-
1.发明授权Solution for handling URL-substitution for data access in a private network architecture 有权用于处理专用网络架构中数据访问的URL替换的解决方案公开(公告)号:US08078739B1
公开(公告)日:2011-12-13
申请号:US10750513
申请日:2003-12-29
IPC分类号: G06F15/16
CPC分类号: H04L63/0209 , H04L63/10
摘要: Disclosed are methods and apparatus for handling requests for data from a private network. In general terms, a client who wishes access to secure data, such as a secure web page, from a private network establishes a secure connection with a secure server, such as a secure socket layer (SSL) server, of the private network. The secure server then downloads a software program for handling data requests (made by the client for data located within the private network) to the client. This software program is downloaded automatically by the secure server to the client when the client initiates a secure connection with such secure server. The downloaded software program is generally configured to modify data requests (e.g., by performing a URL substitution) sent from the client to an internal server of the private network such that the data requests are redirected to the secure server. The secure server then processes the data request (e.g., by retrieving the data from the appropriate internal server).
摘要翻译: 公开了用于处理来自专用网络的数据请求的方法和装置。 一般来说,希望从专用网络访问安全数据(例如安全网页)的客户端建立与专用网络的安全服务器(例如安全套接字层(SSL))服务器的安全连接。 然后,安全服务器下载用于处理对客户端的数据请求(由客户端针对专用网络内的数据进行)的软件程序。 当客户端启动与这种安全服务器的安全连接时,该软件程序由安全服务器自动下载到客户端。 下载的软件程序通常被配置为修改从客户端发送到私有网络的内部服务器的数据请求(例如,通过执行URL替换),使得数据请求被重定向到安全服务器。 然后,安全服务器处理数据请求(例如,通过从适当的内部服务器检索数据)。
-
2.发明授权Method and apparatus for handling embedded addresses in data sent through multiple network address translation (NAT) devices 有权用于处理通过多个网络地址转换(NAT)设备发送的数据中的嵌入式地址的方法和装置公开(公告)号:US07957382B1
公开(公告)日:2011-06-07
申请号:US11549341
申请日:2006-10-13
IPC分类号: H04L12/28
CPC分类号: H04L29/1233 , H04L61/25
摘要: Disclosed are methods and apparatus for handling data containing embedded addresses. In general terms, prior to transmission of data having an embedded address or port, an initiating host sends a NAT Probe to an end-host with which the initiating host wishes to communicate. The NAT Probe includes the embedded address or port and a type indicating that translation of the address and/or port is requested if needed. As the NAT Probe traverses through one or more NAT devices as it is transmitted to the end-host, each NAT device is enabled to recognize the NAT Probe type and translate the embedded address and/or port, depending upon the individual NAT device's configuration. When the NAT Probe reaches the final hop NAT device or end-host, a NAT Probe Reply is sent back to the initiating host. The NAT Probe Reply contains a translated embedded address and/or port which is compatible with the end-host's network. The NAT Probe Reply also contains a type which differs from the type of the NAT Probe. As the NAT Probe Reply traverses back through the same NAT devices, the NAT device recognize the type of the NAT Probe Reply and do not translate the embedded address and/or port.
