公开(公告)号：US08472445B1

公开(公告)日：2013-06-25

申请号：US12917405

申请日：2010-11-01

申请人： Nafea Bishara ,  Tsahi Daniel ,  David Melman

发明人： Nafea Bishara ,  Tsahi Daniel ,  David Melman

IPC分类号： H04L12/28

CPC分类号： H04L45/74 ,  H04L49/35

摘要： A network switch including a port, a memory, and a controller. The port has a port identifier and receives a packet (including an address of the source device) transmitted from a source device to the network switch. The memory is configured to store entries, each entry including (i) an identifier of a port of the network switch and (ii) an address of a network device. The controller is configured to (i) determine whether the address of the source device and the port identifier of the packet are stored in the memory and (ii) send a message to a processor requesting approval of the packet. The controller is configured to send the message when (i) the address of the source device is not stored in the memory or (ii) the port identifier of the packet is not stored with the address of the source device as one of the entries.

摘要翻译： 包括端口，存储器和控制器的网络交换机。 该端口具有端口标识符，并接收从源设备发送到网络交换机的数据包（包括源设备的地址）。 存储器被配置为存储条目，每个条目包括（i）网络交换机的端口的标识符和（ii）网络设备的地址。 控制器被配置为（i）确定源设备的地址和分组的端口标识是否存储在存储器中，以及（ii）向请求批准分组的处理器发送消息。 控制器被配置为在（i）源设备的地址不存储在存储器中时发送消息，或者（ii）分组的端口标识符不与源设备的地址一起存储为条目之一。

公开(公告)号：US07796594B2

公开(公告)日：2010-09-14

申请号：US12030822

申请日：2008-02-13

申请人： David Melman ,  Nir Arad ,  Nafea Bshara

发明人： David Melman ,  Nir Arad ,  Nafea Bshara

IPC分类号： H04L12/28

CPC分类号： H04L45/04 ,  H04L12/46 ,  H04L12/4625 ,  H04L45/00 ,  H04L45/08 ,  H04L45/60 ,  H04L49/109 ,  H04L49/351

摘要： A system and method of extending a standard bridge to enable execution of logical bridging functionality are disclosed. In some implementations, a logical bridge may assign source logical port information to a data packet based on characteristics of the data packet, employ the source logical port information to learn the source address and to forward the data packet to a logical egress port, and map the logical egress port to a physical egress port at which the data packet is to be egressed. A tunnel interface may optionally be applied to a data packet upon egress.

摘要翻译： 公开了一种扩展标准网桥以实现逻辑桥接功能的执行的系统和方法。 在一些实现中，逻辑桥可以基于数据分组的特性将源逻辑端口信息分配给数据分组，使用源逻辑端口信息来学习源地址并将数据分组转发到逻辑出口端口，并且映射 到出口数据包的物理出口端口的逻辑出口端口。 隧道接口可以可选地在出口时应用于数据分组。

公开(公告)号：US07626938B1

公开(公告)日：2009-12-01

申请号：US11094980

申请日：2005-03-31

申请人： Michael Orr ,  David Melman ,  Tsahi Daniel

发明人： Michael Orr ,  David Melman ,  Tsahi Daniel

IPC分类号： G01R31/00

CPC分类号： H04L12/4625 ,  H04L43/00 ,  H04L43/18 ,  H04L49/208 ,  H04L49/351 ,  H04L49/555

摘要： An Ethernet network device includes a port logic module that is associated with a device port of the Ethernet network device. A packet processing module includes an ingress processing module that receives an incoming packet and that generates a control traffic tag. An ingress command execution module receives the incoming packet and the control traffic tag, generates a duplicate packet that is identical to the incoming packet, and generates a device interface code that identifies the port logic module based on the control traffic tag. A control traffic routing module receives the duplicate packet and the device interface code and forwards the duplicate packet to the port logic module. A network traffic analysis device receives the duplicate packet. The port logic module replaces a first destination header of the duplicate packet with a second destination header that is identical to a destination header of the incoming packet.

摘要翻译： 以太网网络设备包括与以太网设备的设备端口相关联的端口逻辑模块。 分组处理模块包括接收进入分组并且生成控制业务标签的入口处理模块。 入口命令执行模块接收输入数据包和控制流量标签，生成与传入数据包相同的重复数据包，并生成基于控制流量标签识别端口逻辑模块的设备接口代码。 控制流量路由模块接收重复数据包和设备接口代码，并将重复数据包转发到端口逻辑模块。 网络流量分析设备接收重复的数据包。 端口逻辑模块用与传入分组的目的地报头相同的第二目的地报头替换重复分组的第一目的地报头。

公开(公告)号：US09019970B1

公开(公告)日：2015-04-28

申请号：US13443699

申请日：2012-04-10

申请人： Nir Arad ,  Carmi Arad ,  David Melman

发明人： Nir Arad ,  Carmi Arad ,  David Melman

IPC分类号： H04L12/56 ,  H04L12/801

CPC分类号： H04L47/33 ,  H04L45/028

摘要： A plurality of forwarding devices are configured to couple to respective pluralities of ports to ingress and egress network traffic. Ones of the plurality of forwarding devices are coupled to respective forwarding databases and each one forwarding device is configured to maintain the respective forwarding database, and send messages to and receive message from other ones of the plurality of forwarding devices to synchronize the plurality of forwarding databases.

