-
11.发明申请公开(公告)号:US20080307110A1
公开(公告)日:2008-12-11
申请号:US11811381
申请日:2007-06-08
IPC分类号: G06F15/173
CPC分类号: H04L63/104 , H04L63/065
摘要: In a host within a group, a method for ensuring secure communications is provided. The method involves (a) determining if a group security policy is in place for secure communication between hosts within the group, (b) if the group security policy is in place, advertising routing information to another host within the group, and (c) if the group security policy is not in place, refraining from advertising routing information to the other host. Corresponding apparatus and computer program product embodiments are also provided.
摘要翻译: 在组内的主机中,提供用于确保安全通信的方法。 该方法涉及(a)确定群组内的主机之间是否有安全通信的群组安全策略,(b)如果群组安全策略到位,则将路由信息通告给该群组内的另一个主机,以及(c) 如果组安全策略不到位,则不向其他主机广告路由信息。 还提供了相应的装置和计算机程序产品实施例。
-
12.发明授权Interior gateway protocol summarization preserving internet protocol reachability information 有权内部网关协议汇总,保留互联网协议可达性信息公开(公告)号:US08238338B2
公开(公告)日:2012-08-07
申请号:US12111336
申请日:2008-04-29
摘要: In one example embodiment, a system and method is illustrated that includes receiving connectivity data for at least one network device, the connectivity data describing a connection to the at least one network device within an area. The system and method further includes processing the connectivity data to obtain a routing update for distribution to another network device outside the area. Additionally, the system and method includes a routing summary in the routing update, the routing summary including an address prefix. Further, the system and method includes reachability information in the routing update, the reachability information including an address for the at least one network device.
摘要翻译: 在一个示例实施例中,示出了包括为至少一个网络设备接收连接数据的系统和方法,所述连接性数据描述与区域内的至少一个网络设备的连接。 该系统和方法还包括处理连通性数据以获得路由更新以分发给该区域外的另一网络设备。 此外,系统和方法包括路由更新中的路由摘要,路由摘要包括地址前缀。 此外,系统和方法包括路由更新中的可达性信息,可达性信息包括用于至少一个网络设备的地址。
-
13.发明授权Method to scale hierarchical route reflectors using automated outbound route filtering-list mechanism 有权使用自动出站路由过滤列表机制来分级路由反射器的方法公开(公告)号:US07599313B2
公开(公告)日:2009-10-06
申请号:US11117223
申请日:2005-04-28
申请人: Keyur Patel , Ruchi Kapoor , James N. Guichard
发明人: Keyur Patel , Ruchi Kapoor , James N. Guichard
IPC分类号: H04L12/28
摘要: A method for scaling hierarchical route reflectors (RRs) using automated Outbound Route Filtering (ORF) is presented. A first route reflector identifies other route reflectors configured as Route reflector clients within a route reflector hierarchy. The first route reflector then builds a common set of route target filters received from the client route reflectors and sends the common set of route target filters to client route reflectors.
摘要翻译: 提出了一种使用自动出站路由过滤(ORF)来缩放分层路由反射器(RR)的方法。 第一个路由反射器标识在路由反射器层次结构中被配置为路由反射器客户端的其他路由反射器。 然后,第一个路由反射器构建从客户端路由反射器接收的一组通用路由目标过滤器,并将通用的路由目标过滤器集合发送到客户端路由反射器。
-
公开(公告)号:US07583593B2
公开(公告)日:2009-09-01
申请号:US11001149
申请日:2004-12-01
申请人: James N. Guichard , Jean-Philippe Vasseur , Thomas D. Nadeau , Clarence A. M. Filsfils , David D. Ward , Stefano Previdi
发明人: James N. Guichard , Jean-Philippe Vasseur , Thomas D. Nadeau , Clarence A. M. Filsfils , David D. Ward , Stefano Previdi
CPC分类号: H04L45/22 , H04L41/0677 , H04L43/50 , H04L45/02 , H04L45/28
摘要: A path verification protocol (PVP) which enumerates a series of messages sent to a set of nodes, or routers, along a suspected path identifies forwarding plane problems for effecting changes at the control plane level. The messages include a command requesting interrogation of a further remote node for obtaining information about the path between the node receiving the PVP message and the further remote node. The node receiving the PVP message replies with a command response indicative of the outcome of attempts to reach the further remote node. The series of messages collectively covers a set of important routing points along a path from the originator to the recipient. The aggregate command responses to the series of PVP messages is analyzed to identify not only whether the entire path is operational, but also the location and nature of the problem.
