which, when received and processed by the second process, will cause the second process to close the network connection. The packet is sent to the second process. When the second process receives the packet, the second process to closes the network connection.
摘要翻译：公开了一种用于快速检测协议故障的方法。在一个实施例中，该方法包括接收第一进程失败的指示。第一进程已经通过一个或多个网络连接进行了第二进程的通信。形成分组，使得分组似乎是由第一进程形成的。该分组包括一个或多个数据值，当由第二进程接收和处理时将使第二进程关闭网络连接。数据包被发送到第二个进程。当第二个进程收到数据包时，第二个进程关闭网络连接。

20. 发明申请

US20060268710A1 Detecting change in a transport protocol window size without data transmission 有权
公开(公告)号：US20060268710A1
公开(公告)日：2006-11-30
申请号：US11133622
申请日：2005-05-19
申请人： Chandrashekhar Appanna , Anantha Ramaiah , Amol Khare
发明人： Chandrashekhar Appanna , Anantha Ramaiah , Amol Khare
IPC分类号： H04J1/16
CPC分类号： H04L69/16 , H04L69/163 , Y10S707/99953 , Y10S707/99955
摘要： A method detects a change in TCP receive window size while preventing fragmentation of data. A TCP stack receives a segment that advertises a receive window size of zero. If data needs to be sent, and only if so, a timer is started. When the timer expires, a TCP segment that contains a first sequence number value equal to second sequence number representing sent but unacknowledged data minus one, and a segment length value of zero, is sent. Without sending a fragment of data, this triggers a peer TCP process to send an updated window size. A TCP ACK segment is received and contains an updated receive window size. If the updated receive window size is greater than a specified value, then the data is sent. Otherwise, a counter is incremented, and the steps are re-performed if the counter is less than a specified value.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式