摘要翻译: 公开了用于处理包含嵌入地址的数据的方法和装置。 一般来说,在传输具有嵌入式地址或端口的数据之前,发起主机向发起主机希望通信的终端主机发送NAT探测器。 NAT探测器包括嵌入式地址或端口以及指示如果需要,请求转换地址和/或端口的类型。 由于NAT探测器通过一个或多个NAT设备传输到终端主机时,每个NAT设备都可以识别NAT探测器类型,并根据各个NAT设备的配置转换嵌入式地址和/或端口。 当NAT探测器到达最终跳转NAT设备或终端主机时,NAT探测回复将发送回发起主机。 NAT探测回复包含与终端主机网络兼容的已翻译的嵌入式地址和/或端口。 NAT探测应答还包含一种不同于NAT探测器类型的类型。 由于NAT探测回复通过相同的NAT设备,NAT设备识别NAT探测回复的类型,并且不转换嵌入式地址和/或端口。
-
3.发明授权Method and apparatus for handling embedded address in data sent through multiple network address translation (NAT) devices 有权用于处理通过多个网络地址转换(NAT)设备发送的数据中的嵌入地址的方法和装置公开(公告)号:US07139841B1
公开(公告)日:2006-11-21
申请号:US10202973
申请日:2002-07-24
CPC分类号: H04L29/1233 , H04L61/25
摘要: Disclosed are methods and apparatus for handling data containing embedded addresses. In general terms, prior to transmission of data having an embedded address or port, an initiating host sends a NAT Probe to an end-host with which the initiating host wishes to communicate. The NAT Probe includes the embedded address or port and a type indicating that translation of the address and/or port is requested if needed. As the NAT Probe traverses through one or more NAT devices as it is transmitted to the end-host, each NAT device is enabled to recognize the NAT Probe type and translate the embedded address and/or port, depending upon the individual NAT device's configuration. When the NAT Probe reaches the final hop NAT device or end-host, a NAT Probe Reply is sent back to the initiating host. The NAT Probe Reply contains a translated embedded address and/or port which is compatible with the end-host's network. The NAT Probe Reply also contains a type which differs from the type of the NAT Probe. As the NAT Probe Reply traverses back through the same NAT devices, the NAT device recognize the type of the NAT Probe Reply and do not translate the embedded address and/or port. The initiating host may then use the translated embedded address and/or port for subsequent communication with the end-host. That is, the initiating host sends data having the translated embedded address and/or port to the end-host. Since the translated address and/port is compatible with the end-host's network, the NAT devices through which the data passes do not have to inspect the payload of the data to handle or translate the embedded address and/or port.
摘要翻译: 公开了用于处理包含嵌入地址的数据的方法和装置。 一般来说,在传输具有嵌入式地址或端口的数据之前,发起主机向发起主机希望通信的终端主机发送NAT探测器。 NAT探测器包括嵌入式地址或端口以及指示如果需要,请求转换地址和/或端口的类型。 由于NAT探测器通过一个或多个NAT设备传输到终端主机时,每个NAT设备都可以识别NAT探测器类型,并根据各个NAT设备的配置转换嵌入式地址和/或端口。 当NAT探测器到达最终跳转NAT设备或终端主机时,NAT探测回复将发送回发起主机。 NAT探测回复包含与终端主机网络兼容的已翻译的嵌入式地址和/或端口。 NAT探测应答还包含一种不同于NAT探测器类型的类型。 由于NAT探测回复通过相同的NAT设备,NAT设备识别NAT探测回复的类型,并且不转换嵌入式地址和/或端口。 然后,发起主机可以使用翻译的嵌入式地址和/或端口用于与终端主机的后续通信。 也就是说,发起主机将具有翻译的嵌入式地址和/或端口的数据发送到终端主机。 由于翻译的地址和/端口与终端主机的网络兼容,数据通过的NAT设备不必检查数据的有效负载来处理或翻译嵌入式地址和/或端口。
-
4.发明授权公开(公告)号:US07653745B1
公开(公告)日:2010-01-26
申请号:US10455640
申请日:2003-06-04
申请人: Kaushik P. Biswas , Siva S. Jayasenan , Michael J. Sullenberger , Mark A. Denny , Senthil Sivakumar , Suresh Satapati
发明人: Kaushik P. Biswas , Siva S. Jayasenan , Michael J. Sullenberger , Mark A. Denny , Senthil Sivakumar , Suresh Satapati
CPC分类号: H04L45/04 , H04L29/12283 , H04L29/12386 , H04L61/2015 , H04L61/2061 , H04L61/2521
摘要: Methods and apparatuses for distributing network address translation. By having a gateway inform inside devices of global addresses, the gateway can avoid performing many functions of a traditional NAT box. Specifically, an inside device is informed of a global address shared by all devices on the inside device's network segment. Each device on that segment would be assigned a range of ports to distinguish messages from separate devices that use the same global address.
