公开(公告)号：US20050198491A1

公开(公告)日：2005-09-08

申请号：US10793535

申请日：2004-03-03

申请人： Pamela Lee ,  Wai Wong

发明人： Pamela Lee ,  Wai Wong

IPC分类号： G06F11/30

CPC分类号： H04L12/66

摘要： Methods and devices are provided for securely transmitting sensitive information over the Internet to and from a first device in a home network that lacks the ability to communicate according to a secure protocol. Communications between the first device and a second device within the home network may proceed according to a non-secure protocol, such as HTTP. However, the second device has the ability to communicate with the outside world via a secure protocol, such as HTTPS. Various implementations of the invention allow the first device to avail itself of the secure communications provided by the second device.

摘要翻译： 提供了方法和设备，用于通过因特网安全地向家庭网络中的第一设备发送敏感信息，该家庭网络中缺少根据安全协议进行通信的能力。 家庭网络内的第一设备和第二设备之间的通信可以根据诸如HTTP的非安全协议进行。 然而，第二设备具有通过安全协议（例如HTTPS）与外部世界通信的能力。 本发明的各种实现允许第一设备利用由第二设备提供的安全通信。

公开(公告)号：US20160173601A1

公开(公告)日：2016-06-16

申请号：US14571115

申请日：2014-12-15

申请人： Donald Edward Steiss

发明人： Donald Edward Steiss

IPC分类号： H04L29/08

CPC分类号： G06F9/30003 ,  G06F9/3004 ,  G06F13/00

摘要： In one embodiment, command message generation and execution using a machine code-instruction is performed. One embodiment includes a particular machine executing a single machine-code instruction including a reference into a command-message-building data structure stored in memory. This executing the single machine-code instruction includes generating a command message and initiating communication of the command message to a hardware accelerator, including copying command information from the command-message-building data structure based on the reference into the command message. The hardware accelerator receives and executes the command message. In one embodiment, the command message is message-switched from a processor to a hardware accelerator, such as, but not limited to, a memory controller, a table lookup unit, or a prefix lookup unit. In one embodiment, a plurality of threads share the command-message-building data structure. In one embodiment, a plurality of processors share the command-message-building data structure.

摘要翻译： 在一个实施例中，执行使用机器代码指令的命令消息生成和执行。 一个实施例包括执行包括对存储在存储器中的命令消息构建数据结构的引用的单个机器码指令的特定机器。 执行单个机器代码指令的步骤包括：生成命令消息并启动命令消息到硬件加速器的通信，包括基于该命令消息的引用从命令消息构建数据结构复制命令信息。 硬件加速器接收并执行命令消息。 在一个实施例中，命令消息是从处理器到硬件加速器的消息交换，诸如但不限于存储器控制器，表查找单元或前缀查找单元。 在一个实施例中，多个线程共享命令消息建立数据结构。 在一个实施例中，多个处理器共享命令消息建立数据结构。

公开(公告)号：US20150032872A1

公开(公告)日：2015-01-29

申请号：US13949433

申请日：2013-07-24

申请人： Andrew E. Ossipov

发明人： Andrew E. Ossipov

IPC分类号： H04L29/12

CPC分类号： H04L61/2567 ,  H04L43/08 ,  H04L43/0811 ,  H04L43/10 ,  H04L43/16 ,  H04L61/2514 ,  H04L61/255

摘要： In one embodiment, network address translated (NAT) mapped addresses are selectively used based on their prior network reachability. One embodiment maintains for each particular mapped address (e.g., NAT public address pool member), a reachability status level based on prior usage of the particular mapped address to communicate with external destinations. By continuously monitoring the reachability “health” of mapped addresses, problem-experiencing mapped addresses can be avoided. One embodiment monitors the success and/or failure rates of connection attempts over a rolling time period to provide an up-to-date current view of the reachability status level of corresponding mapped addresses. In one embodiment, a network address translation device assigns, based on their reachability status level, these mapped addresses. One embodiment provides an administrative notification for particular mapped address or ceases using the particular mapped address in response to its reachability status level falling outside a predetermined or calculated level.

