公开(公告)号：US08356087B1

公开(公告)日：2013-01-15

申请号：US12862412

申请日：2010-08-24

申请人： Kevin C. Miller ,  Aparna Nagargadde

发明人： Kevin C. Miller ,  Aparna Nagargadde

IPC分类号： G06F15/177 ,  G06F15/173

CPC分类号： H04L41/0803 ,  H04L12/4641 ,  H04L29/06612 ,  H04L63/0272

摘要： Disclosed are various embodiments for configuring virtual private networks (VPNs). A request is made, through a service call, for creation of a VPN through a client VPN gateway and a server VPN gateway. In response to the service call, a generic gateway configuration document is received. The generic gateway configuration document is applicable to the client VPN gateway. The generic gateway configuration document is translated to a device-specific gateway configuration document.

摘要翻译： 公开了用于配置虚拟专用网（VPN）的各种实施例。 通过服务呼叫，通过客户端VPN网关和服务器VPN网关创建VPN的请求。 响应于该服务呼叫，接收通用网关配置文档。 通用网关配置文档适用于客户端VPN网关。 通用网关配置文档被转换为特定于设备的网关配置文档。

公开(公告)号：US20120317610A1

公开(公告)日：2012-12-13

申请号：US13157199

申请日：2011-06-09

申请人： Vivek Kashyap

发明人： Vivek Kashyap

IPC分类号： G06F21/00 ,  G06F21/20

CPC分类号： H04L63/0263 ,  G06F21/604 ,  H04L12/4641 ,  H04L29/06578 ,  H04L29/06612 ,  H04L45/00

摘要： Systems and computer program products are provided for dynamically defining network access control rules. A placeholder for a parameter of an interface to an endpoint such as a data processing system or virtual machine may be provided in a network access control rule, instead of a static parameter. The parameter may be dynamically determined, by a firewall or a hypervisor for example, and the placeholder may be replaced with the dynamically determined parameter.

摘要翻译： 提供系统和计算机程序产品，用于动态定义网络访问控制规则。 可以在网络访问控制规则中提供用于诸如数据处理系统或虚拟机的端点的接口的参数的占位符，而不是静态参数。 该参数可以由防火墙或管理程序例如动态地确定，并且占位符可以被动态确定的参数替换。

公开(公告)号：US09853833B2

公开(公告)日：2017-12-26

申请号：US15156093

申请日：2016-05-16

申请人： Cisco Technology, Inc.

发明人： Patrice Brissette ,  Vibov Bhan ,  Ali Sajassi ,  Sami Boutros

IPC分类号： H04L12/46 ,  H04L12/715 ,  H04L12/721 ,  H04L12/66 ,  H04L12/833 ,  H04L12/931 ,  H04L12/723 ,  H04L29/06

CPC分类号： H04L12/4662 ,  H04L12/4641 ,  H04L12/4666 ,  H04L12/66 ,  H04L29/06068 ,  H04L29/06612 ,  H04L45/04 ,  H04L45/50 ,  H04L45/66 ,  H04L45/68 ,  H04L49/354 ,  H04L63/0272 ,  H04L69/08 ,  H04L69/26

摘要： In one embodiment, a plurality of virtual private local area network services (VPLSs) are operated among a plurality of packet switching devices, with the plurality of VPLSs including a first VPLS and a different second VPLS. In response to a conversion declaration including a particular Service Instance VLAN ID (I-SID), the first VPLS corresponding to the particular I-SID is converted to a different type of virtual private network (VPN) service, while continuing to operate the different second VPLS which is not related to the particular I-SID. In one embodiment, the different type of VPN service is Provider Backbone Bridging Ethernet VPN (PBB-EVPN). In one embodiment, the conversion declaration is a Border Gateway Protocol (BGP) Network Layer Reachability Information (NLRI) of Route Type 3 Inclusive Multicast Ethernet Tag (IMET) route.

公开(公告)号：US20170331720A1

公开(公告)日：2017-11-16

申请号：US15156093

申请日：2016-05-16

申请人： Cisco Technology, Inc.

