公开(公告)号：US07409545B2

公开(公告)日：2008-08-05

申请号：US10665386

申请日：2003-09-18

申请人： Radia J. Perlman

发明人： Radia J. Perlman

IPC分类号： H04L9/00

CPC分类号： H04L63/0428 ,  H04L9/002 ,  H04L9/088 ,  H04L9/3013 ,  H04L9/302 ,  H04L63/068 ,  H04L2209/04 ,  H04L2209/42

摘要： A method and system is disclosed for utilizing an ephemeral encryption or decryption agent so as to preclude access by the ephemeral encryption agent or decryption agent, respectively, to the information being ephemerally encrypted or decrypted. To preclude access by the ephemeral encryption agent, a blinding function is applied to the information prior to forwarding such information to the encryption agent for encryption. To preclude access to the information by the ephemeral decryption agent, a blinding function is applied to the encrypted information prior to forwarding the encrypted information to the decryption agent for decryption. Once the information has been returned, the information is unblinded, leaving an encrypted or decrypted message respectively.

摘要翻译： 公开了一种用于利用临时加密或解密代理的方法和系统，以便分别防止临时加密代理或解密代理人对被短时加密或解密的信息进行访问。 为了排除临时加密代理的访问，在将这些信息转发到加密代理进行加密之前，将盲目的功能应用于信息。 为了防止临时解密代理访问信息，在将加密信息转发到解密代理进行解密之前，将加密信息应用于加密信息。 一旦信息被返回，信息就被解除隐藏，分别留下加密或解密的消息。

公开(公告)号：US06898187B2

公开(公告)日：2005-05-24

申请号：US09726378

申请日：2000-11-30

申请人： Radia J. Perlman ,  Eric A. Guttman

发明人： Radia J. Perlman ,  Eric A. Guttman

IPC分类号： H04L12/56 ,  H04J1/16

CPC分类号： H04L45/02 ,  H04L29/12264 ,  H04L45/44 ,  H04L61/2046

摘要： To ensure uniqueness of a router identifier in routing protocol messages (RPMs), a router determines whether an identifier IDR in received RPMs is the same as an identifier IDS in RPMs originated by the router. For RPMs having the same identifier, sequence information such as a sequence number is compared with sequence information in the RPM most recently originated by the router, the comparison indicating whether the received RPM appears to have been originated more recently. The rate at which such RPMs are being received is monitored. If the rate is above a predetermined threshold rate, the router infers that another router is using the same identifier, and selects a different identifier for subsequent use. The sequence information preferably includes a checksum calculated over contents of the message including a random number, to ensure proper flooding of each message to other routers that may be using a duplicate identifier.

摘要翻译： 为了确保路由器标识符在路由协议消息（RPM）中的唯一性，路由器确定接收的RPM中的标识符ID _{R 是否与RPM中的标识符ID S 相同 由路由器发起。 对于具有相同标识符的RPM，将诸如序列号的序列信息与路由器最近发起的RPM中的序列信息进行比较，该比较指示接收的RPM是否最近似乎已经发起。 监视这些RPM的接收速率。 如果速率高于预定阈值速率，则路由器推断另一个路由器正在使用相同的标识符，并选择不同的标识符供后续使用。 序列信息优选地包括通过包括随机数的消息的内容计算的校验和，以确保每个消息适当地泛滥到可能使用重复标识符的其他路由器。}

公开(公告)号：US06526055B1

公开(公告)日：2003-02-25

申请号：US09175552

申请日：1998-10-20

申请人： Radia J. Perlman ,  Dah Ming Chiu

发明人： Radia J. Perlman ,  Dah Ming Chiu

IPC分类号： H04L1228

CPC分类号： H04L61/00 ,  H04L29/12009 ,  H04L45/742 ,  H04L45/7457

摘要： A method and apparatus that constructs a “router database” and then uses the database to determine a longest match between a piece of target data, such as an address in a packet to be routed, and the database. The database contains a comparison table having a plurality of entries. In a first embodiment, each entry has up to k values, where 2

