公开(公告)号：US06807576B1

公开(公告)日：2004-10-19

申请号：US09658299

申请日：2000-09-08

申请人： Clark Debs Jeffries ,  Victoria Sue Thio ,  Alex Warshavsky ,  Avraham Zehavi

发明人： Clark Debs Jeffries ,  Victoria Sue Thio ,  Alex Warshavsky ,  Avraham Zehavi

IPC分类号： G06F15173

CPC分类号： H04L63/0263 ,  H04L29/06 ,  H04L67/36 ,  H04L69/329 ,  Y10S707/99932 ,  Y10S707/99933 ,  Y10S707/99937 ,  Y10S707/99942 ,  Y10S707/99943

摘要： A method and system for graphically representing relationships between a plurality of filter rules in a computer system is disclosed. The computer system includes a display. Each of the plurality of filter rules has a priority. The method and system include allowing entry of at least one filter rule of the plurality of filter rules and providing a graphical display of a first portion of the plurality of filter rules on the display. Each of the first portion of the plurality of filter rules is displayed hierarchically based on the priority of each of the first portion of the plurality of filter rules. If the first portion of plurality of filter rules includes a plurality of intersecting filter rules, then displaying the plurality of intersecting filter rules in the graphical display to indicate at least one intersection of at least one higher priority filter rule and at least one lower priority filter rule and to indicate that the at least one higher priority filter rule dominates the at least one lower priority filter rule.

摘要翻译： 公开了用于图形表示计算机系统中的多个过滤规则之间的关系的方法和系统。 计算机系统包括显示器。 多个过滤器规则中的每一个具有优先级。 所述方法和系统包括允许输入多个过滤器规则中的至少一个过滤规则，并在显示器上提供多个过滤器规则的第一部分的图形显示。 基于多个滤波器规则的第一部分中的每一个的优先级，多个滤波器规则的第一部分中的每一个被分层显示。 如果多个滤波器规则的第一部分包括多个相交的滤波器规则，则在图形显示中显示多个相交的滤波器规则以指示至少一个较高优先级的滤波器规则和至少一个较低优先级滤波器的至少一个交集 并且指示所述至少一个较高优先级过滤规则支配所述至少一个较低优先级过滤规则。

公开(公告)号：US06771601B1

公开(公告)日：2004-08-03

申请号：US09494580

申请日：2000-01-31

申请人： Metin Aydemir ,  Clark Debs Jeffries ,  Jeffrey James Lynch

发明人： Metin Aydemir ,  Clark Debs Jeffries ,  Jeffrey James Lynch

IPC分类号： G01R3108

CPC分类号： H04L49/506 ,  H04L49/3018

摘要： A network switch as well as methods, systems and computer program products for controlling congestion at a granularity of less than a link are provided. Such finer granularity may be provided by pausing traffic at a source port level of a network switch. The network switch which transmitted a message which resulted in congestion being detected is notified of the congestion and pauses the communications from the source port of the message while maintaining communications over the link from other source ports. Such source port level congestion control may be provided by a network switch having a sub-queue of its output queues where each sub-queue corresponds to an input port. Source port level pausing of transmissions may then be provided by pausing the sub-queue associated with a source port.

摘要翻译： 提供了一种网络交换机以及用于以小于链路的粒度来控制拥塞的方法，系统和计算机程序产品。 可以通过在网络交换机的源端口级别暂停业务来提供这样更细的粒度。 通过来自其它源端口的链路保持通信，通知发送了检测到拥塞的消息的网络交换机，并阻塞来自消息的源端口的通信。 这样的源端口级拥塞控制可以由具有其输出队列的子队列的网络交换机提供，其中每个子队列对应于输入端口。 然后可以通过暂停与源端口相关联的子队列来提供源端口级别暂停发送。

