公开(公告)号：US09906460B2

公开(公告)日：2018-02-27

申请号：US14985652

申请日：2015-12-31

申请人： Randeep S. Bhatia ,  Fang Hao ,  Tirunell V. Lakshman ,  Harish Viswanathan

发明人： Randeep S. Bhatia ,  Fang Hao ,  Tirunell V. Lakshman ,  Harish Viswanathan

IPC分类号： H04L12/863 ,  H04L12/26 ,  H04L12/741 ,  H04L12/823 ,  H04L12/861

CPC分类号： H04L47/626 ,  H04L43/16 ,  H04L45/64 ,  H04L45/745 ,  H04L47/25 ,  H04L47/30 ,  H04L47/32 ,  H04L49/9036 ,  H04L49/9084

摘要： The present disclosure generally discloses a data plane configured for processing function scalability. The processing functions for which scalability is supported may include charging functions, monitoring functions, security functions, or the like.

公开(公告)号：US20170195245A1

公开(公告)日：2017-07-06

申请号：US14985652

申请日：2015-12-31

申请人： Randeep Bhatia ,  Fang Hao ,  Tirunell V. Lakshman ,  Harish Viswanathan

发明人： Randeep Bhatia ,  Fang Hao ,  Tirunell V. Lakshman ,  Harish Viswanathan

IPC分类号： H04L12/863 ,  H04L12/741 ,  H04L12/26

CPC分类号： H04L47/626 ,  H04L43/16 ,  H04L45/64 ,  H04L45/745 ,  H04L47/25 ,  H04L47/30 ,  H04L47/32 ,  H04L49/9036 ,  H04L49/9084

摘要： The present disclosure generally discloses a data plane configured for processing function scalability. The processing functions for which scalability is supported may include charging functions, monitoring functions, security functions, or the like.

公开(公告)号：US20150180769A1

公开(公告)日：2015-06-25

申请号：US14137047

申请日：2013-12-20

申请人： An Wang ,  Yang Guo ,  Fang Hao ,  Tirunell V. Lakshman

发明人： An Wang ,  Yang Guo ,  Fang Hao ,  Tirunell V. Lakshman

IPC分类号： H04L12/713 ,  H04L12/803 ,  H04L12/851 ,  H04L12/721 ,  H04L12/813

CPC分类号： H04L47/2483 ,  H04L45/38 ,  H04L45/64

摘要： A capability for scale-up of a control plane of a Software Defined Network (SDN) using a virtual switch based overlay is presented. A central controller (CC) of the SDN that is providing control functions for a physical switch (pSwitch) of the SDN, based on a determination that the control plane between the CC and the pSwitch is congested, modifies the default flow forwarding rule on the pSwitch from a rule indicating that new traffic flows are to be forwarded to the central controller to a rule indicating that new traffic flows are to be forwarded to a virtual switch (vSwitch). Upon receipt of a first packet of a new traffic flow at the pSwitch, the pSwitch provides the first packet of the new traffic flow to the vSwitch, which in turn provides an indication of the first packet of the new traffic flow to the CC for processing by the CC.

摘要翻译： 提出了使用基于虚拟交换机的覆盖软件定义网络（SDN）的控制平面扩展的能力。 基于对CC和pSwitch之间的控制平面拥塞的确定，SDN的中央控制器（CC）正在为SDN的物理交换机（pSwitch）提供控制功能，修改了默认流转发规则 pSwitch从指示将新的业务流转发到中央控制器的规则指示要将新的业务流转发到虚拟交换机（vSwitch）的规则。 在pSwitch接收到新的业务流的第一个分组后，pSwitch将新的业务流的第一个分组提供给vSwitch，vSwitch又向CC提供新的业务流的第一个分组的指示，以进行处理 由CC。

公开(公告)号：US07961731B2

公开(公告)日：2011-06-14

申请号：US11096220

申请日：2005-03-31

申请人： Fang Hao ,  Muralidharan Sampath Kodialam ,  Tirunell V. Lakshman

发明人： Fang Hao ,  Muralidharan Sampath Kodialam ,  Tirunell V. Lakshman

IPC分类号： H04L12/28 ,  G01R31/08 ,  H04J3/24 ,  G06F15/173

CPC分类号： H04L63/1408 ,  H04L43/024

摘要： A method for measuring flow is disclosed. The method includes receiving an IP packet; determining if another IP packet is stored in a register; if another IP packet is stored in the register, comparing the stored IP packet with the received IP packet; and determining the longest match between the stored IP packet and the received IP packet.