发明人： Patrice Brissette ,  Vibov Bhan ,  Ali Sajassi ,  Sami Boutros

IPC分类号： H04L12/715 ,  H04L12/721 ,  H04L12/66 ,  H04L12/833 ,  H04L12/46

CPC分类号： H04L12/4662 ,  H04L12/4641 ,  H04L12/4666 ,  H04L12/66 ,  H04L29/06068 ,  H04L29/06612 ,  H04L45/04 ,  H04L45/50 ,  H04L45/66 ,  H04L45/68 ,  H04L49/354 ,  H04L63/0272 ,  H04L69/08 ,  H04L69/26

摘要： In one embodiment, a plurality of virtual private local area network services (VPLSs) are operated among a plurality of packet switching devices, with the plurality of VPLSs including a first VPLS and a different second VPLS. In response to a conversion declaration including a particular Service Instance VLAN ID (I-SID), the first VPLS corresponding to the particular I-SID is converted to a different type of virtual private network (VPN) service, while continuing to operate the different second VPLS which is not related to the particular I-SID. In one embodiment, the different type of VPN service is Provider Backbone Bridging Ethernet VPN (PBB-EVPN). In one embodiment, the conversion declaration is a Border Gateway Protocol (BGP) Network Layer Reachability Information (NLRI) of Route Type 3 Inclusive Multicast Ethernet Tag (IMET) route.

公开(公告)号：US08908545B1

公开(公告)日：2014-12-09

申请号：US12832880

申请日：2010-07-08

申请人： Jonathan Chen ,  Saxon Amdahl ,  Andrey Shigapov

发明人： Jonathan Chen ,  Saxon Amdahl ,  Andrey Shigapov

IPC分类号： H04L12/26 ,  H04L29/06 ,  H04L12/46

CPC分类号： H04L12/4633 ,  H04L29/06551 ,  H04L29/06612 ,  H04L63/0272 ,  H04L63/0281 ,  H04L63/029

摘要： A system and method for improving TCP performance in a L2 tunneling environment by snooping TCP/IP packets from the tunnel interface, terminating TCP locally and proxying TCP data in separate TCP connections. In particular, the system and method detects an encapsulated outgoing packet utilizing a Layer 2 tunneling protocol, processes a Point to Point Protocol layer in the outgoing packet to establishing Layer 2 tunneling protocol for a connection. The system and method also removes the Point to Point Protocol layer from the outgoing packet and inspects the outgoing packet for TCP information in the packet. The system and method forwards the outgoing packet to a locally driven application protocol path if TCP information is present, wherein the outgoing packet is encapsulated in association with the application protocol path.

摘要翻译： 一种用于通过侦听来自隧道接口的TCP / IP数据包来改善L2隧道环境中的TCP性能的系统和方法，本地终止TCP并且在单独的TCP连接中代理TCP数据。 具体来说，系统和方法利用二层隧道协议检测封装的出局封包，处理出接口数据包中的点对点协议层，为连接建立第二层隧道协议。 该系统和方法还从出局分组中去除点对点协议层，并检查分组中的TCP信息的输出分组。 如果存在TCP信息，系统和方法将输出分组转发到本地驱动的应用协议路径，其中输出分组与应用协议路径相关联地被封装。

公开(公告)号：US20130179876A1

公开(公告)日：2013-07-11

申请号：US13679812

申请日：2012-11-16

申请人： Oracle International Corporation

发明人： Janga Aliminati

IPC分类号： G06F9/445

CPC分类号： H04L67/02 ,  G06F8/60 ,  G06F8/61 ,  H04L12/4641 ,  H04L29/06612 ,  H04L41/0886 ,  H04L41/0893 ,  H04L63/0209 ,  H04L63/0218 ,  H04L67/10 ,  H04L67/34

摘要： In accordance with an embodiment, one or more enterprise software application products, such as Fusion Applications, can be installed and/or configured according to an integration and deployment design/blueprint that is built or optimized for use within a multi-tiered enterprise deployment topology at an organization/customer's data center. Based on the organization/customer's site topology and needs/requirements, provisioning of the software applications can be optimized, and application life cycle operations performed. This enables each product component to be aware of the topology, which in turn provides customers with an “out-of-the-box” solution. The deployment topology can also be optimized for security, performance and simplicity.

摘要翻译： 根据实施例，可以根据构建或优化以在多层企业部署拓扑中使用的集成和部署设计/蓝图来安装和/或配置诸如Fusion应用的一个或多个企业软件应用产品 在组织/客户的数据中心。 根据组织/客户的站点拓扑和需求/要求，软件应用程序的配置可以进行优化，并执行应用程序生命周期操作。 这使得每个产品组件都能够了解拓扑结构，从而为客户提供“开箱即用”解决方案。 还可以针对安全性，性能和简单性优化部署拓扑。

