公开(公告)号：US10361947B2

公开(公告)日：2019-07-23

申请号：US15652965

申请日：2017-07-18

Applicant: Huawei Technologies Co., Ltd.

Inventor： Tao Wan ,  Peter Ashwood-Smith ,  Mehdi Arashmid Akhavain Mohammadi ,  Yapeng Wu ,  Xingjun Chu ,  Guoli Yin

IPC: H04L12/721 ,  H04L12/725

Abstract: A source routing method and apparatus are provided. The method includes receiving a data packet that comprises a destination address, a source address, and a payload, determining a plurality of next-hops along a service chain path between the source address and the destination address, generating a source routed data packet that comprises the destination address, the source address, the plurality of next-hops, and the payload, setting the destination address of the source routed data packet to a first next-hop from the plurality of next-hops along the service chain path, and forwarding the source routed data packet in accordance with the destination address.

公开(公告)号：US10015162B2

公开(公告)日：2018-07-03

申请号：US14709180

申请日：2015-05-11

Applicant: Huawei Technologies Co., Ltd.

Inventor： Yinfeng Yu ,  Mehdi Arashmid Akhavain Mohammadi ,  Tao Wan ,  Guoli Yin ,  Xingjun Chu ,  Khaldoon Al Zoubi ,  Yapeng Wu

IPC: H04L29/06

CPC classification number: H04L63/083 ,  H04L41/28 ,  H04L43/50 ,  H04L63/0227 ,  H04L63/0236 ,  H04L63/029 ,  H04L63/08

Abstract: A method implemented by a network firewall, comprising obtaining a first authentication token for a network test, receiving a test request message for performing the network test on a network element (NE) connected to the network firewall, authenticating the test request message by determining whether the test request message includes a second authentication token that matches the first authentication token, and granting the network test on the NE when the second authentication token matches the first authentication token.

公开(公告)号：US09736063B2

公开(公告)日：2017-08-15

申请号：US14623842

申请日：2015-02-17

Applicant: Huawei Technologies Co., Ltd.

Inventor： Tao Wan ,  Peter Ashwood-Smith ,  Mehdi Arashmid Akhavain Mohammadi ,  Yapeng Wu ,  Xingjun Chu ,  Guoli Yin

IPC: H04L12/721 ,  H04L12/725

CPC classification number: H04L45/34 ,  H04L45/306

Abstract: A service chaining method comprising receiving a source routed data packet, wherein the source routed data packet comprises a destination address and identifies a plurality of next-hops along a service chain path, identifying a next-hop for the source routed data packet using the plurality of next-hops, determining whether the next-hop is source routing capable, setting the destination address of the source routed data packet in accordance with the determination, wherein the destination address is set to the next-hop when the next-hop is source routing capable, and wherein the destination address is set to a next downstream network node that is source routing capable when the next-hop is not source routing capable, and forwarding the source routed data packet to the next-hop.

公开(公告)号：US20160241471A1

公开(公告)日：2016-08-18

申请号：US14623840

申请日：2015-02-17

Applicant: Huawei Technologies Co., Ltd.

Inventor： Tao Wan ,  Yapeng Wu ,  Xingjun Chu ,  Peter Ashwood-Smith ,  Guoli Yin

IPC: H04L12/741 ,  H04L29/12

CPC classification number: H04L45/74 ,  H04L45/66 ,  H04L61/103 ,  H04L61/2015 ,  H04L61/6022

Abstract: An address resolution method, comprising obtaining an Internet Protocol (IP) address for a destination network node, computing a Media Access Control (MAC) address for the destination network node using a mapping function and the IP address for the destination network node, and sending data traffic using the MAC address computed for the destination network node.

Abstract translation: 一种地址解析方法，包括获取目的网络节点的因特网协议（IP）地址，使用映射功能和目的网络节点的IP地址计算目的地网络节点的媒体访问控制（MAC）地址，以及发送 使用为目的网络节点计算的MAC地址的数据流量。

公开(公告)号：US20160337314A1

公开(公告)日：2016-11-17

申请号：US14709180

申请日：2015-05-11

Applicant: Huawei Technologies Co., Ltd.

