公开(公告)号：US08191144B2

公开(公告)日：2012-05-29

申请号：US12430375

申请日：2009-04-27

申请人： Nancy Cam Winget ,  Mark Krishcer ,  Sheausong Yang ,  Ajit Sanzgiri ,  Timothy Olson ,  Pauline Shuen

发明人： Nancy Cam Winget ,  Mark Krishcer ,  Sheausong Yang ,  Ajit Sanzgiri ,  Timothy Olson ,  Pauline Shuen

IPC分类号： H04L29/06

CPC分类号： H04W12/04 ,  H04L41/00 ,  H04L63/062 ,  H04L63/08 ,  H04L63/083 ,  H04L63/123 ,  H04L63/126 ,  H04L63/1408 ,  H04W12/10 ,  H04W12/12 ,  H04W84/12 ,  H04W88/08

摘要： A detection-based defense to a wireless network. Elements of the infrastructure, e.g., access points or scanning-only access points, detect intruders by detecting spoofed frames, such as from rogue access points. Access points include a signature, such as a message integrity check, with their management frames in a manner that enables neighboring access points to be able to validate the management frames, and to detect spoofed frames. When a neighboring access point receives a management frame, obtains a key for the access point sending the frame, and validates the management frame using the key.

摘要翻译： 基于检测的无线网络防御。 基础设施的元件，例如接入点或仅扫描接入点，通过检测欺骗性帧（例如从流氓接入点）来检测入侵者。 接入点包括诸如消息完整性检查之类的签名，以及其管理帧的方式使得相邻接入点能够验证管理帧，并且检测被欺骗的帧。 当相邻接入点接收到管理帧时，获取发送帧的接入点的密钥，并使用密钥验证管理帧。

公开(公告)号：US20080235508A1

公开(公告)日：2008-09-25

申请号：US11728001

申请日：2007-03-22

申请人： Etai Lev Ran ,  Ajit Sanzgiri

发明人： Etai Lev Ran ,  Ajit Sanzgiri

IPC分类号： H04L9/00

CPC分类号： H04L63/0428 ,  H04L63/061 ,  H04L63/166

摘要： In one embodiment, a method for providing secure communications using a proxy is provided. The proxy negotiates with a client and a server to determine a session key to use with communications between the client and the proxy and between the proxy and the server. Encrypted data may then be received from the client at the proxy. The proxy can decrypt the encrypted data for processing using the session key. In one embodiment, the decrypted data is not altered. The proxy then sends the encrypted data that was received from the client to the server without re-encrypting the data that was decrypted. Because the proxy did not alter the data in its processing of the decrypted data and the same session key is used between communications for the proxy and the server, the encrypted data stream that was received from the client can be forwarded to the server.

摘要翻译： 在一个实施例中，提供了一种使用代理提供安全通信的方法。 代理与客户端和服务器协商，以确定与客户端和代理之间以及代理和服务器之间的通信一起使用的会话密钥。 然后可以从代理处从客户端接收加密的数据。 代理可以使用会话密钥解密加密数据进行处理。 在一个实施例中，解密的数据不被改变。 然后，代理将从客户端接收的加密数据发送到服务器，而不重新加密被解密的数据。 因为代理在处理解密数据时没有改变数据，并且在代理和服务器的通信之间使用相同的会话密钥，所以从客户端接收的加密数据流可以被转发到服务器。

公开(公告)号：US06807172B1

公开(公告)日：2004-10-19

申请号：US09469459

申请日：1999-12-21

申请人： Herman Levenson ,  Jonathan Davar ,  Ajit Sanzgiri ,  Thomas J. Edsall ,  Chingwei Chang ,  Rong-Lung Lue ,  Saravanakumar Rajendran ,  Tuan Thanh Nguyen ,  Claudette Lucille Surma

发明人： Herman Levenson ,  Jonathan Davar ,  Ajit Sanzgiri ,  Thomas J. Edsall ,  Chingwei Chang ,  Rong-Lung Lue ,  Saravanakumar Rajendran ,  Tuan Thanh Nguyen ,  Claudette Lucille Surma

