公开(公告)号：US09106618B2

公开(公告)日：2015-08-11

申请号：US13748244

申请日：2013-01-23

申请人： Carl Rajsic ,  Hansen Chan

发明人： Carl Rajsic ,  Hansen Chan

IPC分类号： H04L29/06

CPC分类号： H04L63/0428 ,  H04L63/166

摘要： A method for providing control plane encryption in layer 3 networks is disclosed. The method for providing control plane encryption in layer 3 networks includes for a network having a subset of network elements forming a secured domain; the steps of at a network element which is in the secured domain, encrypting all unencrypted Layer 3 packets as they egress an encryption enable egress interface; unencrypting all encrypted Layer 3 packets as they egress an egress interface is not enabled for encryption; and leaving encrypted all encrypted Layer 3 packets as they egress an encryption enable egress interface. A system and machine readable storage media are also disclosed.

摘要翻译： 公开了一种在3层网络中提供控制平面加密的方法。 在第3层网络中提供控制平面加密的方法包括：具有构成安全域的网络元素子集的网络; 在安全域中的网元处的步骤，在加密使能出口接口出口时对所有未加密的第3层报文进行加密; 加密所有加密的第3层数据包，因为它们离开出口接口未启用加密; 并保留所有加密的第3层数据包，因为它们出口加密使能出口接口。 还公开了一种系统和机器可读存储介质。

公开(公告)号：US08730814B2

公开(公告)日：2014-05-20

申请号：US11137147

申请日：2005-05-25

申请人： Peter Roberts ,  Carl Rajsic

发明人： Peter Roberts ,  Carl Rajsic

IPC分类号： H04L12/26 ,  H04L12/70 ,  H04Q11/04

CPC分类号： H04L12/2602 ,  H04L41/0663 ,  H04L41/0803 ,  H04L43/00 ,  H04L43/0811 ,  H04L43/50 ,  H04L45/28 ,  H04L45/50 ,  H04L2012/5625 ,  H04Q11/0478 ,  H04W24/00 ,  H04W24/08

摘要： Communication network connection failure protection methods and systems are disclosed. Control information is communicated in a communication network, and causes network elements of the communication network to establish connection monitoring for respective segments of the network connection. Connection monitoring information which is communicated on the segments allows failures such as loss of continuity to be detected and reported. Responsive to an indication of a failure on a segment, the segment on which the failure occurred is identified, and the network connection can be rerouted around that segment.

摘要翻译： 公开了通信网络连接故障保护方法和系统。 在通信网络中传送控制信息，并使通信网络的网元对网络连接的各个段建立连接监视。 在段上通信的连接监视信息允许检测和报告诸如连续性损失的故障。 响应于段上发生故障的指示，识别发生故障的段，并且可以围绕该段重新路由网络连接。

公开(公告)号：US07701860B2

公开(公告)日：2010-04-20

申请号：US10369539

申请日：2003-02-21

申请人： Carl Rajsic

发明人： Carl Rajsic

IPC分类号： H04L12/26

CPC分类号： H04L43/50 ,  H04L41/06 ,  H04L41/0813 ,  H04L43/0811 ,  H04L45/04 ,  H04L45/22 ,  H04L2012/5628

摘要： A method and apparatus for establishing a test connection to verify the ability to automatically re-establish control plane connections, if necessary, in a PNNI network. Certain routing features such as restricted transit feature and policy based routing features or the current stat of the network itself can limit access to nodes and links between nodes. If these features are implemented in a network or the network state changes after a control plane connection has been established, then these changed conditions will not affect the current connection but may prevent the re-establishment of the connection if it is unintentionally dropped. According to the invention a test connection is periodically set-up through the network and if the test connection fails an alarm or other notice is given. This allows for preventative action to be taken in order to avoid disruption to the network.

