公开(公告)号：US20070002768A1

公开(公告)日：2007-01-04

申请号：US11173441

申请日：2005-06-30

申请人： Kousik Nandy ,  Manikchand Bafna ,  Pratima Sethi ,  Shashidhar Patil

发明人： Kousik Nandy ,  Manikchand Bafna ,  Pratima Sethi ,  Shashidhar Patil

IPC分类号： H04L12/28

CPC分类号： H04L41/28 ,  H04L41/16 ,  H04L63/0272 ,  H04L63/164

摘要： A method and system for learning network information through a plurality of network devices is provided. The plurality of network devices are configured for IPsec. The method enables negotiation between the network devices to set up a security association and provide network information between the configured network devices. This network information includes a plurality of sub-network routes.

摘要翻译： 提供了一种通过多个网络装置学习网络信息的方法和系统。 多个网络设备配置为IPsec。 该方法使得网络设备之间能够协商建立安全关联，并在配置的网络设备之间提供网络信息。 该网络信息包括多个子网路由。

公开(公告)号：US20130219035A1

公开(公告)日：2013-08-22

申请号：US13400841

申请日：2012-02-21

申请人： Frederic R. P. Detienne ,  Pratima Sethi ,  Ijsbrand Wijnands

发明人： Frederic R. P. Detienne ,  Pratima Sethi ,  Ijsbrand Wijnands

IPC分类号： G06F15/173

CPC分类号： H04L63/065 ,  H04L9/0833 ,  H04L9/3268

摘要： Upon detection of a new traffic flow, a registration node can dynamically register the new traffic flow with a key server policy manager by sending a registration request on behalf of the new traffic flow. A registration request indicates the new traffic flow should be protected by a security group. A registration request may also include a request to dynamically generate a new security group to protect the traffic flow. The registration request is received by a key server policy manager, which performs authentication and authorization checks of the requesting registration node, and determines whether to accept or reject the registration request. If accepted, the key server policy manager registers the new traffic flow by including a description of the traffic flow in a group policy of an existing security group or a newly created security group, depending on the registration request.

摘要翻译： 在检测到新的业务流时，注册节点可以通过代表新的业务流发送注册请求来与密钥服务器策略管理器动态注册新的业务流。 注册请求表示新的流量应由安全组保护。 注册请求还可以包括动态生成新的安全组以保护业务流的请求。 注册请求由密钥服务器策略管理器接收，密钥服务器策略管理器执行请求注册节点的认证和授权检查，并确定是接受还是拒绝注册请求。 如果接受，密钥服务器策略管理器根据注册请求，将现有安全组或新创建的安全组的组策略中的流量描述包含在流量中，从而注册新流量。

公开(公告)号：US07844719B2

公开(公告)日：2010-11-30

申请号：US12030630

申请日：2008-02-13

申请人： Frederic R. P. Detienne ,  Pratima Sethi

发明人： Frederic R. P. Detienne ,  Pratima Sethi

IPC分类号： G06F15/16

CPC分类号： H04L12/4633 ,  H04L29/06 ,  H04L43/00

摘要： Network devices can detect whether a tunnel is available (e.g., usable to convey traffic in both directions) by implementing a tunnel detection protocol that uses a combination of idle timers and multiple types of probes. In this protocol, the device at one end of the tunnel is configured as an active device, while the device at the other end of the tunnel is configured as a passive device. The tunnel detection protocol is asymmetric; the active device sends probes to the passive device, but the passive device does not send probes to the active device. By using at least two types of probes, the active device can inform the passive device about the availability of the path from the passive device to the active device. Since the passive device does not need to send probes or process probe replies, control plane processing on the passive device can be reduced.

