会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 61. 发明授权
    • Method and apparatus for enforcing packet destination specific priority using threads
    • 使用线程强制分组目的地特定优先级的方法和装置
    • US07499457B1
    • 2009-03-03
    • US11112584
    • 2005-04-22
    • Nicolas G. DrouxSunay Tripathi
    • Nicolas G. DrouxSunay Tripathi
    • H04L12/28
    • H04L47/10H04L47/2433H04L47/2441H04L47/2458
    • A method for processing a plurality of packets that includes receiving the plurality of packets from a network, analyzing each of the plurality of packets by a classifier to determine to which of a plurality of temporary data structures each of the plurality of packet is to be forwarded, forwarding each of the plurality of packets to one of the plurality of temporary data structures as determined by the classifier, forwarding a plurality of packets from the one of the plurality of temporary data structures to a virtual serialization queue associated with the one of the plurality of temporary data structures, wherein the virtual serialization queue is bound to a thread having a processing priority, and processing the plurality of packets on the virtual serialization queue using at least one processor bound to the virtual serialization queue and the processing priority.
    • 一种用于处理多个分组的方法,包括从网络接收所述多个分组,通过分类器分析所述多个分组中的每个分组,以确定所述多个分组中的每一个将被转发到多个临时数据结构中的哪一个 将所述多个分组中的每一个转发到由所述分类器确定的所述多个临时数据结构之一,将多个分组从所述多个临时数据结构之一转发到与所述多个临时数据结构中的一个相关联的虚拟序列化队列 临时数据结构,其中所述虚拟序列化队列绑定到具有处理优先级的线程,并且使用绑定到所述虚拟序列化队列和所述处理优先级的至少一个处理器来处理所述虚拟序列化队列上的所述多个分组。
    • 62. 发明申请
    • Virtual network interface card loopback fastpath
    • 虚拟网络接口卡环回快速路径
    • US20080002663A1
    • 2008-01-03
    • US11479946
    • 2006-06-30
    • Sunay TripathiErik NordmarkNicolas G. Droux
    • Sunay TripathiErik NordmarkNicolas G. Droux
    • H04L12/28
    • H04L45/00H04L45/586
    • A method for routing packets includes receiving an outbound packet issued by a first virtual machine, wherein the first virtual machine is located on a host, determining a packet destination associated with the outbound packet, querying a routing table for a routing entry corresponding to the packet destination, wherein the routing table comprises a first routing entry referencing an external host and a second routing entry referencing a second virtual machine, wherein the second virtual machine is located on the host, if the routing entry corresponding to the packet destination is the first routing entry, passing the packet to the external host, and if the routing entry corresponding to the packet destination is the second routing entry, passing the packet to the second virtual machine.
    • 路由分组的方法包括接收由第一虚拟机发出的出站分组,其中所述第一虚拟机位于主机上,确定与所述出站分组相关联的分组目的地,向所述路由表查询与所述分组对应的路由表项 目的地,其中所述路由表包括引用外部主机的第一路由条目和引用第二虚拟机的第二路由条目,其中所述第二虚拟机位于所述主机上,如果对应于所述分组目的地的路由条目是所述第一路由 将分组传递到外部主机,如果与分组目的地相对应的路由条目是第二路由条目,则将分组传递到第二虚拟机。
    • 63. 发明授权
    • Method and system for enforcing security policies on network traffic
    • 执行网络流量安全策略的方法和系统
    • US09059965B2
    • 2015-06-16
    • US12494910
    • 2009-06-30
    • Nicolas G. DrouxSunay TripathiEric T. Cheng
    • Nicolas G. DrouxSunay TripathiEric T. Cheng
    • G06F9/00H04L29/06
    • H04L63/0227
    • A computer readable medium that includes computer readable program code embodied therein. The computer readable medium causes the computer system to receive, by a data link rule enforcer, a packet from a packet source of the packets, and obtain a data link rule applying to a data link. The data link is operatively connected to the packet source, and the data link is associated with a media access control (MAC) address. The computer readable medium further causes the computer system to determine, by the data link rule enforcer, whether the packet complies with the data link rule, and drop, by the data link rule enforcer, the packet when the packet fails to comply with the data link rule.
    • 一种计算机可读介质,包括其中体现的计算机可读程序代码。 计算机可读介质使得计算机系统通过数据链路规则执行器从分组的分组源接收分组,并获得应用于数据链路的数据链路规则。 数据链路可操作地连接到分组源,并且数据链路与媒体访问控制(MAC)地址相关联。 计算机可读介质还使得计算机系统通过数据链路规则执行器确定分组是否符合数据链路规则,并且在分组不符合数据时由数据链路规则执行器丢弃分组 链接规则。
    • 64. 发明授权
    • Method and system for maintaining direct hardware access in the event of network interface card failure
    • 在网络接口卡故障的情况下维护直接硬件访问的方法和系统
    • US08726093B2
    • 2014-05-13
    • US12827973
    • 2010-06-30
    • Nicolas G. DrouxSunay Tripathi
    • Nicolas G. DrouxSunay Tripathi
    • G06F11/00
    • G06F11/2005G06F2009/45595G06F2201/815H04L41/0668
    • A system for maintaining direct hardware access in the event of PNIC failure. A host for the system includes: a processor; a first and a second PNIC, where the first PNIC is activated and all other PNICs are deactivated; a host operating system; a virtual machine; and a hypervisor for transferring packets between the host operating system and the virtual machine. The host operating system includes a link aggregator, multiple host VNICs, and a virtual switch associated with the VNICs. The first virtual machine includes a virtual network protocol stack and a guest VNIC. The link aggregator is configured to determine whether the first PNIC has failed. Based on a determination that the first PNIC has failed, the link aggregator is further configured to: remove a virtual function mapping between the first PNIC and the virtual machine; determine the second PNIC; deactivate the first PNIC; and activate the second PNIC.