摘要翻译: 分配网络地址转换的方法和装置。 通过在全球地址的设备内部通知网关,网关可以避免执行传统NAT框的许多功能。 具体地说,向内部装置通知内部设备网络上所有设备共享的全局地址。 该分段上的每个设备将被分配一系列端口,以区分消息与使用相同全局地址的单独设备。
-
5.发明授权公开(公告)号:US07624195B1
公开(公告)日:2009-11-24
申请号:US10434581
申请日:2003-05-08
申请人: Kaushik P. Biswas , Siva S. Jayasenan , Michael J. Sullenberger , Mark A. Denny , Senthil Sivakumar , Suresh Satapati
发明人: Kaushik P. Biswas , Siva S. Jayasenan , Michael J. Sullenberger , Mark A. Denny , Senthil Sivakumar , Suresh Satapati
CPC分类号: H04L45/04 , H04L29/12283 , H04L29/12386 , H04L61/2015 , H04L61/2061 , H04L61/2521
摘要: Methods and apparatuses for distributing network address translation. By having a gateway inform inside devices of global addresses, the gateway can avoid performing many functions of a traditional NAT box. Specifically, an inside device is informed of a global address shared by all devices on the inside device's network segment. Each device on that segment would be assigned a range of ports to distinguish messages from separate devices that use the same global address.
摘要翻译: 分配网络地址转换的方法和装置。 通过在全球地址的设备内部通知网关,网关可以避免执行传统NAT框的许多功能。 具体地说,向内部装置通知内部设备网络上所有设备共享的全局地址。 该分段上的每个设备将被分配一系列端口,以区分消息与使用相同全局地址的单独设备。
-
6.发明授权Preventing network denial of service attacks by early discard of out-of-order segments 有权通过早期丢弃无序段来防止网络拒绝服务攻击公开(公告)号:US08074275B2
公开(公告)日:2011-12-06
申请号:US11345999
申请日:2006-02-01
CPC分类号: H04L47/10 , H04L45/54 , H04L45/58 , H04L63/1458 , H04L69/16 , H04L69/163
摘要: A method of preventing network denial of service attacks by early discard of out-of-order segments comprises creating a reassembly queue for a connection between a first network node and a second network node, wherein the connection has been established based on a transport-layer network protocol, the reassembly queue having a size based on a buffer size of an input interface with which the connection is associated. As out-of-order data segments arrive on the connection, and before other processing of the segments, whether the reassembly queue is full is determined, and the out-of-order segments are discarded if the reassembly queue is full. The size of the reassembly queue is automatically changed in response to one or more changes in any of network conditions and device resources.
摘要翻译: 通过早期丢弃无序段来防止网络拒绝服务攻击的方法包括为第一网络节点和第二网络节点之间的连接创建重组队列,其中已经基于传输层建立了连接 网络协议,所述重组队列具有基于与所述连接相关联的输入接口的缓冲器大小的大小。 由于无序数据段到达连接,并且在段的其他处理之前,确定重新组装队列是否已满,并且如果重新组装队列已满,则会丢弃无序段。 响应于任何网络条件和设备资源中的一个或多个更改,自动更改重组队列的大小。
-
7.发明申请Preventing network denial of service attacks by early discard of out-of-order segments 有权通过早期丢弃无序段来防止网络拒绝服务攻击公开(公告)号:US20070180533A1
公开(公告)日:2007-08-02
申请号:US11345999
申请日:2006-02-01
IPC分类号: H04N7/16
CPC分类号: H04L47/10 , H04L45/54 , H04L45/58 , H04L63/1458 , H04L69/16 , H04L69/163
摘要: A method of preventing network denial of service attacks by early discard of out-of-order segments comprises creating a reassembly queue for a connection between a first network node and a second network node, wherein the connection has been established based on a transport-layer network protocol, the reassembly queue having a size based on a buffer size of an input interface with which the connection is associated. As out-of-order data segments arrive on the connection, and before other processing of the segments, whether the reassembly queue is full is determined, and the out-of-order segments are discarded if the reassembly queue is full. The size of the reassembly queue is automatically changed in response to one or more changes in any of network conditions and device resources.
