-
公开(公告)号:US08599697B2
公开(公告)日:2013-12-03
申请号:US13118569
申请日:2011-05-30
申请人: Livio Ricciulli
发明人: Livio Ricciulli
IPC分类号: G08C15/00
CPC分类号: H04L45/302 , F25B41/003 , F25B41/067 , H04L12/4633 , H04L45/00 , H04L45/02 , H04L45/121 , H04L45/124 , H04L45/22 , H04L45/28 , H04L45/306 , H04L45/64
摘要: Methods and apparatus are disclosed for dynamically discovering and utilizing an optimized network path through overlay routing for the transmission of data. A determination whether to use a default network path or to instead use an alternate data forwarding path through one or more overlay nodes is based on real-time measurement of costs associated with the alternative paths, in response to a user request for transmission of message data to a destination on the network. Cost metrics include delay, throughput, jitter, loss, and security. The system chooses the best path among the default forwarding path and the multiple alternate forwarding paths, and implements appropriate control actions to force data transmission along the chosen path. No modification of established network communication protocols is required.
摘要翻译: 公开了用于通过覆盖路由来动态地发现和利用优化的网络路径来传输数据的方法和装置。 响应于用户对消息数据传输的请求,确定是使用默认网络路径还是使用通过一个或多个覆盖节点的备用数据转发路径是基于与替代路径相关联的成本的实时测量 到网络上的目的地。 成本指标包括延迟,吞吐量,抖动,丢失和安全性。 系统选择默认转发路径和多个备用转发路径之间的最佳路径,并实施适当的控制动作,以强制沿所选路径传输数据。 不需要修改已建立的网络通信协议。
-
2.发明申请Hardware support for wire-speed, stateful matching and filtration of network traffic 失效硬件支持线速,状态匹配和网络流量过滤公开(公告)号:US20050234915A1
公开(公告)日:2005-10-20
申请号:US10741947
申请日:2003-12-19
申请人: Livio Ricciulli
发明人: Livio Ricciulli
IPC分类号: G06F7/00 , G06F15/173 , H04J3/14 , H04L12/56 , H04L29/06
CPC分类号: H04L63/1441 , H04L47/2441 , H04L69/12 , H04L69/22
摘要: A packet inspection apparatus is described. In one embodiment, the packet inspection apparatus comprises a packet inspection module to compare data from one or more packets of multiple packets with one or more signatures to identify a match, and at least one network interface modules coupled to the packet inspection module. The network interface module has two ports for forwarding full-duplex traffic therebetween, where the traffic includes packets. The one or more network interface modules forward the packets to the packet inspection module and blocks one or more packets in response to an indication from the packet inspection module.
摘要翻译: 对分组检查装置进行说明。 在一个实施例中,分组检查装置包括分组检查模块,用于将来自多个分组的一个或多个分组的数据与一个或多个签名进行比较以识别匹配,以及耦合到分组检查模块的至少一个网络接口模块。 网络接口模块有两个端口,用于转发其间的全双工业务,其中业务包括数据包。 一个或多个网络接口模块将分组转发到分组检查模块,并响应于来自分组检查模块的指示来阻塞一个或多个分组。
-
公开(公告)号:US06778502B2
公开(公告)日:2004-08-17
申请号:US09916628
申请日:2001-07-27
申请人: Livio Ricciulli
发明人: Livio Ricciulli
IPC分类号: H04L1226
CPC分类号: H04L45/302 , F25B41/003 , F25B41/067 , H04L12/4633 , H04L45/00 , H04L45/02 , H04L45/121 , H04L45/124 , H04L45/22 , H04L45/28 , H04L45/306 , H04L45/64
摘要: Methods and apparatus are disclosed for dynamically discovering and utilizing an optimized network path through overlay routing for the transmission of data. A determination whether to use a default network path or to instead use an alternate data forwarding path through one or more overlay nodes is based on real-time measurement of costs associated with the alternative paths, in response to a user request for transmission of message data to a destination on the network. Cost metrics include delay, throughput, jitter, loss, and security. The system chooses the best path among the default forwarding path and the multiple alternate forwarding paths, and implements appropriate control actions to force data transmission along the chosen path. No modification of established network communication protocols is required.
