专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08949444B1 Flow control scheme for parallel flows 有权
标题翻译：并行流量流控制方案
公开(公告)号：US08949444B1
公开(公告)日：2015-02-03
申请号：US12502808
申请日：2009-07-14
申请人： Qingming Ma , Kannan Varadhan , Rohini Kasturi
发明人： Qingming Ma , Kannan Varadhan , Rohini Kasturi
IPC分类号： G06F15/16
CPC分类号： H04L65/105 , H04L12/2858 , H04L47/10 , H04L47/22 , H04L47/27 , H04L47/283
摘要： A method includes a proxy device receiving from a source device a request to establish a flow to a destination device; generating, based on the request, a meta-packet that indicates that the flow to the destination device is to be proxied; determining whether a pre-established flow connecting the proxy device to another proxy device that leads toward the destination device exists; sending the meta-packet on the pre-established flow, when it is determined that the pre-established flow exists; receiving by the other proxy device, the meta-packet, and establishing the flow to the destination device based on the meta-packet, where the proxy devices assign one or more of a source address, a source port, a destination address, or a destination port, associated with the source device and the destination device, to the pre-established flow.
摘要翻译：一种方法包括代理设备从源设备接收建立到目的地设备的流的请求; 基于所述请求生成表示到目的地设备的流的代理的元数据包; 确定是否存在将代理设备连接到通向目的地设备的另一个代理设备的预先建立的流程; 当确定预先建立的流程存在时，在预先建立的流程上发送元数据包; 由所述其他代理设备接收所述元数据包，以及基于所述元数据包建立到所述目的地设备的流，其中所述代理设备分配源地址，源端口，目的地地址或者源地址中的一个或多个与源设备和目标设备相关联的目标端口连接到预先建立的流。

2. 发明申请

US20120113857A1 DYNAMIC MONITORING OF NETWORK TRAFFIC 有权
标题翻译：网络交通动态监测
公开(公告)号：US20120113857A1
公开(公告)日：2012-05-10
申请号：US13352790
申请日：2012-01-18
申请人： Krishna NARAYANASWAMY , Kannan VARADHAN
发明人： Krishna NARAYANASWAMY , Kannan VARADHAN
IPC分类号： H04L12/26
CPC分类号： H04L43/18
摘要： A device, connected to a monitoring appliance, may include a traffic analyzer to receive a data unit and identify a traffic flow associated with the data unit. The device may also include a traffic processor to receive the data unit and information regarding the identified traffic flow from the traffic analyzer, determine that the identified traffic flow is to be monitored by the monitoring appliance, change a port number, associated with the data unit, to a particular port number to create a modified data unit when the identified traffic flow is to be monitored by the monitoring appliance, and send the modified data unit to the monitoring appliance.
摘要翻译：连接到监视设备的设备可以包括用于接收数据单元并识别与数据单元相关联的业务流的流量分析器。该设备还可以包括业务处理器以接收数据单元和关于来自业务分析器的所标识的业务流的信息，确定所监视的设备将监视所识别的业务流，改变与数据单元相关联的端口号到特定端口号，以在所监视设备监视所识别的流量时创建修改的数据单元，并将修改的数据单元发送到监视设备。

3. 发明授权

US06654359B1 Wireless access to packet-based networks 失效
标题翻译：无线接入基于分组的网络
公开(公告)号：US06654359B1
公开(公告)日：2003-11-25
申请号：US09210072
申请日：1998-12-11
申请人： Thomas F. La Porta , Kazutaka Murakami , Ramachandran Ramjee , Sandra R. Thuel , Kannan Varadhan
发明人： Thomas F. La Porta , Kazutaka Murakami , Ramachandran Ramjee , Sandra R. Thuel , Kannan Varadhan
IPC分类号： H04J1228
CPC分类号： H04L61/2015 , H04L29/12216 , H04L29/12301 , H04L29/12311 , H04L29/12801 , H04L61/2076 , H04L61/2084 , H04L61/6004 , H04W40/248 , H04W40/28 , H04W40/36 , H04W80/04 , H04W88/005
摘要： Domains are defined to incorporate a subnet including a plurality of base stations and routers. Base stations are used by mobile devices to attach to the wired portion of a packet-based network, such as the Internet, and exchange packets thereover with a correspondent node. Local mobility between domain base stations is provided by including and updating routing table entries at domain routers and base stations for forwarding packets having a mobile device's address as a destination address to the mobile device. Packets are delivered to the mobile device regardless of the domain base station to which the mobile device is attached. When a mobile device is attached to a base station included within a foreign domain, a care-of address is assigned, and packets are tunneled for delivery of packets to the mobile device. Only one care-of address is required per mobile device per foreign domain. Routing table entries used for packet delivery are updated on a purely local subnet basis within domains, whether home domain or foreign domain, making handoffs between base stations substantially transparent to the home agent and the correspondent node.
摘要翻译：域被定义为并入包括多个基站和路由器的子网。移动设备使用基站来附加到诸如因特网的基于分组的网络的有线部分，并且与对应节点交换分组。通过在域路由器和基站处包括和更新路由表条目来提供域基站之间的本地移动，用于将具有移动设备地址的分组转发到移动设备。无论移动设备连接到的域基站如何，都将数据包传送到移动设备。当移动设备附接到包含在外部域中的基站时，分配转交地址，并且分组被隧道传送到移动设备的分组。每个移动设备每个外国域只需要一个转交地址。用于分组传递的路由表条目在域内纯属于本地子网进行更新，无论是归属域还是外部域，使基站之间的切换对归属代理和通信节点基本上是透明的。

