-
公开(公告)号:US09246939B2
公开(公告)日:2016-01-26
申请号:US13165348
申请日:2011-06-21
申请人: Joel Halpern
发明人: Joel Halpern
CPC分类号: H04L63/1458
摘要: A method is provided for preventing denial-of-service attacks on hosts attached to a subnet, where the attacks are initiated by a remote node over an external network. The method is performed by a router which forwards packets between the external network and the subnet. The router receives a packet for forwarding to a destination address in an address space of the subnet according to the IPv6 protocol and looks up the destination address in a Neighbor Discovery (ND) table. The ND table is populated by operations on the subnet that were completed prior to receipt of the packet. Entries in the ND table store address information of the hosts that have been verified by the router to be active. The router forwards the packet to the destination address if the destination address is stored in the ND table. Otherwise, the packet is discarded.
摘要翻译: 提供了一种防止对附属于子网的主机的拒绝服务攻击的方法,其中远程节点通过外部网络发起攻击。 该方法由在外部网络和子网之间转发数据包的路由器执行。 路由器根据IPv6协议接收转发到子网地址空间中的目的地址的数据包,并在邻居发现(ND)表中查找目的地址。 ND表由接收到数据包之前完成的子网上的操作填充。 ND表中的条目存储已被路由器验证为有效的主机的地址信息。 如果目的地址存储在ND表中,路由器将数据包转发到目的地址。 否则,丢弃报文。
-
公开(公告)号:US08811212B2
公开(公告)日:2014-08-19
申请号:US13402732
申请日:2012-02-22
申请人: Neda Beheshti-Zavareh , Ying Zhang , Joel Halpern
发明人: Neda Beheshti-Zavareh , Ying Zhang , Joel Halpern
IPC分类号: H04L1/00
CPC分类号: H04L41/0663 , H04L41/0836 , H04L41/12 , H04L41/145 , H04L41/22 , H04L45/12 , H04L45/22 , H04L45/28 , H04L45/48 , H04L45/64 , H04W16/18
摘要: A method implemented by a network topology design system, the network topology design system including a processing device. The method to determine placement of a controller within a network with a split architecture where control plane components of the split architecture network are executed by a controller and the control plane components are separate from data plane components of the split architecture network. The placement of the controller is selected to minimize disruption of the split architecture network caused by a link failure, a switch failure or a connectivity loss between the controller and the data plane components.
摘要翻译: 一种由网络拓扑设计系统实现的方法,该网络拓扑设计系统包括一个处理设备。 确定控制器在具有分割架构的网络中的布置的方法,其中分离架构网络的控制平面组件由控制器和控制平面组件执行,分离架构网络的数据平面组件分离。 选择控制器的放置以最小化由于链路故障,交换机故障或控制器与数据平面组件之间的连接性损失引起的分裂架构网络的中断。
-
公开(公告)号:US08743879B2
公开(公告)日:2014-06-03
申请号:US13228321
申请日:2011-09-08
申请人: Wassim Haddad , Joel Halpern , Samita Chakrabarti
发明人: Wassim Haddad , Joel Halpern , Samita Chakrabarti
IPC分类号: H04L12/28
CPC分类号: H04L61/6072 , H04L29/12943 , H04L45/04 , H04L45/50 , H04L45/66 , H04L61/6004 , H04L61/6022 , H04L61/6059 , H04L2212/00 , H04W8/26
摘要: A network element is described. In one embodiment includes receiving a packet from the host in the first domain at the network element in the first domain, the packet including a destination address to the host in the second domain, the destination address being formed by replacing an Interface Identifier of an IP address by a second domain label and a shortened Media Access Control (MAC) address, the second domain label identifying the second domain. A routing label and the shortened MAC address are attached to the received packet, and the packet is sent on a label switched path indicated by the label to the second domain.