摘要翻译： 多个转发设备被配置为耦合到相应的多个端口以入口和出口网络业务。 所述多个转发装置的一部分被耦合到相应的转发数据库，​​并且每个转发装置被配置为维护相应的转发数据库，​​并且向多个转发装置中的其他转发装置的消息发送消息并从其接收消息以使多个转发数据库同步 。

公开(公告)号：US08089963B2

公开(公告)日：2012-01-03

申请号：US12881123

申请日：2010-09-13

申请人： David Melman ,  Nir Arad ,  Nafea Bshara

发明人： David Melman ,  Nir Arad ,  Nafea Bshara

IPC分类号： H04L12/28

CPC分类号： H04L45/04 ,  H04L12/46 ,  H04L12/4625 ,  H04L45/00 ,  H04L45/08 ,  H04L45/60 ,  H04L49/109 ,  H04L49/351

摘要： A network device includes at least one source physical port coupled to a network, and a plurality of egress ports. A logical port assignment mechanism assigns source logical port information to a data packet received via one of the at least one physical port. The source logical port information is based on characteristics of the data packet, and the source logical port information corresponds to a logical entity that is different from any source physical port. A forwarding engine determines one or more egress ports for forwarding the data packet based on at least the assigned source logical port.

摘要翻译： 网络设备包括耦合到网络的至少一个源物理端口和多个出口端口。 逻辑端口分配机制将源逻辑端口信息分配给经由至少一个物理端口之一接收的数据分组。 源逻辑端口信息基于数据包的特性，源逻辑端口信息对应于与任何源物理端口不同的逻辑实体。 转发引擎基于至少所分配的源逻辑端口来确定用于转发数据分组的一个或多个出口端口。

公开(公告)号：US07826452B1

公开(公告)日：2010-11-02

申请号：US10761879

申请日：2004-01-21

申请人： Nafea Bishara ,  Tsahi Daniel ,  David Melman

发明人： Nafea Bishara ,  Tsahi Daniel ,  David Melman

IPC分类号： H04L12/28

CPC分类号： H04L45/74 ,  H04L49/35

摘要： A method, apparatus, and computer-readable media for a switch comprising a plurality of network ports and a central processing unit (CPU) interface comprises receiving, on one of the network ports, a packet comprising a source media access control (MAC) address; sending, to the CPU interface, a request to approve an association between the one of the network ports and the source MAC address when no request to approve the association between the one of the network ports and the source MAC address has been sent to the CPU interface; and sending, to the CPU interface, the request to approve the association between the one of the network ports and the source MAC address when an association between the source MAC address and a different one of the network ports has been approved.

摘要翻译： 一种用于交换机的方法，装置和计算机可读介质，包括多个网络端口和中央处理单元（CPU）接口，包括在所述网络端口之一上接收包括源媒体访问控制（MAC）地址 ; 当没有请求批准一个网络端口和源MAC地址之间的关联的请求已经被发送到CPU时，向CPU接口发送批准一个网络端口与源MAC地址之间的关联的请求 接口; 并且当源MAC地址与不同网络端口之间的关联已被批准时，向CPU接口发送批准一个网络端口与源MAC地址之间的关联的请求。

公开(公告)号：US07796590B1

公开(公告)日：2010-09-14

申请号：US11346089

申请日：2006-02-01

申请人： David Melman ,  Nir Arad ,  Tsahi Daniel

发明人： David Melman ,  Nir Arad ,  Tsahi Daniel

IPC分类号： H04L12/54

CPC分类号： H04L45/02 ,  H04L45/36 ,  H04L45/66 ,  H04L49/3009 ,  H04L49/351 ,  H04L63/0236 ,  H04L63/1458

摘要： A method of managing network traffic. The method includes initializing a database in communication with a network device. The database includes a number of MAC address entries and a network flooding entry associated with each of the number of MAC address entries. Each of the number of MAC address entries is associated with a station known to the network. The method also includes receiving network traffic at the network device. The network traffic is associated with a MAC source address. The method further includes determining whether the MAC source address is included in the database, automatically learning a location associated with the MAC source address, and forwarding the network traffic over the network if the MAC source address is included in the database. Additionally, the method includes dropping or trapping the network traffic if the MAC source address is not included in the database. Dropping the network traffic is performed without interaction with a CPU.