4. 发明授权

US08713627B2 Scalable security services for multicast in a router having integrated zone-based firewall 有权
标题翻译：具有集成区域防火墙的路由器中可多播的可扩展安全服务
公开(公告)号：US08713627B2
公开(公告)日：2014-04-29
申请号：US12432366
申请日：2009-04-29
申请人： Kannan Varadhan , Jean-Marc Frailong , Anjan Venkatramani
发明人： Kannan Varadhan , Jean-Marc Frailong , Anjan Venkatramani
IPC分类号： H04L29/06
CPC分类号： H04L63/0227 , H04L12/18 , H04L45/00 , H04L45/16 , H04L45/30 , H04L63/0254 , H04L63/104
摘要： A multicast-capable firewall allows firewall security policies to be applied to multicast traffic. The multicast-capable firewall may be integrated within a routing device, thus allowing a single device to provide both routing functionality, including multicast support, as well as firewall services. The routing device provides a user interface by which a user specifies one or more zones to be recognized by the integrated firewall when applying stateful firewall services to multicast packets. The user interface supports a syntax that allows the user to define subsets of the plurality of interfaces associated with the zones, and define a single multicast policy to be applied to multicast sessions associated with a multicast group. The multicast policy identifies common services to be applied pre-replication, and exceptions specifying additional services to be applied post-replication to copies of the multicast packets for the one or more zones.
摘要翻译：具有组播功能的防火墙允许将防火墙安全策略应用于组播流量。可组播的防火墙可以集成在路由设备内，从而允许单个设备提供包括组播支持在内的路由功能以及防火墙服务。路由设备提供一个用户界面，用户通过该用户界面指定一个或多个区域，以便在向组播数据包应用状态防火墙服务时由集成防火墙识别。用户界面支持语法，允许用户定义与区域相关联的多个接口的子集，并且定义要应用于与多播组相关联的多播会话的单个组播策略。多播策略标识要应用预复制的常用服务，以及将要复制后应用的其他服务指定给一个或多个区域的多播数据包副本的异常。

5. 发明授权

US08510551B1 Policy handling for multicast transmissions 有权
标题翻译：组播传输的策略处理
公开(公告)号：US08510551B1
公开(公告)日：2013-08-13
申请号：US12267938
申请日：2008-11-10
申请人： Purvi Desai , Kannan Varadhan
发明人： Purvi Desai , Kannan Varadhan
IPC分类号： H04L29/06
CPC分类号： H04L12/18 , H04L63/0236
摘要： A device, receives a unicast packet designating a unicast source and a unicast destination, and determines whether the received unicast packet is a Data Register message. The device extracts information relating to a multicast packet encapsulated within the unicast packet when the unicast packet is a Data Register message, and performs a security policy lookup based on the extracted multicast packet information to identify a security policy associated with the multicast packet. The device determines whether the identified security policy authorizes forwarding of the unicast packet, and establishes a multicast data session when the identified security policy authorizes forwarding of the unicast packet. The device establishes a multicast control session based on the multicast data session, where the multicast control session authorizes transmission of PIM-related control messages associated with the multicast packet. The device forwards the unicast packet to the unicast destination based on the multicast data session.
摘要翻译：一种设备，接收指定单播源和单播目的地的单播分组，并且确定所接收的单播分组是否是数据注册消息。当单播分组是数据注册消息时，该装置提取与单播分组中封装的多播分组有关的信息，并且基于所提取的多播分组信息执行安全策略查找，以识别与多播分组相关联的安全策略。该设备确定所识别的安全策略是否授权转发单播报文，并在所识别的安全策略授权转发单播报文时，建立组播数据会话。该设备基于组播数据会话建立组播控制会话，组播控制会话授权与组播数据包相关的PIM相关控制消息的传输。该设备基于组播数据会话将单播报文转发到单播目的地。