摘要翻译： 网络设备可以通过实施使用空闲定时器和多种类型的探测器的组合的隧道检测协议来检测隧道是否可用（例如，可用于在两个方向上传送流量）。 在该协议中，隧道一端的设备被配置为活动设备，而隧道另一端的设备被配置为无源设备。 隧道检测协议不对称; 主动设备向无源设备发送探测，但被动设备不向有源设备发送探测。 通过使用至少两种类型的探测器，有源器件可以向被动设备通知从无源器件到有源器件的路径的可用性。 由于无源器件不需要发送探头或处理探头应答，因此可以减少无源器件上的控制平面处理。

公开(公告)号：US20070206597A1

公开(公告)日：2007-09-06

申请号：US11414787

申请日：2006-05-01

申请人： Rajiv Asati ,  Mohamed Khalid ,  Brian Weis ,  Pratima Sethi

发明人： Rajiv Asati ,  Mohamed Khalid ,  Brian Weis ,  Pratima Sethi

IPC分类号： H04L12/56

CPC分类号： H04L12/4633 ,  H04L45/00 ,  H04L45/30

摘要： A system transmits, to a hub from a first spoke, first routing information associated with the first spoke. The system receives, at the first spoke, from the hub, second routing information associated with a plurality of spokes in communication with the hub. The plurality of spokes includes a second spoke. The system resolves, at the first spoke, a next hop determination for the packet based on the second routing information received from the hub. The system routes the packet from the first spoke to the second spoke using the next hop determination.

摘要翻译： 系统从第一辐条向中枢发送与第一辐条相关联的第一路由信息。 系统在第一辐条时从集线器接收与与集线器通信的多个辐条相关联的第二路由信息。 多个辐条包括第二辐条。 基于从集线器接收到的第二路由信息，系统在第一个分支处解析分组的下一跳确定。 系统使用下一跳确定路由数据包从第一个辐条到第二个辐条。

公开(公告)号：US20080195733A1

公开(公告)日：2008-08-14

申请号：US12030630

申请日：2008-02-13

申请人： Frederic R. P. Detienne ,  Pratima Sethi

发明人： Frederic R. P. Detienne ,  Pratima Sethi

IPC分类号： G06F15/173

CPC分类号： H04L12/4633 ,  H04L29/06 ,  H04L43/00

摘要： Network devices can detect whether a tunnel is available (e.g., usable to convey traffic in both directions) by implementing a tunnel detection protocol that uses a combination of idle timers and multiple types of probes. In this protocol, the device at one end of the tunnel is configured as an active device, while the device at the other end of the tunnel is configured as a passive device. The tunnel detection protocol is asymmetric; the active device sends probes to the passive device, but the passive device does not send probes to the active device. By using at least two types of probes, the active device can inform the passive device about the availability of the path from the passive device to the active device. Since the passive device does not need to send probes or process probe replies, control plane processing on the passive device can be reduced.

摘要翻译： 网络设备可以通过实施使用空闲定时器和多种类型的探测器的组合的隧道检测协议来检测隧道是否可用（例如，可用于在两个方向上传送流量）。 在该协议中，隧道一端的设备被配置为活动设备，而隧道另一端的设备被配置为无源设备。 隧道检测协议不对称; 主动设备向无源设备发送探测，但被动设备不向有源设备发送探测。 通过使用至少两种类型的探测器，有源器件可以向被动设备通知从无源器件到有源器件的路径的可用性。 由于无源器件不需要发送探头或处理探头应答，因此可以减少无源器件上的控制平面处理。

公开(公告)号：US08503453B2

公开(公告)日：2013-08-06

申请号：US11601948

申请日：2006-11-20

申请人： Rajiv Asati ,  Mohamed Khalid ,  Aamer Akhter ,  Pratima Sethi

发明人： Rajiv Asati ,  Mohamed Khalid ,  Aamer Akhter ,  Pratima Sethi

IPC分类号： H04L12/26

CPC分类号： H04L41/5006 ,  H04L12/4641 ,  H04L41/0893 ,  H04L41/5003 ,  H04L47/10 ,  H04L47/20

摘要： In one embodiment, a QoS manager process that receives, at an EzVPN server device, connection speed data from an EzVPN client device. In addition, the QoS manager process processes, at the EzVPN server device, the connection speed data to determine a QoS policy for a communications session between the EzVPN client device and the EzVPN server device. Furthermore, the QoS manager process applies, at the EzVPN server device, the QoS policy to the communications session between the EzVPN client device and the EzVPN server device as determined by the processing of the connection speed data.

