公开(公告)号：US09253252B2

公开(公告)日：2016-02-02

申请号：US13464818

申请日：2012-05-04

申请人： Puneet Agarwal ,  Deepak Goel ,  Mugdha Agarwal ,  Anil Kumar Gavini ,  Jyotheesh Rao Kurma ,  Arkesh Kumar ,  Shaleen Sharma

发明人： Puneet Agarwal ,  Deepak Goel ,  Mugdha Agarwal ,  Anil Kumar Gavini ,  Jyotheesh Rao Kurma ,  Arkesh Kumar ,  Shaleen Sharma

IPC分类号： H04L12/46 ,  H04L29/08 ,  H04L29/06

CPC分类号： H04L67/1002 ,  H04L12/4625 ,  H04L12/4633 ,  H04L12/4641 ,  H04L63/0227 ,  H04L63/0272 ,  H04L63/164

摘要： Embodiments of the present solution provide a cloud bridge to bring network transparency between the otherwise disparate networks of the datacenter and cloud service provider. For example, appliances may be deployed in the datacenter and on the edge of the cloud. These appliances may be configured or designed and constructed to communicate with each other and recognize and understand the local IP and/or public IP network information of the on-premise datacenter of the enterprise and the cloud datacenter. These appliances may manage the flow of network traffic between the on-premise and cloud datacenters in a manner to appear and act seamlessly and transparently as a single network spanning both the on-premise and cloud data centers.

摘要翻译： 本解决方案的实施例提供了一种云桥，以在数据中心和云服务提供商的不同网络之间带来网络透明度。 例如，设备可能部署在数据中心和云端。 这些设备可以被配置或设计和构造成彼此通信，并且识别和理解企业和云数据中心的内部部署数据中心的本地IP和/或公共IP网络信息。 这些设备可以以内部和云数据中心的单一网络的方式无缝和透明地管理内部部署和云数据中心之间的网络流量流。

公开(公告)号：US08769660B2

公开(公告)日：2014-07-01

申请号：US12360019

申请日：2009-01-26

申请人： Puneet Agarwal ,  Saibal Kumar Adhya ,  Srinivasan Thirunarayanan ,  James Harris

发明人： Puneet Agarwal ,  Saibal Kumar Adhya ,  Srinivasan Thirunarayanan ,  James Harris

IPC分类号： G06F15/16

CPC分类号： H04L63/0227 ,  H04L63/0272 ,  H04L63/0281 ,  H04L63/166 ,  H04L63/20 ,  H04L67/02 ,  H04L67/28 ,  H04L67/2842

摘要： The present application enables the enterprise to configure various policies to address various subsets of the traffic based on various information relating the client, the server, or the details and nature of the interactions between the client and the server. An intermediary deployed between clients and servers may establish an SSL VPN session between a client and a server. The intermediary may receiving a response from a server to a request of a client via the clientless SSL VPN session. The response may comprise one or more cookies. The intermediary may identify an access profile for the clientless SSL VPN session. The access profile may identify one or more policies for proxying cookies. The intermediary may determine, responsive to the one or more policies of the access profile, whether to proxy or bypass proxying for the client the one or more cookies.

摘要翻译： 本应用使得企业能够基于与客户端，服务器或客户端与服务器之间的交互的细节和性质相关的各种信息来配置各种策略来处理流量的各种子集。 部署在客户端和服务器之间的中介可以在客户端和服务器之间建立SSL VPN会话。 中间人可以通过无客户端SSL VPN会话从服务器接收到客户端的请求的响应。 响应可以包括一个或多个cookie。 中介可以识别无客户端SSL VPN会话的访问配置文件。 访问配置文件可以标识用于代理Cookie的一个或多个策略。 中介可以响应于访问简档的一个或多个策略来确定是否为客户端代理或绕过代理一个或多个cookie。

