-
21.发明授权Techniques for network protection based on subscriber-aware application proxies 有权基于用户感知应用代理的网络保护技术公开(公告)号:US08266696B2
公开(公告)日:2012-09-11
申请号:US11273112
申请日:2005-11-14
CPC分类号: H04L63/0227 , H04L63/1408 , H04L63/1441
摘要: Techniques for responding to intrusions on a packet switched network include receiving user data at a subscriber-aware gateway server between a network access server and a content server. The user data includes subscriber identifier data that indicates a unique identifier for a particular user, network address data that indicates a network address for a host used by the particular user, NAS data that indicates an identifier for the network access server, flow list data that indicates one or more open data packet flows, and suspicious activity data. The suspicious activity data indicates a value for a property of the open data packet flows that indicates suspicious activity. It is determined whether an intrusion condition is satisfied based on the suspicious activity data. If the intrusion condition is satisfied, then the gateway responds based at least in part on user data other than the network address data.
摘要翻译: 用于响应分组交换网络上的入侵的技术包括在网络接入服务器和内容服务器之间的用户感知网关服务器处接收用户数据。 用户数据包括指示特定用户的唯一标识符的用户标识符数据,指示特定用户使用的主机的网络地址的网络地址数据,指示网络接入服务器的标识符的NAS数据, 指示一个或多个打开的数据分组流和可疑活动数据。 可疑活动数据表示指示可疑活动的开放数据分组流的属性的值。 基于可疑活动数据确定是否满足入侵条件。 如果入侵条件满足,则网关至少部分地基于除了网络地址数据之外的用户数据进行响应。
-
公开(公告)号:US08194675B2
公开(公告)日:2012-06-05
申请号:US12725336
申请日:2010-03-16
IPC分类号: H04L12/28
CPC分类号: H04L47/10 , H04L1/1628 , H04L43/18 , H04L47/34
摘要: In one embodiment, a method includes receiving, at a local node of a network, a sequenced data packet of a flow made up of multiple sequenced data packets from a source node directed toward a destination node. The flow is to be parsed by the local node to describe the flow for administration of the network. Based on sequence data in the sequenced data packet, it is determined whether the sequenced data packet is out of order in the flow. If it is determined that the sequenced data packet is out of order, then the sequenced data packet is forwarded toward the destination node before parsing the sequenced data packet. The out of order sequenced data packet is also stored for subsequent parsing at the local node.
摘要翻译: 在一个实施例中,一种方法包括在网络的本地节点处接收由来自指向目的地节点的源节点的多个排序数据分组组成的流的排序数据分组。 该流程将由本地节点进行解析,以描述网络管理流程。 基于顺序数据包中的序列数据,确定顺序数据包是否在流程中是无序的。 如果确定排序的数据分组是无序的,则在分析排序的数据分组之前,将排序的数据分组转发到目的地节点。 无序排序数据包也存储在本地节点的后续解析中。
-
23.发明申请SYSTEM AND METHOD FOR REPORTING PACKET CHARACTERISTICS IN A NETWORK ENVIRONMENT 有权在网络环境中报告分组特性的系统和方法公开(公告)号:US20110116377A1
公开(公告)日:2011-05-19
申请号:US12621066
申请日:2009-11-18
CPC分类号: H04L47/2441 , H04L12/14 , H04L12/1407 , H04L43/026 , H04L47/10 , H04L47/14 , H04L47/193 , H04L47/20 , H04L47/2425 , H04L47/2483 , H04L47/35 , H04L63/123 , H04L63/164 , H04L63/20 , H04M15/41 , H04M15/66 , H04M15/8033 , H04M15/8214 , H04W4/24
摘要: A method is provided in one example and includes receiving a request to initiate a communication flow associated with a subscriber and identifying one or more parameters to be monitored for the communication flow. The method further includes extracting one or more bits from packets associated with the communication flow; the bits are used to determine an operating system associated with the communication flow. A policy decision can be executed for the communication flow based on the operating system associated with the communication flow. In more specific examples, the bits are sent to a next destination in response to a threshold being reached for at least one of the parameters. The parameters can be associated a volume parameter or a time parameter. The policy decision could include blocking traffic associated with the subscriber, initiating billing, redirecting the communication, managing a quality of service level for the communication flow, etc.
