摘要:
Method and system for configuring a device that has failed to obtain a network address. In one aspect of the invention, a method for remotely configuring a device includes attempting to obtain a network address from a network server over a network, and receiving a valid network address over the network from a remote device connected to the network in response to failing to obtain the network address from the network server.
摘要:
Methods, apparatus, and products are disclosed for remotely booting computing nodes in a switching domain, the switching domain capable of connecting to other switching domains through a network switch, that include: receiving, in the switch, a wakeup request packet that requests activation of one or more computing nodes in the switching domain, the wakeup request packet having a process port value specifying physical ports on the switch to which the one or more computing nodes are physically connected; identifying, by the switch, a network address for each computing node in dependence upon the physical port on the switch to which each computing node to be activated is physically connected; generating, by the switch, a wakeup packet for each computing node in dependence upon the identified network address for that computing node; and transmitting, by the switch to each computing node to be activated, the wakeup packet for that computing node.
摘要:
A method and apparatus for monitoring and control of a system is disclosed. The method and apparatus include providing a plurality of sensors, a table, and a network processor. The sensors monitor attributes of the system. The table includes a plurality of entries. Each of the entries indicates at least one action to be taken in response to a portion attributes having particular values. The network processor is coupled with the sensors and with the table. The network processor receives from the sensors a plurality of statuses for the attributes. The network processor further determines at least one entry of the entries to access based upon the statuses and accesses the at least one entry to determine a corresponding action.
摘要:
A method and system for detecting attempted intrusions into a network, including: providing a network processor for monitoring packets transmitted over a communications link of the network; receiving a plurality of packets from the communications link by the network processor; and pre-filtering the plurality of packets by the network processor to identify packets potentially with patterns of interest. These packets are forwarded to a NIDS. The NIDS then examines the forwarded packets to identify the packets that have the pattern of interest. By using the network processor to pre-filter the packets, the number of packets examined by the NIDS is significantly reduced. Also, the capacity of the NIDS can be increased without requiring changes in the NIDS.
摘要:
A network management frame contains a clear text (unencrypted) management command field and a security field. The management frame is sent to a data communications network by an authorized managing entity (manager). The management frame is addressed to a managing agent (agent). The security field includes two sub fields. The first sub field is a clear text time stamp. The second sub field includes this same time stamp value concatenated with a checksum that is calculated by the manager for the specific clear text management command contained within the management frame. The concatenated value is then encrypted under a secret cryptographic key that is shared by the manager and the agent. The agent receives the management frame, calculates a checksum of the clear text management command, and appends this checksum to the clear text time stamp as contained in the received management frame. This value is then encrypted using the shared cryptographic code. If the result matches the second sub field of the received management command, integrity of the received management command is assured. Next, the clear text value of time stamp contained within the received management command is checked against a common clock within the agent. If the value of this time stamp falls within an predetermined time window, the authenticity of the received management command has been verified.
摘要:
Autoconfiguration of an IPv6 component in a segmented network including receiving an IPv6 packet; determining whether the received IPv6 packet is a router advertisement or a router solicitation; if the received IPv6 packet is a router advertisement, then retrieving through an out-of-band link a MAC address for the IPv6 component, removing a MAC address of a sending router, inserting in the packet instead an internal MAC address for forwarding packets to the IPv6 component, removing a multicast destination MAC address, inserting in the packet the destination MAC address of the IPv6 component, and forwarding the packet to the IPv6 component as a unicast message; if the received IPv6 packet is a router solicitation, then removing the MAC address of the sending IPv6 component, inserting in the packet instead an external MAC address for forwarding packets to the router, and forwarding the packet to the router as a multicast message.
摘要:
An improved solution for limiting the transmission rate of data over a network is provided according to an aspect of the invention. In particular, the transmission rate for a port is limited by rate limiting one of a plurality of queues (e.g., class/quality of service queues) for the port, and directing all data (e.g., packets) for transmission through the port to the single rate limited queue. In this manner, the transmission rate for the port can be effectively limited to accommodate, for example, a lower transmission rate for a port on a destination node.
摘要:
Autoconfiguration of an IPv6 component in a segmented network including receiving an IPv6 packet; determining whether the received IPv6 packet is a router advertisement or a router solicitation; if the received IPv6 packet is a router advertisement, then retrieving through an out-of-band link a MAC address for the IPv6 component, removing a MAC address of a sending router, inserting in the packet instead an internal MAC address for forwarding packets to the IPv6 component, removing a multicast destination MAC address, inserting in the packet the destination MAC address of the IPv6 component, and forwarding the packet to the IPv6 component as a unicast message; if the received IPv6 packet is a router solicitation, then removing the MAC address of the sending IPv6 component, inserting in the packet instead an external MAC address for forwarding packets to the router, and forwarding the packet to the router as a multicast message.
摘要:
Methods, apparatus, and products are disclosed for remotely booting computing nodes in a switching domain, the switching domain capable of connecting to other switching domains through a network switch, that include: receiving, in the switch, a wakeup request packet that requests activation of one or more computing nodes in the switching domain, the wakeup request packet having a process port value specifying physical ports on the switch to which the one or more computing nodes are physically connected; identifying, by the switch, a network address for each computing node in dependence upon the physical port on the switch to which each computing node to be activated is physically connected; generating, by the switch, a wakeup packet for each computing node in dependence upon the identified network address for that computing node; and transmitting, by the switch to each computing node to be activated, the wakeup packet for that computing node.
摘要:
A method and system is provided for tracking mobile devices combining packet processing technology with Global Positioning System (GPS) technology. A central network system comprising a packet processing subsystem receives transmitted GPS location data from a mobile device transmitting GPS location data, wherein the packet processing subsystem uses a table access scheme to process the GPS location data and produce responsive mapping data, and the central network processing system compares the mapping data to a map and identifies a corresponding map location. Embodiments may also correlate device identification data, tracking table entries, and/or billing zone charges. In some embodiments a look-up key is built responsive to the GPS location data and used to identify map locations. The table access scheme may be a key hashing scheme and, in particular, a longest prefix match type scheme.