IPC分类号： H04L1228

CPC分类号： H04L49/3009 ,  H04L49/101 ,  H04L49/30 ,  H04L49/351 ,  H04L49/354 ,  H04L49/40

摘要： A technique enables learning and switching of frames between line cards that are interconnected by a switch fabric of a distributed network switch. The network switch comprises a router and a plurality of forwarding engines, each having an associated forwarding table. The distributed learning and switching technique configures (i) the router to issue an extra copy of a routed frame to an ingress card having a port attached to the source of the frame; (ii) the router to ensure that the contents of a source index field of the routed frame header indicate that the frame originated from the ingress card; (iii) the router to assert a shortcut bit in the header of the routed frame; (iv) a forwarding engine on an egress card having a port attached to the destination of the frame to generate and issue a media access control notification frame to the ingress card and (v) a forwarding engine on the ingress card to mark an established entry in a layer 2 (L2) portion of its forwarding table as ineligible for normal L2 aging policies.

摘要翻译： 一种技术能够在由分布式网络交换机的交换结构互连的线路卡之间学习和切换帧。 网络交换机包括路由器和多个转发引擎，每个转发引擎具有相关联的转发表。 分布式学习和切换技术配置（i）路由器向已经连接到帧的源的端口的入口卡发布路由帧的额外副本; （ii）路由器，以确保路由帧头的源索引字段的内容指示帧来自入口卡; （iii）路由器在路由帧的头部中断言快捷位; （iv）在出口卡上的转发引擎，其具有连接到帧的目的地的端口，以生成并向入口卡发布媒体访问控制通知帧，以及（v）在入口卡上的转发引擎来标记已建立的条目 在其转发表的第2层（L2）部分不符合正常的L2老化策略。

公开(公告)号：US08274973B2

公开(公告)日：2012-09-25

申请号：US12730352

申请日：2010-03-24

申请人： Srinivas Sardar ,  Udayakumar Srinivasan ,  Shankar Ramachandran ,  Chidambareswaran Raman ,  Ajit Sanzgiri ,  Michael R. Smith

发明人： Srinivas Sardar ,  Udayakumar Srinivasan ,  Shankar Ramachandran ,  Chidambareswaran Raman ,  Ajit Sanzgiri ,  Michael R. Smith

IPC分类号： H04L12/50

CPC分类号： H04L67/1097 ,  H04L45/04 ,  H04L67/327 ,  H04L69/12

摘要： In one embodiment, layer-2 (L2) ports of a network device may each be assigned to a particular virtual service domain (VSD). One or more virtual service engines (VSEs) may also be assigned in a particular order to each VSD, where each VSE is configured to apply a particular service to traffic traversing the VSE between ingress and egress service ports. Interconnecting the L2 ports and the ingress and egress service ports is an illustrative virtual Ethernet module (VEM), which directs traffic it receives according to rules as follows: a) into a destination VSD via the one or more correspondingly assigned VSEs in the particular order; b) out of a current VSD via the one or more correspondingly assigned VSEs in a reverse order from the particular order; or c) within a current VSD without redirection through a VSE.

摘要翻译： 在一个实施例中，网络设备的层2（L2）端口可以分配给特定的虚拟服务域（VSD）。 还可以向每个VSD分配一个或多个虚拟服务引擎（VSE），其中每个VSD被配置为将特定服务应用于在入口和出口服务端口之间穿过VSE的流量。 互连L2端口和入口和出口服务端口是说明性虚拟以太网模块（VEM），其根据以下规则指导其接收的流量：a）经由一个或多个相应分配的VSE以特定顺序进入目的地VSD ; b）以与特定顺序相反的顺序经由一个或多个相应分配的VSE从当前VSD中取出; 或c）在当前VSD内，而不通过VSE重定向。

公开(公告)号：US20120233453A1

公开(公告)日：2012-09-13

申请号：US13480715

申请日：2012-05-25

申请人： Etai Lev Ran ,  Ajit Sanzgiri

发明人： Etai Lev Ran ,  Ajit Sanzgiri

IPC分类号： H04L9/00

CPC分类号： H04L63/0428 ,  H04L63/061 ,  H04L63/166

摘要： In one embodiment, a method for providing secure communications using a proxy is provided. The proxy negotiates with a client and a server to determine a session key to use with communications between the client and the proxy and between the proxy and the server. Encrypted data may then be received from the client at the proxy. The proxy can decrypt the encrypted data for processing using the session key. In one embodiment, the decrypted data is not altered. The proxy then sends the encrypted data that was received from the client to the server without re-encrypting the data that was decrypted. Because the proxy did not alter the data in its processing of the decrypted data and the same session key is used between communications for the proxy and the server, the encrypted data stream that was received from the client can be forwarded to the server.

