-
公开(公告)号:US20130080638A1
公开(公告)日:2013-03-28
申请号:US13240020
申请日:2011-09-22
申请人: Marco Di Benedetto , Dante Malagrino , Alessandro Salvatori , Arthur Lihder Chang , Vijay Chander , Thomas Vincent Flynn
发明人: Marco Di Benedetto , Dante Malagrino , Alessandro Salvatori , Arthur Lihder Chang , Vijay Chander , Thomas Vincent Flynn
IPC分类号: G06F15/173
CPC分类号: H04L47/70 , H04L12/6418 , H04L45/586
摘要: A distributed virtual appliance is disclosed, including: allocating network traffic to a plurality of compute units implementing a network service associated with the distributed virtual appliance; and dynamically adding or removing one or more compute units implementing the network service without disruption to the network traffic.
摘要翻译: 公开了一种分布式虚拟设备,包括:将网络流量分配给实现与分布式虚拟设备相关联的网络服务的多个计算单元; 以及动态地添加或移除实现网络服务的一个或多个计算单元,而不中断网络流量。
-
公开(公告)号:US07965843B1
公开(公告)日:2011-06-21
申请号:US10034367
申请日:2001-12-27
IPC分类号: H04L9/12
CPC分类号: H04L63/123 , H04L9/0838 , H04L9/3239 , H04L63/12
摘要: Methods and apparatus are provided for improving both node-based and message-based security in a fibre channel network. Entity to entity authentication and key exchange services can be included in existing initialization messages used for introducing fibre channel network entities into a fibre channel fabric, or with specific messages exchanged over an already initialized communication channel. Both per-message authentication and encryption mechanisms can be activated using the authentication and key exchange services. Messages passed between fibre channel network entities can be encrypted and authenticated using information provided during the authentication sequence. Security services such as per-message authentication, confidentiality, integrity protection, and anti-replay protection can be implemented.
摘要翻译: 提供了用于改进光纤通道网络中的基于节点和基于消息的安全性的方法和装置。 可以将实体认证和密钥交换服务的实体包括在用于将光纤信道网络实体引入光纤信道结构的现有初始化消息中,或者通过已经初始化的通信信道交换的特定消息。 可以使用认证和密钥交换服务来激活每消息认证和加密机制。 在光纤通道网络实体之间通过的消息可以使用在认证序列期间提供的信息进行加密和认证。 可以实现诸如每消息认证,机密性,完整性保护和反重放保护等安全服务。
-
公开(公告)号:US07545757B2
公开(公告)日:2009-06-09
申请号:US11292652
申请日:2005-12-02
IPC分类号: H04L12/28 , H04L12/56 , G06F15/177 , G06F15/143 , G06F15/16
摘要: A method of managing a computer network switch is disclosed. The method has the steps of: setting a port of the switch to root guard protected status (RG status); selecting by a spanning tree protocol (STP) the port as a designated port; and setting said port into blocked status, in response to said port being both in root guard protected status and selected by STP as a root port. By setting a port to root guard protected, the port is prevented from becoming a designated port, and so then forcing the root port to remain in a desired core network.
摘要翻译: 公开了一种管理计算机网络交换机的方法。 该方法具有以下步骤:将交换机的端口设置为根保护状态(RG状态); 通过生成树协议(STP)选择端口作为指定端口; 并将所述端口设置为阻塞状态,以响应所述端口都处于根保护保护状态,并且由STP作为根端口选择。 通过将端口设置为保护保护,防止端口成为指定端口,从而强制根端口保留在所需的核心网络中。
-
4.发明申请APPARATUS AND METHOD FOR PREVENTING DISRUPTION OF FIBRE CHANNEL FABRICS CAUSED BY RECONFIGURE FABRIC (RCF) MESSAGES 有权用于防止由重建织物(RCF)消息引起的纤维通道织物的破坏的装置和方法公开(公告)号:US20080159172A1
公开(公告)日:2008-07-03
申请号:US12049932
申请日:2008-03-17
IPC分类号: G01R31/08
CPC分类号: H04Q11/0005 , H04Q2011/0039
摘要: An apparatus and method for preventing the disruption of Fibre Channel Fabrics caused by ReConfigure Fabric (RCF) messages is disclosed. The apparatus includes a storage area network and a plurality of Fibre Channel Switches arranged in a Fabric. Each of the plurality of Switches includes logic to selectively configure their Ports to either reject or accept RCF messages. When configured to reject RCF messages, the Switch Port that receives an RCF message will generate a reject message along with a reason code explanation “E_Port Isolated”, and then transition into an Isolated state. When the Switch that generated the RCF message receives the reject message, its Port also transition into the Isolated state. In accordance with the method of the present invention, either a Storage Service Provider or a client can access the Switches of the Fabric through either a command line interpreter or a management application. Once access to the Fabric is established, the logic of the Ports of the Switches can be selectively configured to reject or accept RCF messages as described above.