摘要翻译: 在一个示例中提供了一种方法,并且包括接收发起与订户相关联的通信流的请求,并且识别要监视通信流的一个或多个参数。 该方法还包括从与通信流相关联的分组中提取一个或多个比特; 这些位用于确定与通信流相关联的操作系统。 可以基于与通信流相关联的操作系统对通信流执行策略决定。 在更具体的示例中,响应于针对至少一个参数的阈值而将比特发送到下一个目的地。 参数可以关联一个音量参数或一个时间参数。 策略决定可以包括阻止与用户相关联的流量,启动计费,重定向通信,管理通信流的服务质量等。
-
公开(公告)号:US07738452B1
公开(公告)日:2010-06-15
申请号:US11158751
申请日:2005-06-22
CPC分类号: H04L67/2819 , H04L47/125 , H04L67/02 , H04L67/04 , H04L67/2823 , H04L67/306 , H04L67/327 , H04L69/08 , H04W28/08
摘要: Techniques for distributing network traffic from an access server to a service gateway include receiving, at a load balancer, sticky table data that indicates an association between a particular subscriber IP address and a particular subscriber-aware service gateway in a gateway cluster. An input data packet is received with an input source address and an input transport-layer destination. If it is determined that the input transport-layer destination indicates a type of payload that uses a service gateway, then the particular service gateway associated with the particular subscriber is determined based on the sticky table and IP address in the input source address. An output data packet is directed to the particular service gateway using a link-layer or networking-layer destination address. These techniques allow a load balancer to be located anywhere on the network and to bypass a subscriber-aware service gateway for some data traffic.
摘要翻译: 用于将网络流量从接入服务器分配到服务网关的技术包括在负载平衡器处接收指示特定用户IP地址和网关集群中的特定用户感知服务网关之间的关联的粘性表数据。 用输入源地址和输入传输层目的地接收输入数据分组。 如果确定输入传输层目的地指示使用服务网关的有效载荷的类型,则基于输入源地址中的粘性表和IP地址确定与特定用户相关联的特定服务网关。 使用链路层或网络层目的地址将输出数据分组引导到特定服务网关。 这些技术允许负载平衡器位于网络上的任何地方,并绕过用户感知的服务网关以获取某些数据流量。
-
公开(公告)号:US20070258465A1
公开(公告)日:2007-11-08
申请号:US11417960
申请日:2006-05-03
申请人: Weimin Ma , Ashish Chandwadkar , Chris O'Rourke , Robert Batz , Kevin Shatzkamer , Anand Oswal , Mark Grayson , Jayaraman Iyer
发明人: Weimin Ma , Ashish Chandwadkar , Chris O'Rourke , Robert Batz , Kevin Shatzkamer , Anand Oswal , Mark Grayson , Jayaraman Iyer
IPC分类号: H04L12/28
CPC分类号: H04W28/08 , H04L67/1002 , H04L67/1008 , H04L67/1014 , H04L67/1036 , H04W74/004 , H04W88/14
摘要: Techniques and systems for server farm load balancing and resource allocation are disclosed. In one embodiment, a method of load balancing can include: arranging servers into service groups; receiving an access request with information related to a differentiation between the service groups; selecting one of the service groups based on a mapping comparison to the information; and selecting one of the servers within the selected service group based on a hardware utilization comparison. The servers can include GPRS (General Packet Radio Service) Gateway Support Node (GGSN) or Remote Authentication Dial In User Service (RADIUS) servers, for example. The information can include an Access Point Name (APN) or Calling Station ID, for example.