摘要翻译: 描述网络元件。 在一个实施例中包括在第一域中的网元处从第一域中的主机接收分组,该分组包括在第二域中的主机的目的地地址,目的地地址是通过替换IP的接口标识符 地址由第二域标签和缩短的媒体访问控制(MAC)地址,第二域标签标识第二域。 路由标签和缩短的MAC地址被附加到接收到的分组,并且分组在由标签指示的标签交换路径上发送到第二域。
-
公开(公告)号:US08503416B2
公开(公告)日:2013-08-06
申请号:US12969151
申请日:2010-12-15
申请人: Wassim Haddad , Joel Halpern
发明人: Wassim Haddad , Joel Halpern
摘要: A method performed by a network element for providing micro-mobility in a network to a mobile node including the steps of receiving a registration request message at the mobility anchor point from an access router that is currently coupled to the mobile node, wherein the registration request message includes an endpoint identifier of the mobile node and a local care-of address of the mobile node, establishing a label switch path (LSP) between the mobility anchor point and the access router, storing the endpoint identifier in a binding entry along with the local care-of address, a regional care-of address, the label switch path and an egress interface, advertising the endpoint identifier with associated regional or local care-of address of the mobile node, and forwarding data packets, received at the mobility anchor point from a corresponding node that have the regional or local care-of address, to the mobile node using the LSP.
摘要翻译: 一种由网络元件执行的用于向移动节点提供网络中的微移动性的方法,包括以下步骤:从当前耦合到所述移动节点的接入路由器在所述移动性锚点处接收注册请求消息,其中所述注册请求 消息包括移动节点的端点标识符和移动节点的本地转交地址,在移动性锚点和接入路由器之间建立标签交换路径(LSP),将端点标识符与绑定条目一起存储在绑定条目中 通过本地转交地址,区域转交地址,标签交换路径和出口接口,将端点标识符与移动节点的相关区域或本地转交地址进行通告,以及转发在移动锚点处接收的数据分组 从具有区域或本地转交地址的对应节点指向使用LSP的移动节点。
-
公开(公告)号:US20120287932A1
公开(公告)日:2012-11-15
申请号:US13228321
申请日:2011-09-08
申请人: Wassim Haddad , Joel Halpern , Samita Chakrabarti
发明人: Wassim Haddad , Joel Halpern , Samita Chakrabarti
IPC分类号: H04L12/56
CPC分类号: H04L61/6072 , H04L29/12943 , H04L45/04 , H04L45/50 , H04L45/66 , H04L61/6004 , H04L61/6022 , H04L61/6059 , H04L2212/00 , H04W8/26
摘要: A network element is described. In one embodiment includes receiving a packet from the host in the first domain at the network element in the first domain, the packet including a destination address to the host in the second domain, the destination address being formed by replacing an Interface Identifier of an IP address by a second domain label and a shortened Media Access Control (MAC) address, the second domain label identifying the second domain. A routing label and the shortened MAC address are attached to the received packet, and the packet is sent on a label switched path indicated by the label to the second domain.
摘要翻译: 描述网络元件。 在一个实施例中包括在第一域中的网元处从第一域中的主机接收分组,该分组包括在第二域中的主机的目的地地址,目的地地址是通过替换IP的接口标识符 地址由第二域标签和缩短的媒体访问控制(MAC)地址,第二域标签标识第二域。 路由标签和缩短的MAC地址被附加到接收到的分组,并且分组在由标签指示的标签交换路径上发送到第二域。
-
公开(公告)号:US20120182936A1
公开(公告)日:2012-07-19
申请号:US13178153
申请日:2011-07-07
申请人: Wassim Haddad , Joel Halpern
发明人: Wassim Haddad , Joel Halpern
IPC分类号: H04W8/02
摘要: In response to a Mobile Access Router (MAR) initially attaching to a Multi-Protocol Label Switching (MPLS) domain through a first Access Router (AR) in the domain, a Mobility Anchor Point (MAP) in the MPLS domain establishes a plurality of Label Switched Paths (LSPs) for the MAR. For example, the MAP establishes an active LSP to the MAR through the AR to which the MAR has initially attached, and further establishes an inactive LSP for the MAR to each of one or more other ARs in the MPLS domain. An inactive LSP established at a given AR for a given MAR is activated when/if that MAR attaches to the AR. Correspondingly, the present invention includes method and apparatus teachings related to the MAP, ARs and the MAR, as regards establishing inactive LSPs, activating inactive LSPs, and extending an activated LSP to the MAR.