摘要翻译： 一种用于建立测试连接以验证在必要时自动重新建立控制平面连接在PNNI网络中的能力的方法和装置。 某些路由功能（例如受限转接功能和基于策略的路由功能）或网络本身的当前状态可以限制对节点之间的节点和链路的访问。 如果这些功能在网络中实现，或者网络状态在建立控制平面连接后发生变化，则这些改变的条件将不会影响当前连接，但是如果无意中丢弃，可能会阻止重新建立连接。 根据本发明，通过网络周期性地建立测试连接，并且如果测试连接失败，则给出警报或其他通知。 这样可以采取预防措施，以避免中断网络。

公开(公告)号：US07590053B2

公开(公告)日：2009-09-15

申请号：US11156566

申请日：2005-06-21

申请人： Peter Roberts ,  Carl Rajsic

发明人： Peter Roberts ,  Carl Rajsic

IPC分类号： G06F11/00

CPC分类号： H04L12/5601 ,  H04L45/22 ,  H04L2012/5627

摘要： A system and method are provided for a multi-endpoint SPVC, the multi-endpoint SPVC providing redundancy. A primary SPVC is established through a first source node. An intermate communication channel (ICC) is established between the first source node and a second source node. If the primary SPVC fails, the second source node learns of this via the ICC and establishes an alternate SPVC. If the first source node fails, the second source node learns of this failure without having to be explicitly told. The second source node learns of the failure of the first source node when poll messages are no longer received over the ICC as indicated by expiry of a timer. In such an event, the second source node attempts to establish an alternate SPVC. Finite state machines are provided on each source node to monitor the status of each other. Command messages, in the form of Generic Application Transport information elements, are provided by which the finite state machines can communicate over the ICC.

摘要翻译： 为多端点SPVC提供了一种系统和方法，多端点SPVC提供冗余。 主SPVC通过第一个源节点建立。 在第一源节点和第二源节点之间建立一个中间通信信道（ICC）。 如果主SPVC出现故障，则第二个源节点通过ICC获得此信息，并建立备用SPVC。 如果第一个源节点出现故障，则第二个源节点不需要明确告知这个故障。 当定时器的到期时间指示的ICC上不再接收到轮询消息时，第二个源节点学习第一个源节点的故障。 在这种情况下，第二个源节点尝试建立备用SPVC。 在每个源节点上提供有限状态机来监视彼此的状态。 提供通用应用传输信息元素形式的命令消息，有限状态机可以通过该消息通过ICC进行通信。

公开(公告)号：US20080002699A1

公开(公告)日：2008-01-03

申请号：US11477614

申请日：2006-06-30

申请人： Carl Rajsic

发明人： Carl Rajsic

IPC分类号： H04L12/56

CPC分类号： H04L12/5601 ,  H04L45/00 ,  H04L45/50 ,  H04L47/10

摘要： The invention enables an LSP or embedded LSPs to be mapped directly to an SPVC and carried over the ATM network. A unidirectional SPVC is established by associating it to a particular ingress LSP at the SPVC source endpoint on a multi-service switch, and to an egress LSP on the SPVC destination endpoint on another multi-service switch. The information necessary to establish the SPVC is appended in the SPVC setup message and includes LSP specific information such as the far end router ID and LSP label information, be it transport label or the full label stack. The information in the modified setup message is then used by the destination endpoint to find and connect the SPVC to the correct LSP. Incoming traffic from the LSP is switched to the SPVC at the source endpoint. The SPVC carries this traffic through the ATM network, and then the traffic is switched to the egress LSP when it emerges from the ATM network at the destination endpoint.

摘要翻译： 本发明使得LSP或嵌入式LSP直接映射到SPVC并通过ATM网络传输。 通过将多路服务交换机上的SPVC源端点处的特定入口LSP与另一多业务交换机上的SPVC目的端点上的出口LSP相关联来建立单向SPVC。 建立SPVC所需的信息被附加在SPVC建立消息中，并且包括诸如远端路由器ID和LSP标签信息的LSP特定信息，无论是传输标签还是全标签堆栈。 然后，修改的建立消息中的信息由目的端点用于查找并将SPVC连接到正确的LSP。 来自LSP的流量从源端切换到SPVC。 SPVC通过ATM网络传输流量，然后当目的端点的ATM网络出现流量时，流量切换到出口LSP。