Inventor： Yinfeng Yu ,  Mehdi Arashmid Akhavain Mohammadi ,  Tao Wan ,  Guoli Yin ,  Xingjun Chu ,  Khaldoon Al Zoubi ,  Yapeng Wu

IPC: H04L29/06

CPC classification number: H04L63/083 ,  H04L41/28 ,  H04L43/50 ,  H04L63/0227 ,  H04L63/0236 ,  H04L63/029 ,  H04L63/08

Abstract: A method implemented by a network firewall, comprising obtaining a first authentication token for a network test, receiving a test request message for performing the network test on a network element (NE) connected to the network firewall, authenticating the test request message by determining whether the test request message includes a second authentication token that matches the first authentication token, and granting the network test on the NE when the second authentication token matches the first authentication token.

Abstract translation: 一种由网络防火墙实现的方法，包括获得用于网络测试的第一认证令牌，在连接到网络防火墙的网元（NE）上接收用于执行网络测试的测试请求消息，通过确定是否确定测试请求消息 测试请求消息包括与第一认证令牌匹配的第二认证令牌，并且当第二认证令牌与第一认证令牌匹配时，授予网络上的网络测试。

公开(公告)号：US20160255054A1

公开(公告)日：2016-09-01

申请号：US14633299

申请日：2015-02-27

Applicant: Huawei Technologies Co., Ltd.

Inventor： Tao Wan ,  Peter Ashwood-Smith ,  Wen Tong

IPC: H04L29/06 ,  H04L12/741 ,  H04L12/721

CPC classification number: H04L63/0428 ,  H04L45/566 ,  H04L45/74 ,  H04L63/0414 ,  H04L63/0471 ,  H04L63/164

Abstract: A packet obfuscation method comprising receiving a data packet having a routing header portion and a payload portion, performing a first obfuscation on the routing header portion to generate an obfuscated routing header portion, performing a second obfuscation on at least the payload portion to generate an obfuscated payload portion, and combining the obfuscated routing header portion and the obfuscated payload portion to form an obfuscated packet. A packet forwarding method comprising obfuscating routing information using a packet obfuscation function, generating a plurality of forwarding rule entries in accordance with the obfuscated routing information, transmitting the plurality of forwarding rule entries to at least one network node in a network, transmitting the packet obfuscation function to at least one network node in the network, and transmitting a de-obfuscation function to at least one network node in the network.

Abstract translation: 一种分组混淆方法，包括接收具有路由报头部分和有效载荷部分的数据分组，对所述路由报头部分执行第一模糊处理以产生模糊化的路由报头部分，在至少所述有效载荷部分上执行第二混淆以产生混淆的 并且将所述混淆的路由报头部分和所述混淆的有效载荷部分组合以形成混淆的分组。 一种分组转发方法，包括使用分组模糊功能来模糊路由信息，根据所述混淆的路由信息​​生成多个转发规则条目，将所述多个转发规则条目发送到网络中的至少一个网络节点，发送所述分组混淆 功能到网络中的至少一个网络节点，并且向网络中的至少一个网络节点发送去混淆功能。

公开(公告)号：US20160127250A1

公开(公告)日：2016-05-05

申请号：US14885362

申请日：2015-10-16

Applicant: Huawei Technologies Co., Ltd.

Inventor： William McCormick ,  Tao Wan ,  Yufei Wang

IPC: H04L12/875 ,  H04L12/841 ,  H04L12/26 ,  H04L12/707

CPC classification number: H04L47/283 ,  H04L41/5019 ,  H04L43/062 ,  H04L43/0852 ,  H04L45/02 ,  H04L45/121 ,  H04L45/24 ,  H04L47/56 ,  H04W56/00

Abstract: A data traffic scheduling method that includes selecting, using a network controller, plurality of flows that traverses a network node, generating an augmented graph based on a flow rate of the plurality of flows and link capacities of the network node, computing a flow schedule for the flow using the augmented graph to minimize delay or delay variance of the flows, and outputting the flow schedule. A data traffic scheduling method that includes obtaining, using a network controller, a network topology for a network, generating an augmented graph based on the network topology, converting the augmented graph to a mixed-integer linear program, scheduling a flow in the network using the mixed-integer linear program to minimize delay or delay variance of the flow, and outputting a flow schedule.