摘要翻译： 一种管理网络流量的方法。 该方法包括初始化与网络设备通信的数据库。 数据库包括多个MAC地址表项和与每个MAC地址表项相关联的网络洪泛条目。 MAC地址表项中的每一个与网络已知的站相关联。 该方法还包括在网络设备处接收网络流量。 网络流量与MAC源地址相关联。 该方法还包括：如果MAC源地址包括在数据库中，则确定MAC源地址是否包括在数据库中，自动学习与MAC源地址相关联的位置，以及如果MAC源地址被包括在网络中，则转发网络流量。 此外，如果MAC源地址不包括在数据库中，则该方法包括丢弃或捕获网络流量。 执行网络流量下降而不与CPU进行交互。

公开(公告)号：US09240898B1

公开(公告)日：2016-01-19

申请号：US12393885

申请日：2009-02-26

申请人： David Melman

发明人： David Melman

IPC分类号： H04L12/46

CPC分类号： H04L12/4625 ,  H04L12/4633 ,  H04L12/4641 ,  H04L12/4645

摘要： Methods and apparatus for integrating VLAN-unaware devices into VLAN-enabled networks are described. For example, a method of assigning a virtual local area network identifier (VID) to a data unit may include receiving a data unit encapsulated in a wireless header from a source host via a wireless access point, wherein the data unit is addressed to a target host. A VID is determined based at least in part on an identifier of a wireless network included in the wireless header, and the VID is assigned to the data unit.

摘要翻译： 描述了将VLAN不知名设备集成到启用VLAN的网络中的方法和设备。 例如，将虚拟局域网标识符（VID）分配给数据单元的方法可以包括经由无线接入点从源主机接收封装在无线报头中的数据单元，其中数据单元被寻址到目标 主办。 至少部分地基于无线头部中包括的无线网络的标识符来确定VID，并且将VID分配给数据单元。

公开(公告)号：US08830997B1

公开(公告)日：2014-09-09

申请号：US12917417

申请日：2010-11-01

申请人： Nafea Bishara ,  Tsahi Daniel ,  David Melman ,  Nir Arad

发明人： Nafea Bishara ,  Tsahi Daniel ,  David Melman ,  Nir Arad

IPC分类号： H04L12/28

CPC分类号： H04L45/00 ,  H04L12/4641 ,  H04L45/54 ,  H04L63/1458

摘要： A network device including a processor having an internet protocol (IP) address, and a processor port configured to communicate exclusively with the processor. The network device also includes a plurality of network ports configured to communicate with network nodes external to the network device. In addition, the network device includes a forwarding engine configured to selectively transfer packets (i) among the plurality of network ports, and (ii) between the processor port and the plurality of network ports; receive a broadcast packet from one of the plurality of network ports, the broadcast packet including a target IP address; and forward the broadcast packet to the processor, via the processor port, only when both (i) the broadcast packet is a control packet, and (ii) the target IP address of the broadcast packet matches the IP address of processor.

摘要翻译： 一种网络设备，包括具有互联网协议（IP）地址的处理器和被配置为与处理器专用通信的处理器端口。 网络设备还包括被配置为与网络设备外部的网络节点进行通信的多个网络端口。 另外，网络设备包括：转发引擎，被配置为选择性地传送多个网络端口中的分组（i），以及（ii）处理器端口和多个网络端口之间; 从所述多个网络端口之一接收广播分组，所述广播分组包括目标IP地址; 并且只有当（i）广播分组都是控制分组时，并且（ii）广播分组的目标IP地址与处理器的IP地址匹配，则经由处理器端口将广播分组转发到处理器。

公开(公告)号：US08255515B1

公开(公告)日：2012-08-28

申请号：US11334184

申请日：2006-01-17

申请人： David Melman ,  Tsahi Daniel ,  Eran Regev

发明人： David Melman ,  Tsahi Daniel ,  Eran Regev

IPC分类号： G06F15/173 ,  G08B23/00

CPC分类号： H04L47/24

摘要： A network device for use in a networking system. The network device includes a packet processor adapted to receive control packets at a network port of the network device. The packet processor is also adapted to assign a CPU code to the control packets. The network device also includes a CPU in communication with the packet processor and a lookup table indexed by the CPU code and in communication with the packet processor. According to embodiments of the present invention, one or more entries in the lookup table define a rate limit in accordance with which packets characterized by the CPU code are delivered from the packet processor to the CPU.

摘要翻译： 用于网络系统的网络设备。 网络设备包括适于在网络设备的网络端口处接收控制分组的分组处理器。 分组处理器还适用于为控制分组分配CPU代码。 网络设备还包括与分组处理器通信的CPU和由CPU代码索引并与分组处理器通信的查找表。 根据本发明的实施例，查找表中的一个或多个条目根据由CPU代码表征的哪个分组从分组处理器传送到CPU来定义速率限制。