公开(公告)号：US06725216B2

公开(公告)日：2004-04-20

申请号：US09928200

申请日：2001-08-10

申请人： Gordon Taylor Davis ,  Clark Debs Jeffries

发明人： Gordon Taylor Davis ,  Clark Debs Jeffries

IPC分类号： G06F1730

CPC分类号： H04L45/745 ,  G06F7/02 ,  G06F2207/025 ,  H04L45/00 ,  H04L45/60 ,  Y10S707/99933 ,  Y10S707/99934

摘要： A system and method for retrieving information in a distributed table by partitioning a search key. A packet processor may generate a search key for a received packet of data. The packet processor may partition the search key into a plurality of segments where the length of each segment corresponds to a size of a particular layer of a table. The packet processor may read a particular entry in a particular layer, e.g., the first layer, of the table using a value of the segment, e.g., the first segment, associated with that layer. A determination may be made to determine if the particular entry read stores a pointer that points to the next level of the table. If so, then the packet processor may read a particular entry in the next level of the table using the value of the next segment of the plurality of segments.

摘要翻译： 一种用于通过划分搜索关键字来检索分布式表中的信息的系统和方法。 分组处理器可以生成用于所接收的数据分组的搜索关键字。 分组处理器可以将搜索密钥划分成多个段，其中每个段的长度对应于表的特定层的大小。 分组处理器可以使用与该层相关联的段（例如，第一段）的值来读取表的特定层（例如，第一层）中的特定条目。 可以确定确定特定条目读取是否存储指向表的下一级的指针。 如果是这样，则分组处理器可以使用多个段的下一个段的值来读取表的下一个级别中的特定条目。

公开(公告)号：US06701389B2

公开(公告)日：2004-03-02

申请号：US09876358

申请日：2001-06-07

申请人： Brahmanand Kumar Gorti ,  Dongming Hwang ,  Clark Debs Jeffries ,  Michael Steven Siegel ,  Kartik Sudeep

发明人： Brahmanand Kumar Gorti ,  Dongming Hwang ,  Clark Debs Jeffries ,  Michael Steven Siegel ,  Kartik Sudeep

IPC分类号： G06F300

CPC分类号： H04L47/30 ,  H04L47/10 ,  H04L47/263 ,  H04L47/32 ,  Y02D50/10

摘要： A method for dynamically adjusting the flow rate of a plurality of logical pipes that share a common output queue. In accordance with the method of the present invention, a minimum flow rate and a maximum flow rate are set for each of the pipes. Next a determination is made of whether or not excess queue bandwidth exists in accordance with the output flow rate of the shared queue. The determination of whether or not excess bandwidth exists comprises comparing the output flow rate of the shared queue with a pre-determined threshold queue output value. An instantaneous excess bandwidth signal has a value of 1 if there is excess bandwidth and is otherwise 0 if there is no excess bandwidth. In an alternate embodiment, the instantaneous excess bandwidth signal for a particular pipe is logically ANDed with one or more additional excess bandwidth signals to form a composite instantaneous excess bandwidth signal. In response to the existence of excess queue bandwidth, a flow rate of a pipe is linearly increased while in response to a lack of excess queue bandwidth, the flow rate of the pipe is exponentially decreased.

摘要翻译： 一种用于动态调整共享公共输出队列的多个逻辑管道的流量的方法。 根据本发明的方法，为每个管设定最小流量和最大流量。 接下来，根据共享队列的输出流量确定是否存在过量队列带宽。 确定是否存在超量带宽包括将共享队列的输出流量与预定阈值队列输出值进行比较。 如果存在过多的带宽，则瞬时过量带宽信号的值为1，如果没有超额带宽，则为0。 在替代实施例中，用于特定管道的瞬时过量带宽信号与一个或多个附加过量带宽信号进行逻辑“与”，以形成复合瞬时过量带宽信号。 响应于存在多余的队列带宽，管道的流量线性增加，同时响应于缺少多余的队列带宽，管道的流量呈指数下降。