摘要翻译： 公开了一种测量流量的方法。 该方法包括：接收IP包; 确定另一个IP包是否存储在一个寄存器中; 如果另一IP分组存储在寄存器中，则将所存储的IP分组与接收的IP分组进行比较; 并确定所存储的IP分组与所接收的IP分组之间的最长匹配。

公开(公告)号：US07930547B2

公开(公告)日：2011-04-19

申请号：US11763676

申请日：2007-06-15

申请人： Fang Hao ,  Muralidharan Sampath Kodialam ,  Tirunell V. Lakshman

发明人： Fang Hao ,  Muralidharan Sampath Kodialam ,  Tirunell V. Lakshman

IPC分类号： H04L9/32

CPC分类号： H04L45/00 ,  H04L45/745

摘要： A method and system for generating a bloom filter by mapping into respective groups each of a plurality of initial keys according to a first hash function and mapping each group hashed key into a bloom filter using k respective hash functions.

摘要翻译： 一种用于通过根据第一散列函数映射到多个初始密钥中的每个组并且将每个组映射到相应组中来生成布隆过滤器的方法和系统，其使用k个相应的散列函数将密钥散列到布隆过滤器中。

公开(公告)号：US20140089510A1

公开(公告)日：2014-03-27

申请号：US13628421

申请日：2012-09-27

申请人： Fang Hao ,  Murali Kodialam ,  Tirunell V. Lakshman ,  Sarit Mukherjee

发明人： Fang Hao ,  Murali Kodialam ,  Tirunell V. Lakshman ,  Sarit Mukherjee

IPC分类号： G06F15/173

CPC分类号： G06F9/5072

摘要： A capability is provided for allocating cloud and network resources in a distributed cloud system including a plurality of data centers. A request for resources is received. The request for resources includes a request for cloud resources and an indication of an amount of cloud resources requested. The request for resources also may include a request for network resources or one or more constraints. A set of feasible resource mappings is determined based on the request for resources and information associated with the distributed cloud system. A resource mapping to use for the request for resources is selected from the set of feasible resource mappings. The selected resource mapping includes a mapping of the requested cloud resources to cloud resources of one or more of the data centers and an identification of network resources configured to support communications for the cloud resources of the one or more data centers.

摘要翻译： 提供了在包括多个数据中心的分布式云系统中分配云和网络资源的能力。 收到资源请求。 对资源的请求包括对云资源的请求以及所请求的云资源量的指示。 对资源的请求还可以包括对网络资源的请求或一个或多个约束。 基于对与分布式云系统相关联的资源和信息的请求确定一组可行的资源映射。 从可用资源映射的集合中选择用于资源请求的资源映射。 所选择的资源映射包括所请求的云资源与一个或多个数据中心的云资源的映射以及被配置为支持一个或多个数据中心的云资源的通信的网络资源的标识。

公开(公告)号：US08566373B2

公开(公告)日：2013-10-22

申请号：US13367441

申请日：2012-02-07

申请人： Fang Hao ,  Krishna P. Puttaswamy Naga ,  Murali Kodialam ,  Tirunell V. Lakshman

发明人： Fang Hao ,  Krishna P. Puttaswamy Naga ,  Murali Kodialam ,  Tirunell V. Lakshman

IPC分类号： G06F17/30

CPC分类号： G06F17/30109 ,  G06F21/6236

摘要： A data-leakage prevention capability is presented herein. The data-leakage prevention capability prevents leakage of data, of a file set having a plurality of files, from a secure network using online fingerprint checking of data flows at a boundary of the secure network. The online fingerprint checking is performed using a set of data structures configured for the file set. The data structures for the file set are configured based on file set characteristics information of the file set and a target detection lag indicative of a maximum number of bits within which a data leakage event for the file set is to be determined. The data structure configuration is computed for a plurality of data structures configured for use in monitoring the files of the file set. The data structure configuration includes a plurality of data structure locations and data structure sizes for the respective plurality of data structures.