公开(公告)号：US20070286201A1

公开(公告)日：2007-12-13

申请号：US11882771

申请日：2007-08-06

申请人： Walter Prager ,  David Ker ,  Carl Rajsic ,  Shawn McAllister

发明人： Walter Prager ,  David Ker ,  Carl Rajsic ,  Shawn McAllister

IPC分类号： H04L12/56

CPC分类号： H04L47/10 ,  H04L45/245 ,  H04L47/125 ,  H04L47/16 ,  H04L2012/562 ,  Y02D50/30

摘要： The invention provides a system and method of a selecting an egress connection from egress connections at a node for a call being established in a network along a path being associated with the node. Each connection has sufficient bandwidth to carry the call and terminates at a same destination point in said path. The system and method comprise utilizing at least a bandwidth load balance value for each connection in a set of the connections to select the egress connection from the set. An administrative factor score may be used to further define members of the set.

公开(公告)号：US20110222546A1

公开(公告)日：2011-09-15

申请号：US13114682

申请日：2011-05-24

申请人： Carl Rajsic

发明人： Carl Rajsic

IPC分类号： H04L12/56

CPC分类号： H04L63/0428 ,  H04L12/5601 ,  H04L45/10 ,  H04L63/20 ,  H04L69/325 ,  H04L2012/5652 ,  H04L2012/5667 ,  H04L2012/5687

摘要： A system and method are provided for securely establishing Layer-3 SVCs or SPVCs across an ATM network. An originating multiservice switch that generates the connection setup message for the Layer-3 connection includes security information within the setup message, such as a Closed User Group Interlock Code. When the destination multiservice switch receives the setup message, it extracts the embedded security information and compares it with stored security information corresponding to the connection. The correspondence may be determined from the destination user. If the embedded security information matches the stored security information, the destination multiservice switch allows the connection to be established.

摘要翻译： 提供了一种用于在ATM网络上安全建立第3层SVC或SPVC的系统和方法。 生成第3层连接的连接建立消息的始发多业务交换机包括建立消息内的安全信息，诸如闭合用户组互锁码。 当目的地多业务交换机接收建立消息时，提取嵌入的安全信息，并将其与存储的与该连接相对应的安全信息进行比较。 可以从目的地用户确定通信。 如果嵌入式安全信息与存储的安全信息相匹配，则目标多业务交换机允许建立连接。

公开(公告)号：US07872966B2

公开(公告)日：2011-01-18

申请号：US10699786

申请日：2003-11-04

申请人： Michael Ellsworth Weedmark ,  Carl Rajsic

发明人： Michael Ellsworth Weedmark ,  Carl Rajsic

IPC分类号： H04J1/16

CPC分类号： H04L45/22 ,  H04L43/0811 ,  H04L45/00 ,  H04L45/10 ,  H04L45/28

摘要： A method and apparatus are provided for protecting a connection during implementation of an Active Connection Modify request. Before initiating the ACM request, an alternate connection between the source node and the destination node of the connection are established using Domain-Based Rerouting. The alternate connection may be established in conformance either with the traffic parameters of the existing connection or with the new traffic parameters specified in the ACM request. If the connection along the original connection is to be torn as a result of lost ACM signaling messages, the connection is first switched to the alternate connection in a hitless manner. If the alternate connection is established in conformance with the new traffic parameters, and the ACM request can not be implemented along the original connection, due for example to resource shortage along the original connection, then the connection is switched to the alternate connection in a hitless manner. In this way, connections are protected in the event of lost ACM messages resulting from signal congestion, and the ACM may be implemented even in the event of resource shortage along the original connection.