摘要翻译： 构建“路由器数据库”的方法和装置，然后使用该数据库来确定一条目标数据（例如要路由的分组中的地址）与数据库之间的最长匹配。 数据库包含具有多个条目的比较表。 在第一实施例中，每个条目具有至多k个值，其中2 <= k <= N，其中N是数据库中的比较值的数量。 在第二实施例中，每个条目具有至多k-1个值。 在操作期间，加载比较表条目中的各种条目，并将其与地址进行比较，以确定路由器数据库中最长的匹配前缀。 比较可以并行进行。

公开(公告)号：US5500860A

公开(公告)日：1996-03-19

申请号：US716027

申请日：1991-06-14

申请人： Radia J. Perlman ,  Alan J. Kirby ,  Floyd J. Backes ,  Charles W. Kaufman

发明人： Radia J. Perlman ,  Alan J. Kirby ,  Floyd J. Backes ,  Charles W. Kaufman

IPC分类号： G06F13/00 ,  H04L12/46 ,  H04L12/56 ,  H04J3/02 ,  H04J3/24

CPC分类号： H04L45/04 ,  H04L12/4625

摘要： An apparatus for forwarding a data packet from a first link to a second link is disclosed. The apparatus is coupled with a plurality of computer networks through ports on the apparatus. The apparatus maintains a spanning tree list indicating which of the apparatus ports are active. The apparatus receives a packet, and determines if the packet was received from a port that is active. If the packet was received from a port that is not active, the packet is discarded. If the packet is not discarded, the data link source address of the packet is stored in a database within the apparatus for the computer network coupled with the port from which the packet was received. The apparatus then decides, responsive to a contents of a data link destination address field in the packet, whether to forward the packet as a bridge or to forward the packet as a router. If the apparatus forwards the packet as a router, the apparatus sends a redirect message to update the data link layer destination address used by the originating station to contain the data link layer address of the destination station where the destination station is on a link remote from the link of the originating station. For the subsequent packets the apparatus then behaves as a bridge by forwarding the subsequent packets based upon parsing of only the Data Link Header. For forwarding of subsequent packets, the apparatus is advantageously fast, in accordance with bridge operation.

摘要翻译： 公开了一种用于将数据分组从第一链路转发到第二链路的装置。 该设备通过设备上的端口与多个计算机网络耦合。 设备维护生成树列表，指示哪些设备端口是活动的。 该装置接收一个分组，并确定该分组是否从一个活跃的端口接收到。 如果从不活动的端口接收到数据包，则丢弃该数据包。 如果分组不被丢弃，则分组的数据链路源地址被存储在与从其接收分组的端口耦合的计算机网络的装置内的数据库中。 然后，该装置响应于分组中的数据链路目的地址字段的内容，决定是否将分组转发为桥接器，或者转发该分组作为路由器。 如果该装置将该分组作为路由器转发，则该装置发送重定向消息，以更新由始发站使用的数据链路层目的地址，以包含目的站在远程远程链路上的目的站的数据链路层地址 始发站的链接。 对于随后的分组，装置然后基于仅解析数据链路报头来转发后续分组来表现为桥。 为了转发后续分组，该装置有利地是快速的，根据桥接操作。