摘要翻译: 披露了用于服务器场负载平衡和资源分配的技术和系统。 在一个实施例中,负载平衡的方法可以包括:将服务器排列成服务组; 接收具有与服务组之间的区别相关的信息的访问请求; 基于与信息的映射比较来选择服务组之一; 以及基于硬件利用率比较来选择所选服务组内的一个服务器。 服务器可以包括例如GPRS(通用分组无线电业务)网关支持节点(GGSN)或远程认证拨入用户服务(RADIUS)服务器。 该信息可以包括例如接入点名称(APN)或呼叫站ID。
-
公开(公告)号:US20050188065A1
公开(公告)日:2005-08-25
申请号:US10192919
申请日:2002-07-10
申请人: Chris O'Rourke , Robert Batz , Rabih Dabboussi , John Glotzer , Louis Menditto , Alpesh Patel , Kent Leung
发明人: Chris O'Rourke , Robert Batz , Rabih Dabboussi , John Glotzer , Louis Menditto , Alpesh Patel , Kent Leung
IPC分类号: H04L12/28 , H04L12/46 , G06F15/173
CPC分类号: H04L12/2859 , H04L12/4633
摘要: A method for communicating in a loadbalancing environment is provided that in a particular embodiment includes receiving a request packet from a network access server (NAS) to initiate a communication session. The request packet is then communicated to a tunneling protocol network server (TPNS) and a response packet is received in response to the request packet. The response packet establishes a tunnel that facilitates the communication session and that includes an identification element associated with the TPNS such that a data transfer associated with the communication session is executed between the NAS and the TPNS.
摘要翻译: 提供了一种用于在负载平衡环境中通信的方法,其在特定实施例中包括从网络接入服务器(NAS)接收请求分组以发起通信会话。 然后将请求分组传送到隧道协议网络服务器(TPNS),并响应于请求分组接收响应分组。 响应分组建立一个便于通信会话的隧道,并且包括与TPNS相关联的识别元件,使得在NAS和TPNS之间执行与通信会话相关联的数据传输。
-
27.发明申请TECHNIQUES FOR NETWORK PROTECTION BASED ON SUBSCRIBER-AWARE APPLICATION PROXIES 有权基于订户应用程序代码的网络保护技术公开(公告)号:US20120137366A1
公开(公告)日:2012-05-31
申请号:US13369498
申请日:2012-02-09
IPC分类号: G06F21/00
CPC分类号: H04L63/0227 , H04L63/1408 , H04L63/1441
摘要: Techniques for responding to intrusions on a packet switched network include receiving user data at a subscriber-aware gateway server between a network access server and a content server. The user data includes subscriber identifier data that indicates a unique identifier for a particular user, network address data that indicates a network address for a host used by the particular user, NAS data that indicates an identifier for the network access server, flow list data that indicates one or more open data packet flows, and suspicious activity data. The suspicious activity data indicates a value for a property of the open data packet flows that indicates suspicious activity. It is determined whether an intrusion condition is satisfied based on the suspicious activity data. If the intrusion condition is satisfied, then the gateway responds based at least in part on user data other than the network address data.
摘要翻译: 用于响应分组交换网络上的入侵的技术包括在网络接入服务器和内容服务器之间的用户感知网关服务器处接收用户数据。 用户数据包括指示特定用户的唯一标识符的用户标识符数据,指示特定用户使用的主机的网络地址的网络地址数据,指示网络接入服务器的标识符的NAS数据, 指示一个或多个打开的数据分组流和可疑活动数据。 可疑活动数据表示指示可疑活动的开放数据分组流的属性的值。 基于可疑活动数据确定是否满足入侵条件。 如果入侵条件满足,则网关至少部分地基于除了网络地址数据之外的用户数据进行响应。
-
公开(公告)号:US20100172356A1
公开(公告)日:2010-07-08
申请号:US12725336
申请日:2010-03-16
IPC分类号: H04L12/56
CPC分类号: H04L47/10 , H04L1/1628 , H04L43/18 , H04L47/34
摘要: In one embodiment, a method includes receiving, at a local node of a network, a sequenced data packet of a flow made up of multiple sequenced data packets from a source node directed toward a destination node. The flow is to be parsed by the local node to describe the flow for administration of the network. Based on sequence data in the sequenced data packet, it is determined whether the sequenced data packet is out of order in the flow. If it is determined that the sequenced data packet is out of order, then the sequenced data packet is forwarded toward the destination node before parsing the sequenced data packet. The out of order sequenced data packet is also stored for subsequent parsing at the local node.