公开(公告)号：US06657962B1

公开(公告)日：2003-12-02

申请号：US09546651

申请日：2000-04-10

申请人： Peter Irma August Barri ,  Brian Mitchell Bass ,  Jean Louis Calvignac ,  Ivan Oscar Clemminck ,  Marco C. Heddes ,  Clark Debs Jeffries ,  Michael Steven Siegel ,  Fabrice Jean Verplanken ,  Miroslav Vrana

发明人： Peter Irma August Barri ,  Brian Mitchell Bass ,  Jean Louis Calvignac ,  Ivan Oscar Clemminck ,  Marco C. Heddes ,  Clark Debs Jeffries ,  Michael Steven Siegel ,  Fabrice Jean Verplanken ,  Miroslav Vrana

IPC分类号： H04L1256

CPC分类号： H04L47/2441 ,  H04L47/10 ,  H04L47/12 ,  H04L47/30 ,  H04L47/32 ,  H04L49/103 ,  H04L49/3018 ,  H04L49/50 ,  H04L49/90

摘要： A system for minimizing congestion in a communication system is disclosed. The system comprises at least one ingress system for providing data. The ingress system includes a first free queue and a first flow queue. The system also includes a first congestion adjustment module for receiving congestion indications from the free queue and the flow queue. The first congestion adjustment module generates end stores transmit probabilities and performs per packet flow control actions. The system further includes a switch fabric for receiving data from the ingress system and for providing a congestion indication to the ingress system. The system further includes at least one egress system for receiving the data from the switch fabric. The egress system includes a second free queue and a second flow queue. The system also includes a second congestion adjustment module for receiving congestion indications from the second free queue and the second flow queue. The second congestion adjustment module generates and stores transmit probabilities and performs per packet flow control actions. Finally, the system includes a scheduler for determining the order and timing of transmission of packets out the egress system and to another node or destination. A method and system in accordance with the present invention provides for a unified method and system for logical connection of congestion with the appropriate flow control responses. The method and system utilizes congestion indicators within the ingress system, egress system, and the switch fabric in conjunction with a coarse adjustment system and fine adjustment system within the ingress device and the egress device to intelligently manage the system.

摘要翻译： 公开了一种用于最小化通信系统中的拥塞的系统。 该系统包括用于提供数据的至少一个入口系统。 入口系统包括第一空闲队列和第一流队列。 该系统还包括用于从空闲队列和流队列接收拥塞指示的第一拥塞调整模块。 第一拥塞调整模块生成终端存储发送概率并执行每个分组流控制动作。 该系统还包括用于从入口系统接收数据并向入口系统提供拥塞指示的交换结构。 该系统还包括用于从交换结构接收数据的至少一个出口系统。 出口系统包括第二空闲队列和第二流队列。 该系统还包括第二拥塞调整模块，用于从第二空闲队列和第二流队列接收拥塞指示。 第二拥塞调整模块生成并存储发送概率，并执行每个分组流控制动作。 最后，该系统包括一个调度器，用于确定出口系统和另一个节点或目的地的分组传输的顺序和定时。 根据本发明的方法和系统提供了用于将拥塞与适当流控制响应逻辑连接的统一方法和系统。 该方法和系统利用入口系统，出口系统和交换结构中的拥塞指示符与入口设备和出口设备内的粗调系统和精细调整系统结合，智能地管理系统。

