-
公开(公告)号:US20090288135A1
公开(公告)日:2009-11-19
申请号:US12123219
申请日:2008-05-19
申请人: David Chang , Prashant Gandhi , Abhijit Patra , Vijay Sagar
发明人: David Chang , Prashant Gandhi , Abhijit Patra , Vijay Sagar
IPC分类号: G06F17/00
CPC分类号: H04L63/0263 , H04L63/20
摘要: Techniques for building and managing network policies for accessing resources of a datacenter are described herein. In one embodiment, events are captured within a network element pertaining to certain activities of accessing certain resources of a datacenter, wherein the network element operates as an application service gateway to the datacenter. A new rule/policy is provisioned based on attributes extracted from the captured events, where the attributes includes at least one of user attribute, environment attribute, and a resource attribute. A simulation is performed on the new rule/policy under a real time network traffic condition, generating a simulation result. The new rule/policy is committed if the simulation result satisfies a predetermined condition, wherein the new rule/policy is enforced within the network element to determine whether a particular client is eligible to access a particular resource of the datacenter. Other methods and apparatuses are also described.
摘要翻译: 本文描述了用于构建和管理用于访问数据中心的资源的网络策略的技术。 在一个实施例中,事件被捕获在与访问数据中心的某些资源的某些活动有关的网络元件内,其中网络元件作为到数据中心的应用服务网关操作。 基于从捕获的事件提取的属性来设置新的规则/策略,其中属性包括用户属性,环境属性和资源属性中的至少一个。 在实时网络流量条件下对新规则/策略进行仿真,生成仿真结果。 如果模拟结果满足预定条件,则新规则/策略被提交,其中新的规则/策略在网络元素内被强制以确定特定客户端是否有资格访问数据中心的特定资源。 还描述了其它方法和装置。
-
公开(公告)号:US20050120102A1
公开(公告)日:2005-06-02
申请号:US10607711
申请日:2003-06-27
申请人: Prashant Gandhi , Robert Klessig , Cedric Druce
发明人: Prashant Gandhi , Robert Klessig , Cedric Druce
IPC分类号: H04L12/56 , G06F15/173
CPC分类号: H04L47/10 , H04L47/20 , H04L47/215
摘要: Method and devices are provided for allocating network resources in a flexible manner. In some implementations, a customer's unused resources for a particular type of service are assigned to another type of service. In other implementations, a first customer's unused resources are assigned to a second customer, e.g., in exchange for a relatively lower service charge to the first customer. The unused bandwidth may be assigned on a hierarchical or a non-hierarchical basis. In preferred embodiments, resources are allocated using a token bucket methodology. Preferably, high-priority resources are not compromised by the allocation scheme. The discipline or manner in which resources or bandwidth are shared may be specified in a static fashion or information regarding the state of congestion in the network maybe used to generate a dynamic (time varying) specification.
摘要翻译: 提供了以灵活的方式分配网络资源的方法和设备。 在一些实现中,用于特定类型的服务的客户未使用的资源被分配给另一类型的服务。 在其他实现中,第一客户未使用的资源被分配给第二客户,例如,以交换对第一客户的相对较低的服务费用。 未使用的带宽可以分层或非层次分配。 在优选实施例中,使用令牌桶方法分配资源。 优选地,高优先级资源不受分配方案的影响。 可以以静态方式指定资源或带宽共享的纪律或方式,或者可以使用关于网络中的拥塞状态的信息来生成动态(时变)规范。
-
公开(公告)号:US09331872B2
公开(公告)日:2016-05-03
申请号:US13477605
申请日:2012-05-22
CPC分类号: H04L12/6418 , H04L12/4641 , H04L63/0227 , H04L63/0272 , H04L63/107 , H04W4/023 , H04W12/08
摘要: In one embodiment, a list of source identifiers is maintained at a virtual switch. These source identifiers are allowed to send packets through the virtual switch to ports in a private virtual local area network (PVLAN). When a packet is received at the virtual switch from a particular source destined for a particular port in the PVLAN, the virtual switch determines whether a particular identifier associated with the particular source matches one of the source identifiers in the list. If that particular source identifier is not on the list, the packet is prevented from being forwarded to the particular port in the PVLAN.