摘要翻译: 在一个实施例中,一种方法包括在网络的本地节点处接收由来自指向目的地节点的源节点的多个排序数据分组组成的流的排序数据分组。 该流程将由本地节点进行解析,以描述网络管理流程。 基于顺序数据包中的序列数据,确定顺序数据包是否在流程中是无序的。 如果确定排序的数据分组是无序的,则在分析排序的数据分组之前,将排序的数据分组转发到目的地节点。 无序排序数据包也存储在本地节点的后续解析中。
-
29.发明授权Techniques for load balancing over a cluster of subscriber-aware application servers 有权在用户感知应用服务器的群集上进行负载平衡的技术公开(公告)号:US07694011B2
公开(公告)日:2010-04-06
申请号:US11333573
申请日:2006-01-17
IPC分类号: G06F15/173
CPC分类号: H04L12/287 , H04L67/1002 , H04L67/327
摘要: Techniques for distributing control plane traffic, from an end node in a packet switched network to a cluster of service gateway nodes that host subscriber-aware application servers, include receiving a control plane message for supporting data plane traffic from a particular subscriber. A particular service gateway node is determined among the cluster of service gateway nodes based on policy-based routing (PBR) for the data plane traffic from the particular subscriber. A message based on the control plane message is sent to a control plane process on the particular service gateway node. Thereby, data plane traffic and control plane traffic from the same subscriber are directed to the same gateway node, or otherwise related gateway nodes, of the cluster of service gateway nodes. This approach allows currently-available, hardware-accelerated PBR to be used with clusters of subscriber-aware service gateways that must also monitor control plane traffic from the same subscriber.
摘要翻译: 用于将控制平面流量从分组交换网络中的终端节点分发到托管用户感知应用服务器的服务网关节点群集的技术包括从特定用户接收用于支持数据平面业务的控制平面消息。 基于用于来自特定用户的数据平面业务的基于策略的路由(PBR),在服务网关节点群集之间确定特定服务网关节点。 基于控制平面消息的消息被发送到特定服务网关节点上的控制平面进程。 因此,来自同一用户的数据平面业务和控制平面业务被定向到服务网关节点集群的相同网关节点或其他相关网关节点。 这种方法允许当前可用的硬件加速的PBR与用户感知服务网关的群集一起使用,其也必须监视来自同一用户的控制平面业务。
-
30.发明申请Techniques for load balancing over a cluster of subscriber-aware application servers 有权在用户感知应用服务器的群集上进行负载平衡的技术公开(公告)号:US20070165622A1
公开(公告)日:2007-07-19
申请号:US11333573
申请日:2006-01-17
IPC分类号: H04L12/56
CPC分类号: H04L12/287 , H04L67/1002 , H04L67/327
摘要: Techniques for distributing control plane traffic, from an end node in a packet switched network to a cluster of service gateway nodes that host subscriber-aware application servers, include receiving a control plane message for supporting data plane traffic from a particular subscriber. A particular service gateway node is determined among the cluster of service gateway nodes based on policy-based routing (PBR) for the data plane traffic from the particular subscriber. A message based on the control plane message is sent to a control plane process on the particular service gateway node. Thereby, data plane traffic and control plane traffic from the same subscriber are directed to the same gateway node, or otherwise related gateway nodes, of the cluster of service gateway nodes. This approach allows currently-available, hardware-accelerated PBR to be used with clusters of subscriber-aware service gateways that must also monitor control plane traffic from the same subscriber.
摘要翻译: 用于将控制平面流量从分组交换网络中的终端节点分发到托管用户感知应用服务器的服务网关节点群集的技术包括从特定用户接收用于支持数据平面业务的控制平面消息。 基于用于来自特定用户的数据平面业务的基于策略的路由(PBR),在服务网关节点群集之间确定特定服务网关节点。 基于控制平面消息的消息被发送到特定服务网关节点上的控制平面进程。 因此,来自同一用户的数据平面业务和控制平面业务被定向到服务网关节点集群的相同网关节点或其他相关网关节点。 这种方法允许当前可用的硬件加速的PBR与用户感知服务网关的群集一起使用,其也必须监视来自同一用户的控制平面业务。
-
-
-
-
-
-
-
-
-
搜索结果
35 条记录 (耗时 0.029 秒)