摘要翻译： 在一个实施例中，提供了一种使用代理提供安全通信的方法。 代理与客户端和服务器协商，以确定与客户端和代理之间以及代理和服务器之间的通信一起使用的会话密钥。 然后可以从代理处从客户端接收加密的数据。 代理可以使用会话密钥解密加密数据进行处理。 在一个实施例中，解密的数据不被改变。 然后，代理将从客户端接收的加密数据发送到服务器，而不重新加密被解密的数据。 因为代理在处理解密数据时没有改变数据，并且在代理和服务器的通信之间使用相同的会话密钥，所以从客户端接收的加密数据流可以被转发到服务器。

公开(公告)号：US08190875B2

公开(公告)日：2012-05-29

申请号：US11728001

申请日：2007-03-22

申请人： Etai Lev Ran ,  Ajit Sanzgiri

发明人： Etai Lev Ran ,  Ajit Sanzgiri

IPC分类号： H04L29/06 ,  G06F7/04

CPC分类号： H04L63/0428 ,  H04L63/061 ,  H04L63/166

摘要： In one embodiment, a method for providing secure communications using a proxy is provided. The proxy negotiates with a client and a server to determine a session key to use with communications between the client and the proxy and between the proxy and the server. Encrypted data may then be received from the client at the proxy. The proxy can decrypt the encrypted data for processing using the session key. In one embodiment, the decrypted data is not altered. The proxy then sends the encrypted data that was received from the client to the server without re-encrypting the data that was decrypted. Because the proxy did not alter the data in its processing of the decrypted data and the same session key is used between communications for the proxy and the server, the encrypted data stream that was received from the client can be forwarded to the server.

摘要翻译： 在一个实施例中，提供了一种使用代理提供安全通信的方法。 代理与客户端和服务器协商，以确定与客户端和代理之间以及代理和服务器之间的通信一起使用的会话密钥。 然后可以从代理处从客户端接收加密的数据。 代理可以使用会话密钥解密加密数据进行处理。 在一个实施例中，解密的数据不被改变。 然后，代理将从客户端接收的加密数据发送到服务器，而不重新加密被解密的数据。 因为代理在处理解密数据时没有改变数据，并且在代理和服务器的通信之间使用相同的会话密钥，所以从客户端接收的加密数据流可以被转发到服务器。

公开(公告)号：US20110235645A1

公开(公告)日：2011-09-29

申请号：US12730352

申请日：2010-03-24

申请人： Srinivas Sardar ,  Udayakumar Srinivasan ,  Shankar Ramachandran ,  Chidambareswaran Raman ,  Ajit Sanzgiri ,  Michael R. Smith

发明人： Srinivas Sardar ,  Udayakumar Srinivasan ,  Shankar Ramachandran ,  Chidambareswaran Raman ,  Ajit Sanzgiri ,  Michael R. Smith

IPC分类号： H04L12/56

CPC分类号： H04L67/1097 ,  H04L45/04 ,  H04L67/327 ,  H04L69/12

摘要： In one embodiment, layer-2 (L2) ports of a network device may each be assigned to a particular virtual service domain (VSD). One or more virtual service engines (VSEs) may also be assigned in a particular order to each VSD, where each VSE is configured to apply a particular service to traffic traversing the VSE between ingress and egress service ports. Interconnecting the L2 ports and the ingress and egress service ports is an illustrative virtual Ethernet module (VEM), which directs traffic it receives according to rules as follows: a) into a destination VSD via the one or more correspondingly assigned VSEs in the particular order; b) out of a current VSD via the one or more correspondingly assigned VSEs in a reverse order from the particular order; or c) within a current VSD without redirection through a VSE.