    • 在PNIC发生故障的情况下维护直接硬件访问的系统。 该系统的主机包括:一个处理器; 第一和第二PNIC,其中第一PNIC被激活并且所有其他PNIC被去激活; 主机操作系统; 虚拟机; 以及用于在主机操作系统和虚拟机之间传送数据包的管理程序。 主机操作系统包括链路聚合器,多个主机VNIC以及与VNIC相关联的虚拟交换机。 第一个虚拟机包括虚拟网络协议栈和客户端VNIC。 链路聚合器被配置为确定第一PNIC是否已经失败。 基于第一PNIC已经失败的确定,链路聚合器还被配置为:去除第一PNIC和虚拟机之间的虚拟功能映射; 确定第二个PNIC; 停用第一个PNIC; 并激活第二个PNIC。
    • 67. 发明授权
    • Serialization queue framework for transmitting packets
    • 用于传输数据包的序列化队列框架
    • US08149709B2
    • 2012-04-03
    • US11479143
    • 2006-06-30
    • Thirumalai SrinivasanSunay TripathiNicolas G. Droux
    • Thirumalai SrinivasanSunay TripathiNicolas G. Droux
    • G01R31/08H04L12/28
    • H04L47/10H04L47/196H04L47/20H04L47/22H04L47/2441
    • A method for sending packets. The method includes determining with which of a plurality of virtual serialization queues (VSQs) a first packet is associated, wherein a first application is attempting to issue the first packet, if a first VSQ of the plurality of VSQs has not exceeded a first bandwidth allocation, wherein the first VSQ is associated with the first packet and is associated with the first bandwidth allocation, then sending the first packet to the first VSQ, processing the first packet by a first virtual network stack (VNS) to obtain a first processed packet, wherein the first VSQ is associated with the first VNS, and sending the first processed packet to a physical network interface card (NIC) operatively connected to the first VNS. Alternatively, if the first VSQ has exceeded the first bandwidth allocation, then blocking the first application from issuing the first packet.
    • 一种发送数据包的方法。 该方法包括:确定与第一分组相关联的多个虚拟序列化队列(VSQ)中的哪一个,其中第一应用正试图发布第一分组,如果多个VSQ中的第一VSQ尚未超过第一带宽分配 ,其中所述第一VSQ与所述第一分组相关联并且与所述第一带宽分配相关联,然后将所述第一分组发送到所述第一VSQ,通过第一虚拟网络堆栈(VNS)处理所述第一分组以获得第一处理分组, 其中所述第一VSQ与所述第一VNS相关联,以及将所述第一经处理的分组发送到可操作地连接到所述第一VNS的物理网络接口卡(NIC)。 或者,如果第一VSQ已超过第一带宽分配,则阻止第一应用发出第一分组。
    • 68. 发明授权
    • Multiple virtual network stack instances
    • 多个虚拟网络堆栈实例
    • US07894453B2
    • 2011-02-22
    • US11489929
    • 2006-07-20
    • Erik NordmarkNicolas G. DrouxSunay Tripathi
    • Erik NordmarkNicolas G. DrouxSunay Tripathi
    • H04L12/28
    • H04L45/00H04L45/10
    • A method for processing packets that includes receiving a first packet for a first target on a host, prior to sending the packet to a Network Layer in the host, determining the first target of the first packet, obtaining a first target ID associated with the first target, obtaining a first virtual network stack (VNS) instance ID using the first target ID, and obtaining a first VNS Instance parameter using the first VNS instance ID, sending the first packet to the Network Layer, and processing the first packet in the Network Layer using the first VNS Instance parameter to obtain a first network processed packet.
    • 一种处理分组的方法,包括在将分组发送到主机中的网络层之前接收主机上的第一目标的第一分组,确定第一分组的第一目标,获得与第一分组相关联的第一目标ID 使用所述第一目标ID获取第一虚拟网络栈(VNS)实例ID,以及使用所述第一VNS实例ID获取第一VNS实例参数,将所述第一分组发送到所述网络层,以及处理所述网络中的所述第一分组 使用第一个VNS Instance参数来获取第一个网络处理的数据包。
    • 69. 发明申请
    • METHOD AND SYSTEM FOR ENFORCING SECURITY POLICIES ON NETWORK TRAFFIC
    • 执行网络交通安全政策的方法和系统
    • US20100333189A1
    • 2010-12-30
    • US12494910
    • 2009-06-30
    • Nicolas G. DrouxSunay TripathiEric T. Cheng
    • Nicolas G. DrouxSunay TripathiEric T. Cheng
    • G06F9/00
    • H04L63/0227
    • A computer readable medium that includes computer readable program code embodied therein. The computer readable medium causes the computer system to receive, by a data link rule enforcer, a packet from a packet source of the packets, and obtain a data link rule applying to a data link. The data link is operatively connected to the packet source, and the data link is associated with a media access control (MAC) address. The computer readable medium further causes the computer system to determine, by the data link rule enforcer, whether the packet complies with the data link rule, and drop, by the data link rule enforcer, the packet when the packet fails to comply with the data link rule.
    • 一种计算机可读介质,包括其中体现的计算机可读程序代码。 计算机可读介质使得计算机系统通过数据链路规则执行器从分组的分组源接收分组,并获得应用于数据链路的数据链路规则。 数据链路可操作地连接到分组源,并且数据链路与媒体访问控制(MAC)地址相关联。 计算机可读介质还使得计算机系统通过数据链路规则执行器确定分组是否符合数据链路规则,并且在分组不符合数据时由数据链路规则执行器丢弃分组 链接规则。