摘要翻译： 在一个实施例中，基于其先前的网络可达性来选择性地使用网络地址转换（NAT）映射地址。 一个实施例针对每个特定映射地址（例如，NAT公共地址池成员）维护基于特定映射地址的先前使用以与外部目的地通信的可达性状态级别。 通过不断监控映射地址的可靠性“健康”，可以避免遇到问题的映射地址。 一个实施例监视在滚动时间段内的连接尝试的成功和/或失败率，以提供对应映射地址的可达性状态级别的最新当前视图。 在一个实施例中，网络地址转换设备基于它们的可达性状态级别来分配这些映射地址。 一个实施例提供特定映射地址的管理通知，或者响应于其可达性状态级别落在预定或计算的级别之外，使用特定映射地址停止。

公开(公告)号：US20150023325A1

公开(公告)日：2015-01-22

申请号：US13954297

申请日：2013-07-30

申请人： Patrick Wetterwald ,  Jean-Philippe Vasseur ,  Pascal Thubert

发明人： Patrick Wetterwald ,  Jean-Philippe Vasseur ,  Pascal Thubert

IPC分类号： H04L5/00

CPC分类号： H04L5/0055 ,  H04L45/34 ,  H04L45/42

摘要： In one embodiment, a first node in a wireless deterministic network communicates to a second node configuration information identifying a destination-facing path portion of a particular one-way path traversing from a source node to a destination node within the wireless deterministic network. The destination-facing portion includes a path traversing from the second node over one or more additional nodes to the destination node over which to forward packets received over a first portion of the particular one-way path from the source node to the second node. The configuration information includes a particular time slot for the second node to receive packets being sent over the particular one-way path. In one embodiment, the first node receives from the second node an acknowledgement message in the particular time slot that the destination-facing portion of the particular one-way path was configured and activated.

摘要翻译： 在一个实施例中，无线确定性网络中的第一节点与第二节点配置信息通信，所述第二节点配置信息标识从无源确定性网络中的源节点到目的地节点的特定单向路径的目的地路径部分。 面向目标的部分包括从一个或多个附加节点上的第二节点穿过到目的地节点的路径，通过该目的节点将从特定单向路径的第一部分接收的分组从源节点转发到第二节点。 配置信息包括用于第二节点接收通过特定单向路径发送的分组的特定时隙。 在一个实施例中，第一节点从特定时隙中从第二节点接收确认消息，特定单向路径的目的地面向部分被配置和激活。

公开(公告)号：US20140064722A1

公开(公告)日：2014-03-06

申请号：US13599065

申请日：2012-08-30

申请人： Giacomo Losio ,  Gilberto Loprieno

发明人： Giacomo Losio ,  Gilberto Loprieno

IPC分类号： H04B17/00

CPC分类号： H04J3/14 ,  H04B10/0773 ,  H04J2203/0057 ,  H04L43/0858

摘要： In one embodiment, a one-way delay is measured between optical devices in an optical transport network based on roundtrip times of request and corresponding response frames. A first optical device sends a sequence of delay measurement request frames to a second optical device, which varies a local delay before responding to a request frame, thus causing a slippage in the sequence of reply frames received by the first device. The point at which the request frames are received in relation to the stream of frames sent by the optical device can be identified based on the frame slippage. Therefore, the delay measurement can be adjusted by a corresponding offset to the beginning of a frame in order to increase the accuracy of the one-way delay measurement.