公开(公告)号：US08667575B2

公开(公告)日：2014-03-04

申请号：US12976688

申请日：2010-12-22

申请人： Ravindranath Thakur ,  Puneet Agarwal ,  Arkesh Kumar ,  Rui Li

发明人： Ravindranath Thakur ,  Puneet Agarwal ,  Arkesh Kumar ,  Rui Li

IPC分类号： G06F9/00 ,  G06F15/16 ,  G06F17/00 ,  G06F7/04 ,  G06F17/30 ,  H04L29/06

CPC分类号： G06F21/41

摘要： A method for propagating authentication session information to a plurality of cores of a multi-core device includes establishing, by an authentication virtual server executing on a first core of a device intermediary to at least one client and server, a session for a user, the authentication virtual server authenticating the session. A traffic management virtual server executes on a second core of device, and receives a request to access a server via the session. The traffic management virtual server may identify, responsive to a determination that the session is not stored by the second core, from an identifier of the session that the first core established the session. The second core may send to the first core a request for data for the session identified by the identifier. The second core may receive from the first core a response to the second request identifying whether the session is valid.

摘要翻译： 用于将认证会话信息传播到多核设备的多个核心的方法包括：通过在至少一个客户端和服务器的中间设备的第一核心上执行的认证虚拟服务器建立用户的会话， 验证虚拟服务器认证会话。 流量管理虚拟服务器在设备的第二核心上执行，并且经由会话接收到访问服务器的请求。 业务管理虚拟服务器可以响应于确定该会话未被第二核心存储的第一核心建立会话的会话标识符。 第二核心可以向第一核心发送由标识符标识的会话的数据请求。 第二核心可以从第一核心接收对第二请求的响应，以识别会话是否有效。

公开(公告)号：US20130322271A1

公开(公告)日：2013-12-05

申请号：US13610165

申请日：2012-09-11

申请人： Brad Matthews ,  Puneet Agarwal

发明人： Brad Matthews ,  Puneet Agarwal

IPC分类号： H04J99/00 ,  H04L12/26

CPC分类号： H04L43/0882 ,  H04L49/251 ,  H04L49/252

摘要： A system transfers data. The system includes an ingress node transferring data at a determined bandwidth. The ingress node includes a buffer and operates based on a monitored node parameter. The system includes a controller in communication with the ingress node. The controller is configured to allocate, based on the monitored node parameter, an amount of the determined bandwidth for directly transferring data to bypass the buffer of the ingress node.

摘要翻译： 系统传输数据。 该系统包括以确定的带宽传送数据的入口节点。 入口节点包括缓冲器并且基于被监视的节点参数进行操作。 该系统包括与入口节点通信的控制器。 控制器被配置为基于所监视的节点参数来分配用于直接传送数据以绕过入口节点的缓冲器的确定带宽的量。

公开(公告)号：US08446831B2

公开(公告)日：2013-05-21

申请号：US12881966

申请日：2010-09-14

申请人： Bruce Kwan ,  Puneet Agarwal

发明人： Bruce Kwan ,  Puneet Agarwal

IPC分类号： G01R31/08

CPC分类号： H04L47/10 ,  H04L47/215 ,  H04L47/2458 ,  H04L47/29 ,  H04L47/31

摘要： Example methods and apparatus for hierarchical bandwidth management are disclosed. An example method includes, receiving a data packet included in a first data traffic flow having a first rate of traffic. The example method further includes marking the data packet with a first marker type if the first rate of traffic is less than or equal to a first threshold, otherwise marking the data packet with a second marker type. The example method also includes combining the first data traffic flow with a second data traffic flow having a second rate of traffic to produce a third data traffic flow having a third rate of traffic. The example method still further includes, if the data packet is marked with the first marker type, forwarding the data packet in the third data flow. The example method yet further includes, if the data packet is marked with the second marker type and the third rate of traffic is less than or equal to a second threshold, forwarding the data packet in the third data flow, otherwise, discarding the packet.