公开(公告)号：US5455865A

公开(公告)日：1995-10-03

申请号：US170686

申请日：1993-12-20

申请人： Radia J. Perlman

发明人： Radia J. Perlman

IPC分类号： H04L9/32 ,  H04L29/06 ,  H04Q3/66 ,  H04L9/00 ,  H04L9/30

CPC分类号： H04Q3/665 ,  H04L29/06 ,  H04L9/3247 ,  H04L2209/60

摘要： A method and system for routing information packets among nodes interconnected by links to form a network, each information packet traversing a path of links and nodes from a source node to a destination node. Information indicating the relationships of nodes and links in the network is assembled in the source node. The entire route from the source node to the destination node is computed prior to sending each information packet and the information packet is routed through the network in accordance with the computed route.Information is assembled about the local topology of the network including the identities of the neighboring nodes which are connected via links to the local node. The local topology information of each local node is distributed to every other node in the network.Each node is assigned a unique identifier, a unique public key and an associated private key. The source node's assigned identifier, public key and private key are assembled in the source node along with the assigned identifier, public key and associated private key of each of a plurality of other nodes. The computed route is enclosed in a packet. The packet containing the routes is signed and transmitted to each node on the route.

摘要翻译： 一种用于在通过链路互连的节点之间路由信息分组以形成网络的方法和系统，每个信息分组穿过从源节点到目的地节点的链路和节点的路径。 指示网络中节点和链路的关系的信息在源节点中组装。 在发送每个信息分组之前计算从源节点到目的地节点的整个路由，并且根据计算出的路由将信息分组通过网络路由。 关于网络的本地拓扑的信息被组合，包括经由到本地节点的链路连接的相邻节点的标识。 每个本地节点的本地拓扑信息分布到网络中的每个其他节点。 每个节点被分配唯一的标识符，唯一的公钥和相关联的私钥。 源节点的分配的标识符，公开密钥和私钥与多个其他节点中的每一个的分配的标识符，公开密钥和相关联的私钥一起被组合在源节点中。 计算出的路由包在一个数据包中。 包含路由的报文被签名并发送到路由上的每个节点。

公开(公告)号：US5434864A

公开(公告)日：1995-07-18

申请号：US150928

申请日：1993-11-12

申请人： Radia J. Perlman ,  William R. Hawe

发明人： Radia J. Perlman ,  William R. Hawe

IPC分类号： H04L12/18 ,  H04L12/46

CPC分类号： H04L45/742 ,  H04L12/1836 ,  H04L12/46 ,  H04L2212/00

摘要： A method for connecting a first communications system with a second communications system is disclosed. A first frame is received at a first station. The first station is connected to both the first communication system and the second communication system. The first frame has a destination address field, and the destination address field contains a desired destination address. The first station forwards, in response to the desired destination address, the first frame onto the second communications system as a second frame, and the first station writes a second destination address into a destination address field of the second frame. The first station writes the desired destination address into a predetermined field of the second frame. The first station writes, an indicator into the second frame, the indicator is capable of being interpreted by a receiving station to mean that the desired destination address is written into the predetermined field of the second frame. The receiving station receives the second frame. The receiving station is also connected to a third communications system. The receiving station reads, in response to the indicator, the desired destination address from the predetermined field of the second frame, and writes the desired destination address into a destination address field of a third frame. The receiving station forwards the second frame onto the third communications system as a third frame.

摘要翻译： 公开了一种用于将第一通信系统与第二通信系统连接的方法。 在第一站接收第一帧。 第一站连接到第一通信系统和第二通信系统。 第一帧具有目的地址字段，目的地址字段包含所需目的地址。 第一站响应于期望的目的地地址将第一帧转发到第二通信系统上作为第二帧，并且第一站将第二目的地地址写入第二帧的目的地地址字段。 第一站将期望的目的地址写入第二帧的预定字段。 第一站将第二帧中的指示符写入，指示符能够被接收站解释为意图将所需目的地地址写入第二帧的预定字段。 接收站接收第二帧。 接收站也连接到第三通信系统。 接收站响应于该指示符从第二帧的预定字段读取期望的目的地地址，并将期望的目的地地址写入第三帧的目的地地址字段。 接收站作为第三帧将第二帧转发到第三通信系统。

公开(公告)号：US5434855A

公开(公告)日：1995-07-18

申请号：US331250

申请日：1994-10-28

申请人： Radia J. Perlman ,  Charles W. Kaufman ,  Robert E. Thomas ,  William R. Hawe