6. 发明授权

US07948986B1 Applying services within MPLS networks 有权
标题翻译：在MPLS网络中应用业务
公开(公告)号：US07948986B1
公开(公告)日：2011-05-24
申请号：US12392740
申请日：2009-02-25
申请人： Kaushik Ghosh , Kireeti Kompella , Kannan Varadhan
发明人： Kaushik Ghosh , Kireeti Kompella , Kannan Varadhan
IPC分类号： H04L12/56
CPC分类号： H04L45/50
摘要： In general, techniques are described that facilitate application of service within MPLS networks. More specifically, a router comprises a forwarding plane, a service plane and a routing engine. The routing engine maintains data defining an association between a handle identifying a property common to a plurality of packets of a particular context and one or more MPLS labels associated with these packets. The routing engine automatically generates and installs a filter to identify these packets within both the forwarding and service planes. The forwarding plane applies the filter to incoming packets to determine whether each of the incoming packets includes a label matching any of the labels of the filter and forwards the incoming packets to the service plane upon a match. The service card selects one or more services identified by the filter and applies the selected one or more services to the incoming packet.
摘要翻译：一般来说，描述了有助于在MPLS网络中应用服务的技术。更具体地，路由器包括转发平面，服务平面和路由引擎。路由引擎维护定义标识特定上下文的多个分组的公共属性的句柄与与这些分组相关联的一个或多个MPLS标签之间的关联的数据。路由引擎自动生成并安装过滤器，以便在转发和服务平面内识别这些数据包。转发平面将过滤器应用于传入的数据包，以确定每个传入数据包是否包含与过滤器的任何标签相匹配的标签，并在匹配时将传入数据包转发到服务平面。服务卡选择由过滤器识别的一个或多个服务，并将所选择的一个或多个服务应用于传入分组。

7. 发明授权

US08316435B1 Routing device having integrated MPLS-aware firewall with virtual security system support 有权
标题翻译：具有集成MPLS感知防火墙和虚拟安全系统支持的路由设备
公开(公告)号：US08316435B1
公开(公告)日：2012-11-20
申请号：US12271585
申请日：2008-11-14
申请人： Kannan Varadhan , Joao Campelo F. N. Gomes
发明人： Kannan Varadhan , Joao Campelo F. N. Gomes
IPC分类号： H04L29/06
CPC分类号： H04L45/50 , H04L45/60 , H04L63/0254 , H04L63/0272
摘要： An MPLS-aware firewall allows firewall security policies to be applied to MPLS traffic. The firewall, which may be integrated within a routing device, can be configured into multiple virtual security systems. The routing device provides a user interface by which a user specifies one or more zones to be recognized by the integrated firewall when applying stateful firewall services to the packets. The user interface allows the user to define different zones and policies for different ones of the virtual security systems. In addition, the user interface supports a syntax that allows the user to define the zones for the firewall by specifying the customer VPNs as interfaces associated with the zones. The routing device generates mapping information for the integrated firewall to map the customer VPNs to specific MPLS labels for the MPLS tunnels carrying the customer's traffic.
摘要翻译：支持MPLS的防火墙允许将防火墙安全策略应用于MPLS流量。可以集成在路由设备中的防火墙可以被配置成多个虚拟安全系统。路由设备提供用户界面，当用户界面向应用状态的防火墙服务应用时，用户指定一个或多个被集成防火墙识别的区域。用户界面允许用户为不同的虚拟安全系统定义不同的区域和策略。此外，用户界面支持语法，允许用户通过将客户VPN指定为与区域相关联的接口来定义防火墙的区域。路由设备生成集成防火墙的映射信息，将客户VPN映射到承载客户流量的MPLS隧道的特定MPLS标签。