摘要翻译: 列出沿着可疑路径发送到一组节点或路由器的一系列消息的路径验证协议(PVP)识别用于在控制平面级别实现改变的转发平面问题。 消息包括请求询问另一个远程节点以获取关于接收PVP消息的节点与另外的远程节点之间的路径的信息的命令。 接收PVP消息的节点用指示响应到达远程节点的结果的命令响应来回复。 一系列消息共同地涵盖沿着始发者到接收者的路径的一组重要的路由点。 对一系列PVP消息的聚合命令响应进行分析,不仅可以识别整个路径是否可操作,还可以确定问题的位置和性质。
-
公开(公告)号:US20090185573A1
公开(公告)日:2009-07-23
申请号:US12415396
申请日:2009-03-31
申请人: James N. Guichard , Mohammed Sayeed , Bertrand Duvivier , Daniel Tappan , W. Scott Wainner , Earl Hardin Booth, III , Christopher Metz , W. Mark Townsley , Wojciech Dec
发明人: James N. Guichard , Mohammed Sayeed , Bertrand Duvivier , Daniel Tappan , W. Scott Wainner , Earl Hardin Booth, III , Christopher Metz , W. Mark Townsley , Wojciech Dec
IPC分类号: H04L12/56
CPC分类号: H04L12/4633
摘要: A method, apparatus and computer program product for routing data within a packet-switched network using a PW wherein the PW is terminated directly on the layer-3 routing device such that certain services and applications can be utilized is presented. The method, apparatus and computer program product receives an encapsulated layer-2 Protocol Data Unit (PDU) from a pseudowire emulating a service. The encapsulation is removed from the encapsulated layer-2 PDU and a layer-2 circuit associated with the pseudowire is terminated. The circuit is treated as an interface and the PDU is forwarded based on upper layer protocol information within the PDU.
摘要翻译: 一种用于使用PW在分组交换网络内路由数据的方法,装置和计算机程序产品,其中PW直接终止在第3层路由设备上,使得可以利用某些服务和应用。 方法,装置和计算机程序产品从模拟服务的伪线接收封装的第二层协议数据单元(PDU)。 从封装层2 PDU去除封装,并终止与伪线相关联的二层电路。 该电路被视为一个接口,并且基于PDU内的上层协议信息转发PDU。
-
公开(公告)号:US07724732B2
公开(公告)日:2010-05-25
申请号:US11072086
申请日:2005-03-04
IPC分类号: H04L12/56
CPC分类号: H04L63/0272 , H04L12/18 , H04L12/4641 , H04L63/0428
摘要: A method, apparatus and computer program product for providing secure multipoint Internet Protocol Virtual Private Networks (IPVPNs) is presented. A packet lookup is performed in order to determine a next hop. A VPN label is pushed on the packet, as is an IP tunnel header. Group encryption through the use of DGVPN is further utilized. In such a manner secure connectivity and network partitioning are provided in a single solution.
摘要翻译: 提出了一种用于提供安全多点互联网协议虚拟专用网(IPVPN)的方法,装置和计算机程序产品。 执行分组查找以确定下一跳。 VPN标签被推送到数据包,IP隧道头也是如此。 进一步利用通过使用DGVPN进行组加密。 以这种方式,在单一解决方案中提供了安全的连接和网络划分。
-
17.发明授权Methods and apparatus for providing multiple policies for a virtual private network 有权为虚拟专用网提供多种策略的方法和装置公开(公告)号:US07613826B2
公开(公告)日:2009-11-03
申请号:US11350991
申请日:2006-02-09
IPC分类号: G06F15/16
CPC分类号: H04L12/4641 , H04L45/00 , H04L45/42 , H04L45/586 , H04L47/10 , H04L47/125 , H04L47/20 , H04L63/0272
摘要: A system provides a request for a policy from a policy server, and receives the policy from the policy server. The policy indicates processing to be applied to a traffic partition passing through the device. The system configures the policy within a routing structure associated with the traffic partition for the policy in the device, and routes a stream of traffic for the routing structure in accordance with the policy for that routing structure.
