利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

29 条记录 (耗时 0.018 秒)

    NSH SERVICE PLANE FOR L3VPN FORWARDING
    1.
    发明申请
    NSH SERVICE PLANE FOR L3VPN FORWARDING 审中-公开

    公开(公告)号:US20180041362A1

    公开(公告)日:2018-02-08

    申请号:US15784218

    申请日:2017-10-16

    申请人: James N. GUICHARD Paul QUINN Javed ASGHAR Reinaldo PENNO Yixing RUAN Carlos M. PIGNATARO

    发明人: James N. GUICHARD Paul QUINN Javed ASGHAR Reinaldo PENNO Yixing RUAN Carlos M. PIGNATARO

    IPC分类号: H04L12/46 H04L29/06

    CPC分类号: H04L12/4633 H04L63/0272

    摘要: A method for applying network services to data traffic forwarded between virtual private network (VPN) sites includes: receiving a data packet addressed to a target site associated with the VPN, determining services to be applied to the data packet according to a service chain, where the determining is a function of at least one of the VPN, the origin site or the target site, adding an indication of a VPN forwarding context onto the data packet, encapsulating the data packet with Network Service Header encapsulation, where a header for the encapsulated data packet indicates at least the service chain; forwarding the encapsulated data packet in accordance with the service chain, receiving the encapsulated data packet at the end of the service chain, terminating the service chain, removing the encapsulation, and forwarding the data packet to a target destination per the indication of a VPN forwarding context.

    System and methods for network reachability detection
    2.
    发明授权
    System and methods for network reachability detection 有权
    网络可达性检测的系统和方法

    公开(公告)号:US07990888B2

    公开(公告)日:2011-08-02

    申请号:US11072082

    申请日:2005-03-04

    申请人: Thomas D. Nadeau Azhar Mohammed Sayeed Michael T. Piecuch James N. Guichard Jean-Phillipe Vasseur George L. Swallow

    发明人: Thomas D. Nadeau Azhar Mohammed Sayeed Michael T. Piecuch James N. Guichard Jean-Phillipe Vasseur George L. Swallow

    IPC分类号: H04L12/28 H04L12/56

    CPC分类号: H04L43/50 H04L45/04 H04L45/36 H04L45/50 H04L69/16

    摘要: A mechanism for ASBRs to identify the originating node, or router, in an LSP conversant autonomous system (AS), such as an MPLS VPN environment, maintains the identity of the originating node and successive nodes in subsequent autonomous systems along the path to the node to be pinged. The identity of the transporting nodes is stored in a stack or other object associated with the ping request (ping), such that the pinged node may employ the stored identity as a set of return path routing information. Successive ASBRs store their identity on the stack, in an ordered manner, along the path to the destination. Upon reaching the destination (ping) node, the destination node employs the identity of the first node on the stack to send the acknowledgment, or ping response. Each successive ASBR, therefore, pops (retrieves) the next node identity from the stack and redirects (sends) the ping response to the retrieved node.

    摘要翻译: 用于识别LSP熟练自治系统(AS)(例如MPLS VPN环境)中的始发节点或路由器的机制在沿着节点的路径的后续自治系统中维护始发节点和连续节点的身份 要ping 传输节点的身份存储在与ping请求(ping)相关联的堆栈或其他对象中,使得被ping过的节点可以将所存储的身份用作一组返回路径路由信息。 连续的ASBR将按照有序的方式将其身份存储在堆栈中,沿着目的地的路径。 在到达目的地(ping)节点时,目的地节点采用栈上的第一个节点的身份来发送确认或ping响应。 因此,每个连续的ASBR从堆栈中弹出(检索)下一个节点标识,并将ping响应重定向(发送)到检索到的节点。

    Methods and apparatus for distributing label information
    3.
    发明授权
    Methods and apparatus for distributing label information 有权
    用于分发标签信息的方法和装置

    公开(公告)号:US07936668B2

    公开(公告)日:2011-05-03

    申请号:US11138052

    申请日:2005-05-26

    申请人: James N. Guichard Matthew H. Birkner Robert H. Thomas Roy M. Brooks

    发明人: James N. Guichard Matthew H. Birkner Robert H. Thomas Roy M. Brooks

    IPC分类号: G01R31/08 H04L12/28 H04L12/66

    CPC分类号: H04L45/10 H04L45/507

    摘要: A given router in the core of a label-switching network identifies a group of routers to receive common label binding information for later routing packets along respective paths through the label-switching network. One way to identify which of multiple routers to include as a member of the group to receive the same label information is to analyze egress policies associated with downstream routers in the label-switching network. Based on this analysis, the given router identifies group members as routers having a substantially same egress policy as each other. The given router then allocates memory resources to store a common set of label information to be distributed to each member in the group of routers having the same egress policy. After populating the memory resources with label information, the given router distributes a common set of label information to each router in the group of routers.

