公开(公告)号：US20070081459A1

公开(公告)日：2007-04-12

申请号：US11246285

申请日：2005-10-11

Applicant: Jonathan Segel ,  Bashar Bou-Diab

Inventor： Jonathan Segel ,  Bashar Bou-Diab

IPC: H04L12/26 ,  H04L12/28

CPC classification number: H04L47/724 ,  H04L41/0896 ,  H04L41/12 ,  H04L41/5022 ,  H04L47/15 ,  H04L47/70 ,  H04L47/782 ,  H04L47/803 ,  H04L47/806 ,  H04L47/822 ,  H04L47/828

Abstract: A Session Admission Control (SAC) for negotiating admission control in a multi-services communications network including multicast services is described. The module distributes the admission process between a centralized decision function (SAC-PDP) and a distributed decision function (SAC-M) in a fashion that solves admission control scaling problems. The mechanism for interaction between the SAC-PDP and SAC-M is defined. Mechanisms are defined for the SAC-PDP to discover or learn the network capacity against which the admission control decisions will be made. Systems are also described for incorporating SAC-M in multicast replication points in the network, allowing multicast replication points to participate in the admission control process.

Abstract translation: 描述了用于在包括多播服务的多业务通信网络中协商接纳控制的会话接纳控制（SAC）。 该模块以解决准入控制缩放问题的方式在中央决策功能（SAC-PDP）和分布式决策功能（SAC-M）之间分配入场过程。 定义了SAC-PDP与SAC-M之间的交互机制。 为SAC-PDP定义发现或学习将进行准入控制决定的网络容量的机制。 还描述了用于将SAC-M并入网络中的组播复制点中的系统，允许组播复制点参与准入控制过程。

公开(公告)号：US20060233166A1

公开(公告)日：2006-10-19

申请号：US11105601

申请日：2005-04-14

Applicant: Bashar Bou-Diab ,  Laura Serghi ,  Brian McBride

Inventor： Bashar Bou-Diab ,  Laura Serghi ,  Brian McBride

IPC: H04L12/28

CPC classification number: H04L63/08 ,  H04L63/10 ,  H04L63/20 ,  H04L67/02 ,  H04L67/20

Abstract: Public and private network service management systems and methods are disclosed. Rules for accessing a private services network in which network services are available are enforced so as to restrict access to the services network through a public network in accordance with policies of the services network. Use of network services by a client of the private services network through the public network is controlled according to network service access policies associated with the network services. Network services provided by clients of the services network which access the services network through a public network may also be offered to other clients of the services network through the services network and the public network.

Abstract translation: 公共和私人网络服务管理系统和方法被公开。 执行用于访问网络服务可用的专用服务网络的规则，以便根据服务网络的策略通过公共网络限制对服务网络的访问。 根据与网络服务相关联的网络服务访问策略，通过公网对私有服务网络的客户端使用网络服务进行控制。 通过公共网络接入服务网络的服务网络的客户提供的网络服务也可以通过服务网络和公共网络提供给服务网络的其他客户端。

公开(公告)号：US20090089408A1

公开(公告)日：2009-04-02

申请号：US11905246

申请日：2007-09-28

Applicant: Bashar Bou-Diab ,  Khurram Masood ,  Ashraf Matrawy

Inventor： Bashar Bou-Diab ,  Khurram Masood ,  Ashraf Matrawy

IPC: G06F15/173

CPC classification number: H04L45/16 ,  H04L45/02 ,  H04L45/124 ,  H04L45/306

Abstract: A system and method are provided for creating an XML network. As each XML router is added to the XML network, the new XML router registers with a group of existing XML routers in the network, and thereafter regularly exchanges hello messages with other XML routers in order to announce its initial and continued presence. Once an XML router is added to the group of routers forming the network, the adjacency of the new XML router is determined. The new XML router selects its adjacency based on a prioritized set of metrics, including TCP hops, IP cost, and fanout, along with specific parameters relating to fanout and IP cost. The order of priority of the metrics and the specific parameters can be set by an operator, allowing flexibility in creating an optimum XML network topology.

Abstract translation: 提供了一种用于创建XML网络的系统和方法。 随着每个XML路由器被添加到XML网络中，新的XML路由器向网络中的一组现有的XML路由器注册，然后定期与其他XML路由器交换hello消息，以宣布其初始和持续存在。 一旦将XML路由器添加到形成网络的路由器组中，则确定新的XML路由器的邻接。 新的XML路由器基于一组优先级的度量来选择其邻接关系，包括TCP跳数，IP成本和扇出，以及与扇出和IP成本有关的具体参数。 度量和特定参数的优先顺序可由操作员设置，从而允许创建最佳XML网络拓扑的灵活性。

公开(公告)号：US20070204339A1

公开(公告)日：2007-08-30

申请号：US11292346

申请日：2005-12-02

Applicant: Bashar Bou-Diab

Inventor： Bashar Bou-Diab

IPC: G06F15/16

CPC classification number: H04L63/0272 ,  H04L67/02 ,  H04L67/26 ,  H04L67/327

Abstract: Publish-subscribe XML multicast service within a VPN service is described. A backbone such as an IP/MPLS backbone connects multiple subscriber sites using VPN technology and VPN edge routers. XML publish-subscribe modules are addressable within the VPN and form an overlay network between the edge routers participating in the VPN. The XML publish-subscribe modules may perform either topic-based multicast or content-based multicast services. The multicast service is self-managed.