摘要翻译: 在一个实施例中,在虚拟交换机上维护源标识符的列表。 允许这些源标识符通过虚拟交换机发送到私有虚拟局域网(PVLAN)中的端口。 当虚拟交换机从虚拟交换机接收目的地为PVLAN中的特定端口的分组时,虚拟交换机确定与特定源相关联的特定标识符是否与列表中的一个源标识符匹配。 如果该特定源标识符不在列表中,则阻止该数据包转发到PVLAN中的特定端口。
-
34.发明申请Method and Apparatus For A Power-Efficient Framework to Maintain Data Synchronization of a Mobile Personal Computer to Simulate A Connected Scenario 审中-公开用于维护移动个人计算机的数据同步的高效框架的方法和装置来模拟连接的场景公开(公告)号:US20130013948A1
公开(公告)日:2013-01-10
申请号:US13551148
申请日:2012-07-17
IPC分类号: G06F1/32
摘要: An apparatus and method for a power-efficient framework to maintain data synchronization of a mobile personal computer (MPC) are described. In one embodiment, the method includes the detection of a data synchronization wakeup event while the MPC is operating according to a sleep state. Subsequent to wakeup event, at least one system resource is disabled to provide a minimum number of system resources required to re-establish a network connection. In one embodiment, user data from a network server is synchronized on the MPC without user intervention; the mobile platform system resumes operation according to the sleep state. In one embodiment, a wakeup alarm is programmed according to a user history profile regarding received e-mails. In a further embodiment, data synchronizing involves disabling a display, and throttling the system processor to operate at a reduced frequency. Other embodiments are described and claimed.
摘要翻译: 描述了用于维护移动个人计算机(MPC)的数据同步的功率高效框架的装置和方法。 在一个实施例中,该方法包括在MPC根据睡眠状态操作时检测数据同步唤醒事件。 在唤醒事件之后,禁用至少一个系统资源以提供重新建立网络连接所需的最少数量的系统资源。 在一个实施例中,来自网络服务器的用户数据在MPC上同步,而无需用户干预; 移动平台系统根据睡眠状态恢复操作。 在一个实施例中,根据关于接收到的电子邮件的用户历史简档来编程唤醒警报。 在另一实施例中,数据同步涉及禁用显示器,并且限制系统处理器以降低的频率进行操作。 描述和要求保护其他实施例。
-
公开(公告)号:US20110173441A1
公开(公告)日:2011-07-14
申请号:US13070588
申请日:2011-03-24
IPC分类号: H04L9/00
CPC分类号: H04L63/205 , H04L9/3242 , H04L47/20 , H04L63/02 , H04L63/0428 , H04L63/166 , H04L69/16 , H04L69/161 , H04L69/321 , Y10T70/5827
摘要: A highly scalable application network appliance is described herein. According to one embodiment, a network element includes a switch fabric, a first service module coupled to the switch fabric, and a second service module coupled to the first service module over the switch fabric. In response to packets of a network transaction received from a client over a first network to access a server of a data center having multiple servers over a second network, the first service module is configured to perform a first portion of OSI (open system interconnection) compatible layers of network processes on the packets while the second service module is configured to perform a second portion of the OSI compatible layers of network processes on the packets. The first portion includes at least one OSI compatible layer that is not included in the second portion. Other methods and apparatuses are also described.