-
公开(公告)号:US20110228678A1
公开(公告)日:2011-09-22
申请号:US13118569
申请日:2011-05-30
申请人: Livio Ricciulli
发明人: Livio Ricciulli
IPC分类号: H04L12/26
CPC分类号: H04L45/302 , F25B41/003 , F25B41/067 , H04L12/4633 , H04L45/00 , H04L45/02 , H04L45/121 , H04L45/124 , H04L45/22 , H04L45/28 , H04L45/306 , H04L45/64
摘要: Methods and apparatus are disclosed for dynamically discovering and utilizing an optimized network path through overlay routing for the transmission of data. A determination whether to use a default network path or to instead use an alternate data forwarding path through one or more overlay nodes is based on real-time measurement of costs associated with the alternative paths, in response to a user request for transmission of message data to a destination on the network. Cost metrics include delay, throughput, jitter, loss, and security. The system chooses the best path among the default forwarding path and the multiple alternate forwarding paths, and implements appropriate control actions to force data transmission along the chosen path. No modification of established network communication protocols is required.
摘要翻译: 公开了用于通过覆盖路由来动态地发现和利用优化的网络路径来传输数据的方法和装置。 响应于用户对消息数据传输的请求,确定是使用默认网络路径还是使用通过一个或多个覆盖节点的备用数据转发路径是基于与替代路径相关联的成本的实时测量 到网络上的目的地。 成本指标包括延迟,吞吐量,抖动,丢失和安全性。 系统选择默认转发路径和多个备用转发路径之间的最佳路径,并实施适当的控制动作,以强制沿所选路径传输数据。 不需要修改已建立的网络通信协议。
-
公开(公告)号:US07953888B2
公开(公告)日:2011-05-31
申请号:US10630559
申请日:2003-07-30
申请人: Livio Ricciulli
发明人: Livio Ricciulli
IPC分类号: G06F15/173
CPC分类号: H04L45/302 , F25B41/003 , F25B41/067 , H04L12/4633 , H04L45/00 , H04L45/02 , H04L45/121 , H04L45/124 , H04L45/22 , H04L45/28 , H04L45/306 , H04L45/64
摘要: Methods and apparatus are disclosed for dynamically discovering and utilizing an optimized network path through overlay routing for the transmission of data. A determination whether to use a default network path or to instead use an alternate data forwarding path through one or more overlay nodes is based on real-time measurement of costs associated with the alternative paths, in response to a user request for transmission of message data to a destination on the network. Cost metrics include delay, throughput, jitter, loss, and security. The system chooses the best path among the default forwarding path and the multiple alternate forwarding paths, and implements appropriate control actions to force data transmission along the chosen path. No modification of established network communication protocols is required.
摘要翻译: 公开了用于通过覆盖路由来动态地发现和利用优化的网络路径来传输数据的方法和装置。 响应于用户对消息数据传输的请求,确定是使用默认网络路径还是使用通过一个或多个覆盖节点的备用数据转发路径是基于与替代路径相关联的成本的实时测量 到网络上的目的地。 成本指标包括延迟,吞吐量,抖动,丢失和安全性。 系统选择默认转发路径和多个备用转发路径之间的最佳路径,并实施适当的控制动作,以强制沿所选路径传输数据。 不需要修改已建立的网络通信协议。
-
6.发明授权Lossless, stateful, real-time pattern matching with deterministic memory resources 失效无损,有状态,与确定性内存资源的实时模式匹配公开(公告)号:US07584303B2
公开(公告)日:2009-09-01
申请号:US10742284
申请日:2003-12-19
申请人: Livio Ricciulli
发明人: Livio Ricciulli
IPC分类号: G06F15/16
CPC分类号: H04L63/1441 , H04L47/2441 , H04L69/12 , H04L69/22
摘要: In one embodiment, the method for inspecting packets comprises broadcasting data units of packets to a plurality of finite state machine (FSM) comparison units, where each of the FSM comparison units implements a portion of a signature. The method further includes comparing the data units of the packets to signatures, including each FSM comparison unit of the plurality of FSM comparison units independently comparing one of the data units to its associated portion of one signature. The method also includes combining results of the plurality of FSM comparison units independently processing the data units using a logic combinatorial circuit.
摘要翻译: 在一个实施例中,用于检查分组的方法包括将分组的数据单元广播到多个有限状态机(FSM)比较单元,其中每个FSM比较单元实现签名的一部分。 该方法还包括将分组的数据单元与签名进行比较,包括将多个FSM比较单元中的每个FSM比较单元独立地将一个数据单元与其一个签名的相关部分进行比较。 该方法还包括使用逻辑组合电路来组合多个FSM比较单元的结果来独立地处理数据单元。
-
公开(公告)号:US06275470B1
公开(公告)日:2001-08-14
申请号:US09336487
申请日:1999-06-18
申请人: Livio Ricciulli
发明人: Livio Ricciulli
IPC分类号: H04L1226
CPC分类号: H04L45/302 , F25B41/003 , F25B41/067 , H04L12/4633 , H04L45/00 , H04L45/02 , H04L45/121 , H04L45/124 , H04L45/22 , H04L45/28 , H04L45/306 , H04L45/64
摘要: Methods and apparatus are disclosed for dynamically discovering and utilizing an optimized network path through overlay routing for the transmission of data. A determination whether to use a default network path or to instead use an alternate data forwarding path through one or more overlay nodes is based on real-time measurement of costs associated with the alternative paths, in response to a user request for transmission of message data to a destination on the network. Cost metrics include delay, throughput, jitter, loss, and security. The system chooses the best path among the default forwarding path and the multiple alternate forwarding paths, and implements appropriate control actions to force data transmission along the chosen path. No modification of established network communication protocols is required.