Abstract translation: 描述VPN服务内的发布订阅XML组播服务。 诸如IP / MPLS骨干网的骨干网使用VPN技术和VPN边缘路由器连接多个用户站点。 XML发布订阅模块可在VPN内寻址，并在参与VPN的边缘路由器之间形成覆盖网络。 XML发布订阅模块可以执行基于主题的多播或基于内容的多播服务。 多播服务是自我管理的。

公开(公告)号：US20070047556A1

公开(公告)日：2007-03-01

申请号：US11212661

申请日：2005-08-29

Applicant: Bijan Raahemi ,  Bashar Bou-Diab ,  Fernando Cuervo

Inventor： Bijan Raahemi ,  Bashar Bou-Diab ,  Fernando Cuervo

IPC: H04L12/28 ,  H04L12/56 ,  H04J3/26

CPC classification number: H04L45/00 ,  H04L12/18 ,  H04L45/16 ,  H04L45/24 ,  H04L45/28 ,  H04L45/48 ,  H04L45/50

Abstract: A system for providing resilient multimedia broadcasting services over a VPLS network is described. A network Management System (NMS) calculates disjoint minimum cost trees using the Steiner algorithm executed with extra steps to result in the disjoint trees. Destination PE routers in the VPLS network are connected to the disjoint trees so that they can be serviced by either tree in the case of a fault. Each of the disjoint trees is provisioned with enough bandwidth to carry all of the services provided by the VPLS network. Under normal operation, however, the services are distributed evenly over the trees. In the event of a fault, the services on the faulty tree are switched to the other tree using split horizon bridging. Each Steiner tree can also be realized using poin-to-multipoint LSPs which is fully protected by a precomputed point-to-mulltipoint LSP.

Abstract translation: 描述了一种通过VPLS网络提供弹性多媒体广播业务的系统。 网络管理系统（NMS）使用执行了额外步骤的Steiner算法来计算不相交的最小成本树，从而导致不相交的树。 VPLS网络中的目的PE路由器连接到不相交的树，以便在故障的情况下可以由任何一个树进行服务。 每个不相交的树被提供足够的带宽以承载由VPLS网络提供的所有服务。 然而，在正常运行中，服务均匀分布在树上。 在发生故障的情况下，故障树上的服务使用水平分割桥接切换到另一棵树。 每个Steiner树也可以使用由预先计算的点对多点LSP完全保护的poin-to-multipoint LSP来实现。

公开(公告)号：US20060233180A1

公开(公告)日：2006-10-19

申请号：US11105821

申请日：2005-04-14

Applicant: Laura Serghi ,  Brian McBride ,  Bashar Bou-Diab

Inventor： Laura Serghi ,  Brian McBride ,  Bashar Bou-Diab

IPC: H04L12/56

CPC classification number: H04L29/12113 ,  H04L29/06 ,  H04L61/1541 ,  H04L63/104 ,  H04L63/20 ,  H04L67/02 ,  H04L67/16 ,  H04L67/28 ,  H04L67/2819 ,  H04L69/329

Abstract: Systems and methods for managing network services between private networks are disclosed. Advertisement of network services which are available in a services network is controlled in accordance with a policy associated with each network service. Network service information is advertised to an external services network only for those network services which have associated policies permitting distribution of the network services through external networks. External network services may also or instead be advertised to a services network from one or more external services networks and subsequently made available in the services network.

公开(公告)号：US20070153689A1

公开(公告)日：2007-07-05

申请号：US11324648

申请日：2006-01-03

Applicant: Lyle Strub ,  Adrian Grah ,  Bashar Bou-Diab

Inventor： Lyle Strub ,  Adrian Grah ,  Bashar Bou-Diab

IPC: H04L12/26

CPC classification number: H04L63/1408 ,  H04L63/1441

Abstract: A method and apparatus for monitoring data traffic in a communication network are provided. A router connected to the communication network monitors information contained in the data traffic, and based on the information determines whether data in the traffic is indicative of a malicious threat to one or more resources connected to the network. Parameters which control monitoring of traffic at the router, such as the sampling rate and what information is to be extracted from the data is varied according to the condition of the network so that the monitoring can be adapted to focus on traffic which relates to a particular suspected or detected threat.