摘要翻译: 这里描述了高度可扩展的应用网络设备。 根据一个实施例,网络元件包括交换结构,耦合到交换结构的第一服务模块以及通过交换结构耦合到第一服务模块的第二服务模块。 响应于通过第一网络从客户端接收的网络交易的分组来访问具有多个服务器的数据中心的服务器,所述第一服务模块被配置为执行OSI(开放系统互连)的第一部分, 在第二服务模块被配置为执行分组上的OSI兼容的网络进程层的第二部分时,分组上的网络进程的兼容层。 第一部分包括不包括在第二部分中的至少一个OSI兼容层。 还描述了其它方法和装置。
-
36.发明申请公开(公告)号:US20090064300A1
公开(公告)日:2009-03-05
申请号:US12101872
申请日:2008-04-11
IPC分类号: H04L9/32
CPC分类号: H04L63/205 , H04L9/3242 , H04L47/20 , H04L63/02 , H04L63/0428 , H04L63/166 , H04L69/16 , H04L69/161 , H04L69/321 , Y10T70/5827
摘要: An application network appliance with a built-in virtual directory interface is described herein. According to one embodiment, a network element includes a virtual directory interface (VDI) coupled to multiple directory servers, and an authentication and authorization unit coupled to the VDI. In response to a packet of a network transaction received from a client over a first network for accessing a server of a datacenter over a second network, the authentication and authorization unit obtains user attributes from the directory servers via the VDI and performs authentication and authorization using the user attributes to determine whether a user of the client is eligible to access the server of the datacenter, where the network element operates as a security gateway to the datacenter. Other methods and apparatuses are also described.
摘要翻译: 本文描述了具有内置虚拟目录接口的应用网络设备。 根据一个实施例,网络元件包括耦合到多个目录服务器的虚拟目录接口(VDI)以及耦合到VDI的认证和授权单元。 响应于通过第一网络从客户端接收到的网络事务的分组,用于通过第二网络访问数据中心的服务器,认证和授权单元经由VDI从目录服务器获取用户属性,并使用 用户属性来确定客户端的用户是否有资格访问数据中心的服务器,其中网络元件作为数据中心的安全网关。 还描述了其它方法和装置。
-
公开(公告)号:US20090064287A1
公开(公告)日:2009-03-05
申请号:US12101857
申请日:2008-04-11
IPC分类号: G06F7/04
CPC分类号: H04L63/205 , H04L9/3242 , H04L47/20 , H04L63/02 , H04L63/0428 , H04L63/166 , H04L69/16 , H04L69/161 , H04L69/321 , Y10T70/5827
摘要: Application protection architecture with triangulated authorization is described herein. According to one embodiment, a packet of a network transaction is received at a network element from a client system over a first network for accessing a destined server of a datacenter over a second network, where network element operates as a security gateway to the datacenter. In response to the packet, one or more user attributes associated with a user of the client system are obtained from an identity store, where the user attributes include a user identifier that identifies the user and a machine identifier that identifies the client system. Authentication and/or authorization are performed on the packet using the user attributes to determine whether the user of the client system is eligible to access the destined server of the datacenter. Other methods and apparatuses are also described.
摘要翻译: 本文描述了具有三角测量授权的应用保护体系结构。 根据一个实施例,网络事务的分组通过第一网络从客户端系统在网络元件处接收,用于经由第二网络访问数据中心的目的地服务器,其中网络元件作为数据中心的安全网关操作。 响应于分组,从身份存储器获得与客户端系统的用户相关联的一个或多个用户属性,其中用户属性包括标识用户的用户标识符和标识客户端系统的机器标识符。 使用用户属性在分组上执行认证和/或授权,以确定客户端系统的用户是否有资格访问数据中心的目标服务器。 还描述了其它方法和装置。
-
38.发明申请公开(公告)号:US20090063701A1
公开(公告)日:2009-03-05
申请号:US12101867
申请日:2008-04-11
IPC分类号: G06F15/16
CPC分类号: H04L63/205 , H04L9/3242 , H04L47/20 , H04L63/02 , H04L63/0428 , H04L63/166 , H04L69/16 , H04L69/161 , H04L69/321 , Y10T70/5827
摘要: Layer 4 gateway for a converged datacenter fabric is described herein. According to one embodiment, a packet of a network transaction is received from a client over a first network for accessing a server of a datacenter having a plurality of servers over a second network. One or more network services are performed on the packet including terminating a TCP (transport control protocol) connection associated with the network transaction and generating a data stream. The data stream without TCP information is routed to the server via a converged I/O interface over the second network if the second network is a converged fabric network. The data stream with TCP information is routed via a TCP connection to the server if the second network is an Ethernet. Other methods and apparatuses are also described.