摘要翻译： 在一个实施例中，在EzVPN服务器设备处接收来自EzVPN客户端设备的连接速度数据的QoS管理器进程。 另外，QoS管理器处理在EzVPN服务器设备处理连接速度数据，以确定EzVPN客户端设备和EzVPN服务器设备之间的通信会话的QoS策略。 此外，QoS管理器进程在EzVPN服务器设备处将QoS策略应用于由连接速度数据的处理确定的EzVPN客户端设备和EzVPN服务器设备之间的通信会话。

公开(公告)号：US20120060029A1

公开(公告)日：2012-03-08

申请号：US13235598

申请日：2011-09-19

申请人： Scott Fluhrer ,  Warren Scott Wainner ,  Sheela Rowles ,  Kavitha Kamarthy ,  Mohamed Khalid ,  Haseeb Niazi ,  Pratima Sethi

发明人： Scott Fluhrer ,  Warren Scott Wainner ,  Sheela Rowles ,  Kavitha Kamarthy ,  Mohamed Khalid ,  Haseeb Niazi ,  Pratima Sethi

IPC分类号： H04L9/00

CPC分类号： H04L41/0893 ,  H04L41/08 ,  H04L63/0272 ,  H04L63/0428 ,  H04L63/08

摘要： A system and method directed to carrying out dynamic secured group communication is provided. The method includes: obtaining a first packet that includes a first header; forming a frame that includes the first header in encrypted form; combining the first header and the frame to form a second packet and forming a second header; encapsulating the second packet with the second header to form a third packet, and communicating the third packet into the second network from the second source node for termination to the second-destination node. The first header includes a first source address of a first source node of a first network, and a first destination address of a first destination node of the first network. The second header includes a second source address of a second source node of a second network, and a second destination address of a second destination node of the second network.

摘要翻译： 提供了一种旨在实现动态安全群组通信的系统和方法。 该方法包括：获得包括第一报头的第一分组; 形成包括加密形式的第一标题的帧; 组合第一报头和帧以形成第二分组并形成第二报头; 将所述第二分组与所述第二报头封装以形成第三分组，并且将所述第三分组从所述第二源节点传送到所述第二网络以用于终止到所述第二目的地节点。 第一标头包括第一网络的第一源节点的第一源地址和第一网络的第一目的地节点的第一目的地地址。 第二标头包括第二网络的第二源节点的第二源地址和第二网络的第二目的地节点的第二目的地地址。

公开(公告)号：US08036221B2

公开(公告)日：2011-10-11

申请号：US12210821

申请日：2008-09-15

申请人： Scott Fluhrer ,  Warren Scott Wainner ,  Sheela Rowles ,  Kavitha Kamarthy ,  Mohamed Khalid ,  Haseeb Naizi ,  Pratima Sethi

发明人： Scott Fluhrer ,  Warren Scott Wainner ,  Sheela Rowles ,  Kavitha Kamarthy ,  Mohamed Khalid ,  Haseeb Naizi ,  Pratima Sethi

IPC分类号： H04L12/56

CPC分类号： H04L41/0893 ,  H04L41/08 ,  H04L63/0272 ,  H04L63/0428 ,  H04L63/08

摘要： A system and method directed to carrying out dynamic secured group communication is provided. The method includes obtaining a first packet that includes a first header. The first header includes a first source address of a first source node of a first network, and a first destination address of a first destination node of the first network. The method also includes forming a frame that includes the first header in encrypted form, combining the first header and the frame to form a second packet, and forming a second header. This second header includes a second source address of a second source node of a second network, and a second destination address of a second destination node of the second network. The method further includes encapsulating the second packet with the second header to form a third packet, and communicating the third packet into the second network from the second source node for termination to the second-destination node.