摘要翻译： 提供了一种用于在实现活动连接修改请求期间保护连接的方法和装置。 在启动ACM请求之前，使用基于域的重新路由建立连接的源节点和目标节点之间的备用连接。 备用连接可以与现有连接的流量参数或ACM请求中指定的新流量参数一致地建立。 如果原始连接的连接由于ACM信令消息丢失而被破坏，则连接首先以无中断的方式切换到备用连接。 如果根据新的流量参数建立替代连接，并且ACM请求不能沿着原始连接实现，例如由于原始连接的资源短缺，则连接被切换到无连接的备用连接 方式。 以这种方式，在由信号拥塞引起的ACM消息丢失的情况下，连接被保护，并且即使在沿着原始连接的资源短缺的情况下也可以实现ACM。

公开(公告)号：US07822036B2

公开(公告)日：2010-10-26

申请号：US11727515

申请日：2007-03-27

申请人： Carl Rajsic ,  Dale Kevin Burnett

发明人： Carl Rajsic ,  Dale Kevin Burnett

IPC分类号： H04L12/28

CPC分类号： H04L45/00 ,  H04L12/5601 ,  H04L45/10 ,  H04L45/308 ,  H04L2012/5621 ,  H04L2012/5632

摘要： A method for policy-based routing of calls between nodes in a network, comprising: entering policy constraint indices for selected addresses in respective entries of an address translation table, the address translation table for accessing by a first node of the network to selectively translate attributes of calls based on respective addresses prior to transmission over the network to a second node, the policy constraint indices pointing to respective policy constraints for routing calls between the first and second nodes; receiving a call at the first node, the call including an address; accessing the address translation table using the address to determine whether the call requires assignment of a policy constraint by presence of an entry for the address in the address translation table and by presence of a policy constraint index in the entry; and, if the call requires assignment of a policy constraint, identifying a policy constraint with the policy constraint index, assigning the policy constraint to the call, and routing the call between the first and second nodes in accordance with the policy constraint.

摘要翻译： 一种用于在网络中的节点之间进行基于策略的呼叫路由的方法，包括：输入地址转换表的相应条目中的所选地址的策略约束索引，所述地址转换表用于由所述网络的第一节点访问以选择性地转换属性 在通过网络传输到第二节点之前基于相应地址的呼叫，所述策略约束索引指向用于在第一和第二节点之间路由呼叫的相应策略约束; 在第一节点接收呼叫，呼叫包括地址; 使用地址访问地址转换表，以确定呼叫是否需要通过存在地址转换表中的地址的条目以及条目中存在策略约束索引来分配策略约束; 并且如果呼叫需要分配策略约束，则使用策略约束索引识别策略约束，将策略约束分配给该呼叫，以及根据策略约束在第一和第二节点之间路由该呼叫。

公开(公告)号：US07733860B2

公开(公告)日：2010-06-08

申请号：US10286491

申请日：2002-11-01

申请人： John Coffell ,  Shawn McAllister ,  Carl Rajsic

发明人： John Coffell ,  Shawn McAllister ,  Carl Rajsic

IPC分类号： H04L12/28

CPC分类号： H04L61/1541 ,  H04L29/12113 ,  H04L41/12 ,  H04L45/04 ,  H04L45/22 ,  H04L45/24

摘要： The present invention provides a method for permitting fully detailed advertising of reachability information for some addresses in a network while efficiently summarizing reachability information for other addresses. At least one embodiment is implemented as part of a process used by logical nodes for advertising reachability information for members of a group of nodes represented by the logical node. At least one embodiment provides an “exception” instruction that allows detailed reachable address information to be advertised for an address that would otherwise be included in summary address information. At least one embodiment allows detailed reachability information to be advertised for the particular address while still allowing summarization of reachable address information for addresses sharing a common prefix with the “exception” address. At least one embodiment thereby allows detailed information to be advertised where needed while allowing summary address information to be advertised where such detailed information is not needed.

摘要翻译： 本发明提供一种用于允许对网络中的一些地址的可达性信息进行全面详细广告的方法，同时有效地总结其他地址的可达性信息。 至少一个实施例被实现为由逻辑节点用于为由逻辑节点表示的一组节点的成员广告可达性信息的过程的一部分。 至少一个实施例提供了一个“异常”指令，其允许为将被包括在汇总地址信息中的地址通告详细的可达地址信息。 至少一个实施例允许为特定地址通告详细的可达性信息，同时仍允许对与“异常”地址共享公共前缀的地址的可达地址信息进行汇总。 因此，至少一个实施例允许在需要时公布详细信息，同时允许在不需要这样的详细信息的情况下通告摘要地址信息。