摘要翻译： 本文介绍了数据泄漏防护功能。 数据泄漏防止能力通过使用在安全网络的边界上的数据流的在线指纹检查来防止来自安全网络的具有多个文件的文件组的数据的泄漏。 使用为文件集配置的一组数据结构来执行在线指纹检查。 文件集的数据结构是基于文件集的文件集特征信息和指示要确定文件集的数据泄漏事件的最大位数的目标检测滞后来配置的。 为配置为用于监视文件集文件的多个数据结构计算数据结构配置。 数据结构配置包括用于各个多个数据结构的多个数据结构位置和数据结构大小。

公开(公告)号：US20130204903A1

公开(公告)日：2013-08-08

申请号：US13367441

申请日：2012-02-07

申请人： Fang Hao ,  Krishna P. Puttaswamy Naga ,  Murali Kodialam ,  Tirunell V. Lakshman

发明人： Fang Hao ,  Krishna P. Puttaswamy Naga ,  Murali Kodialam ,  Tirunell V. Lakshman

IPC分类号： G06F7/00

CPC分类号： G06F17/30109 ,  G06F21/6236

摘要： A data-leakage prevention capability is presented herein. The data-leakage prevention capability prevents leakage of data, of a file set having a plurality of files, from a secure network using online fingerprint checking of data flows at a boundary of the secure network. The online fingerprint checking is performed using a set of data structures configured for the file set. The data structures for the file set are configured based on file set characteristics information of the file set and a target detection lag indicative of a maximum number of bits within which a data leakage event for the file set is to be determined. The data structure configuration is computed for a plurality of data structures configured for use in monitoring the files of the file set. The data structure configuration includes a plurality of data structure locations and data structure sizes for the respective plurality of data structures.

摘要翻译： 本文介绍了数据泄漏防护功能。 数据泄漏防止能力通过使用在安全网络的边界上的数据流的在线指纹检查来防止来自安全网络的具有多个文件的文件组的数据的泄漏。 使用为文件集配置的一组数据结构来执行在线指纹检查。 文件集的数据结构是基于文件集的文件集特征信息和指示要确定文件集的数据泄漏事件的最大位数的目标检测滞后来配置的。 为配置为用于监视文件集文件的多个数据结构计算数据结构配置。 数据结构配置包括用于各个多个数据结构的多个数据结构位置和数据结构大小。

公开(公告)号：US08218452B2

公开(公告)日：2012-07-10

申请号：US12495236

申请日：2009-06-30

申请人： Fang Hao ,  Muralidharan Sampath Kodialam ,  Tirunell V. Lakshman

发明人： Fang Hao ,  Muralidharan Sampath Kodialam ,  Tirunell V. Lakshman

IPC分类号： H04L12/26

CPC分类号： H04L41/5019 ,  H04L41/5087 ,  H04L41/509 ,  H04L43/026

摘要： Method and apparatus using incremental linear regression to derive a traffic flow signature indicative of a particular application within a packet stream.

摘要翻译： 使用增量线性回归的方法和装置来导出指示分组流内的特定应用的业务流签名。

公开(公告)号：US08054760B2

公开(公告)日：2011-11-08

申请号：US12543529

申请日：2009-08-19

申请人： Fang Hao ,  Murali Kodialam ,  Tirunell V. Lakshman

发明人： Fang Hao ,  Murali Kodialam ,  Tirunell V. Lakshman

IPC分类号： G01R31/08

CPC分类号： H04L41/142 ,  H04L47/19 ,  H04L47/2416 ,  H04L47/2441 ,  H04L65/80

摘要： A line-rate, real-time-traffic detector classifies a network traffic flow as real-time when it determines the smoothness of the packet arrival rate of the network traffic flow is bounded by an empirically derived bound. In some embodiments, to improve performance, a tighter smoothness bound is applied to the smoothness calculations performed on a first set of packet arrival times, while a looser smoothness bound is applied to a second set of packet arrival times, the second set inclusive of and larger than the first.

摘要翻译： 线速率实时业务检测器在确定网络业务流的分组到达速率由经验导出的边界限定时的平滑度时，将网络流量流分类为实时。 在一些实施例中，为了提高性能，对于在第一组分组到达时间上执行的平滑度计算应用更紧密的平滑度约束，而将更松散的平滑度约束应用于第二组分组到达时间，第二组包括和 大于第一。