公开(公告)号：US20110274082A1

公开(公告)日：2011-11-10

申请号：US12773351

申请日：2010-05-04

申请人： Patrice Calhoun ,  Abhijit Choudhury ,  Rohit Suri ,  Sudhir Jain ,  Bhanu Gopalasetty ,  Navindra Yadav ,  Fusun Ertemalp ,  Kent Leung

发明人： Patrice Calhoun ,  Abhijit Choudhury ,  Rohit Suri ,  Sudhir Jain ,  Bhanu Gopalasetty ,  Navindra Yadav ,  Fusun Ertemalp ,  Kent Leung

IPC分类号： H04W36/00 ,  H04W40/00

CPC分类号： H04W40/24 ,  H04L45/04 ,  H04L45/42 ,  H04W8/087

摘要： Techniques are provided to enable support of roaming wireless devices in a network such that the wireless devices can keep their Internet Protocol (IP) addresses as they roam across mobility sub-domains. Traffic for a wireless device that roams is tunneled back to the access switch that serves the IP subnet which includes an IP address for the wireless device. Traffic is tunneled back to that access switch for the wireless device when the wireless device roams to another access switch which does not serve the IP subnet for the wireless device in the same mobility sub-domain and when the wireless device roams to a different mobility sub-domain, in which case the traffic is tunneled between tunneling endpoints in the respective mobility sub-domains.

摘要翻译： 提供技术以支持网络中的漫游无线设备，使得无线设备可以在移动子域漫游时保持其互联网协议（IP）地址。 漫游的无线设备的流量被隧道传回给服务于包含无线设备的IP地址的IP子网的接入交换机。 当无线设备漫游到不为同一移动性子域中的无线设备的IP子网服务的另一个接入交换机以及当无线设备漫游到不同的移动性子网时，业务被隧道传送回无线设备的接入交换机 在这种情况下，流量在相应的移动性子域中的隧道端点之间隧道化。

公开(公告)号：US20110103284A1

公开(公告)日：2011-05-05

申请号：US12612116

申请日：2009-11-04

申请人： Srinath Gundavelli ,  Abhijit Choudhury ,  Rohit Suri ,  Venkatesh Kanagasabapathy ,  Bhavannarayana Nelakanti ,  Sudhir Jain

发明人： Srinath Gundavelli ,  Abhijit Choudhury ,  Rohit Suri ,  Venkatesh Kanagasabapathy ,  Bhavannarayana Nelakanti ,  Sudhir Jain

IPC分类号： H04H20/71

CPC分类号： H04L12/189 ,  H04L12/18 ,  H04L12/4641 ,  H04L45/16 ,  H04W28/0226 ,  H04W40/023 ,  H04W40/24 ,  H04W40/248 ,  H04W40/30 ,  H04W84/12

摘要： Techniques are provided to manage how router advertisement messages are forwarded for ultimate wireless transmission in a wireless network. In one embodiment, a multicast router advertisement message intended for a virtual local area network is converted into individual unicast router advertisement messages directed to specific wireless mobile client devices that are part of that virtual local area network. In another embodiment, router advertisement messages are routed between controllers according to the current location of a wireless mobile client device. In still other embodiments, techniques are provided to minimize the volume of the router advertisement messages sent over a wireless network, and to proactively send a unicast router advertisement message to a mobile client device that has performed a handoff, without waiting for a router solicitation message.

摘要翻译： 提供技术来管理路由器通告消息如何被转发以用于无线网络中的最终无线传输。 在一个实施例中，旨在用于虚拟局域网的多播路由器通告消息被转换成针对作为该虚拟局域网的一部分的特定无线移动客户端设备的单独的单播路由器通告消息。 在另一实施例中，路由器通告消息根据无线移动客户端设备的当前位置在控制器之间路由。 在其他实施例中，提供了技术来最小化通过无线网络发送的路由器通告消息的音量，并且主动地向执行切换的移动客户端设备发送单播路由器通告消息，而不等待路由器请求消息 。

公开(公告)号：US10148550B1

公开(公告)日：2018-12-04

申请号：US13618684

申请日：2012-09-14

申请人： James Murphy ,  Nischal Sheth ,  Abhijit Choudhury ,  Raghavendra Mallya ,  Pranay Pogde ,  Phalguni Nanda ,  Jayabharat Boddu ,  Pradeep Sindhu

发明人： James Murphy ,  Nischal Sheth ,  Abhijit Choudhury ,  Raghavendra Mallya ,  Pranay Pogde ,  Phalguni Nanda ,  Jayabharat Boddu ,  Pradeep Sindhu

IPC分类号： H04L12/721 ,  H04W88/04

摘要： In some embodiments, an apparatus includes a network node configured to be included in a set of network nodes operatively coupled to a core network node. The network node is configured to receive a first packet and a second packet from a host device operatively coupled to the network node. The network node is configured to send the first packet to the core network node via a first path of a tunnel between the network node and the core network node. The first path of the tunnel has a first cost. The network node is configured to send the second packet to the core network node via a second path of the tunnel. The second path has a second cost different than the first cost.