摘要翻译： 在一个实施例中，网络设备的层2（L2）端口可以分配给特定的虚拟服务域（VSD）。 还可以向每个VSD分配一个或多个虚拟服务引擎（VSE），其中每个VSD被配置为将特定服务应用于在入口和出口服务端口之间穿过VSE的流量。 互连L2端口和入口和出口服务端口是说明性虚拟以太网模块（VEM），其根据以下规则指导其接收的流量：a）经由一个或多个相应分配的VSE以特定顺序进入目的地VSD ; b）以与特定顺序相反的顺序经由一个或多个相应分配的VSE从当前VSD中取出; 或c）在当前VSD内，而不通过VSE重定向。

公开(公告)号：US07411925B2

公开(公告)日：2008-08-12

申请号：US10986625

申请日：2004-11-12

申请人： Vijay Nain ,  Chia Tsai ,  Ajit Sanzgiri

发明人： Vijay Nain ,  Chia Tsai ,  Ajit Sanzgiri

IPC分类号： H04Q7/00

CPC分类号： H04W80/04 ,  H04W80/10

摘要： Embodiments of the present invention provide for switchover from an active processor to a standby processor in a route processor system. An up-to-date copy of information used by a supervisor process at the active processor is ensured by determining necessary event states. One type of event state includes message requests, processing and replies. Three basic types of communication between three different entities (blade, wireless domain services (WDS) and supervisor) are governed by three types of communication protocols: WLCCP between a blade and WDS, LCP between a supervisor and a blade, and checkpoint-type messages between two supervisors.

摘要翻译： 本发明的实施例提供了在路由处理器系统中从活动处理器到待机处理器的切换。 通过确定必要的事件状态来确保在主动处理器处由主管进程使用的信息的最新副本。 一种类型的事件状态包括消息请求，处理和回复。 三种不同实体（刀片，无线域服务（WDS）和主管）之间的三种基本类型的通信由三种通信协议控制：刀片与WDS之间的WLCCP，主管和刀片之间的LCP以及检查点类型的消息 两名主管之间。

公开(公告)号：US06735198B1

公开(公告)日：2004-05-11

申请号：US09469062

申请日：1999-12-21

申请人： Thomas J. Edsall ,  Herman Levenson ,  Claudette Lucille Surma ,  Ajit Sanzgiri ,  Saravanakumar Rajendran ,  Rong-Lung Lue ,  Tuan Thanh Nguyen

发明人： Thomas J. Edsall ,  Herman Levenson ,  Claudette Lucille Surma ,  Ajit Sanzgiri ,  Saravanakumar Rajendran ,  Rong-Lung Lue ,  Tuan Thanh Nguyen

IPC分类号： H04L1228

CPC分类号： H04L45/54 ,  H04L49/3009 ,  H04L49/354 ,  H04L49/602

摘要： A mechanism and technique updates and synchronizes forwarding tables contained on line cards that are interconnected by a switch fabric of a distributed network switch. The network switch is preferably a L3 or L4 switch comprising a plurality of forwarding engines distributed among the line cards. Each forwarding engine has an associated forwarding table, which preferably includes a L2 portion and L3/L4 portions. The L2 portion of the table is used to execute forwarding decision operations for frames forwarded among ports of the line cards, whereas the L3/L4 portions of the table are used to execute shortcut and forwarding operations for frames routed among the ports. The mechanism comprises a media access control (MAC) notification (MN) frame for updating and synchronizing the location of a destination port stored in the L2 portions of the forwarding tables.

摘要翻译： 机制和技术更新并同步包含在由分布式网络交换机的交换结构互连的线路卡上的转发表。 网络交换机优选地是包括分配在线路卡之间的多个转发引擎的L3或L4交换机。 每个转发引擎具有相关联的转发表，其优选地包括L2部分和L3 / L4部分。 表的L2部分用于对线路卡端口之间转发的帧执行转发决策操作，而表的L3 / L4部分用于对端口之间路由的帧执行快捷和转发操作。 该机制包括用于更新和同步存储在转发表的L2部分中的目的地端口的位置的媒体访问控制（MAC）通知（MN）帧。