公开(公告)号：US06473763B1

公开(公告)日：2002-10-29

申请号：US09540921

申请日：2000-03-31

申请人： Everett Arthur Corl, Jr. ,  Clark Debs Jeffries ,  Colin Beaton Verrilli

发明人： Everett Arthur Corl, Jr. ,  Clark Debs Jeffries ,  Colin Beaton Verrilli

IPC分类号： G06F1730

CPC分类号： H04L63/0263 ,  G06F17/30985 ,  H04L43/50 ,  H04L63/0236 ,  H04L63/1433 ,  Y10S707/99942 ,  Y10S707/99943

摘要： A method and system for testing a plurality of filter rules in a computer system is disclosed. The plurality of filter rules is used with a key. Each of the plurality of filter rules is capable of being described using a plurality of bits corresponding to a portion of the key. The plurality of bits can include at least one binary value, at least one wildcard, and at least one boundary symbol. The at least one binary value can be a zero or a one. The method and system include selecting a portion of the plurality of filter rules that the key can match by testing part of the key against a portion of the plurality of bits and explicitly testing the key against the portion of the plurality of filter rules. A first bit of the portion of the plurality of bits has a first maximum number of the at least one binary symbol for the plurality of filter rules. Each subsequent bit of the portion plurality of bits has a second maximum number of the at least one binary symbol for a plurality of remaining bits and is selected based on testing of a prior bit. Preferably, the portion of the plurality of bits is tested using a decision tree which includes nodes corresponding to a second portion of the plurality of bits.

摘要翻译： 公开了一种用于测试计算机系统中的多个过滤规则的方法和系统。 多个过滤器规则与密钥一起使用。 多个滤波器规则中的每一个能够使用与密钥的一部分相对应的多个比特来描述。 多个比特可以包括至少一个二进制值，至少一个通配符和至少一个边界符号。 至少一个二进制值可以是零或一个。 所述方法和系统包括通过根据多个比特的一部分测试部分密钥来选择密钥可以匹配的多个过滤规则的一部分，并针对多个过滤规则的部分显式测试密钥。 多个位的部分的第一位具有用于多个滤波器规则的至少一个二进制符号的第一最大数目。 部分多个比特的每个后续比特具有多个剩余比特的至少一个二进制符号的第二最大数目，并且基于先前比特的测试来选择。 优选地，使用包括对应于多个比特的第二部分的节点的决策树来测试多个比特的部分。

公开(公告)号：US06359862B1

公开(公告)日：2002-03-19

申请号：US08978178

申请日：1997-11-25

申请人： Clark Debs Jeffries ,  Ken Van Vu

发明人： Clark Debs Jeffries ,  Ken Van Vu

IPC分类号： H04J324

CPC分类号： H04L12/5602 ,  H04L2012/5635 ,  H04L2012/5681

摘要： A method of flow control for Available Bit Rate (ABR) sources in an Asynchronous Transfer Mode (ATM) network is implemented. An effective rate for the source is determined by an ATM switch based on a critically damped second order system. The effective rate is damped toward a share value that is based on the source queue length, a target queue length, and the actual cell rates of the connected ABR sources sending traffic through the ATM switch. The resulting feedback loop ensures that the source queue length will not exceed the target queue length.

摘要翻译： 实现了异步传输模式（ATM）网络中可用比特率（ABR）源的流量控制方法。 源的有效速率由基于绝对阻尼二阶系统的ATM交换机确定。 根据源队列长度，目标队列长度和连接的ABR源通过ATM交换机发送流量的实际信元速率，有效速率被抑制。 所产生的反馈循环确保源队列长度不会超过目标队列长度。

公开(公告)号：US08176126B2

公开(公告)日：2012-05-08

申请号：US10926641

申请日：2004-08-26

申请人： John Fred Davis ,  Kevin David Himberger ,  Clark Debs Jeffries ,  Garreth Joseph Jeremiah

发明人： John Fred Davis ,  Kevin David Himberger ,  Clark Debs Jeffries ,  Garreth Joseph Jeremiah

IPC分类号： G06F15/16 ,  G06F15/173

CPC分类号： H04L51/12 ,  G06Q10/107

摘要： A system, method and program product for managing e-mails from a source suspected of sending spam. The e-mails are received at a firewall or router en route to a mail server. A determination is made whether a source has sent an e-mail which exhibits characteristics of spam. In response, subsequent e-mails from the source destined for the mail server are rate-limiting at the firewall or router such that the firewall or router limits a rate at which the subsequent e-mails are forwarded from the firewall or router to the mail server. The rate is predetermined and less than a maximum rate at which the firewall or router can physically forward e-mails to the mail server absent the rate limit. A determination is made whether another source has sent another e-mail which exhibits more characteristics of spam than the first said e-mail. In response, subsequent e-mails from this other source are blocked at the firewall or router. The rate limit can be a limit on a number of e-mails per unit of time from the source that will be forwarded from the firewall or router to the mail server.

