-
1.发明授权Securely managing network element state information in transport-layer associations 有权在传输层关联中安全地管理网元状态信息公开(公告)号:US07630364B2
公开(公告)日:2009-12-08
申请号:US11257820
申请日:2005-10-24
申请人: Randall R. Stewart , Peter Lei
发明人: Randall R. Stewart , Peter Lei
CPC分类号: H04L29/12462 , H04L61/255 , H04L63/0263 , H04L67/02
摘要: Rules in NAT and firewall devices are updated only when a packet flow is verified as genuine through transport-layer message acknowledgment sequences. When a device receives a packet indicating initiation of a new association, the device stores an internal source tag, an internal destination tag, an external source tag, and an external destination tag. Only after receiving a completion acknowledgment message from the destination node, the device sets the internal source tag equal to the external source tag, and sets the internal destination tag equal to the external destination tag. The rules are then updated based on the internal tags. As a result, the approach thwarts denial of service (DOS) attacks that seek to modify rules of NAT and firewall devices to permit harmful traffic.
摘要翻译: NAT和防火墙设备中的规则仅在通过传输层消息确认序列将数据包流验证为真时才更新。 当设备接收到指示新关联的启动的分组时,设备存储内部源标签,内部目的地标签,外部源标签和外部目的地标签。 只有从目的地节点收到完成确认消息后,设备将内部源标签设置为等于外部源标签,并将内部目的地标签设置为等于外部目的地标签。 然后根据内部标签更新规则。 因此,这种方法阻碍了拒绝服务(DOS)攻击,这些攻击旨在修改NAT和防火墙设备的规则,以允许有害的流量。
-
公开(公告)号:US07027389B2
公开(公告)日:2006-04-11
申请号:US09734783
申请日:2000-12-11
申请人: Randall R. Stewart
发明人: Randall R. Stewart
IPC分类号: H04L12/16
CPC分类号: H04L12/66 , H04L43/0811 , H04L43/0864 , H04L43/16
摘要: The present invention provides a method and apparatus to determine the state of a communications link between two nodes in a network. Typically, each node will have an RTT-based value to use, a packets sent counter, and a threshold number to use against the packet sent counter to determine if there is a problem with their communications link. Using the RTT value makes the failure detection sensitive to the actual state of the communications link at any particular time; it also allows the failure detection algorithm to take into account the bursty nature of nodes in a packetized network connection. For each packet received from a non-local node, the local node sets the counter to 0 and starts a new RTT-based time interval. The local node then increments the counter only once, regardless of how many packets it sends to the non-local node, during the RTT-based time interval. Once the time interval is up, the counter is incremented for each packet sent. The counter is compared to the fixed threshold value to determine if it is likely a communications link failure has occurred.
-
3.发明授权公开(公告)号:US07761562B1
公开(公告)日:2010-07-20
申请号:US11841742
申请日:2007-08-20
IPC分类号: G06F15/173 , G06F15/16
CPC分类号: H04L69/14
摘要: The present invention describes various techniques which may be used for determining multi-path latency in data networks which utilize a multi-homed transport protocols. Using the technique of the present invention, for example, appropriate source and destination addresses may be selected for specific IP datagrams in order to achieve an optimal communication path between endpoints which utilize a multi-homed transport protocol.
摘要翻译: 本发明描述了可用于确定利用多归属传输协议的数据网络中的多径延迟的各种技术。 使用本发明的技术,例如,可以为特定IP数据报选择适当的源和目的地址,以便在利用多归属传输协议的端点之间实现最佳通信路径。
-
4.发明授权Method of determining a maximum transmission unit value of a network path using transport layer feedback 有权使用传输层反馈来确定网络路径的最大传输单元值的方法公开(公告)号:US07738495B2
公开(公告)日:2010-06-15
申请号:US11338591
申请日:2006-01-23
IPC分类号: H04J3/24
CPC分类号: H04L47/10 , H04L47/365
摘要: A network element implementing a method for determining an optimal maximum transmission unit (MTU) value on a path between two nodes in a network is described. A sending node interested in learning the optimal MTU path value allows fragmentation of datagrams sent on the path, selects an initial MTU, and sends one or more data packets to a receiving node. Upon receiving the data the receiver determines if fragmentation occurred. If no fragmentation occurred then the MTU path selected is the optimal MTU for the given path between the nodes. If fragmentation did occur then the sender is notified that the selected MTU was not the optimal MTU for the path. Either the receiver proposes a new MTU for the path, or the sender selects a new, smaller MTU. The process repeats until the receiver detects no fragmentation.
摘要翻译: 描述了实现用于确定网络中两个节点之间的路径上的最佳最大传输单元(MTU)值的方法的网络元件。 有兴趣学习最佳MTU路径值的发送节点允许在路径上发送的数据报的分段,选择初始MTU,并将一个或多个数据分组发送到接收节点。 在接收到数据后,接收机确定是否发生分段。 如果没有发生碎片,则选择的MTU路径是节点之间给定路径的最优MTU。 如果发生碎片,则发送者被通知所选择的MTU不是该路径的最佳MTU。 接收方为路径提出新的MTU,或者发送方选择一个新的较小的MTU。 该过程重复,直到接收器没有检测到碎片。
-
5.发明授权Methods and apparatus for using SCTP to provide mobility of a network device 有权使用SCTP提供网络设备移动性的方法和装置公开(公告)号:US07457882B2
公开(公告)日:2008-11-25
申请号:US11394528
申请日:2006-03-30
申请人: Randall R. Stewart , Peter P. Lei
发明人: Randall R. Stewart , Peter P. Lei
IPC分类号: G06F15/16 , G06F15/177 , H04J3/16
CPC分类号: H04L12/2854
摘要: Methods and apparatus for supporting mobility using SCTP are disclosed. In accordance with one aspect of the invention, an SCTP association between a first network device and a second network device may be modified. The SCTP association includes a first set of IP addresses associated with the first network device and a second set of IP addresses associated with the second network device. The first network device establishes the SCTP association between the first network device and the second network device. An SCTP configuration message is then sent from the first network device to the second network device, the configuration message indicating a modification to be made to the SCTP association, thereby enabling the SCTP association to be modified without disconnecting an existing session.