公开(公告)号：US09667485B2

公开(公告)日：2017-05-30

申请号：US13252854

申请日：2011-10-04

申请人： James Murphy ,  Nischal Sheth ,  Abhijit Choudhury ,  Raghavendra Mallya ,  Pranay Pogde ,  Phalguni Nanda ,  Jayabharat Boddu ,  Pradeep Sindhu

发明人： James Murphy ,  Nischal Sheth ,  Abhijit Choudhury ,  Raghavendra Mallya ,  Pranay Pogde ,  Phalguni Nanda ,  Jayabharat Boddu ,  Pradeep Sindhu

IPC分类号： H04L12/28 ,  H04L12/24 ,  H04W12/06 ,  H04L29/06 ,  H04W84/18

CPC分类号： H04L41/0809 ,  H04L41/0853 ,  H04L63/162 ,  H04W12/06 ,  H04W84/18

摘要： In some embodiments, an apparatus includes a network node operatively coupled within a network. The network node is configured to send a first authentication message upon boot up, and receive, in response to the first authentication message, a second authentication message configured to be used to authenticate the network node. The network node is configured to send a first discovery message, and receive, based on the first discovery message, a second discovery message configured to be used by the network node to identify an address of the network node and an address of a core network node within the network. The network node is configured to set up a control-plane tunnel to the core network node based on the address of the network node and the address for the core network node and receive configuration information from the core network node through the control-plane tunnel.

公开(公告)号：US09118687B2

公开(公告)日：2015-08-25

申请号：US13252857

申请日：2011-10-04

申请人： James Murphy ,  Nischal Sheth ,  Abhijit Choudhury ,  Raghavendra Mallya ,  Pranay Pogde ,  Phalguni Nanda ,  Jayabharat Boddu ,  Pradeep Sindhu

发明人： James Murphy ,  Nischal Sheth ,  Abhijit Choudhury ,  Raghavendra Mallya ,  Pranay Pogde ,  Phalguni Nanda ,  Jayabharat Boddu ,  Pradeep Sindhu

IPC分类号： H04L29/12 ,  H04L12/723 ,  H04W8/08

CPC分类号： H04L61/103 ,  H04L45/50 ,  H04L61/2015 ,  H04L2212/00 ,  H04W8/08

摘要： In some embodiments, an apparatus comprises a core network node configured to be operatively coupled to a set of network nodes. The core network node is configured to receive a broadcast signal from a network node from the set of network nodes, which is originated from a host device operatively coupled to the network node. The broadcast signal is sent via a tunnel from the network node to the core network node, such that other network nodes that are not included in the tunnel do not receive the broadcast signal. The core network node is configured to retrieve control information associated with the broadcast signal without sending another broadcast signal, and then send the control information to the network node.

摘要翻译： 在一些实施例中，装置包括被配置为可操作地耦合到一组网络节点的核心网络节点。 核心网络节点被配置为从网络节点集合接收来自网络节点的广播信号，所述网络节点源自可操作地耦合到网络节点的主机设备。 广播信号经由隧道从网络节点发送到核心网络节点，使得未包括在隧道中的其他网络节点不接收广播信号。 核心网络节点被配置为检索与广播信号相关联的控制信息，而不发送另一广播信号，然后将控制信息发送到网络节点。

公开(公告)号：US08687609B2

公开(公告)日：2014-04-01

申请号：US12612116

申请日：2009-11-04

申请人： Srinath Gundavelli ,  Abhijit Choudhury ,  Rohit Suri ,  Venkatesh Kanagasabapathy ,  Bhavannarayana Nelakanti ,  Sudhir Jain

发明人： Srinath Gundavelli ,  Abhijit Choudhury ,  Rohit Suri ,  Venkatesh Kanagasabapathy ,  Bhavannarayana Nelakanti ,  Sudhir Jain

IPC分类号： H04W4/00

CPC分类号： H04L12/189 ,  H04L12/18 ,  H04L12/4641 ,  H04L45/16 ,  H04W28/0226 ,  H04W40/023 ,  H04W40/24 ,  H04W40/248 ,  H04W40/30 ,  H04W84/12

摘要： Techniques are provided to manage how router advertisement messages are forwarded for ultimate wireless transmission in a wireless network. In one embodiment, a multicast router advertisement message intended for a virtual local area network is converted into individual unicast router advertisement messages directed to specific wireless mobile client devices that are part of that virtual local area network. In another embodiment, router advertisement messages are routed between controllers according to the current location of a wireless mobile client device. In still other embodiments, techniques are provided to minimize the volume of the router advertisement messages sent over a wireless network, and to proactively send a unicast router advertisement message to a mobile client device that has performed a handoff, without waiting for a router solicitation message.

