会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 1. 发明授权
    • Flow control scheme for parallel flows
    • 并行流量流控制方案
    • US08949444B1
    • 2015-02-03
    • US12502808
    • 2009-07-14
    • Qingming MaKannan VaradhanRohini Kasturi
    • Qingming MaKannan VaradhanRohini Kasturi
    • G06F15/16
    • H04L65/105H04L12/2858H04L47/10H04L47/22H04L47/27H04L47/283
    • A method includes a proxy device receiving from a source device a request to establish a flow to a destination device; generating, based on the request, a meta-packet that indicates that the flow to the destination device is to be proxied; determining whether a pre-established flow connecting the proxy device to another proxy device that leads toward the destination device exists; sending the meta-packet on the pre-established flow, when it is determined that the pre-established flow exists; receiving by the other proxy device, the meta-packet, and establishing the flow to the destination device based on the meta-packet, where the proxy devices assign one or more of a source address, a source port, a destination address, or a destination port, associated with the source device and the destination device, to the pre-established flow.
    • 一种方法包括代理设备从源设备接收建立到目的地设备的流的请求; 基于所述请求生成表示到目的地设备的流的代理的元数据包; 确定是否存在将代理设备连接到通向目的地设备的另一个代理设备的预先建立的流程; 当确定预先建立的流程存在时,在预先建立的流程上发送元数据包; 由所述其他代理设备接收所述元数据包,以及基于所述元数据包建立到所述目的地设备的流,其中所述代理设备分配源地址,源端口,目的地地址或者源地址中的一个或多个 与源设备和目标设备相关联的目标端口连接到预先建立的流。
    • 2. 发明申请
    • DYNAMIC MONITORING OF NETWORK TRAFFIC
    • 网络交通动态监测
    • US20120113857A1
    • 2012-05-10
    • US13352790
    • 2012-01-18
    • Krishna NARAYANASWAMYKannan VARADHAN
    • Krishna NARAYANASWAMYKannan VARADHAN
    • H04L12/26
    • H04L43/18
    • A device, connected to a monitoring appliance, may include a traffic analyzer to receive a data unit and identify a traffic flow associated with the data unit. The device may also include a traffic processor to receive the data unit and information regarding the identified traffic flow from the traffic analyzer, determine that the identified traffic flow is to be monitored by the monitoring appliance, change a port number, associated with the data unit, to a particular port number to create a modified data unit when the identified traffic flow is to be monitored by the monitoring appliance, and send the modified data unit to the monitoring appliance.
    • 连接到监视设备的设备可以包括用于接收数据单元并识别与数据单元相关联的业务流的流量分析器。 该设备还可以包括业务处理器以接收数据单元和关于来自业务分析器的所标识的业务流的信息,确定所监视的设备将监视所识别的业务流,改变与数据单元相关联的端口号 到特定端口号,以在所监视设备监视所识别的流量时创建修改的数据单元,并将修改的数据单元发送到监视设备。
    • 3. 发明授权
    • Wireless access to packet-based networks
    • 无线接入基于分组的网络
    • US06654359B1
    • 2003-11-25
    • US09210072
    • 1998-12-11
    • Thomas F. La PortaKazutaka MurakamiRamachandran RamjeeSandra R. ThuelKannan Varadhan
    • Thomas F. La PortaKazutaka MurakamiRamachandran RamjeeSandra R. ThuelKannan Varadhan
    • H04J1228
    • H04L61/2015H04L29/12216H04L29/12301H04L29/12311H04L29/12801H04L61/2076H04L61/2084H04L61/6004H04W40/248H04W40/28H04W40/36H04W80/04H04W88/005
    • Domains are defined to incorporate a subnet including a plurality of base stations and routers. Base stations are used by mobile devices to attach to the wired portion of a packet-based network, such as the Internet, and exchange packets thereover with a correspondent node. Local mobility between domain base stations is provided by including and updating routing table entries at domain routers and base stations for forwarding packets having a mobile device's address as a destination address to the mobile device. Packets are delivered to the mobile device regardless of the domain base station to which the mobile device is attached. When a mobile device is attached to a base station included within a foreign domain, a care-of address is assigned, and packets are tunneled for delivery of packets to the mobile device. Only one care-of address is required per mobile device per foreign domain. Routing table entries used for packet delivery are updated on a purely local subnet basis within domains, whether home domain or foreign domain, making handoffs between base stations substantially transparent to the home agent and the correspondent node.