摘要翻译： 公开了用于分级带宽管理的示例方法和装置。 示例性方法包括：接收包含在具有第一速率的第一数据业务流中的数据分组。 该示例方法还包括如果第一速率小于或等于第一阈值，则以第一标记类型标记数据分组，否则用第二标记类型标记数据分组。 示例性方法还包括将第一数据业务流与具有第二速率的第二数据业务流组合以产生具有第三速率的第三数据业务流。 该示例方法还包括如果数据分组用第一标记类型标记，则在第三数据流中转发数据分组。 该示例方法还包括如果数据分组被标记为第二标记类型，并且第三速率小于或等于第二阈值，则转发第三数据流中的数据分组，否则丢弃该分组。

公开(公告)号：US08392982B2

公开(公告)日：2013-03-05

申请号：US12409216

申请日：2009-03-23

申请人： James Harris ,  Rui Li ,  Arkesh Kumar ,  Ravindranath Thakur ,  Puneet Agarwal ,  Akshat Choudhary

发明人： James Harris ,  Rui Li ,  Arkesh Kumar ,  Ravindranath Thakur ,  Puneet Agarwal ,  Akshat Choudhary

IPC分类号： H04L29/00 ,  H04L29/06 ,  G06F15/16

CPC分类号： H04L63/0876 ,  G06F21/31 ,  G06F21/53 ,  G06F2009/4557 ,  H04L63/08 ,  H04L63/0884 ,  H04L63/10 ,  H04L63/105 ,  H04L63/166 ,  H04L63/20 ,  H04L67/2814

摘要： The present invention provides a system and method for authentication of network traffic managed by a traffic management virtual server. A traffic management virtual server may determine that a client has not been authenticated from a request of the client to access a server. Responsive to the request, the traffic management virtual server may transmit a response to the client with instructions to redirect to an authentication virtual server. The authentication virtual server may receive a second request from the client. The authentication virtual server may then authenticate credentials received from the client and establish an authentication session for the client. Further, the authentication virtual server may transmit a second response to redirect the client to the traffic management virtual server. The second response identifies the authentication session. The traffic management virtual server then receives a request from the client with an identifier to the authentication session.

摘要翻译： 本发明提供了一种用于由流量管理虚拟服务器管理的网络流量的认证的系统和方法。 流量管理虚拟服务器可以确定客户端尚未从客户端访问服务器的请求进行身份验证。 响应于该请求，流量管理虚拟服务器可以向客户端发送响应以重定向到认证虚拟服务器的指令。 验证虚拟服务器可以从客户端接收第二请求。 然后，认证虚拟服务器可以验证从客户端接收到的凭证，并为客户端建立认证会话。 此外，认证虚拟服务器可以发送第二响应以将客户端重定向到流量管理虚拟服务器。 第二个响应标识认证会话。 然后，流量管理虚拟服务器从客户端接收到具有识别会话的标识符的请求。

公开(公告)号：US20130003549A1

公开(公告)日：2013-01-03

申请号：US13174511

申请日：2011-06-30

申请人： Brad MATTHEWS ,  Puneet Agarwal

发明人： Brad MATTHEWS ,  Puneet Agarwal

IPC分类号： H04L12/26

CPC分类号： H04L41/0668 ,  H04L45/245 ,  H04L45/38 ,  H04L69/14 ,  Y02D50/30

摘要： Methods, systems, and computer program product embodiments for managing traffic flows member of a plurality of available member resources in a communications device are disclosed. Embodiments include configuring a flow table containing a plurality of mappings, where each of the mappings specifies a relationship between one of a range of index values and at least one of the plurality of available member resources of an aggregated resource, assigning using the flow table respective traffic flows to at least one of the plurality of available links, and responsive to a change in the plurality of available member resources, changing the plurality of mappings.

摘要翻译： 公开了用于在通信设备中管理多个可用成员资源的流量成员的方法，系统和计算机程序产品实施例。 实施例包括配置包含多个映射的流表，其中每个映射指定索引值的范围中的一个与聚合资源的多个可用成员资源中的至少一个之间的关系，使用流表分别分配 业务流向多个可用链路中的至少一个，并且响应于多个可用成员资源中的改变，改变多个映射。

公开(公告)号：US08248918B2

公开(公告)日：2012-08-21

申请号：US12371205

申请日：2009-02-13

申请人： Jin Ding ,  Bruce Kwan ,  Puneet Agarwal

发明人： Jin Ding ,  Bruce Kwan ,  Puneet Agarwal

IPC分类号： G01R31/08

CPC分类号： H04L45/16 ,  H04L45/00 ,  H04L45/02 ,  H04L45/18 ,  H04L45/22 ,  H04L45/28

摘要： A node comprising: an ingress port configured to receive data; a plurality of egress ports configured to transmit data; a routing table configured to provide, at least part of, both a preferred routing path and a recovery routing path; a data tag engine configured to read a tag, associated with the data, that indicates the routing state of the data and, based at least in part upon the tag determine whether to use the preferred routing path or the recovery routing path for a selected path, and determine if the tag is to be modified to indicate a change in the routing status of the data; and a routing engine configured to utilize the selected path to determine the egress port from which to transmit the data.