摘要翻译： 提供技术来管理路由器通告消息如何被转发以用于无线网络中的最终无线传输。 在一个实施例中，旨在用于虚拟局域网的多播路由器通告消息被转换成针对作为该虚拟局域网的一部分的特定无线移动客户端设备的单独的单播路由器通告消息。 在另一实施例中，路由器通告消息根据无线移动客户端设备的当前位置在控制器之间路由。 在其他实施例中，提供了技术来最小化通过无线网络发送的路由器通告消息的音量，并且主动地向执行切换的移动客户端设备发送单播路由器通告消息，而不等待路由器请求消息 。

公开(公告)号：US20130083782A1

公开(公告)日：2013-04-04

申请号：US13252857

申请日：2011-10-04

申请人： James MURPHY ,  Nischal SHETH ,  Abhijit CHOUDHURY ,  Raghavendra MALLYA ,  Pranay POGDE ,  Phalguni NANDA ,  Jayabharat BODDU ,  Pradeep SINDHU

发明人： James MURPHY ,  Nischal SHETH ,  Abhijit CHOUDHURY ,  Raghavendra MALLYA ,  Pranay POGDE ,  Phalguni NANDA ,  Jayabharat BODDU ,  Pradeep SINDHU

IPC分类号： H04L12/56 ,  H04W40/00

CPC分类号： H04L61/103 ,  H04L45/50 ,  H04L61/2015 ,  H04L2212/00 ,  H04W8/08

摘要： In some embodiments, an apparatus comprises a core network node configured to be operatively coupled to a set of network nodes. The core network node is configured to receive a broadcast signal from a network node from the set of network nodes, which is originated from a host device operatively coupled to the network node. The broadcast signal is sent via a tunnel from the network node to the core network node, such that other network nodes that are not included in the tunnel do not receive the broadcast signal. The core network node is configured to retrieve control information associated with the broadcast signal without sending another broadcast signal, and then send the control information to the network node.

摘要翻译： 在一些实施例中，装置包括被配置为可操作地耦合到一组网络节点的核心网络节点。 核心网络节点被配置为从网络节点集合接收来自网络节点的广播信号，网络节点源自可操作地耦合到网络节点的主机设备。 广播信号经由隧道从网络节点发送到核心网络节点，使得未包括在隧道中的其他网络节点不接收广播信号。 核心网络节点被配置为检索与广播信号相关联的控制信息，而不发送另一广播信号，然后将控制信息发送到网络节点。

公开(公告)号：US20070255947A1

公开(公告)日：2007-11-01

申请号：US11351331

申请日：2006-02-08

申请人： Abhijit Choudhury ,  Himanshu Shukla ,  Adrian Lewis ,  Shekhar Ambe ,  Sodhanshu Jain ,  Mohanakumari T. ,  Mathew Kayalackakom

发明人： Abhijit Choudhury ,  Himanshu Shukla ,  Adrian Lewis ,  Shekhar Ambe ,  Sodhanshu Jain ,  Mohanakumari T. ,  Mathew Kayalackakom

IPC分类号： H04L9/00

CPC分类号： H04L9/0643 ,  H04L9/0637 ,  H04L9/3242 ,  H04L63/12

摘要： Methods and systems for providing confidentiality and/or integrity to fragmented packet transmissions, without reassembly of the fragments, across wired and wireless communications networks are disclosed. Encryption of a first fragmented packet can be performed by using an initial encryption state variable and keying material resulting in a first ciphertext fragment and a first encryption state variable. Then encryption of a second fragments packet can be performed by using the first encryption state variable and the keying material resulting in a second ciphertext fragment. Decryption of fragments can be performed in a similar manner as encryption. Computation of a message authentication code can be performed by computing a first hash state value for a first block size of bytes of a first packet fragment using an initial hash state value, and storing the first hash value and a first set of remainder bytes of the first packet fragment. The computation of the MAC continues by combining the first set of remainder bytes to a second packet fragment of the plurality of packet fragments resulting in a combined packet fragment. The MAC can then be identified using the second hash state value.