    • 域被定义为并入包括多个基站和路由器的子网。 移动设备使用基站来附加到诸如因特网的基于分组的网络的有线部分,并且与对应节点交换分组。 通过在域路由器和基站处包括和更新路由表条目来提供域基站之间的本地移动,用于将具有移动设备地址的分组转发到移动设备。 无论移动设备连接到的域基站如何,都将数据包传送到移动设备。 当移动设备附接到包含在外部域中的基站时,分配转交地址,并且分组被隧道传送到移动设备的分组。 每个移动设备每个外国域只需要一个转交地址。 用于分组传递的路由表条目在域内纯属于本地子网进行更新,无论是归属域还是外部域,使基站之间的切换对归属代理和通信节点基本上是透明的。
    • 4. 发明授权
    • Scalable security services for multicast in a router having integrated zone-based firewall
    • 具有集成区域防火墙的路由器中可多播的可扩展安全服务
    • US08713627B2
    • 2014-04-29
    • US12432366
    • 2009-04-29
    • Kannan VaradhanJean-Marc FrailongAnjan Venkatramani
    • Kannan VaradhanJean-Marc FrailongAnjan Venkatramani
    • H04L29/06
    • H04L63/0227H04L12/18H04L45/00H04L45/16H04L45/30H04L63/0254H04L63/104
    • A multicast-capable firewall allows firewall security policies to be applied to multicast traffic. The multicast-capable firewall may be integrated within a routing device, thus allowing a single device to provide both routing functionality, including multicast support, as well as firewall services. The routing device provides a user interface by which a user specifies one or more zones to be recognized by the integrated firewall when applying stateful firewall services to multicast packets. The user interface supports a syntax that allows the user to define subsets of the plurality of interfaces associated with the zones, and define a single multicast policy to be applied to multicast sessions associated with a multicast group. The multicast policy identifies common services to be applied pre-replication, and exceptions specifying additional services to be applied post-replication to copies of the multicast packets for the one or more zones.
    • 具有组播功能的防火墙允许将防火墙安全策略应用于组播流量。 可组播的防火墙可以集成在路由设备内,从而允许单个设备提供包括组播支持在内的路由功能以及防火墙服务。 路由设备提供一个用户界面,用户通过该用户界面指定一个或多个区域,以便在向组播数据包应用状态防火墙服务时由集成防火墙识别。 用户界面支持语法,允许用户定义与区域相关联的多个接口的子集,并且定义要应用于与多播组相关联的多播会话的单个组播策略。 多播策略标识要应用预复制的常用服务,以及将要复制后应用的其他服务指定给一个或多个区域的多播数据包副本的异常。
    • 5. 发明授权
    • Policy handling for multicast transmissions
    • 组播传输的策略处理
    • US08510551B1
    • 2013-08-13
    • US12267938
    • 2008-11-10
    • Purvi DesaiKannan Varadhan
    • Purvi DesaiKannan Varadhan
    • H04L29/06
    • H04L12/18H04L63/0236
    • A device, receives a unicast packet designating a unicast source and a unicast destination, and determines whether the received unicast packet is a Data Register message. The device extracts information relating to a multicast packet encapsulated within the unicast packet when the unicast packet is a Data Register message, and performs a security policy lookup based on the extracted multicast packet information to identify a security policy associated with the multicast packet. The device determines whether the identified security policy authorizes forwarding of the unicast packet, and establishes a multicast data session when the identified security policy authorizes forwarding of the unicast packet. The device establishes a multicast control session based on the multicast data session, where the multicast control session authorizes transmission of PIM-related control messages associated with the multicast packet. The device forwards the unicast packet to the unicast destination based on the multicast data session.
    • 一种设备,接收指定单播源和单播目的地的单播分组,并且确定所接收的单播分组是否是数据注册消息。 当单播分组是数据注册消息时,该装置提取与单播分组中封装的多播分组有关的信息,并且基于所提取的多播分组信息执行安全策略查找,以识别与多播分组相关联的安全策略。 该设备确定所识别的安全策略是否授权转发单播报文,并在所识别的安全策略授权转发单播报文时,建立组播数据会话。 该设备基于组播数据会话建立组播控制会话,组播控制会话授权与组播数据包相关的PIM相关控制消息的传输。 该设备基于组播数据会话将单播报文转发到单播目的地。
    • 6. 发明授权
    • Applying services within MPLS networks
    • 在MPLS网络中应用业务
    • US07948986B1
    • 2011-05-24
    • US12392740
    • 2009-02-25
    • Kaushik GhoshKireeti KompellaKannan Varadhan
    • Kaushik GhoshKireeti KompellaKannan Varadhan
    • H04L12/56
    • H04L45/50
    • In general, techniques are described that facilitate application of service within MPLS networks. More specifically, a router comprises a forwarding plane, a service plane and a routing engine. The routing engine maintains data defining an association between a handle identifying a property common to a plurality of packets of a particular context and one or more MPLS labels associated with these packets. The routing engine automatically generates and installs a filter to identify these packets within both the forwarding and service planes. The forwarding plane applies the filter to incoming packets to determine whether each of the incoming packets includes a label matching any of the labels of the filter and forwards the incoming packets to the service plane upon a match. The service card selects one or more services identified by the filter and applies the selected one or more services to the incoming packet.