Abstract translation: 一种数据业务调度方法，包括：使用网络控制器选择穿过网络节点的多个流，基于所述多个流的流量和所述网络节点的链路容量来生成扩展图;计算用于 使用扩展图的流程来最小化流的延迟或延迟方差，并输出流程。 一种数据业务调度方法，包括：使用网络控制器获取网络的网络拓扑，基于所述网络拓扑生成扩展图，将所述扩展图转换为混合整数线性程序，使用 混合整数线性程序，以最小化流的延迟或延迟方差，并输出流程。

公开(公告)号：US20160127219A1

公开(公告)日：2016-05-05

申请号：US14533729

申请日：2014-11-05

Applicant: Huawei Technologies Co., Ltd.

Inventor： Mehdi Arashmid Akhavain Mohammadi ,  Peter Ashwood-Smith ,  Tao Wan

IPC: H04L12/751 ,  H04L12/741

CPC classification number: H04L45/02 ,  H04L41/22 ,  H04L45/74

Abstract: A method for operating a source node includes receiving a data path validation request command requesting validation of a path associated with a traffic flow identified in the data path validation request command, and determining a first hop sequence in accordance with the path being validated, wherein the first hop sequence is identical to a second hop sequence associated with a non-validation request packet associated with the path being validated. The method also includes generating, by the source node, a validation request packet in accordance with the data path validation request command, the validation request packet comprises route information associated with the first hop sequence, an alert flag set to a specified value, and a path validation header specifying processing performed by nodes receiving the validation request packet, and transmitting, by the source node, the validation request packet in accordance with the route information.

Abstract translation: 一种用于操作源节点的方法包括：接收请求验证与数据路径验证请求命令中标识的业务流相关联的路径的数据路径验证请求命令，以及根据正在验证的路径确定第一跳序列，其中， 第一跳序列与与正在验证的路径相关联的非验证请求分组相关联的第二跳序列相同。 该方法还包括根据数据路径验证请求命令由源节点生成验证请求分组，该验证请求分组包括与第一跳序列相关联的路由信息​​，设置为指定值的警报标志，以及 路径验证头指定由接收到验证请求分组的节点执行的处理，并且由源节点根据路由信息发送验证请求分组。

公开(公告)号：US10341188B2

公开(公告)日：2019-07-02

申请号：US14606329

申请日：2015-01-27

Applicant: Huawei Technologies Co., Ltd.

Inventor： Xingjun Chu ,  Guoli Yin ,  Yapeng Wu ,  Tao Wan ,  Peter Ashwood-Smith ,  Yinfeng Henry Yu ,  Khaldoon Al-Zoubi

IPC: G06F15/177 ,  G06F15/16 ,  H04L12/26 ,  H04L12/28 ,  H04L12/66 ,  H04L12/24

Abstract: A service description may be used in network virtualization in order to specify requirements of an application. In order to provide network virtualization for generic networking components, including legacy networking components, the service description is mapped to a logical network implementation and then subsequently mapped to a physical implementation.

公开(公告)号：US10356112B2

公开(公告)日：2019-07-16

申请号：US15066843

申请日：2016-03-10

Applicant: Huawei Technologies Co., Ltd

Inventor： Tao Wan

IPC: H04L29/06

Abstract: The present disclosure is drawn to systems, methods, and computer-readable media for mitigating cookie-injection and cookie-replaying attacks using a VPN client. The VPN client receives a session request regarding access to a private intranet. In response to the request, the VPN client retrieves cookie deleting criteria, and deletes all cookies which satisfy the cookie deleting criteria. Once all cookies satisfying the cookie deleting criteria are deleted, the VPN client proceeds with the session request.