    摘要翻译: 标签交换网络的核心中的给定路由器标识一组路由器以接收公共标签绑定信息,以便随后通过标签交换网络沿相应路径路由分组。 识别要包括作为组中成员以接收相同标签信息的多个路由器中的哪一个的一种方式是分析与标签交换网络中的下游路由器相关联的出口策略。 基于该分析,给定路由器将组成员标识为具有彼此基本相同的出口策略的路由器。 然后,给定路由器分配存储器资源来存储要分配给具有相同出口策略的路由器组中的每个成员的公共标签信息集合。 在使用标签信息填充内存资源之后,给定的路由器将一组公共标签信息分配给路由器组中的每个路由器。

    Methods and apparatus to configure network nodes supporting virtual connections
    4.
    发明授权
    Methods and apparatus to configure network nodes supporting virtual connections 有权
    配置支持虚拟连接的网络节点的方法和设备

    公开(公告)号:US07870604B1

    公开(公告)日:2011-01-11

    申请号:US10652058

    申请日:2003-08-29

    申请人: James N. Guichard Michael H. Behringer

    发明人: James N. Guichard Michael H. Behringer

    IPC分类号: G06F9/00

    CPC分类号: H04L63/0272 H04L63/06 H04L63/20

    摘要: A computer system includes functionality enabling a provider edge router to determine whether network data such as VRF information is properly associated with a corresponding virtual private network. A first node through which the network data is transmitted generates a signature value uniquely associated with the virtual private network. The first node forwards the signature value along with the network data to a second node of the physical network. The second node, in turn, verifies that the network data (such as VRF information) is properly associated with the second node (and virtual network) based on its own generation of a signature value, which is compared with the signature value received from the first node.

    摘要翻译: 计算机系统包括使提供商边缘路由器能够确定诸如VRF信息之类的网络数据是否与对应的虚拟专用网络正确关联的功能。 发送网络数据的第一个节点生成与虚拟专用网络唯一相关联的签名值。 第一节点将签名值与网络数据一起转发到物理网络的第二节点。 第二节点依次验证网络数据(例如VRF信息)是否与第二节点(和虚拟网络)正确地相关联,基于其自身生成的签名值,该特征值与从 第一个节点。

    Automatic ORF-list creation for route partitioning across BGP route reflectors
    5.
    发明授权
    Automatic ORF-list creation for route partitioning across BGP route reflectors 有权
    通过BGP路由反射器进行路由划分的自动ORF列表创建

    公开(公告)号:US07787396B1

    公开(公告)日:2010-08-31

    申请号:US10855769

    申请日:2004-05-27

    申请人: Gargi Nalawade James N. Guichard Luca Martini

    发明人: Gargi Nalawade James N. Guichard Luca Martini

    IPC分类号: H04L12/66

    CPC分类号: H04L45/04 H04L45/02 H04L45/18 H04L45/20

    摘要: A method, apparatus and computer program product for providing Outbound Route Filtering (ORF) is presented. An ORF list is produced and an ORF filter is built from the ORF list. The ORF list is built from received ORF entries. The ORF list is advertised to client and non-client peers. The ORF filter is built from a received ORF list and is directed toward the advertiser of the ORF list.

    摘要翻译: 提出了一种用于提供出站路由过滤(ORF)的方法,设备和计算机程序产品。 生成ORF列表,并从ORF列表构建ORF过滤器。 ORF列表是从接收到的ORF条目构建的。 ORF列表被通告给客户端和非客户端对等体。 ORF过滤器是从接收到的ORF列表构建的,并且指向ORF列表的广告客户。

    Conditional BGP advertising for dynamic group VPN (DGVPN) clients
    7.
    发明授权
    Conditional BGP advertising for dynamic group VPN (DGVPN) clients 有权
    动态组VPN(DGVPN)客户端的条件BGP广告

    公开(公告)号:US07720995B2

    公开(公告)日:2010-05-18

    申请号:US11811381

    申请日:2007-06-08

    申请人: W. Scott Wainner James N. Guichard

    发明人: W. Scott Wainner James N. Guichard

    IPC分类号: G06F15/173 G06F7/04 H04L12/56

    CPC分类号: H04L63/104 H04L63/065

    摘要: In a host within a group, a method for ensuring secure communications is provided. The method involves (a) determining if a group security policy is in place for secure communication between hosts within the group, (b) if the group security policy is in place, advertising routing information to another host within the group, and (c) if the group security policy is not in place, refraining from advertising routing information to the other host. Corresponding apparatus and computer program product embodiments are also provided.