公开(公告)号：US20110231840A1

公开(公告)日：2011-09-22

申请号：US12728115

申请日：2010-03-19

申请人： Lloyd Leon Burch ,  Prakash Umasankar Mukkara ,  Douglas Garry Earl

发明人： Lloyd Leon Burch ,  Prakash Umasankar Mukkara ,  Douglas Garry Earl

IPC分类号： G06F9/455 ,  G06F17/00 ,  H04L9/32

CPC分类号： H04L63/10 ,  G06F9/45533 ,  G06F9/45558 ,  G06F9/468 ,  G06F9/5077 ,  G06F21/53 ,  G06F2009/45587 ,  G06F2009/45595 ,  G06F2212/151 ,  H04L9/3247 ,  H04L29/06612 ,  H04L29/08468 ,  H04L29/08846 ,  H04L63/08 ,  H04L63/20

摘要： Techniques for sharing virtual machine (VM) resources are provided. A relative location for a resource within a VM is created; the relative location dynamically resolves to a particular physical location when a principal requests access to the resource at runtime. The principal is located outside an environment associated with the VM. Authentication and access restrictions are dynamically enforced against the requests made by the principal before a connection is permitted between the principal and the resource (the resource located within the environment of the VM).

摘要翻译： 提供了共享虚拟机（VM）资源的技术。 创建VM内资源的相对位置; 当主体在运行时请求访问资源时，相对位置会动态地解析为特定的物理位置。 主体位于与虚拟机相关的环境之外。 在主体和资源（位于VM环境中的资源）之间允许连接之前，认证和访问限制将针对主体发出的请求动态执行。

公开(公告)号：US20180062908A1

公开(公告)日：2018-03-01

申请号：US15689438

申请日：2017-08-29

申请人： ColorTokens, Inc.

发明人： Raghavendra Rachamadugu

IPC分类号： H04L29/06 ,  G06F9/48

CPC分类号： H04L29/06612 ,  G06F9/455 ,  G06F9/4856 ,  G06F2009/45595 ,  H04L63/0272 ,  H04L63/20

摘要： Systems, methods, and software described herein enhance connectivity between computing systems and containers. In one implementation, a method of allocating virtual network interfaces to containers on a host includes transferring, from the host, a request to at least one configuration resource to obtain an address configuration for one or more containers to be executed on the host. The method further provides for receiving an addressing configuration for the one or more containers to be executed on the host, and assigning a virtual network interface to each of the one or more containers based on the addressing configuration.

公开(公告)号：US09906578B2

公开(公告)日：2018-02-27

申请号：US13679812

申请日：2012-11-16

申请人： Oracle International Corporation

发明人： Janga Aliminati

IPC分类号： G06F9/445 ,  H04L29/08 ,  H04L29/06 ,  H04L12/46 ,  H04L12/24

CPC分类号： H04L67/02 ,  G06F8/60 ,  G06F8/61 ,  H04L12/4641 ,  H04L29/06612 ,  H04L41/0886 ,  H04L41/0893 ,  H04L63/0209 ,  H04L63/0218 ,  H04L67/10 ,  H04L67/34

摘要： In accordance with an embodiment, one or more enterprise software application products, such as Fusion Applications, can be installed and/or configured according to an integration and deployment design/blueprint that is built or optimized for use within a multi-tiered enterprise deployment topology at an organization/customer's data center. Based on the organization/customer's site topology and needs/requirements, provisioning of the software applications can be optimized, and application life cycle operations performed. This enables each product component to be aware of the topology, which in turn provides customers with an “out-of-the-box” solution. The deployment topology can also be optimized for security, performance and simplicity.

公开(公告)号：US20170195161A1

公开(公告)日：2017-07-06

申请号：US15392649

申请日：2016-12-28

申请人： Akamai Technologies, Inc.

发明人： Ryan Ruel ,  Fardad Farahmand ,  Brandon O. Williams

IPC分类号： H04L29/06 ,  H04W84/04 ,  H04W8/26 ,  H04L12/46

CPC分类号： H04L29/06959 ,  H04L12/4633 ,  H04L29/06612 ,  H04L61/1511 ,  H04L61/2514 ,  H04L63/0272 ,  H04L63/0485 ,  H04L63/061 ,  H04L63/068 ,  H04L63/164 ,  H04L63/20

摘要： This disclosure relates to enhanced overlay network-based transport of traffic to and from customer branch office locations, facilitated through the use of the Internet-based overlay routing. A method of selecting an ingress edge region of the overlay network begins by mapping a service hostname to an IKEv2 destination of an outer IPsec tunnel associated with a first overlay network edge. An IKEv2 session is established from the first overlay network edge to the customer router. Upon tunnel establishment, a secondary lookup is performed to determine whether the first overlay network edge is an appropriate ingress region. Based on a response to the secondary lookup, a IKEv2 redirect is issued to a second overlay network edge. A new tunnel is then established from the second overlay network edge to the customer router. Thereafter, an additional lookup may also be performed to determine whether the second overlay network edge remains an appropriate ingress region.