摘要翻译: 系统从策略服务器提供对策略的请求,并从策略服务器接收策略。 该策略指示要应用于通过设备的流量分区的处理。 系统在与设备中策略的流量分配相关联的路由结构中配置策略,并根据路由结构的策略为路由结构路由流量流。
-
18.发明授权公开(公告)号:US07505402B2
公开(公告)日:2009-03-17
申请号:US11159719
申请日:2005-06-23
申请人: Clarence A. M. Filsfils , James N. Guichard , Robert Raszuk , Jean-Philippe Vasseur , Kris Michielsen , Peter De Vriendt
发明人: Clarence A. M. Filsfils , James N. Guichard , Robert Raszuk , Jean-Philippe Vasseur , Kris Michielsen , Peter De Vriendt
CPC分类号: H04L12/66 , H04L41/0668 , H04L45/02 , H04L45/023 , H04L45/04 , H04L45/22 , H04L45/24 , H04L45/28 , H04L45/36 , H04L45/58
摘要: A method, apparatus and computer program product for providing convergence for a dual-homed site in a network is presented. An occurrence of a failure between a first Provider Edge (PE) device and a first Customer Edge (CE) device in communication with a dual-homed site is detected. A determination is made whether an alternate route exists for the dual-homed site in a routing table associated with the first PE device. When an alternate route exists then a routing entry associated with the first CE device in a routing table of said first PE device is kept from being deleted for a predetermined amount of time, the routing table is modified to reference the alternate route, the routing entry is rewritten to perform a POP and lookup in a VRF table of the first PE device, and the routing entry is deleted after the predetermined amount of time has elapsed.
摘要翻译: 提出了一种用于为网络中的双归位点提供融合的方法,装置和计算机程序产品。 检测到与双归位置通信的第一提供商边缘(PE)设备和第一客户边缘(CE)设备之间的故障的发生。 确定在与第一PE设备相关联的路由表中是否存在用于双归属站点的备用路由。 当存在替代路由时,在所述第一PE设备的路由表中与第一CE设备相关联的路由条目不被删除预定的时间量,所述路由表被修改以引用所述替代路由,所述路由条目 被重写以在第一PE设备的VRF表中执行POP和查找,并且在经过预定时间量之后删除路由条目。
-
公开(公告)号:US07433320B2
公开(公告)日:2008-10-07
申请号:US11048077
申请日:2005-02-01
CPC分类号: H04L45/026 , H04L43/0811 , H04L45/26 , H04L45/28 , H04L63/0272
摘要: Customer edge (CE) to CE device verification checks initiate routes from available CEs as a set of path verification messages, destined for remote CE routes serving a remote VPN. An extended community attribute, included among the attributes of the path verification message, stores the identity of the originating CE router. The path verification message propagates across the network, and transports the identity of the originating CE router because the originator identity is not overwritten by successive routing. Upon receipt by the remote CE, the originator is determinable from the extended community attribute. A further reachability field is also included in the extended community attribute and indicates whether per CE or per prefix is appropriate for the particular route in question. In this manner, CE-CE connectivity checks identify CEs which are reachable from other CEs. Accordingly, such a mechanism allows for route reachability aggregation on a per-CE or per-prefix reachability basis.
摘要翻译: 客户端(CE)到CE设备验证检查从可用的CE启动路由作为一组路径验证消息,目的地是服务于远程VPN的远程CE路由。 包含在路径验证消息的属性之间的扩展团体属性存储始发CE路由器的身份。 路径验证消息通过网络传播,并传输始发CE路由器的身份,因为始发方身份不会被连续路由覆盖。 远程CE收到后,发起者可以从扩展团体属性中确定。 扩展社区属性中还包括另外的可访问性字段,并指示每个CE或每个前缀是否适合所讨论的特定路由。 以这种方式,CE-CE连接检查可以识别可从其他CE接入的CE。 因此,这种机制允许基于每个CE或每个前缀可达性的路由可达性聚合。
-
20.发明授权Methods and apparatus to configure network nodes supporting virtual connections 有权配置支持虚拟连接的网络节点的方法和设备公开(公告)号:US08792504B1
公开(公告)日:2014-07-29
申请号:US12966722
申请日:2010-12-13
CPC分类号: H04L63/0272 , H04L63/06 , H04L63/20
摘要: A computer system includes functionality enabling a provider edge router to determine whether network data such as VRF information is properly associated with a corresponding virtual private network. A first node through which the network data is transmitted generates a signature value uniquely associated with the virtual private network. The first node forwards the signature value along with the network data to a second node of the physical network. The second node, in turn, verifies that the network data (such as VRF information) is properly associated with the second node (and virtual network) based on its own generation of a signature value, which is compared with the signature value received from the first node.
摘要翻译: 计算机系统包括使提供商边缘路由器能够确定诸如VRF信息之类的网络数据是否与对应的虚拟专用网络正确关联的功能。 发送网络数据的第一个节点生成与虚拟专用网络唯一相关联的签名值。 第一节点将签名值与网络数据一起转发到物理网络的第二节点。 第二节点依次验证网络数据(例如VRF信息)是否与第二节点(和虚拟网络)正确地相关联,基于其自身生成的签名值,该特征值与从 第一个节点。
-
-
-
-
-
-
-
-
-
搜索结果
29 条记录 (耗时 0.016 秒)