摘要翻译： 公开了用于对分段分组传输提供机密性和/或完整性的方法和系统，而不需要在有线和无线通信网络上重新组合分段。 可以通过使用初始加密状态变量和密钥材料来执行加密第一分段分组，从而产生第一密文片段和第一加密状态变量。 然后可以通过使用第一加密状态变量和产生第二密文片段的密钥材料来执行第二分段分组的加密。 碎片的解密可以以与加密类似的方式执行。 可以通过使用初始散列状态值计算第一分组片段的第一块大小的字节的第一散列状态值并存储第一散列值和第一散列值的第一组剩余字节来执行消息认证码的计算 第一个包片段。 通过将第一组剩余字节组合到多个分组片段中的第二分组片段，导致MAC的计算，导致组合的分组片段。 然后可以使用第二散列状态值来识别MAC。

公开(公告)号：US20050063380A1

公开(公告)日：2005-03-24

申请号：US10883997

申请日：2004-07-02

申请人： Mathew Kayalackakom ,  Abhijit Choudhury ,  Ken Chin ,  Shekhar Ambe

发明人： Mathew Kayalackakom ,  Abhijit Choudhury ,  Ken Chin ,  Shekhar Ambe

IPC分类号： H04L12/28 ,  H04L12/56 ,  H04L29/06

CPC分类号： H04W12/12 ,  H04L49/30 ,  H04L63/0428 ,  H04L63/162 ,  H04L69/12 ,  H04W84/12

摘要： An apparatus provides an integrated single chip solution to solve a multitude of WLAN problems, and especially Switching/Bridging, and Security. In accordance with another aspect of the invention, the apparatus is able to terminate secured tunneled 802.11i, IPSec and L2TP with IPSec traffic. In accordance with a further aspect of the invention, the apparatus is also able to handle computation-intensive security-based algorithms including per packet Initialization Vector generation without significant reduction in traffic throughput. The architecture is such that it not only resolves the problems pertinent to WLAN it is also scalable and useful for building a number of useful networking products that fulfill enterprise security and all possible combinations of wired and wireless networking needs.

摘要翻译： 一种设备提供集成的单芯片解决方案来解决大量的WLAN问题，特别是开关/桥接和安全。 根据本发明的另一方面，该装置能够以IPSec流量终止安全的隧道化802.11i，IPSec和L2TP。 根据本发明的另一方面，该装置还能够处理包括每个分组初始化向量生成的基于计算密集型的基于安全的算法，而不显着降低业务吞吐量。 架构是这样的，它不仅解决了与WLAN有关的问题，它还可以扩展并且有助于构建一些实现企业安全性和有线和无线网络需求的所有可能组合的有用的网络产品。

公开(公告)号：US08675601B2

公开(公告)日：2014-03-18

申请号：US12781120

申请日：2010-05-17

申请人： Patrice Calhoun ,  Abhijit Choudhury ,  Rohit Suri ,  Sudhir Jain ,  Ranganatha Marathe ,  Bhanu Gopalasetty ,  Navindra Yadav ,  Sreenivasulu Mondem

发明人： Patrice Calhoun ,  Abhijit Choudhury ,  Rohit Suri ,  Sudhir Jain ,  Ranganatha Marathe ,  Bhanu Gopalasetty ,  Navindra Yadav ,  Sreenivasulu Mondem

IPC分类号： H04W4/00

CPC分类号： H04W76/12 ,  H04W36/0016 ,  H04W36/10

摘要： Techniques are provided to enable a support for guest access of devices in a network. At a controller apparatus in a first mobility sub-domain of a network comprising a plurality of mobility sub-domains, a request message containing a request for guest network access for a device is received from a first access switch in the first mobility sub-domain. The controller apparatus forwards the request message to a guest controller. At a tunneling endpoint apparatus in the first mobility sub-domain, a tunnel is established to the guest controller to carry traffic between the device and the guest controller. Traffic for the device passes in a tunnel between the first access switch and the tunneling endpoint apparatus in the first mobility sub-domain, through the tunneling endpoint apparatus in the first mobility sub-domain and in the tunnel between the routing apparatus in the first mobility sub-domain and the guest controller.

摘要翻译： 提供技术以支持对网络中设备的访客访问。 在包括多个移动性子域的网络的第一移动性子域中的控制器装置处，从第一移动性子域中的第一接入交换机接收到包含用于设备的访客网络接入请求的请求消息 。 控制器装置将请求消息转发给客人控制器。 在第一移动子域中的隧道终端设备处，建立到客户控制器的隧道，以在设备和客户控制器之间携带业务。 该设备的业务通过第一移动性子域中的第一接入交换机和隧道终端设备之间的隧道，通过第一移动性子域中的隧道终端设备和第一移动性子域中的路由设备之间的隧道 子域和访客控制器。