摘要翻译： 在一个实施例中，基于请求的往返时间和对应的响应帧，在光传输网络中的光学设备之间测量单向延迟。 第一光学设备向第二光学设备发送一系列延迟测量请求帧，该第二光学设备在响应于请求帧之前改变本地延迟，从而导致由第一设备接收到的应答帧序列的滑动。 可以基于帧滑动来识别与由光学设备发送的帧相关的请求帧的接收点。 因此，延迟测量可以通过对帧开始的相应偏移进行调整，以提高单向延迟测量的精度。

公开(公告)号：US20140059289A1

公开(公告)日：2014-02-27

申请号：US13594827

申请日：2012-08-26

申请人： Doron Shoham ,  Ilan Lisha ,  Yossi Socoletzky

发明人： Doron Shoham ,  Ilan Lisha ,  Yossi Socoletzky

IPC分类号： G06F12/00

CPC分类号： G11C15/00

摘要： In one embodiment, multiple content-addressable memory entries are associated with each other to effectively form a batch content-addressable memory entry that spans multiple physical entries of the content-addressable memory device. To match against this content-addressable memory entry, multiple lookup operations are required—i.e., one lookup operation for each combined physical entry. Further, one embodiment provides that a batch content-addressable memory entry can span one, two, three, or more physical content-addressable memory entries, and batch content-addressable memory entries of varying sizes could be programmed into a single content-addressable memory device. Thus, a lookup operation might take two lookup iterations on the physical entries of the content-addressable memory device, with a next lookup operation taking a different number of lookup iterations (e.g., one, three or more).

摘要翻译： 在一个实施例中，多个可内容寻址的存储器条目彼此关联以有效地形成跨越可内容寻址的存储器件的多个物理条目的批处理内容可寻址存储器条目。 为了匹配该内容可寻址内存条目，需要多次查找操作，即每个组合物理条目的一个查找操作。 此外，一个实施例提供批量内容寻址存储器条目可以跨越一个，两个，三个或更多个物理内容可寻址存储器条目，并且不同大小的批量可内容寻址的存储器条目可以被编程到单个内容寻址存储器 设备。 因此，查找操作可能对可内容寻址的存储器件的物理条目进行两次查找迭代，下一个查找操作采用不同数量的查找迭代（例如，一个，三个或更多）。

公开(公告)号：US20140003426A1

公开(公告)日：2014-01-02

申请号：US13571794

申请日：2012-08-10

申请人： Ramkumar Sankar ,  Varagur Chandrasekaran ,  Murali Basavaiah

发明人： Ramkumar Sankar ,  Varagur Chandrasekaran ,  Murali Basavaiah

IPC分类号： H04L12/56

CPC分类号： H04L61/103

摘要： In one embodiment, the processing by a packet switching device of a received network-to-link-layer address resolution request message (e.g., Address Resolution Protocol [ARP] Request message, Neighbor Discovery Protocol [NDP] Neighbor Solicitation message) is dependent upon whether or not its target IP address corresponds to a network gateway packet switching device. When the target IP address of a received ARP Request/NDP Neighbor Solicitation message corresponds to a network gateway, then the packet switching device responds effectively on behalf of the network gateway, rather than forwarding the message to the network gateway. When the target IP address of a received ARP Request/NDP Neighbor Solicitation message does not correspond to a network gateway and the Media Access Control (MAC) address corresponding to the target IP address is known, then the packet switching device transforms then sends the broadcast or multicast frame into a unicast frame.

摘要翻译： 在一个实施例中，分组交换设备对接收到的网络到链路层地址解析请求消息（例如，地址解析协议[ARP]请求消息，邻居发现协议[NDP]邻居请求消息）的处理）取决于 其目标IP地址是否对应于网络网关分组交换设备。 当接收的ARP请求/ NDP邻居请求消息的目标IP地址对应于网络网关时，分组交换设备代表网关进行有效响应，而不是将消息转发到网络网关。 当接收的ARP请求/ NDP邻居请求消息的目标IP地址与网络网关不对应，并且与目标IP地址对应的媒体访问控制（MAC）地址是已知的时候，分组交换设备转换然后发送广播 或多播帧转换为单播帧。