摘要翻译: 响应于最初通过域中的第一接入路由器(AR)附加到多协议标签交换(MPLS)域的移动接入路由器(MAR),MPLS域中的移动锚点(MAP)建立多个 标签交换路径(LSP)为MAR。 例如,MAP通过MAR最初附加的AR建立到MAR的活动LSP,并且进一步为MPLS域中的一个或多个其他AR中的每一个建立MAR的不活动LSP。 当给定的MAR附加到AR时,在给定的AR处建立的对于给定的MAR建立的不活动的LSP被激活。 相应地,本发明包括与MAP,AR和MAR有关的方法和装置教导,关于建立非活动LSP,激活非活动LSP,并将激活的LSP扩展到MAR。
-
7.发明申请SYSTEM AND METHOD FOR VARIABLE-SIZE TABLE CONSTRUCTION APPLIED TO A TABLE-LOOKUP APPROACH FOR LOAD-SPREADING IN FORWARDING DATA IN A NETWORK 有权用于在网络中转发数据的负载递减的表查看方法的可变尺寸表结构的系统和方法公开(公告)号:US20120179800A1
公开(公告)日:2012-07-12
申请号:US13346474
申请日:2012-01-09
IPC分类号: G06F15/173
CPC分类号: H04L45/38 , H04L45/245 , H04L47/125 , Y02D50/30
摘要: A network element disposed in a network, where the network element implements a process to manage load distribution across a plurality of network interfaces of the network. The network element redirects traffic flow directed toward the plurality of network interfaces in response to changes in configuration of the plurality of network interfaces, where each traffic flow is a set of protocol data units (PDUs), having an ordered delivery requirement, and where the PDUs are transmitted across the network between a source node and a destination node. The redirection process minimizes data traffic flow disruption when the load distribution is determined using a set of load distribution tables instead of a hashing algorithm.
摘要翻译: 布置在网络中的网络元件,其中网络元件实现用于管理跨越网络的多个网络接口的负载分布的过程。 响应于多个网络接口的配置的变化,网络元件重定向指向多个网络接口的业务流,其中每个业务流是具有有序传送要求的一组协议数据单元(PDU),并且其中 PDU在源节点和目的节点之间通过网络传输。 当使用一组负载分布表而不是散列算法确定负载分布时,重定向过程可以最大限度地减少数据流量中断。
-
8.发明申请APPLYING A TABLE-LOOKUP APPROACH TO LOAD SPREADING IN FORWARDING DATA IN A NETWORK 有权应用表格查看方法来加载网络中的数据进行传播公开(公告)号:US20120176904A1
公开(公告)日:2012-07-12
申请号:US13091066
申请日:2011-04-20
IPC分类号: H04L12/26
CPC分类号: H04L45/16 , H04L45/123 , H04L45/7457
摘要: A method to provide load distribution that selects one of a set equal cost paths for each flow that minimizes imbalance in the distribution of flows across the set of equal cost paths, the method including calculating the set of equal cost paths to each destination node, generating a set of next hop discriminators for the set of equal cost paths, each next hop discriminator in the set of next hop discriminators to uniquely identify one of the equal cost next hops, populating the load distribution table by storing, according to a distribution mechanism, in each load distribution table entry one of the next hop discriminators from the set of next hop discriminators, receiving a first PDU from a first flow and performing a lookup of one of the next hop discriminators in the load distribution table by using values at the bit locations of the first PDU directly as an index into a CAM.
