-
公开(公告)号:US20100153701A1
公开(公告)日:2010-06-17
申请号:US12316842
申请日:2008-12-17
IPC分类号: H04L9/00
CPC分类号: H04L12/4666 , H04L12/4633 , H04L63/0428 , H04L63/162
摘要: Systems, methods, and other embodiments associated with layer two (L2) encryption for data center interconnectivity are described. One example system includes a receive logic to receive an unencrypted L2 switched frame (UL2SF). The UL2SF may include a payload and an L2 header. The example system may also include an encryption logic to selectively encrypt the UL2SF into an encrypted frame if the UL2SF is to be sent through an L2 virtual private network (L2VPN) requiring encryption. The example system may also include a delivery logic that adds a header to the encrypted frame. The header may include data to identify a decryption function to decrypt the encrypted frame and routing information for the encrypted frame. The delivery logic may also provide the encrypted frame to the L2VPN, where the providing includes selectively sending the encrypted frame as one of, a point to point packet, and a multipoint packet.
摘要翻译: 描述了与用于数据中心互连的第二层(L2)加密相关联的系统,方法和其它实施例。 一个示例系统包括接收未加密的L2交换帧(UL2SF)的接收逻辑。 UL2SF可以包括有效载荷和L2报头。 如果要通过需要加密的L2虚拟专用网(L2VPN)发送UL2SF,示例系统还可以包括加密逻辑,以选择性地将UL2SF加密成加密帧。 示例系统还可以包括向加密的帧添加头部的递送逻辑。 标题可以包括用于识别解密加密帧的解密功能的数据和用于加密帧的路由信息。 递送逻辑还可以将加密的帧提供给L2VPN,其中提供包括选择性地将加密的帧作为点对点分组和多点分组之一发送。
-
公开(公告)号:US20090059914A1
公开(公告)日:2009-03-05
申请号:US11846011
申请日:2007-08-28
IPC分类号: H04L12/28
CPC分类号: H04L12/4666 , H04L12/2854 , H04L45/00 , H04L45/02
摘要: One embodiment provides a method to interconnect virtual network segments (VNETs) defined for a local-area network (LAN) infrastructure separated by a wide-area network infrastructure. The technique involves the routing device at the LAN-WAN interconnection points to impose or dispose the VNET-shim, which encodes the VNET-id information in a Layer 4 portion of the packet. In a data plane, a new IP protocol value may be used to signify the presence of the VNET-shim followed by cryptography specific information in an IP packet. In a control plane, the routing protocol is expanded to exchange the routing information along with the VNET information.
摘要翻译: 一个实施例提供了一种互连为由广域网基础设施分开的局域网(LAN)基础设施定义的虚拟网段(VNET)的互连方法。 该技术涉及LAN-WAN互联点处的路由设备,以对VNET-shim进行处理或配置,VNET-shim将数据包的第4层部分中的VNET-id信息编码。 在数据平面中,可以使用新的IP协议值来表示VIP-shim的存在,随后是IP分组中的加密特定信息。 在控制平面中,路由协议被扩展以便与VNET信息一起交换路由信息。
-
3.发明申请Method for IP routing when using dynamic VLANs with web based authentication 有权使用基于Web身份验证的动态VLAN时IP路由的方法公开(公告)号:US20070237148A1
公开(公告)日:2007-10-11
申请号:US11400855
申请日:2006-04-10
申请人: Khalil Jabr , S. Van De Houten , Jason Frazier , Victor Moreno
发明人: Khalil Jabr , S. Van De Houten , Jason Frazier , Victor Moreno
IPC分类号: H04L12/56
CPC分类号: H04L45/04 , H04L12/467
摘要: A method, apparatus and computer program product for providing IP Routing when using dynamic virtual local area networks (VLANs) with web based authentication. A downstream VLAN is assigned to a first switch port of a first network device. A first upstream VLAN is also assigned to the first switch port of the first network device. The first upstream VLAN is changed to a second upstream VLAN upon authentication, and the downstream VLAN is maintained.
摘要翻译: 一种在使用基于Web的认证的动态虚拟局域网(VLAN)时提供IP路由的方法,设备和计算机程序产品。 下游VLAN被分配给第一网络设备的第一交换机端口。 第一个上游VLAN也被分配给第一个网络设备的第一个交换机端口。 验证后,第一个上行VLAN更改为第二个上游VLAN,维护下游VLAN。
-
公开(公告)号:US08271775B2
公开(公告)日:2012-09-18
申请号:US12316842
申请日:2008-12-17
IPC分类号: H04L29/06
CPC分类号: H04L12/4666 , H04L12/4633 , H04L63/0428 , H04L63/162
摘要: Systems, methods, and other embodiments associated with layer two (L2) encryption for data center interconnectivity are described. One example system includes a receive logic to receive an unencrypted L2 switched frame (UL2SF). The UL2SF may include a payload and an L2 header. The example system may also include an encryption logic to selectively encrypt the UL2SF into an encrypted frame if the UL2SF is to be sent through an L2 virtual private network (L2VPN) requiring encryption. The example system may also include a delivery logic that adds a header to the encrypted frame. The header may include data to identify a decryption function to decrypt the encrypted frame and routing information for the encrypted frame. The delivery logic may also provide the encrypted frame to the L2VPN, where the providing includes selectively sending the encrypted frame as one of, a point to point packet, and a multipoint packet.