摘要翻译： 提供了一种旨在实现动态安全群组通信的系统和方法。 该方法包括获得包括第一报头的第一分组。 第一标头包括第一网络的第一源节点的第一源地址和第一网络的第一目的地节点的第一目的地地址。 该方法还包括以加密形式形成包括第一报头的帧，组合第一报头和帧以形成第二报文，并形成第二报头。 该第二标题包括第二网络的第二源节点的第二源地址和第二网络的第二目的地节点的第二目的地地址。 该方法还包括用第二报头封装第二分组以形成第三分组，并将第三分组从第二源节点传送到第二网络以用于终止到第二目的地节点。

公开(公告)号：US20090034557A1

公开(公告)日：2009-02-05

申请号：US12210821

申请日：2008-09-15

申请人： Scott Fluhrer ,  Warren Scott Wainner ,  Sheela Rowles ,  Kavitha Kamarthy ,  Mohamed Khalid ,  Haseeb Naizi ,  Pratima Sethi

发明人： Scott Fluhrer ,  Warren Scott Wainner ,  Sheela Rowles ,  Kavitha Kamarthy ,  Mohamed Khalid ,  Haseeb Naizi ,  Pratima Sethi

IPC分类号： H04J3/24

CPC分类号： H04L41/0893 ,  H04L41/08 ,  H04L63/0272 ,  H04L63/0428 ,  H04L63/08

摘要： A system and method directed to carrying out dynamic secured group communication is provided. The method includes obtaining a first packet that includes a first header. The first header includes a first source address of a first source node of a first network, and a first destination address of a first destination node of the first network. The method also includes forming a frame that includes the first header in encrypted form, combining the first header and the frame to form a second packet, and forming a second header. This second header includes a second source address of a second source node of a second network, and a second destination address of a second destination node of the second network. The method further includes encapsulating the second packet with the second header to form a third packet, and communicating the third packet into the second network from the second source node for termination to the second-destination node.

摘要翻译： 提供了一种旨在实现动态安全群组通信的系统和方法。 该方法包括获得包括第一报头的第一分组。 第一标头包括第一网络的第一源节点的第一源地址和第一网络的第一目的地节点的第一目的地地址。 该方法还包括以加密形式形成包括第一报头的帧，组合第一报头和帧以形成第二报文，并形成第二报头。 该第二标题包括第二网络的第二源节点的第二源地址和第二网络的第二目的地节点的第二目的地地址。 该方法还包括用第二报头封装第二分组以形成第三分组，并将第三分组从第二源节点传送到第二网络以用于终止到第二目的地节点。

公开(公告)号：US09009302B2

公开(公告)日：2015-04-14

申请号：US13400841

申请日：2012-02-21

申请人： Frederic R. P. Detienne ,  Pratima Sethi ,  Ijsbrand Wijnands

发明人： Frederic R. P. Detienne ,  Pratima Sethi ,  Ijsbrand Wijnands

IPC分类号： G06F15/173 ,  G06F15/16 ,  H04L9/08 ,  H04L29/06 ,  H04L9/32

CPC分类号： H04L63/065 ,  H04L9/0833 ,  H04L9/3268

摘要： Upon detection of a new traffic flow, a registration node can dynamically register the new traffic flow with a key server policy manager by sending a registration request on behalf of the new traffic flow. A registration request indicates the new traffic flow should be protected by a security group. A registration request may also include a request to dynamically generate a new security group to protect the traffic flow. The registration request is received by a key server policy manager, which performs authentication and authorization checks of the requesting registration node, and determines whether to accept or reject the registration request. If accepted, the key server policy manager registers the new traffic flow by including a description of the traffic flow in a group policy of an existing security group or a newly created security group, depending on the registration request.

摘要翻译： 在检测到新的业务流时，注册节点可以通过代表新的业务流发送注册请求来与密钥服务器策略管理器动态注册新的业务流。 注册请求表示新的流量应由安全组保护。 注册请求还可以包括动态生成新的安全组以保护业务流的请求。 注册请求由密钥服务器策略管理器接收，密钥服务器策略管理器执行请求注册节点的认证和授权检查，并确定是接受还是拒绝注册请求。 如果接受，密钥服务器策略管理器根据注册请求，将现有安全组或新创建的安全组的组策略中的流量描述包含在流量中，从而注册新流量。