发明人： Radia J. Perlman ,  Charles W. Kaufman ,  Robert E. Thomas ,  William R. Hawe

IPC分类号： H04L12/56 ,  H04Q11/04 ,  H04J3/26

CPC分类号： H04L49/104 ,  H04Q11/0478 ,  H04L2012/5619 ,  H04L2012/5649 ,  H04L2012/565

摘要： A novel mechanism prevents interleaving of packet cells from different source nodes on the same multicast port group at switches of a multicast virtual circuit in a cell-switched network: however, different cells bound for different multicast port groups may be interleaved. The mechanism comprises specific routing information that is stored in each multicast group port entry of a forwarding table located within each switch of the multicast virtual circuit. The forwarding table also stores information relating to each multicast port group including a virtual circuit value for each port of the multicast group. The specific routing information is provided for each multicast port group entry to notify the switch when data traffic for a particular packet is pending through a port of the multicast group and when that data traffic ceases, i.e., when the "end-of-packet" is reached. This ensures that the packets may be correctly reassembled at the destination nodes.

摘要翻译： 一种新颖的机制防止了在小区交换网络中的组播虚拟电路的交换机上的相同组播端口组上的来自不同源节点的分组信元的交织：然而，限定于不同组播端口组的不同小区可能被交织。 该机制包括存储在位于组播虚拟电路的每个交换机内的转发表的每个多播组端口条目中的特定路由信息。 转发表还存储关于每个多播端口组的信息，包括多播组的每个端口的虚拟电路值。 为每个多播端口组条目提供特定的路由信息​​，以便在特定数据包的数据流量正在通过多播组的端口等待通知交换机时，并且当该数据流量停止时，即当“分组结束” 到达了。 这确保了分组可能在目的地节点处被正确地重新组合。

公开(公告)号：US5327424A

公开(公告)日：1994-07-05

申请号：US864846

申请日：1992-04-07

申请人： Radia J. Perlman

发明人： Radia J. Perlman

IPC分类号： H04L12/46 ,  H04L12/56 ,  H04L29/12

CPC分类号： H04L61/2038 ,  H04L12/462 ,  H04L29/12254 ,  H04L29/12839 ,  H04L45/04 ,  H04L61/6022 ,  H04L12/46

摘要： Methods and apparatus for selecting a parallel bridge number for a bridge connecting a first and second LAN in a network comprised of LANs and bridges connected between the LANs. The parallel bridge numbers are used to distinguish two or more bridges which are connected between the same LANs. The designated bridge for the LAN stores a database associating the identifiers of multiple bridges connected between the first and second LANs to the parallel bridge numbers which are assigned to those bridges. To obtain a parallel bridge number, a bridge between the first and second LANs transmits a request message identifying itself and the second LAN to the designated bridge. In response, the designated bridge selects a parallel bridge number which has not been associated with any bridge connected to the second LAN (other than the requesting bridge), and transmits this parallel bridge number to the requesting bridge.

摘要翻译： 用于在连接在LAN之间的LAN和桥接器的网络中连接连接第一和第二LAN的桥的并行桥号的方法和装置。 并联桥号用于区分连接在相同LAN之间的两个或多个桥。 用于LAN的指定桥存储将连接在第一和第二LAN之间的多个桥的标识符与分配给这些桥的并行桥号相关联的数据库。 为了获得并行桥号，第一和第二LAN之间的桥接器将标识自身和第二LAN的请求消息传送到指定的桥。 作为响应，指定的桥接器选择一个未连接到与第二LAN（除请求桥）之外的任何桥接器）相关联的并行桥号，并将该并行桥号发送到请求桥。