摘要翻译: 描述了与用于数据中心互连的第二层(L2)加密相关联的系统,方法和其它实施例。 一个示例系统包括接收未加密的L2交换帧(UL2SF)的接收逻辑。 UL2SF可以包括有效载荷和L2报头。 如果要通过需要加密的L2虚拟专用网(L2VPN)发送UL2SF,示例系统还可以包括加密逻辑,以选择性地将UL2SF加密成加密帧。 示例系统还可以包括向加密帧添加头部的递送逻辑。 标题可以包括用于识别解密加密帧的解密功能的数据和用于加密帧的路由信息。 递送逻辑还可以将加密的帧提供给L2VPN,其中提供包括选择性地将加密的帧作为点对点分组和多点分组之一发送。
-
公开(公告)号:US08165023B2
公开(公告)日:2012-04-24
申请号:US11846011
申请日:2007-08-28
IPC分类号: H04L12/56
CPC分类号: H04L12/4666 , H04L12/2854 , H04L45/00 , H04L45/02
摘要: One embodiment provides a method to interconnect virtual network segments (VNETs) defined for a local-area network (LAN) infrastructure separated by a wide-area network infrastructure. The technique involves the routing device at the LAN-WAN interconnection points to impose or dispose the VNET-shim, which encodes the VNET-id information in a Layer 4 portion of the packet. In a data plane, a new IP protocol value may be used to signify the presence of the VNET-shim followed by cryptography specific information in an IP packet. In a control plane, the routing protocol is expanded to exchange the routing information along with the VNET information.
摘要翻译: 一个实施例提供了一种互连为由广域网基础设施分开的局域网(LAN)基础设施定义的虚拟网段(VNET)的互连方法。 该技术涉及LAN-WAN互联点处的路由设备,以对VNET-shim进行处理或配置,VNET-shim将数据包的第4层部分中的VNET-id信息编码。 在数据平面中,可以使用新的IP协议值来表示VIP-shim的存在,随后是IP分组中的加密特定信息。 在控制平面中,路由协议被扩展以便与VNET信息一起交换路由信息。
-
公开(公告)号:US08792490B2
公开(公告)日:2014-07-29
申请号:US12404608
申请日:2009-03-16
CPC分类号: H04L12/4645 , H04L12/4641 , H04L12/465 , H04L12/4666 , H04L45/00 , H04L45/02 , H04L45/50
摘要: Systems, methods, and other embodiments associated with logically partitioned networking devices are described herein. One example method includes receiving a message from a common interface. The message comprises a logical partition header (LPH) and a network segmentation header (NSH). The LPH may be associated with a logical partition of a networking device. The NSH is associated with a grouping (e.g., segmentation) of networking devices. The example method may also include forwarding the message to the grouping of networking devices based, at least in part, on the NSH and a virtual route forwarding (VRF) table. Forwarding the message to the logical partition of the networking device based, at least in part, on the LPH.
摘要翻译: 本文描述了与逻辑分区的网络设备相关联的系统,方法和其他实施例。 一个示例性方法包括从公共接口接收消息。 消息包括逻辑分区报头(LPH)和网络分段报头(NSH)。 LPH可以与网络设备的逻辑分区相关联。 NSH与网络设备的分组(例如,分段)相关联。 该示例方法还可以包括至少部分地基于NSH和虚拟路由转发(VRF)表,将消息转发到组网设备。 至少部分地基于LPH将消息转发到网络设备的逻辑分区。
-
7.发明授权Method for IP routing when using dynamic VLANs with web based authentication 有权使用基于Web身份验证的动态VLAN时IP路由的方法公开(公告)号:US08189600B2
公开(公告)日:2012-05-29
申请号:US11400855
申请日:2006-04-10
CPC分类号: H04L45/04 , H04L12/467
摘要: A method, apparatus and computer program product for providing IP Routing when using dynamic virtual local area networks (VLANs) with web based authentication. A downstream VLAN is assigned to a first switch port of a first network device. A first upstream VLAN is also assigned to the first switch port of the first network device. The first upstream VLAN is changed to a second upstream VLAN upon authentication, and the downstream VLAN is maintained.