Abstract translation: 提供了一种用于监视通信网络中的数据业务的方法和装置。 连接到通信网络的路由器监视数据业务中包含的信息，并且基于该信息确定业务中的数据是否表示对连接到网络的一个或多个资源的恶意威胁。 控制路由器业务监控的参数，如采样率，以及要从数据中提取哪些信息，根据网络情况而有所不同，使监控能够适应与特定业务有关的流量 怀疑或检测到威胁。

公开(公告)号：US20060235973A1

公开(公告)日：2006-10-19

申请号：US11105732

申请日：2005-04-14

Applicant: Brian McBride ,  Bashar Bou-Diab ,  Laura Serghi

Inventor： Brian McBride ,  Bashar Bou-Diab ,  Laura Serghi

IPC: G06F15/173

CPC classification number: H04L63/10 ,  H04L41/28 ,  H04L63/20 ,  H04L67/02 ,  H04L67/20

Abstract: Network services infrastructure systems and methods are disclosed. Policies for client access to a services network and network services available in the services network are enforced at client gateways. Once authenticated and authorized at a client gateway, a client of the services network may make its own network service(s) available in the services network, use network services provided by other clients of the services network, or both. The policies are centrally managed within a services network and distributed to the client gateways. Various registries which store policies, information associated with network services, and possibly other information may also be provided.

Abstract translation: 公开了网络服务基础设施系统和方法。 客户端访问服务网络和服务网络中可用的网络服务的策略在客户端网关上实施。 一旦在客户端网关被认证和授权，服务网络的客户端可以在服务网络中使其自己的网络服务可用，使用由服务网络的其他客户端提供的网络服务，或两者兼而有之。 这些策略在服务网络内集中管理并分发给客户端网关。 还可以提供存储策略，与网络服务相关联的信息以及可能的其他信息的各种注册表。

公开(公告)号：US20060187950A1

公开(公告)日：2006-08-24

申请号：US11060465

申请日：2005-02-18

Applicant: Bashar Bou-Diab ,  Bijan Raahemi

Inventor： Bashar Bou-Diab ,  Bijan Raahemi

IPC: H04L12/28 ,  H04J3/26

CPC classification number: H04L12/185 ,  H04L12/1854 ,  H04L45/16 ,  H04L45/48

Abstract: Methods, tools, and a multicast connectivity architecture are provided for provisioning bundled high bandwidth multi-channel multimedia broadcast services over a packet switched communications network. Multicast group membership join/prune requests generated by the destination network nodes are processed on edge. Multicast tree connectivity in the core of the communications network is static and centrally provisioned based on multicast group member edge network nodes associated with subscribers, while dynamic multicasting techniques are employed over the distribution portion of the service provider's communications network to deliver requested content to each destination network node. The methods and tools compute multicast trees, configure on-tree branching network nodes, and establish Virtual Private LAN network overlays for channel bundles to convey multi-channel content in the core of the managed communications network between edge network nodes. Centralized multicast tree provisioning enables the use of efficient multicast tree topologies, while VPLS packet transport provides interoperability between disparate Layer-2 packet transport technologies employed in different portions of the communications network.

Abstract translation: 提供了方法，工具和组播连接体系结构，用于通过分组交换通信网络提供捆绑的高带宽多信道多媒体广播服务。 由目的网络节点生成的组播组成员身份加入/剪枝请求在边缘处理。 基于与用户相关联的多播组成员边缘网络节点，通信网络核心中的组播树连接是静态的并且集中提供，而在服务提供商的通信网络的分配部分采用动态组播技术来向每个目的地递送所请求的内容 网络节点。 方法和工具计算组播树，配置树上分支网络节点，建立虚拟专用LAN网络覆盖，用于信道捆绑，以在边缘网络节点之间的受管通信网络核心传输多信道内容。 集中式组播树配置使得能够使用高效的多播树拓扑，而VPLS分组传输提供了在通信网络的不同部分中采用的不同的二层分组传输技术之间的互操作性。

公开(公告)号：US20050175010A1

公开(公告)日：2005-08-11

申请号：US10773225

申请日：2004-02-09

Applicant: David Wilson ,  Bashar Bou-Diab

Inventor： David Wilson ,  Bashar Bou-Diab

IPC: G06F17/30 ,  H04L12/46 ,  H04L12/56 ,  H04L29/06 ,  H04L29/12

CPC classification number: H04L45/54 ,  H04L12/4625 ,  H04L45/04 ,  H04L45/46 ,  H04L45/745 ,  H04L45/7457 ,  H04L69/16 ,  H04L69/167 ,  Y10S707/99936

Abstract: Methods directed to longest prefix matching and systems directed to IP address lookups are presented. The methods and systems relate in particular to IPv6 and comprise finding the longest prefix match (LPM) for an IP address. The method of the invention results in the use of filters to perform LPM. In embodiments of the invention, partial address filtering is used to further reduce filtering requirements. Reducing the number of filtering operations has the advantage of making the LPM algorithm faster and less costly to implement than prior art approaches. Also described is an “ideal offset filter” that extracts a fixed sized sliding window of bits from the IP address being processed.

Abstract translation: 提出了针对最长前缀匹配的方法和针对IP地址查找的系统。 方法和系统特别涉及IPv6，并且包括找到IP地址的最长前缀匹配（LPM）。 本发明的方法导致使用滤波器来执行LPM。 在本发明的实施例中，部分地址过滤用于进一步减少过滤要求。 减少过滤操作的数量具有使LPM算法比现有技术方法更快更便宜的优点。 还描述了从被处理的IP地址中提取固定尺寸的滑动窗口的“理想偏移滤波器”。