公开(公告)号：US20130301652A1

公开(公告)日：2013-11-14

申请号：US13528956

申请日：2012-06-21

申请人： Doron Oz ,  Rohit Uberoi ,  Dushyant Joshi ,  Senthil M. Sivakumar

发明人： Doron Oz ,  Rohit Uberoi ,  Dushyant Joshi ,  Senthil M. Sivakumar

IPC分类号： H04L29/00

CPC分类号： H04L67/10 ,  G06F9/5022 ,  G06F2209/5011 ,  G06F2209/5014 ,  H04L69/22

摘要： In one embodiment, excess committed network appliance resources are shared for providing services within a network appliance. One approach maintains service resources in a committed service resource pool and one or more other pools of service resources. Service resources are taken from a corresponding pool as needed. Service resources are reallocated to the committed resource pool as needed to ensure that service resources are available to service corresponding packet streams at their corresponding committed rate. Examples of such services provided by a network appliance include, but are not limited to, network address translation (NAT), firewall, Internet Protocol Security (IPsec), virtual private network (VPN), or deep packet inspection (DPI) services.

摘要翻译： 在一个实施例中，多余的承诺网络设备资源被共享以在网络设备内提供服务。 一种方法在服务资源池和一个或多个服务资源池中维护服务资源。 服务资源根据需要从相应的池中取出。 服务资源根据需要重新分配到承诺资源池，以确保服务资源可用于以相应的承诺速率对相应的数据包进行服务。 由网络设备提供的这种服务的示例包括但不限于网络地址转换（NAT），防火墙，因特网协议安全（IPsec），虚拟专用网（VPN）或深度分组检测（DPI）服务。

公开(公告)号：US20130114593A1

公开(公告)日：2013-05-09

申请号：US13329369

申请日：2011-12-19

申请人： Khalil A. Jabr ,  Naveen Kumar R (Ramalingappa) ,  Sandesh Kumar B. Narappa ,  Sudhakar Shenoy

发明人： Khalil A. Jabr ,  Naveen Kumar R (Ramalingappa) ,  Sandesh Kumar B. Narappa ,  Sudhakar Shenoy

IPC分类号： H04L12/56

CPC分类号： H04L49/552 ,  H04L45/28 ,  H04L45/60

摘要： In one embodiment, a device receives a first packet stream and a second packet stream over different paths through a network, wherein each of said sent first and the second packet streams includes a same replicated stream of packets. The apparatus processes packets of the first packet stream when the first packet stream is in an active packet stream, and while buffering and subsequently dropping packets of the second packet stream when the second packet stream is in a non-active state. In response to identifying a difference in a number of packets in the same replicated stream of packets received in the second packet stream compared to in the first packet stream equaling or exceeding a predetermined threshold, the second packet stream becomes in the active state and missing packets are forwarded from the buffered second stream packets.

摘要翻译： 在一个实施例中，设备通过网络在不同路径上接收第一分组流和第二分组流，其中所述发送的第一和第二分组流中的每一个包括相同的复制流分组流。 当第一分组流处于活动分组流中时，该装置处理第一分组流的分组，并且当第二分组流处于非活动状态时，缓冲并随后丢弃第二分组流的分组。 响应于识别与等于或超过预定阈值的第一分组流相比在第二分组流中接收的分组的相同复制流中的分组数量的差异，第二分组流变为活动状态并丢失分组 从缓冲的第二流包转发。

公开(公告)号：US20130088974A1

公开(公告)日：2013-04-11

申请号：US13269617

申请日：2011-10-09

申请人： Stewart Frederick Bryant ,  Clarence Filsfils ,  Ian Michael Charles Shand

发明人： Stewart Frederick Bryant ,  Clarence Filsfils ,  Ian Michael Charles Shand

IPC分类号： H04L12/28 ,  H04L12/56 ,  H04L12/26

CPC分类号： H04L12/437 ,  H04L12/427 ,  H04L43/0811 ,  H04L45/18 ,  H04L45/28

摘要： In one embodiment, micro-loops are avoided in ring topologies of packet switching devices by changing the order of propagation of link state information concerning failed communications between a particular packet switching device and a neighbor packet switching device. In one embodiment, the particular packet switching device communicates link state information of a high cost of the particular communications (e.g., in the direction from particular to neighbor packet switching devices) such that this link state information will propagate towards the particular packet switching device from at least from the furthest packet switching device in the ring topology that is currently configured to forward packets having a destination address of the neighbor packet switching device through the particular packet switching device.