公开(公告)号：US07546371B1

公开(公告)日：2009-06-09

申请号：US11621368

申请日：2007-01-09

Applicant: Yonghui Cheng ,  Yi Sun

Inventor： Yonghui Cheng ,  Yi Sun

IPC: G06F15/16 ,  G06F12/00

CPC classification number: H04L63/145 ,  H04L47/193 ,  H04L47/2416 ,  H04L47/50 ,  H04L47/52 ,  H04L49/9047 ,  H04L67/325

Abstract: A network device is described in which a dedicated resource scheduler monitors memory consumption to provide for improved processing of communication sessions. The scheduler maintains a dependency list of communication sessions, and reserves memory for communication sessions as requests for memory are received. The amount of memory reserved is determined based on the amount of memory currently reserved for the communication sessions in the dependency list. The network device may control ongoing communication sessions by way of window manipulation. Communication sessions are processed in a first mode when available memory has not reached a predetermined amount, while communication sessions are processed in a second mode when available memory reaches a predetermined amount.

Abstract translation: 描述了一种网络设备，其中专用资源调度器监视存储器消耗以提供通信会话的改进处理。 调度器维护通信会话的依赖列表，并且在接收到对存储器的请求时，为通信会话保留存储器。 基于当前为依赖关系列表中的通信会话保留的存储器量来确定存储器量。 网络设备可以通过窗口操纵来控制正在进行的通信会话。 当可用存储器尚未达到预定量时，以第一模式处理通信会话，而当可用存储器达到预定量时，在第二模式中处理通信会话。

公开(公告)号：US20100278181A1

公开(公告)日：2010-11-04

申请号：US12834726

申请日：2010-07-12

Applicant: Changming LIU ,  Choung-Yaw Shieh ,  Yonghui Cheng

Inventor： Changming LIU ,  Choung-Yaw Shieh ,  Yonghui Cheng

IPC: H04L12/56

CPC classification number: H04L45/00 ,  H04L12/4633 ,  H04L29/06 ,  H04L63/0272 ,  H04L63/20

Abstract: A system establishes a virtual private network (VPN) tunnel to a destination and determines a next hop for the VPN tunnel. The system inserts the next hop, and an address associated with the destination, into an entry of a first table. The system inserts the next hop, and a tunnel identifier corresponding to the established VPN tunnel, into an entry of a second table. The system associates one or more security parameters, used to encrypt traffic sent via the VPN tunnel, with the tunnel identifier.

Abstract translation: 系统建立到目的地的虚拟专用网（VPN）隧道，并确定VPN隧道的下一跳。 系统将下一跳和与目的地相关联的地址插入到第一个表的条目中。 系统将下一跳和对应于已建立的VPN隧道的隧道标识符插入第二个表的条目。 该系统将用于加密经由VPN隧道发送的流量的一个或多个安全参数与隧道标识符相关联。

公开(公告)号：US07779461B1

公开(公告)日：2010-08-17

申请号：US10988835

申请日：2004-11-16

Applicant: Changming Liu ,  Choung-Yaw Shieh ,  Yonghui Cheng

Inventor： Changming Liu ,  Choung-Yaw Shieh ,  Yonghui Cheng

IPC: G06F9/00 ,  G06F15/16 ,  G06F17/00

CPC classification number: H04L45/00 ,  H04L12/4633 ,  H04L29/06 ,  H04L63/0272 ,  H04L63/20

Abstract: A system establishes a virtual private network (VPN) tunnel to a destination and determines a next hop for the VPN tunnel. The system inserts the next hop, and an address associated with the destination, into an entry of a first table. The system inserts the next hop, and a tunnel identifier corresponding to the established VPN tunnel, into an entry of a second table. The system associates one or more security parameters, used to encrypt traffic sent via the VPN tunnel, with the tunnel identifier.

Abstract translation: 系统建立到目的地的虚拟专用网（VPN）隧道，并确定VPN隧道的下一跳。 系统将下一跳和与目的地相关联的地址插入到第一个表的条目中。 系统将下一跳和对应于已建立的VPN隧道的隧道标识符插入第二个表的条目。 该系统将用于加密经由VPN隧道发送的流量的一个或多个安全参数与隧道标识符相关联。

公开(公告)号：US08873556B1

公开(公告)日：2014-10-28

申请号：US12344067

申请日：2008-12-24

Applicant: Nir Zuk ,  Yonghui Cheng ,  Wilson Xu ,  Monty S. Gill

Inventor： Nir Zuk ,  Yonghui Cheng ,  Wilson Xu ,  Monty S. Gill

IPC: H04L12/28 ,  H04J3/24

CPC classification number: H04L45/306 ,  H04L45/38 ,  H04L45/74

Abstract: Methods, systems, and apparatus, including computer program products, featuring receiving at a network device a plurality of packets associated with a flow, one or more of the plurality of packets having associated header data and content. Based on the content of one or more first packets in the plurality of packets, the network device identifies an application associated with the flow, where none of the first packets is addressed to the network device. For one or more second packets associated with the flow, the network device determines a forwarding destination for the second packets based on the application associated with the flow and forwards the packet according to the determined forwarding destination.