摘要翻译: 一种在使用基于Web的认证的动态虚拟局域网(VLAN)时提供IP路由的方法,设备和计算机程序产品。 下游VLAN被分配给第一网络设备的第一交换机端口。 第一个上游VLAN也被分配给第一个网络设备的第一个交换机端口。 验证后,第一个上行VLAN更改为第二个上游VLAN,维护下游VLAN。
-
公开(公告)号:US08036118B2
公开(公告)日:2011-10-11
申请号:US12024779
申请日:2008-02-01
申请人: Khalil Jabr
发明人: Khalil Jabr
IPC分类号: H04L12/28
CPC分类号: H04L45/302 , H04L45/02 , H04L45/306 , H04L45/745
摘要: In one embodiment, a technique for selecting a topology, in a multi-topology routing network, based on a source-destination pair of a packet is provided. The packet may be routed on a preferred path of the selected topology. By selecting the same topology for the source-destination pair even if the source and destination addresses are swapped, upstream and downstream traffic may be routed in a symmetrical manner. For some embodiments, a topology may be selected using a hash value that is generated using an algorithm that is commutative with respect to the source and destination addresses.
摘要翻译: 在一个实施例中,提供了一种基于分组的源 - 目的地对在多拓扑路由选择网络中选择拓扑的技术。 分组可以在所选拓扑的优选路径上路由。 通过为源 - 目的地对选择相同的拓扑,即使交换了源和目标地址,也可以以对称的方式路由上游和下游流量。 对于一些实施例,可以使用使用相对于源和目的地址交换的算法生成的散列值来选择拓扑。
-
公开(公告)号:US20070058638A1
公开(公告)日:2007-03-15
申请号:US11226011
申请日:2005-09-14
申请人: James Guichard , W. Wainner , Saul Adler , Khalil Jabr , S. Van de Houten
发明人: James Guichard , W. Wainner , Saul Adler , Khalil Jabr , S. Van de Houten
IPC分类号: H04L12/28
CPC分类号: H04L12/4641 , H04L45/50 , H04L45/66
摘要: A routing mechanism provides network segmentation preservation by route distribution with segment identification, policy distribution for a given VPN segment, and encapsulation/decapsulation for each segment using an Ethernet VLAN_ID, indicative of the VPN segment (subnetwork). Encapsulated segmentation information in a message packet identifies which routing and forwarding table is employed for the next hop. A common routing instance receives the message packets from the common interface, and indexes a corresponding VRF table from the VLAN ID, or segment identifier, indicative of the subnetwork (e.g. segment). In this manner, the routing instance receives the incoming message packet, decapsulates the VLAN ID in the incoming message packet, and indexes the corresponding VRF and policy ID from the VLAN ID, therefore employing a common routing instance over a common subinterface for a plurality of segments (subnetworks) coupled to a particular forwarding device (e.g. VPN router).
摘要翻译: 路由机制通过分段识别,给定VPN段的策略分配以及使用指示VPN段(子网)的以太网VLAN_ID对每个段进行封装/解封装来提供网络分段保护。 消息分组中的封装分段信息标识下一跳采用的路由和转发表。 公共路由实例从公共接口接收消息包,并从指示子网(例如,段)的VLAN ID或段标识符中对相应的VRF表进行索引。 以这种方式,路由实例接收到入消息包,将入局消息包中的VLAN ID解封装,并从VLAN ID中对相应的VRF和策略ID进行索引,因此在公共子接口上采用公共路由实例, 耦合到特定转发设备(例如,VPN路由器)的段(子网络)。
-
公开(公告)号:US20100232435A1
公开(公告)日:2010-09-16
申请号:US12404608
申请日:2009-03-16
CPC分类号: H04L12/4645 , H04L12/4641 , H04L12/465 , H04L12/4666 , H04L45/00 , H04L45/02 , H04L45/50
摘要: Systems, methods, and other embodiments associated with logically partitioned networking devices are described herein. One example method includes receiving a message from a common interface. The message comprises a logical partition header (LPH) and a network segmentation header (NSH). The LPH may be associated with a logical partition of a networking device. The NSH is associated with a grouping (e.g., segmentation) of networking devices. The example method may also include forwarding the message to the grouping of networking devices based, at least in part, on the NSH and a virtual route forwarding (VRF) table. Forwarding the message to the logical partition of the networking device based, at least in part, on the LPH.
摘要翻译: 本文描述了与逻辑分区的网络设备相关联的系统,方法和其他实施例。 一个示例性方法包括从公共接口接收消息。 消息包括逻辑分区报头(LPH)和网络分段报头(NSH)。 LPH可以与网络设备的逻辑分区相关联。 NSH与网络设备的分组(例如,分段)相关联。 该示例方法还可以包括至少部分地基于NSH和虚拟路由转发(VRF)表,将消息转发到组网设备。 至少部分地基于LPH将消息转发到网络设备的逻辑分区。
-
-
-
-
-
-
-
-
-
搜索结果
11 条记录 (耗时 0.01 秒)