摘要翻译: 一种用于提供负载分布的方法,所述负载分布为每个流选择一个设定的相等成本路径中的一个,以最小化跨所述一组相等成本路径的流量分布的不平衡,所述方法包括计算到每个目的地节点的等价路径集合,生成 一组等价路径的下一跳鉴别器,下一跳鉴别器集合中的每个下一跳鉴别器,以唯一地识别等成本下一跳中的一个,通过根据分配机制存储填充负载分布表, 在每个负载分配表条目中,来自下一跳鉴别器集合的下一跳鉴别器之一,从第一流接收第一PDU,并通过使用该位的值来执行负载分布表中的下一跳鉴别器之一的查找 第一PDU的位置直接作为CAM的索引。
-
9.发明授权公开(公告)号:US08989010B2
公开(公告)日:2015-03-24
申请号:US13678396
申请日:2012-11-15
IPC分类号: H04L12/26 , H04L12/841 , H04L12/815
CPC分类号: H04L47/283 , H04L43/0852 , H04L47/11 , H04L47/22
摘要: A process is performed by a controller in a split-architecture network. The controller monitors congestion of traffic groups across the split-architecture network and executes the process to provide delay based data rate control to alleviate congestion of the traffic groups. The process includes configuring an ingress switch and egress switch for each traffic group to collect delay measurement data for data packets of each traffic group as they arrive at the ingress switch and egress switch. The delay measurement data is received from the ingress switch and egress switch of each traffic group. A check is made whether a minimum data packet delay for any traffic group exceeds a defined threshold value. A throttling rate is calculated for each traffic group in the split-architecture network, in response to the defined threshold value being exceeded.
摘要翻译: 一个进程由分离架构网络中的控制器执行。 控制器监视跨架构网络上的流量组的拥塞,并执行该过程以提供基于延迟的数据速率控制,以减轻流量组的拥塞。 该过程包括为每个流量组配置入口交换机和出口交换机,以便在到达入口交换机和出口交换机时收集每个业务组的数据分组的延迟测量数据。 延迟测量数据从每个流量组的入口开关和出口开关接收。 检查任何流量组的最小数据包延迟是否超过定义的阈值。 响应于超过定义的阈值,为分裂架构网络中的每个流量组计算节流率。
-
10.发明授权System and method for variable-size table construction applied to a table-lookup approach for load-spreading in forwarding data in a network 有权用于可变大小表构造的系统和方法应用于在网络中转发数据中的负载扩展的表查找方法公开(公告)号:US08738757B2
公开(公告)日:2014-05-27
申请号:US13346474
申请日:2012-01-09
IPC分类号: G06F15/173
CPC分类号: H04L45/38 , H04L45/245 , H04L47/125 , Y02D50/30
摘要: A network element disposed in a network, where the network element implements a process to manage load distribution across a plurality of network interfaces of the network. The network element redirects traffic flow directed toward the plurality of network interfaces in response to changes in configuration of the plurality of network interfaces, where each traffic flow is a set of protocol data units (PDUs), having an ordered delivery requirement, and where the PDUs are transmitted across the network between a source node and a destination node. The redirection process minimizes data traffic flow disruption when the load distribution is determined using a set of load distribution tables instead of a hashing algorithm.
摘要翻译: 布置在网络中的网络元件,其中网络元件实现用于管理跨越网络的多个网络接口的负载分布的过程。 响应于多个网络接口的配置的变化,网络元件重定向指向多个网络接口的业务流,其中每个业务流是具有有序传送要求的一组协议数据单元(PDU),并且其中 PDU在源节点和目的节点之间通过网络传输。 当使用一组负载分布表而不是散列算法确定负载分布时,重定向过程可以最大限度地减少数据流量中断。
-
-
-
-
-
-
-
-
-
搜索结果
26 条记录 (耗时 0.022 秒)