摘要翻译: 公开了一种用于防止由ReConfigure Fabric(RCF)消息引起的光纤通道结构中断的设备和方法。 该装置包括存储区域网络和布置在织物中的多个光纤通道交换机。 多个开关中的每一个包括用于选择性地配置其端口以拒绝或接受RCF消息的逻辑。 当配置为拒绝RCF消息时,接收RCF消息的交换机端口将生成拒绝消息以及原因代码说明“E_Port Isolated”,然后转换到隔离状态。 当生成RCF消息的交换机接收到拒绝消息时,其端口也转换到隔离状态。 根据本发明的方法,存储服务提供商或客户端可以通过命令行解释器或管理应用程序访问结构的交换机。 一旦建立了对Fabric的访问,交换机端口的逻辑可以有选择地配置为拒绝或接受RCF消息,如上所述。
-
5.发明授权Apparatus and method for preventing one way connectivity loops in a computer network 失效用于防止计算机网络中的单向连接环路的装置和方法公开(公告)号:US07076594B2
公开(公告)日:2006-07-11
申请号:US09747676
申请日:2000-12-22
申请人: Marco Di Benedetto , Umesh Mahajan , Silvano Gai
发明人: Marco Di Benedetto , Umesh Mahajan , Silvano Gai
IPC分类号: G06F1/00
摘要: Ports of a switch are assigned by a person, for example a network manager, to be for communication up the spanning tree toward the root switch (“up ports”), or down the spanning tree away from the root switch (“down ports”). This assignment is made by enabling “Uplinkguard” status for a desired up port, and by connecting the desired port to a switch which it is desired to place in the higher layer of the spanning tree. A port having Uplinkguard enabled is prevented, for example by software or firmware in its switch, from transitioning to a designated role. Uplinkguard-enabling a port, by preventing the port from transitioning to the designated role, has at least two consequences: preventing the port from being selected by the STP to transmit to lower switches in the spanning tree; and, preventing the port from transmitting when a one way connectivity fault develops on that port. A port with Uplinkguard enabled may transition to root port role. In the event that there is one way connectivity from a port, that port will not receive BPDU messages, and if the port is in blocked state, it will believe that it should take over and become the designated port for the external link to which it is connected. Uplinkguard prevents the port from transitioning to designated role. When the port attempts to transition into designated role, Uplinkguard forces the port to transition into blocked role, thereby eliminating formation of loops caused by one way connectivity faults.
摘要翻译: 交换机的端口由一个人(例如网络管理器)分配,用于向生成树向根交换机(“上行端口”)通信,或者从根交换机(“向下端口”)向下生成树 )。 通过为所需的上行端口启用“上行链路保护”状态,并将期望的端口连接到希望放置在生成树的较高层中的交换机进行此分配。 启用了启用了Uplinkguard的端口,例如通过其切换中的软件或固件,从转换到指定的角色。 通过防止端口转移到指定角色,上行链路启用端口至少有两个后果:防止端口被STP选择发送到生成树中的下层交换机; 并且在该端口上发生单向连接故障时,防止端口发送。 启用了Uplinkguard的端口可能会转换到根端口角色。 在端口有单向连接的情况下,该端口不会收到BPDU消息,如果该端口处于阻塞状态,则认为该端口将被接管并成为其所在外部链路的指定端口 已连接。 上行链路防止端口转换到指定的角色。 当端口尝试转换为指定角色时,上行链路强制端口转换为阻塞角色,从而消除由单向连接故障引起的环路形成。
-
公开(公告)号:US06987740B1
公开(公告)日:2006-01-17
申请号:US09658880
申请日:2000-09-11
IPC分类号: H04L12/28
摘要: The Spanning Tree Protocol (STP) chooses a root switch. Each of the other switches has a “root” port and one or more “designated ports(s)” chosen by STP. Packets are transmitted upstream toward the root switch through the root port, and packets designated for downstream switches from the root switch are received by the root port and transmitted through the designated ports. In the invention, an administrator of the core network identifies which switch ports in the core network are boundary ports to customer networks. The administrator designates the boundary ports as “root guard protected” ports (RG ports). The STP then executes as required by the ordinary STP protocol, and if a RG port is selected by the STP to be a root portm then the status of the port is set to “blocked,” and no packets are transmitted through the port.
摘要翻译: 生成树协议(STP)选择根交换机。 每个其他交换机具有“根”端口和一个或多个由STP选择的“指定端口”。 数据包通过根端口向根交换机上游传输,根交换机指定用于下游交换机的数据包由根端口接收并通过指定端口传输。 在本发明中,核心网络的管理员识别核心网络中哪些交换机端口是到客户网络的边界端口。 管理员将边界端口指定为“根保护保护”端口(RG端口)。 STP然后根据普通STP协议的要求执行,如果由STP选择RG端口作为根端口,则端口的状态被设置为“阻塞”,并且不会通过端口传输数据包。
-
公开(公告)号:US06898189B1
公开(公告)日:2005-05-24
申请号:US09644377
申请日:2000-08-23
CPC分类号: H04L45/00 , H04L41/00 , H04L45/48 , H04L45/586
摘要: A method and apparatus for continuing the operation of a spanning tree protocol at a network device despite crashes or failures at that device. A supervisor card contained in the network device is designated an active supervisor, while all other supervisor cards are designated standby supervisors. The active supervisor runs the spanning tree protocol, and informs the standby supervisors of the states of ports, but not of the identity of the root or designated bridges. When a crash or failure occurs at the active supervisor, one of the standby supervisors is immediately designated to be the new active supervisor. The newly active supervisor reviews the port state, and queries the line cards to determine whether that port state information is still valid. The newly active supervisor adopts the valid port state information, leaving those ports in their current spanning tree port state.