    • 一般来说,描述了有助于在MPLS网络中应用服务的技术。 更具体地,路由器包括转发平面,服务平面和路由引擎。 路由引擎维护定义标识特定上下文的多个分组的公共属性的句柄与与这些分组相关联的一个或多个MPLS标签之间的关联的数据。 路由引擎自动生成并安装过滤器,以便在转发和服务平面内识别这些数据包。 转发平面将过滤器应用于传入的数据包,以确定每个传入数据包是否包含与过滤器的任何标签相匹配的标签,并在匹配时将传入数据包转发到服务平面。 服务卡选择由过滤器识别的一个或多个服务,并将所选择的一个或多个服务应用于传入分组。
    • 7. 发明授权
    • Routing device having integrated MPLS-aware firewall
    • 集成MPLS感知防火墙的路由设备
    • US08307422B2
    • 2012-11-06
    • US12271605
    • 2008-11-14
    • Kannan VaradhanJoao Campelo F. N. Gomes
    • Kannan VaradhanJoao Campelo F. N. Gomes
    • G06F15/16
    • H04L63/0272H04L12/4633H04L12/4641H04L45/04H04L45/50H04L45/60H04L63/0227
    • An MPLS-aware firewall allows firewall security policies to be applied to MPLS traffic. The firewall, which may be integrated within a routing device, can be configured into multiple virtual security systems. The routing device provides a user interface by which a user specifies one or more zones to be recognized by the integrated firewall when applying stateful firewall services to the packets. The user interface allows the user to define different zones and policies for different ones of the virtual security systems. In addition, the user interface supports a syntax that allows the user to define the zones for the firewall by specifying the customer VPNs as interfaces associated with the zones. The routing device generates mapping information for the integrated firewall to map the customer VPNs to specific MPLS labels for the MPLS tunnels carrying the customer's traffic.
    • 支持MPLS的防火墙允许将防火墙安全策略应用于MPLS流量。 可以集成在路由设备中的防火墙可以被配置成多个虚拟安全系统。 路由设备提供用户界面,当用户界面向应用状态的防火墙服务应用时,用户指定一个或多个被集成防火墙识别的区域。 用户界面允许用户为不同的虚拟安全系统定义不同的区域和策略。 此外,用户界面支持语法,允许用户通过将客户VPN指定为与区域相关联的接口来定义防火墙的区域。 路由设备生成集成防火墙的映射信息,将客户VPN映射到承载客户流量的MPLS隧道的特定MPLS标签。
    • 8. 发明申请
    • ROUTING DEVICE HAVING INTEGRATED MPLS-AWARE FIREWALL
    • 具有集成的MPLS-AWARE防火墙的路由设备
    • US20100043068A1
    • 2010-02-18
    • US12271605
    • 2008-11-14
    • Kannan VaradhanJoao Campelo F.N. Gomes
    • Kannan VaradhanJoao Campelo F.N. Gomes
    • G06F21/00H04L9/32
    • H04L63/0272H04L12/4633H04L12/4641H04L45/04H04L45/50H04L45/60H04L63/0227
    • An MPLS-aware firewall allows firewall security policies to be applied to MPLS traffic. The firewall, which may be integrated within a routing device, can be configured into multiple virtual security systems. The routing device provides a user interface by which a user specifies one or more zones to be recognized by the integrated firewall when applying stateful firewall services to the packets. The user interface allows the user to define different zones and policies for different ones of the virtual security systems. In addition, the user interface supports a syntax that allows the user to define the zones for the firewall by specifying the customer VPNs as interfaces associated with the zones. The routing device generates mapping information for the integrated firewall to map the customer VPNs to specific MPLS labels for the MPLS tunnels carrying the customer's traffic.