公开(公告)号：US5251205A

公开(公告)日：1993-10-05

申请号：US577437

申请日：1990-09-04

申请人： Ross W. Callon ,  Radia J. Perlman ,  Eric C. Rosen ,  John Harper

发明人： Ross W. Callon ,  Radia J. Perlman ,  Eric C. Rosen ,  John Harper

IPC分类号： H04L12/56 ,  H04L29/06 ,  H04J3/26

CPC分类号： H04L45/02 ,  H04L29/06 ,  H04L45/04 ,  H04L45/52

摘要： A method for connecting a network so that TCP/IP and OSI 8473 packets may be routed in the same domain. The independence of the addresses is maintained: one device in the network may be assigned only a TCP/IP address, and another device may be assigned only a ISO 8473 address. Furthermore, all of the routers share link state information by using a common link state packet format (such as the ISO 10589 format); thus routes through the network may be computed without regard for the protocols supported by the routers along the route. Where necessary, packets are encapsulated and forwarded through routers which are not capable in the protocol of the packet. In some disclosed embodiments, all of the routers in a given area support a given protocol (or, in fact, have identical capabilities, in which case encapsulation is not required). In these embodiments, the encapsulation is performed by suitable modifications to each router's packet forwarding procedures. In other disclosed embodiments, these topological restrictions are removed, and the network is expanded to support additional protocols. In these embodiments, the Dijkstra algorithm is also modified to generate information on how to encapsulate and forward packets through the network.

摘要翻译： 一种用于连接网络的方法，使得TCP / IP和OSI 8473分组可以在相同的域中路由。 维护地址的独立性：网络中的一个设备只能分配一个TCP / IP地址，另一个设备只能分配一个ISO 8473地址。 此外，所有路由器通过使用公共链路状态分组格式（例如ISO 10589格式）来共享链路状态信息; 因此可以不考虑路由器沿路由器支持的协议来计算通过网络的路由。 必要时，数据包通过路由器进行封装​​和转发，路由器不能在报文的协议中。 在一些公开的实施例中，给定区域中的所有路由器支持给定的协议（或实际上具有相同的能力，在这种情况下不需要封装）。 在这些实施例中，通过对每个路由器的分组转发过程的适当修改来执行封装。 在其他公开的实施例中，这些拓扑限制被去除，并且网络被扩展以支持附加协议。 在这些实施例中，还修改Dijkstra算法以生成关于如何通过网络封装和转发分组的信息。

公开(公告)号：US08635284B1

公开(公告)日：2014-01-21

申请号：US11255366

申请日：2005-10-21

申请人： Sunay Tripathi ,  Radia J. Perlman ,  Nicolas G. Droux

发明人： Sunay Tripathi ,  Radia J. Perlman ,  Nicolas G. Droux

IPC分类号： G06F15/16 ,  H04L29/06 ,  G06F11/30

CPC分类号： H04L69/22 ,  H04L49/9047 ,  H04L63/1458 ,  H04L69/161

摘要： A method for processing packets that includes receiving a packet from a network, analyzing the packet to obtain packet information used to determine to which temporary data structure to forward the packet, if a first list includes the packet information forwarding the packet to a first temporary data structure, and processing the packet from the first temporary data structure, and if the first list does not include the packet information forwarding the packet to a second temporary data structure, processing the packet, wherein processing the packet comprises: sending a first test to a source of the packet using the packet information, placing the packet information on the first list, if a successful response to the first test is received, and placing the packet information on a second list, if an unsuccessful response to the first test is received.

摘要翻译： 一种处理分组的方法，包括从网络接收分组，如果第一列表包括将分组转发到第一临时数据的分组信息，则分析分组以获得用于确定哪个临时数据结构转发分组的分组信息 结构，并且处理来自第一临时数据结构的分组，并且如果第一列表不包括将分组转发到第二临时数据结构的分组信息，则处理分组，其中处理分组包括：向第一临时数据结构发送第一测试 如果接收到对第一测试的成功响应，则将分组信息放置在第一列表上，并且如果接收到对第一测试的不成功的响应，则将分组信息放置在第二列表上。