摘要翻译： 一种节点，包括：入口端口，被配置为接收数据; 配置成发送数据的多个出口端口; 路由表，被配置为提供优选路由路径和恢复路由路径的至少一部分; 配置为读取与数据相关联的标签的数据标签引擎，其指示数据的路由状态，并且至少部分地基于标签确定是否对所选路径使用优选路由路径或恢复路由路径 并且确定是否要修改标签以指示数据的路由状态的改变; 以及路由引擎，被配置为利用所选择的路径来确定从其发送数据的出口端口。

公开(公告)号：US20120195192A1

公开(公告)日：2012-08-02

申请号：US13016947

申请日：2011-01-28

申请人： Brad Matthews ,  Bruce Kwan ,  Puneet Agarwal

发明人： Brad Matthews ,  Bruce Kwan ,  Puneet Agarwal

IPC分类号： H04L12/26

CPC分类号： H04L47/30 ,  H04L47/12

摘要： Methods and apparatus for dynamic bandwidth allocation are disclosed. An example method includes determining, by a network device, at least one of a congestion state of a packet memory buffer of the network device and a congestion state of an external packet memory that is operationally coupled with the network device. The example method further includes dynamically adjusting, by the network device, respective bandwidth allocations for read and write operations between the network device and the external packet memory, the dynamic adjusting being based on the determined congestion state of the packet memory buffer and/or the determined congestion state of the external packet memory.

摘要翻译： 公开了用于动态带宽分配的方法和装置。 示例性方法包括由网络设备确定网络设备的分组存储器缓冲器的拥塞状态和与网络设备可操作地耦合的外部分组存储器的拥塞状态中的至少一个。 该示例方法还包括由网络设备动态地调整用于网络设备和外部分组存储器之间的读取和写入操作的相应带宽分配，所述动态调整基于所确定的分组存储器缓冲器的拥塞状态和/或 确定外部包存储器的拥塞状态。

公开(公告)号：US07991007B2

公开(公告)日：2011-08-02

申请号：US11172799

申请日：2005-07-05

申请人： Puneet Agarwal ,  Yook Khai Cheok

发明人： Puneet Agarwal ,  Yook Khai Cheok

IPC分类号： H04J3/24

CPC分类号： H04L69/16 ,  H04L69/161 ,  H04L69/166 ,  H04L2012/5652

摘要： A hardware packets reassembly apparatus and method includes an ingress unit receiving and parsing a data packet, recognizing fragments corresponding to the data packet, and outputting control information of the fragments. An en-queue unit stores the control information of each fragment, links each related fragment based on the control information, and enqueues the data packet when all fragments are available corresponding to the data packet, wherein the data packet is enqueued only when all of the fragments corresponding to the data packet are available in a sequential order. A dequeue unit dequeues the data packet from a packet descriptor, and scheduling the data packet based on a corresponding class of service. An egress unit assembles all fragments corresponding to the data packet into a full packet and outputting the assembled data packet from an output port.

摘要翻译： 硬件分组重组装置和方法包括：入口单元，接收和解析数据分组，识别对应于数据分组的分段，并输出分片的控制信息。 队列单元存储每个片段的控制信息，基于控制信息链接每个相关片段，并且当与数据分组相对应的所有片段可用时，对数据分组进行排队，其中仅当所有片段 与数据包相对应的片段可以按顺序提供。 出队单元从数据包描述符中取出数据包，并根据相应的服务类别调度数据包。 出口单元将与数据分组相对应的所有片段组合成完整分组，并从输出端口输出组合的数据分组。