摘要翻译: 本文描述了用于融合数据中心结构的第4层网关。 根据一个实施例,通过第一网络从客户端接收网络事务的分组,用于通过第二网络访问具有多个服务器的数据中心的服务器。 在分组上执行一个或多个网络服务,包括终止与网络事务相关联的TCP(传输控制协议)连接并生成数据流。 如果第二个网络是融合的网络,则没有TCP信息的数据流通过第二个网络上的融合I / O接口路由到服务器。 如果第二个网络是以太网,则具有TCP信息的数据流通过TCP连接被路由到服务器。 还描述了其它方法和装置。
-
公开(公告)号:US20090063665A1
公开(公告)日:2009-03-05
申请号:US12101850
申请日:2008-04-11
IPC分类号: G06F15/177 , H04L9/32 , G06F13/00 , G06F15/173
CPC分类号: H04L63/205 , H04L9/3242 , H04L47/20 , H04L63/02 , H04L63/0428 , H04L63/166 , H04L69/16 , H04L69/161 , H04L69/321 , Y10T70/5827
摘要: A highly scalable application network appliance is described herein. According to one embodiment, a network element includes a switch fabric, a first service module coupled to the switch fabric, and a second service module coupled to the first service module over the switch fabric. In response to packets of a network transaction received from a client over a first network to access a server of a data center having multiple servers over a second network, the first service module is configured to perform a first portion of OSI (open system interconnection) compatible layers of network processes on the packets while the second service module is configured to perform a second portion of the OSI compatible layers of network processes on the packets. The first portion includes at least one OSI compatible layer that is not included in the second portion. Other methods and apparatuses are also described.
摘要翻译: 这里描述了高度可扩展的应用网络设备。 根据一个实施例,网络元件包括交换结构,耦合到交换结构的第一服务模块以及通过交换结构耦合到第一服务模块的第二服务模块。 响应于通过第一网络从客户端接收的网络事务的分组来访问具有通过第二网络具有多个服务器的数据中心的服务器,所述第一服务模块被配置为执行OSI的第一部分(开放系统互连) 在第二服务模块被配置为执行分组上的OSI兼容的网络进程层的第二部分时,分组上的网络进程的兼容层。 第一部分包括不包括在第二部分中的至少一个OSI兼容层。 还描述了其它方法和装置。
-
40.发明授权Method and apparatus for applying quality of service to multicast streams transmitted in a cable network 有权用于将有效网络中传输的多播流应用服务质量的方法和装置公开(公告)号:US07012891B1
公开(公告)日:2006-03-14
申请号:US09752885
申请日:2000-12-28
IPC分类号: H04L12/26
CPC分类号: H04L12/18
摘要: A method and apparatus for providing quality of service parameters for transmissions of multicast streams on a cable network is provided. A cable network headend connects an external network to a hybrid fiber coax or cable network. The cable network headend maintains a table of cable modems with entries associating each cable modem with one or more quality of service parameters. Virtual cable modem entries are created for multicast streams when indications of quality of service for multicast streams are received by the cable network headend. Multicast packets arriving at the cable network headend are processed using the stored quality of service parameters for the corresponding multicast stream. The multicast packets may then be transmitted, queued, or dropped depending on the specified parameters and traffic shaping or policing algorithms.
摘要翻译: 提供了一种用于提供有线网络上的多播流传输的服务质量参数的方法和装置。 有线网络前端将外部网络连接到混合光纤同轴电缆或有线网络。 有线网络前端维护电缆调制解调器表,其中条目将每个电缆调制解调器与一个或多个服务质量参数相关联。 当有线网络头端接收到组播流的服务质量的指示时,为多播流创建虚拟电缆调制解调器条目。 使用所存储的相应组播流的服务质量参数来处理到达有线网络头端的多播包。 然后可以根据指定的参数和流量整形或管理算法来传输,排队或丢弃多播分组。
-
-
-
-
-
-
-
-
-
搜索结果
54 条记录 (耗时 0.028 秒)