    • 支持MPLS的防火墙允许将防火墙安全策略应用于MPLS流量。 可以集成在路由设备中的防火墙可以被配置成多个虚拟安全系统。 路由设备提供用户界面,当用户界面向应用状态的防火墙服务应用时,用户指定一个或多个被集成防火墙识别的区域。 用户界面允许用户为不同的虚拟安全系统定义不同的区域和策略。 此外,用户界面支持语法,允许用户通过将客户VPN指定为与区域相关联的接口来定义防火墙的区域。 路由设备生成集成防火墙的映射信息,将客户VPN映射到承载客户流量的MPLS隧道的特定MPLS标签。
    • 9. 发明授权
    • Single phase local mobility scheme for wireless access to packet-based networks
    • 用于无线接入基于分组的网络的单相本地移动性方案
    • US07239618B1
    • 2007-07-03
    • US09210213
    • 1998-12-11
    • Thomas F. La PortaKazutaka MurakamiRamachandran RamjeeSandra R. ThuelKannan Varadhan
    • Thomas F. La PortaKazutaka MurakamiRamachandran RamjeeSandra R. ThuelKannan Varadhan
    • H04Q7/00
    • H04L61/2015H04L29/06H04L29/12018H04L29/12216H04L29/12301H04L29/12311H04L29/12801H04L61/10H04L61/2076H04L61/2084H04L61/6004H04W8/087H04W36/04H04W80/04
    • Local mobility within a subnet is supported by classifying wireless base stations, and the routers used to forward packets to those base stations, within defined domains. Domains are defined to incorporate a subnet having a plurality of base stations. Base stations are used by mobile devices to attach to the wired portion of a packet-based network, such as the Internet, and exchange packets thereover with a correspondent node. Packets sent from the correspondent node to the mobile device have a packet destination address corresponding to the mobile device. The mobile device retains this address for the duration of time it is powered up and attached to the Internet via any base station within a given domain. Host-based routing is utilized to update routing table entries corresponding to the mobile device at routers incorporated within a single domain. The routing table entries are established and updated via path setup schemes to convey packets destined for the mobile device along the proper established path through the domain routers and base stations, regardless of the domain base station through which the mobile device is attached. Path setup schemes utilize power up, refresh, and handoff path setup messages to maintain the proper relationship between router interfaces and packet addresses for routing table entries.
    • 通过对无线基站进行分类来支持子网内的本地移动性,并且用于将数据包转发到定义域内的那些基站的路由器。 域定义为包含具有多个基站的子网。 移动设备使用基站来附加到诸如因特网的基于分组的网络的有线部分,并且与对应节点交换分组。 从通信节点发送到移动设备的分组具有对应于移动设备的分组目的地地址。 移动设备在其被加电并且经由给定域内的任何基站连接到因特网的时间内保留该地址。 基于主机的路由用于在单个域内的路由器上更新与移动设备相对应的路由表条目。 通过路径设置方案建立和更新路由表条目,以便通过域路由器和基站传送去往移动设备的分组沿着适当的建立路径,而不管移动设备通过哪个域基站。 路径设置方案利用上电,刷新和切换路径建立消息来维护路由器接口和路由表条目的包地址之间的适当关系。
    • 10. 发明授权
    • Dynamic monitoring of network traffic
    • 动态监控网络流量
    • US08619614B2
    • 2013-12-31
    • US13352790
    • 2012-01-18
    • Krishna NarayanaswamyKannan Varadhan
    • Krishna NarayanaswamyKannan Varadhan
    • H04L12/26H04L12/28H04L12/54G06F15/173
    • H04L43/18
    • A device, connected to a monitoring appliance, may include a traffic analyzer to receive a data unit and identify a traffic flow associated with the data unit. The device may also include a traffic processor to receive the data unit and information regarding the identified traffic flow from the traffic analyzer, determine that the identified traffic flow is to be monitored by the monitoring appliance, change a port number, associated with the data unit, to a particular port number to create a modified data unit when the identified traffic flow is to be monitored by the monitoring appliance, and send the modified data unit to the monitoring appliance.
    • 连接到监视设备的设备可以包括用于接收数据单元并识别与数据单元相关联的业务流的流量分析器。 该设备还可以包括业务处理器以接收数据单元和关于来自业务分析器的所标识的业务流的信息,确定所监视的设备将监视所识别的业务流,改变与数据单元相关联的端口号 到特定端口号,以在所监视设备监视所识别的流量时创建修改的数据单元,并将修改的数据单元发送到监视设备。