摘要翻译: 通过早期丢弃无序段来防止网络拒绝服务攻击的方法包括为第一网络节点和第二网络节点之间的连接创建重组队列,其中已经基于传输层建立了连接 网络协议,所述重组队列具有基于与所述连接相关联的输入接口的缓冲器大小的大小。 由于无序数据段到达连接,并且在段的其他处理之前,确定重新组装队列是否已满,并且如果重新组装队列已满,则会丢弃无序段。 响应于任何网络条件和设备资源中的一个或多个更改,自动更改重组队列的大小。
-
公开(公告)号:US20110225285A1
公开(公告)日:2011-09-15
申请号:US12722596
申请日:2010-03-12
申请人: Alpesh Patel , Senthil Sivakumar
发明人: Alpesh Patel , Senthil Sivakumar
IPC分类号: G06F15/16
CPC分类号: G06F9/4856 , H04L67/148
摘要: Techniques are provided to facilitate faster live migration of a virtual server from one physical server to another physical server by pausing TO activity of the virtual server and slowing memory state changes for CPU-bound activity of the virtual server during the live migration.
摘要翻译: 提供了技术,以便通过暂停虚拟服务器的TO活动来减慢虚拟服务器从一个物理服务器到另一个物理服务器的实时迁移,并减缓实时迁移期间虚拟服务器的CPU限制活动的内存状态更改。
-
9.发明申请Method and apparatus for detecting and recovering from faults associated with transport protocol connections across network address translators 有权用于检测和恢复与网络地址转换器之间的传输协议连接有关的故障的方法和装置公开(公告)号:US20060215654A1
公开(公告)日:2006-09-28
申请号:US11089721
申请日:2005-03-25
IPC分类号: H04L12/56
CPC分类号: H04L29/12415 , H04L29/12509 , H04L29/12528 , H04L29/12537 , H04L29/12952 , H04L61/2532 , H04L61/2567 , H04L61/2575 , H04L61/2578 , H04L61/6077 , H04L69/14 , H04L69/40
摘要: Approaches to recover from faults associated with multi-homed clients having transport protocol connections that pass through network address translators are disclosed. In one approach, context information for a connection, between a first host and a second host, referencing one of several multi-homed network addresses of the first host, is automatically re-used when the second host switches to a different address of the first host, for example, when the first host becomes unavailable at the original address. Embodiments support seamless switchover of SCTP connections over NAT devices.
摘要翻译: 公开了从具有通过网络地址转换器的传输协议连接的多宿主客户相关故障中恢复的方法。 在一种方法中,当第二主机切换到第一主机和第二主机的不同地址时,引用第一主机的多个多归属网络地址之一的第一主机和第二主机之间的连接的上下文信息被自动重新使用 主机,例如,当第一台主机在原始地址不可用时。 实现支持通过NAT设备进行SCTP连接的无缝切换。
-
公开(公告)号:US08745204B2
公开(公告)日:2014-06-03
申请号:US12722596
申请日:2010-03-12
申请人: Alpesh Patel , Senthil Sivakumar
发明人: Alpesh Patel , Senthil Sivakumar
IPC分类号: G06F15/173
CPC分类号: G06F9/4856 , H04L67/148
摘要: Techniques are provided to facilitate faster live migration of a virtual server from one physical server to another physical server by pausing IO activity of the virtual server and slowing memory state changes for CPU-bound activity of the virtual server during the live migration.
摘要翻译: 提供了技术,通过暂停虚拟服务器的IO活动,减慢虚拟服务器在实时迁移期间CPU限制活动的内存状态更改,从而实现虚拟服务器从一个物理服务器到另一个物理服务器的实时迁移。
-
-
-
-
-
-
-
-
-
搜索结果
15 条记录 (耗时 0.018 秒)