摘要翻译: 一种用于在网络设备上继续执行生成树协议的方法和装置,尽管在该设备上发生故障或故障。 包含在网络设备中的主管卡被指定为主管主管,而所有其他管理卡被指定为备用主管。 主动管理器运行生成树协议,并向备用主管通知端口状态,但不指定根或指定网桥的身份。 当主动主管发生故障或故障时,其中一个备用主管将被立即指定为新的主动主管。 最新的主管审查端口状态,并查询线卡以确定该端口状态信息是否仍然有效。 新主管主管采用有效的端口状态信息,使端口处于当前生成树端口状态。
-
公开(公告)号:US09112812B2
公开(公告)日:2015-08-18
申请号:US13240020
申请日:2011-09-22
申请人: Marco Di Benedetto , Dante Malagrino , Alessandro Salvatori , Arthur Lihder Chang , Vijay Chander , Thomas Vincent Flynn
发明人: Marco Di Benedetto , Dante Malagrino , Alessandro Salvatori , Arthur Lihder Chang , Vijay Chander , Thomas Vincent Flynn
IPC分类号: G06F15/173 , G06F15/177 , H04L12/911 , H04L12/64 , H04L12/713
CPC分类号: H04L47/70 , H04L12/6418 , H04L45/586
摘要: A distributed virtual appliance is disclosed, including: allocating network traffic to a plurality of compute units implementing a network service associated with the distributed virtual appliance; and dynamically adding or removing one or more compute units implementing the network service without disruption to the network traffic.
摘要翻译: 公开了一种分布式虚拟设备,包括:将网络流量分配给实现与分布式虚拟设备相关联的网络服务的多个计算单元; 以及动态地添加或移除实现网络服务的一个或多个计算单元,而不中断网络流量。
-
公开(公告)号:US07599284B1
公开(公告)日:2009-10-06
申请号:US11130286
申请日:2005-05-16
IPC分类号: G01R31/08 , H04L12/28 , G06F15/177
CPC分类号: H04L45/00 , H04L41/00 , H04L45/48 , H04L45/586
摘要: A method and apparatus for continuing the operation of a spanning tree protocol at a network device despite crashes or failures at that device is disclosed. The network device includes a plurality of line cards having ports for receiving and forwarding messages and a plurality of supervisor cards for processing at least some of those messages. Upon start-up, one of the supervisor cards is designated the active supervisor, while all other supervisor cards are designated standby supervisors. The active supervisor runs the spanning tree protocol (STP). The active supervisor informs the standby supervisors of the states of ports set by the STP. When a crash or failure occurs at the active supervisor, one of the standby supervisors is immediately designated to be the new active supervisor, and the new active supervisor uses the states of ports set by the original STP.
摘要翻译: 一种用于在网络设备上继续执行生成树协议的方法和装置,尽管公开了该设备上的故障或故障。 网络设备包括具有用于接收和转发消息的端口的多个线路卡和用于处理这些消息中的至少一些的多个管理卡。 启动时,其中一个主管卡被指定为主管,而所有其他主管卡都被指定为备用主管。 活动主管运行生成树协议(STP)。 主动主管向备用主管通知STP设置的端口状态。 当主动管理员发生故障或故障时,其中一个备用主管立即被指定为新的主动管理员,新的主管主管使用原始STP设置的端口状态。
-
公开(公告)号:US07424533B1
公开(公告)日:2008-09-09
申请号:US10444718
申请日:2003-05-23
IPC分类号: G06F15/173 , G06F15/177
CPC分类号: G06F21/6218 , H04L67/1097
摘要: Methods and devices are provided for role-based access control of network devices. The network devices may constitute the fabric of a storage area network (“SAN”) that has been logically partitioned into virtual storage area networks (“VSANs”) that are allocated to various administrators. Roles assigned according to preferred aspects of the invention do not need to be hierarchical, but are customized according to administrators' needs.
摘要翻译: 为网络设备的角色访问控制提供了方法和设备。 网络设备可以构成已经被逻辑划分成分配给各种管理员的虚拟存储区域网络(“VSAN”)的存储区域网络(“SAN”)的结构。 根据本发明的优选方面分配的角色不需要是分级的,而是根据管理员的需要进行定制。
-
-
-
-
-
-
-
-
-
搜索结果
29 条记录 (耗时 0.02 秒)