8. 发明授权

US08300532B1 Forwarding plane configuration for separation of services and forwarding in an integrated services router 有权
标题翻译：转发平面配置，用于在综合业务路由器中分离业务和转发
公开(公告)号：US08300532B1
公开(公告)日：2012-10-30
申请号：US12235677
申请日：2008-09-23
申请人： Anjan Venkatramani , Kannan Varadhan , Jean-Marc Frailong , Sanjay Gupta , Linda Sun , Sankar Ramamoorthi , Pradeep Sindhu , Anand S. Athreya , Chih-Wei Chao , Shuhua Ge
发明人： Anjan Venkatramani , Kannan Varadhan , Jean-Marc Frailong , Sanjay Gupta , Linda Sun , Sankar Ramamoorthi , Pradeep Sindhu , Anand S. Athreya , Chih-Wei Chao , Shuhua Ge
IPC分类号： H04L12/26 , H04L12/56
CPC分类号： H04L45/306 , H04L45/38
摘要： A method may include receiving a packet at an ingress line interface in a forwarding plane of a network element, the packet including header information. The method may also include conducting a flow table lookup in the forwarding plane to identify an existing flow for the packet and determining, in the forwarding plane and based on the header information, whether a predicted flow can be identified for the packet if an existing flow can not be identified. The method may further include performing a service access control list (ACL) lookup in the forwarding plane if a predicted flow can not be identified; and forwarding the packet to one of a services plane or an egress line interface in the forwarding plane based on one of the existing flow, the predicted flow, or the service ACL lookup.
摘要翻译：方法可以包括在网元的转发平面中的入口线路接口处接收分组，该分组包括报头信息。该方法还可以包括在转发平面中进行流表查找以识别分组的现有流，并且在转发平面中并且基于报头信息来确定是否可以为分组识别预测流，如果现有流无法识别。该方法还可以包括如果不能识别预测流，则在转发平面中执行服务访问控制列表（ACL）查找; 以及基于现有流，预测流或服务ACL查找之一将分组转发到转发平面中的服务平面或出口线路接口之一。

9. 发明授权

US08102783B1 Dynamic monitoring of network traffic 有权
标题翻译：动态监控网络流量
公开(公告)号：US08102783B1
公开(公告)日：2012-01-24
申请号：US12365520
申请日：2009-02-04
申请人： Krishna Narayanaswamy , Kannan Varadhan
发明人： Krishna Narayanaswamy , Kannan Varadhan
IPC分类号： G06F11/30 , H04L12/28 , H04J3/16
CPC分类号： H04L43/18
摘要： A device, connected to a monitoring appliance, may include a traffic analyzer to receive a data unit and identify a traffic flow associated with the data unit. The device may also include a traffic processor to receive the data unit and information regarding the identified traffic flow from the traffic analyzer, determine that the identified traffic flow is to be monitored by the monitoring appliance, change a port number, associated with the data unit, to a particular port number to create a modified data unit when the identified traffic flow is to be monitored by the monitoring appliance, and send the modified data unit to the monitoring appliance.
摘要翻译：连接到监视设备的设备可以包括用于接收数据单元并识别与数据单元相关联的业务流的流量分析器。该设备还可以包括业务处理器以接收数据单元和关于来自业务分析器的所标识的业务流的信息，确定所监视的设备将监视所识别的业务流，改变与数据单元相关联的端口号到特定端口号，以在所监视设备监视所识别的流量时创建修改的数据单元，并将修改的数据单元发送到监视设备。

10. 发明授权

US06496505B2 Packet tunneling optimization to wireless devices accessing packet-based wired networks 有权
标题翻译：分组隧道优化到接入基于分组的有线网络的无线设备
公开(公告)号：US06496505B2
公开(公告)日：2002-12-17
申请号：US09210487
申请日：1998-12-11
申请人： Thomas F. La Porta , Ramachandran Ramjee , Kannan Varadhan
发明人： Thomas F. La Porta , Ramachandran Ramjee , Kannan Varadhan
IPC分类号： H04L1228
CPC分类号： H04W8/085 , H04L29/06 , H04W8/26 , H04W80/04
摘要： A tunneling optimization is described in which packets are forwarded from a home agent to a mobile device by co-locating a foreign agent corresponding to a mobile device at the mobile device. When a mobile device acquires a new foreign agent, the mobile device notifies the home agent as to the corresponding foreign agent address. A packet received at the home agent having the mobile device as a packet header destination address is parsed and the foreign agent address is substituted for the mobile device address, and the packet is forwarded to the foreign agent. The foreign agent, upon receiving the packet, removes the foreign agent address and replaces the mobile device address as the packet header destination address. The packet is then forwarded to the mobile device.
摘要翻译：描述了隧道优化，其中通过在移动设备处共同定位对应于移动设备的外部代理，将分组从归属代理转发到移动设备。当移动设备获取新的外部代理时，移动设备通知归属代理关于相应的外部代理地址。解析在归属代理处接收到的具有移动设备作为分组报头目的地地址的分组，并且将外部代理地址替换为移动设备地址，并将分组转发给外部代理。外部代理在接收到分组后，移除外部代理地址，并将移动设备地址替换为分组头目的地址。然后将数据包转发到移动设备。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式