-
8.发明授权Hardware support for wire-speed, stateful matching and filtration of network traffic 失效硬件支持线速,状态匹配和网络流量过滤公开(公告)号:US07577758B2
公开(公告)日:2009-08-18
申请号:US10741947
申请日:2003-12-19
申请人: Livio Ricciulli
发明人: Livio Ricciulli
IPC分类号: G06F15/16 , G06F15/173 , G06F15/177
CPC分类号: H04L63/1441 , H04L47/2441 , H04L69/12 , H04L69/22
摘要: A packet inspection apparatus is described. In one embodiment, the packet inspection apparatus comprises a packet inspection module to compare data from one or more packets of multiple packets with one or more signatures to identify a match, and at least one network interface modules coupled to the packet inspection module. The network interface module has two ports for forwarding full-duplex traffic therebetween, where the traffic includes packets. The one or more network interface modules forward the packets to the packet inspection module and blocks one or more packets in response to an indication from the packet inspection module.
摘要翻译: 对分组检查装置进行说明。 在一个实施例中,分组检查装置包括分组检查模块,用于将来自多个分组的一个或多个分组的数据与一个或多个签名进行比较以识别匹配,以及耦合到分组检查模块的至少一个网络接口模块。 网络接口模块有两个端口,用于转发其间的全双工业务,其中业务包括数据包。 一个或多个网络接口模块将分组转发到分组检查模块,并响应于来自分组检查模块的指示来阻塞一个或多个分组。
-
公开(公告)号:US07468979B2
公开(公告)日:2008-12-23
申请号:US10741235
申请日:2003-12-19
申请人: Livio Ricciulli
发明人: Livio Ricciulli
CPC分类号: H04L63/1441 , H04L47/2441 , H04L69/12 , H04L69/22
摘要: An apparatus to perform hardware-based lossless stateful signature matching is disclosed. In one embodiment, the apparatus comprises a memory and multiple finite state machine (FSM) comparison units operating in parallel to compare packets to signatures to identify matches, if any, between data units in the packets and the plurality of signatures. Each of the FSM comparison units include FSMs having states stored in the memory and at least one transition between pairs of states, and a transition to a new state results in a non-destructive additive operation being performed to store any previous state with the new state.
摘要翻译: 公开了一种执行基于硬件的无损状态签名匹配的装置。 在一个实施例中,该装置包括并行操作的存储器和多个有限状态机(FSM)比较单元,以将分组与签名进行比较,以识别分组中的数据单元和多个签名之间的匹配(如果有的话)。 每个FSM比较单元包括具有存储在存储器中的状态的FSM和状态对之间的至少一个转换,并且转换到新状态导致进行非破坏性的加法运算以存储具有新状态的任何先前状态 。
-
公开(公告)号:US07331060B1
公开(公告)日:2008-02-12
申请号:US10242380
申请日:2002-09-10
申请人: Livio Ricciulli
发明人: Livio Ricciulli
IPC分类号: G06F11/00
CPC分类号: H04L63/1458
摘要: Detecting and protecting against denial of service flooding attacks that are initiated against an end system on a computer network. In accordance with one aspect of the invention, a filter is established at a network location. The filter prevents data packets received at a first network location and deemed responsible for the denial of service flooding condition from being forwarded to a subsequent network location. Data packets received at the first network location are then monitored to determine whether the flow of any data packets from a network source exhibit a legitimate behavior, such as where the flow of data packets exhibits a backoff behavior. The filter is then modified to permit data packets that exhibit legitimate behavior to pass through the filter.
摘要翻译: 检测和防止对计算机网络上的终端系统启动的拒绝服务洪泛攻击。 根据本发明的一个方面,在网络位置建立一个过滤器。 该过滤器防止在第一网络位置接收的数据包,并将其认为负责拒绝服务洪泛状态转发到后续网络位置。 然后监视在第一网络位置处接收的数据分组,以确定来自网络源的任何数据分组的流量是否表现出合法行为,例如数据分组的数据流呈现退避行为的地方。 然后修改过滤器以允许表现合法行为的数据包通过过滤器。
-
-
-
-
-
-
-
-
-
搜索结果
13 条记录 (耗时 0.015 秒)