    摘要翻译: 在组内的主机中,提供用于确保安全通信的方法。 该方法涉及(a)确定群组内的主机之间是否有安全通信的群组安全策略,(b)如果群组安全策略到位,则将路由信息通告给该群组内的其他主机,以及(c) 如果组安全策略不到位,则不向其他主机广告路由信息。 还提供了相应的装置和计算机程序产品实施例。

    System and methods for network segmentation
    8.
    发明授权
    System and methods for network segmentation 有权
    网络分割的系统和方法

    公开(公告)号:US07688829B2

    公开(公告)日:2010-03-30

    申请号:US11226011

    申请日:2005-09-14

    申请人: James N. Guichard W. Scott Wainner Saul Adler Khalil A. Jabr S. Scott Van de Houten

    发明人: James N. Guichard W. Scott Wainner Saul Adler Khalil A. Jabr S. Scott Van de Houten

    IPC分类号: H04L12/28

    CPC分类号: H04L12/4641 H04L45/50 H04L45/66

    摘要: A routing mechanism provides network segmentation preservation by route distribution with segment identification, policy distribution for a given VPN segment, and encapsulation/decapsulation for each segment using an Ethernet VLAN_ID, indicative of the VPN segment (subnetwork). Encapsulated segmentation information in a message packet identifies which routing and forwarding table is employed for the next hop. A common routing instance receives the message packets from the common interface, and indexes a corresponding VRF table from the VLAN ID, or segment identifier, indicative of the subnetwork (e.g. segment). In this manner, the routing instance receives the incoming message packet, decapsulates the VLAN ID in the incoming message packet, and indexes the corresponding VRF and policy ID from the VLAN ID, therefore employing a common routing instance over a common subinterface for a plurality of segments (subnetworks) coupled to a particular forwarding device (e.g. VPN router).

    摘要翻译: 路由机制通过分段识别,给定VPN段的策略分配以及使用指示VPN段(子网)的以太网VLAN_ID对每个段进行封装/解封装来提供网络分段保护。 消息分组中的封装分段信息标识下一跳采用的路由和转发表。 公共路由实例从公共接口接收消息包,并从指示子网(例如,段)的VLAN ID或段标识符中对相应的VRF表进行索引。 以这种方式,路由实例接收到入消息包,将入局消息包中的VLAN ID解封装,并从VLAN ID中对相应的VRF和策略ID进行索引,因此在公共子接口上采用公共路由实例, 耦合到特定转发设备(例如,VPN路由器)的段(子网络)。

    Internal routing protocol support for distributing encryption information
    9.
    发明授权
    Internal routing protocol support for distributing encryption information 有权
    内部路由协议支持分发加密信息

    公开(公告)号:US07620975B2

    公开(公告)日:2009-11-17

    申请号:US11059736

    申请日:2005-02-17

    申请人: James N. Guichard W. Scott Wainner Brian E. Weis David A. McGrew

    发明人: James N. Guichard W. Scott Wainner Brian E. Weis David A. McGrew

    IPC分类号: G06F7/04 G06F15/16 G06F17/30 H04F29/06

    CPC分类号: H04L45/00 H04L45/04 H04L63/0428 H04L63/065 H04L63/102

    摘要: A method and apparatus for providing routing protocol support for distributing encryption information is presented. Subnet prefixes reachable on a first customer site in an encrypted manner are identified, as are security groups the subnet prefixes belong to. An advertisement is received at a first Customer Edge (CE) device in the first customer site, the advertisement originating from a Customer (C) device in the first customer site. The advertisement indicates links, subnets to be encrypted, and security group identifiers. The prefixes and the security group identifiers are then propagated across a service provider network to a second CE device located in a second customer site. In such a manner, encryption and authentication is expanded further into a customer site, as customer devices are able to indicate to a service provider network infrastructure and other customer devices in other customer sites which local destinations require encryption/authentication.

    摘要翻译: 提出了一种用于提供分发加密信息的路由协议支持的方法和装置。 标识第一个客户站点上加密方式的子网前缀,以及子网前缀所属的安全组。 在第一客户站点的第一客户边缘(CE)设备处接收广告,该广告源自第一客户站点中的客户(C)设备。 该广告指示要加密的链接,子网,以及安全组标识符。 然后,前缀和安全组标识符通过服务提供商网络传播到位于第二客户站点中的第二CE设备。 以这种方式,加密和认证进一步扩展到客户站点,因为客户设备能够向服务提供商指示本地目的地需要加密/认证的其他客户站点中的网络基础设施和其他客户设备。