摘要翻译： 用于管理来自怀疑发送垃圾邮件的来源的电子邮件的系统，方法和程序产品。 电子邮件在路由到邮件服务器的防火墙或路由器上收到。 确定来源是否发送了展示垃圾邮件特征的电子邮件。 作为回应，来自目的地为邮件服务器的源的后续电子邮件在防火墙或路由器上是速率限制的，使得防火墙或路由器限制后续电子邮件从防火墙或路由器转发到邮件的速率 服务器。 速率是预定的，并且小于防火墙或路由器可以在没有速率限制的情况下将电子邮件物理转发到邮件服务器的最大速率。 确定另一个来源是否发送了另一个具有比第一个所述电子邮件更多的垃圾邮件特征的电子邮件。 作为回应，来自其他来源的后续电子邮件在防火墙或路由器上被阻止。 速率限制可以限制从将从防火墙或路由器转发到邮件服务器的源的每单位时间的电子邮件数量。

公开(公告)号：US08112547B2

公开(公告)日：2012-02-07

申请号：US12796363

申请日：2010-06-08

申请人： Everett Arthur Corl, Jr. ,  Gordon Taylor Davis ,  Clark Debs Jeffries ,  Steven Richard Perrin ,  Hiroshi Takada ,  Victoria Sue Thio

发明人： Everett Arthur Corl, Jr. ,  Gordon Taylor Davis ,  Clark Debs Jeffries ,  Steven Richard Perrin ,  Hiroshi Takada ,  Victoria Sue Thio

IPC分类号： G06F15/173

CPC分类号： H04L29/12009 ,  H04L29/12462 ,  H04L29/12481 ,  H04L45/745 ,  H04L61/255 ,  H04L61/2557

摘要： A method for increasing the capacity of a connection table in a firewall accelerator by means of mapping packets in one session with some common security actions into one table entry. For each of five Network Address Translation (NAT) configurations, a hash function is specified. The hash function takes into account which of four possible arrival types a packet at a firewall accelerator may have. When different arrival types of packets in the same session are processed, two or more arrival types may have the same hash value.

摘要翻译： 一种通过将一个会话中的分组映射到一个表条目中的一些常见安全措施来增加防火墙加速器中连接表的容量的方法。 对于五种网络地址转换（NAT）配置中的每一种，都指定了一个散列函数。 散列函数考虑了防火墙加速器可能具有的四个可能的到达类型中的哪一个。 当处理相同会话中的不同到达类型的分组时，两个或多个到达类型可以具有相同的哈希值。

公开(公告)号：US07853794B2

公开(公告)日：2010-12-14

申请号：US11763367

申请日：2007-06-14

申请人： Clark Debs Jeffries ,  Mohammad Peyravian

发明人： Clark Debs Jeffries ,  Mohammad Peyravian

IPC分类号： H04L9/32

CPC分类号： H04L9/3228 ,  H04L9/3242 ,  H04L9/3271

摘要： A remote user, two-way authentication and password change protocol that also allows parties to optionally establish a session key which can be used to protect subsequent communication. In a preferred embodiment, a challenge token is generated and exchanged which is a onetime value that includes a random value that changes from session to session. The construction and use of the challenge token avoids transmission of the password or even the transmission of a digest of the password itself. Thus the challenge token does not reveal any information about a secret password or a digest of the password.

摘要翻译： 远程用户双向认证和密码更改协议，还允许各方可选地建立可用于保护后续通信的会话密钥。 在优选实施例中，生成和交换挑战令牌，其是包括从会话到会话改变的随机值的一次性值。 挑战令牌的构建和使用避免了密码的传输，甚至传输密码本身的摘要。 因此，挑战令牌不会显示关于密码的秘密密码或摘要的任何信息。