Abstract translation: 方法，系统和装置，包括计算机程序产品，其特征在于，在网络设备处接收与流相关联的多个分组，所述多个分组中的一个或多个具有相关联的报头数据和内容。 基于多个分组中的一个或多个第一分组的内容，网络设备识别与流相关联的应用，其中没有第一分组被寻址到网络设备。 对于与流相关联的一个或多个第二分组，网络设备基于与流相关联的应用来确定第二分组的转发目的地，并根据确定的转发目的地转发分组。

公开(公告)号：US20090320122A1

公开(公告)日：2009-12-24

申请号：US12550806

申请日：2009-08-31

Applicant: Yonghui Cheng ,  Choung-Yaw Shieh

Inventor： Yonghui Cheng ,  Choung-Yaw Shieh

IPC: G06F21/20 ,  G06F15/16

CPC classification number: H04L69/40 ,  H04L63/0272

Abstract: A network device implements congestion management of sessions of a network protocol. In one implementation, an incoming request component receives session requests for a negotiation session between the network device and a second network device. A capacity pool stores a value relating to capacity of the network device to continue to efficiently process the session requests. New sessions are initiated when the value stored in the capacity pool is less than an estimate of the capacity of the network device at which the network device maximizes processor usage while minimizing session timeouts.

Abstract translation: 网络设备实现网络协议会话的拥塞管理。 在一个实现中，传入请求组件接收在网络设备和第二网络设备之间的协商会话的会话请求。 容量池存储与网络设备的容量相关的值，以继续有效地处理会话请求。 当存储在容量池中的值小于网络设备在网络设备最大化处理器使用量并最小化会话超时的容量的估计时，将启动新会话。

公开(公告)号：US07555772B2

公开(公告)日：2009-06-30

申请号：US10765676

申请日：2004-01-26

Applicant: Jesse Shu ,  Yonghui Cheng

Inventor： Jesse Shu ,  Yonghui Cheng

IPC: H04L9/00

CPC classification number: H04L63/0236 ,  H04W12/02 ,  H04W12/12 ,  H04W76/30

Abstract: Methods of screening incoming packets are provided. A first firewall detects a tunnel formation. A second firewall maintains a list of open firewall sessions. Each tunnel has one or more associated firewall sessions. The first firewall detects variable situations, such as when the tunnel is torn down, and notifies the second firewall so that, for example, the second firewall can act to clear an associated firewall session from the firewall session list. Incoming packets that are associated with firewall sessions that have been cleared from the firewall session list may not be passed through the second firewall.

Abstract translation: 提供筛选进入包的方法。 第一个防火墙检测隧道形成。 第二个防火墙维护一个打开的防火墙会话列表。 每个隧道都有一个或多个关联的防火墙会话。 第一个防火墙检测可变情况，例如隧道拆除时，通知第二个防火墙，以便例如第二个防火墙可以从防火墙会话列表中清除相关的防火墙会话。 与从防火墙会话列表中清除的防火墙会话关联的传入数据包可能不会通过第二个防火墙传递。

公开(公告)号：US20050165928A1

公开(公告)日：2005-07-28

申请号：US10765676

申请日：2004-01-26

Applicant: Jesse Shu ,  Yonghui Cheng

Inventor： Jesse Shu ,  Yonghui Cheng

IPC: H04L12/56 ,  H04L29/06 ,  G06F15/173

CPC classification number: H04L63/0236 ,  H04W12/02 ,  H04W12/12 ,  H04W76/30

Abstract: Methods of screening incoming packets are provided. A first firewall detects a tunnel formation. A second firewall maintains a list of open firewall sessions. Each tunnel has one or more associated firewall sessions. The first firewall detects variable situations, such as when the tunnel is torn down, and notifies the second firewall so that, for example, the second firewall can act to clear an associated firewall session from the firewall session list. Incoming packets that are associated with firewall sessions that have been cleared from the firewall session list may not be passed through the second firewall.

Abstract translation: 提供筛选进入包的方法。 第一个防火墙检测隧道形成。 第二个防火墙维护一个打开的防火墙会话列表。 每个隧道都有一个或多个关联的防火墙会话。 第一个防火墙检测可变情况，例如隧道拆除时，通知第二个防火墙，以便例如第二个防火墙可以从防火墙会话列表中清除相关的防火墙会话。 与从防火墙会话列表中清除的防火墙会话关联的传入数据包可能不会通过第二个防火墙传递。