摘要翻译: 公开了使用SCTP支持移动性的方法和装置。 根据本发明的一个方面,可以修改第一网络设备和第二网络设备之间的SCTP关联。 SCTP关联包括与第一网络设备相关联的第一组IP地址和与第二网络设备相关联的第二组IP地址。 第一网络设备在第一网络设备和第二网络设备之间建立SCTP关联。 然后,从第一网络设备向第二网络设备发送SCTP配置消息,该配置消息指示要对SCTP关联进行修改,从而使得能够修改SCTP关联而不断开现有会话。
-
公开(公告)号:US07072309B2
公开(公告)日:2006-07-04
申请号:US10025521
申请日:2001-12-17
IPC分类号: H04B7/005
CPC分类号: H04L1/1867 , H04L1/20 , H04L69/324 , H04W28/18
摘要: A method and apparatus for data transmission is provided herein. In accordance with the preferred embodiment of the present invention a loss-ratio estimator (105) estimates a current loss (L) for a communication channel (108). Once the actual loss for the channel is known, a generator (104) compares the actual loss (L) to a target loss (T). A retransmission control parameter (R) is then adjusted by the generator (104) and output to a transmitter 103 where it is used to control the retransmission behavior and to determine when to abort a bad frame. When a bad frame is aborted, transmitter 103 indicates the abortion to a receiving device (102). A receiver then utilizes the indication to stop reporting the bad frame in all subsequent ACK/NAKs.
摘要翻译: 本文提供了用于数据传输的方法和装置。 根据本发明的优选实施例,损耗比估计器(105)估计通信信道(108)的电流损耗(L)。 一旦已知通道的实际损失,发电机(104)将实际损耗(L)与目标损耗(T)进行比较。 然后由发生器(104)调整重传控制参数(R),并将其输出到发射机103,在发射机103处,用于控制重发行为并确定何时中止坏帧。 当错误帧被中止时,发射机103指示到接收设备(102)的堕胎。 然后,接收器利用该指示来停止在所有后续ACK / NAK中报告坏帧。
-
7.发明授权公开(公告)号:US06226283B1
公开(公告)日:2001-05-01
申请号:US09311794
申请日:1999-05-13
IPC分类号: H04Q728
摘要: Frames received by base stations (base stations) (103-107) are assigned a frame-quality indicator (FQI) by the base station. FQI information for all frames received is continuously backhauled to a switch (101). The switch (101) sidehauls the FQI information to a call anchoring base station, where a determination of a base station with the best FQI for each frame takes place. Once the anchoring base station determines a base station with the best FQI for a particular frame, the anchoring base station sends a FORWARD_FRAME message to the base station with the best FQI, or, if the anchoring base station is the base station with the best FQI, nothing is sent to the other base stations. Once the FORWARD_FRAME message is received by a base station, the base station immediately forwards the frame (identified by the frame number) to the switch (101). The switch (101) then routes the selected frame accordingly.
摘要翻译: 由基站(基站)(103-107)接收的帧由基站分配帧质量指示符(FQI)。 所接收的所有帧的FQI信息被连续回程到交换机(101)。 交换机(101)将FQI信息侧转到呼叫锚定基站,其中发生对于每个帧具有最佳FQI的基站的确定。 一旦锚定基站确定具有特定帧的最佳FQI的基站,则锚定基站向具有最佳FQI的基站发送FORWARD_FRAME消息,或者如果锚定基站是具有最佳FQI的基站 没有发送到其他基站。 一旦基站接收到FORWARD_FRAME消息,基站立即将帧(由帧号识别)转发到交换机(101)。 交换机(101)然后相应地路由所选择的帧。
-
8.发明授权Automated discovery of network devices supporting particular transport layer protocols 有权自动发现支持特定传输层协议的网络设备公开(公告)号:US08149842B2
公开(公告)日:2012-04-03
申请号:US12198067
申请日:2008-08-25
IPC分类号: H04L12/28
CPC分类号: H04L67/141 , H04L67/14 , H04L69/14 , H04L69/16 , H04L69/163
摘要: Disclosed are, inter alia, methods, apparatus, computer-storage media, mechanisms, and means associated with automated discovery of network devices supporting particular transport layer protocols, such as, but not limited to Stream Control Transmission Protocol (SCTP). Packet switching devices automatically discover peer packet switching devices supporting a particular transport layer protocol, and then establish a session using the particular transport layer protocol between them for subsequent use in transporting packets.
摘要翻译: 公开了尤其涉及支持特定传输层协议(例如但不限于流控制传输协议(SCTP))的网络设备的自动发现的方法,装置,计算机存储介质,机制和装置。 分组交换设备自动发现支持特定传输层协议的对等分组交换设备,然后使用它们之间的特定传输层协议来建立会话,以便随后用于传输分组。
-
公开(公告)号:US07706281B2
公开(公告)日:2010-04-27
申请号:US11326841
申请日:2006-01-06
申请人: Mitesh Dalal , Randall R. Stewart
发明人: Mitesh Dalal , Randall R. Stewart
IPC分类号: H04J1/16
摘要: A multi-homed network node comprises an interface that is addressable using a primary network address and a secondary network address. Network packets identifying the primary network address traverse a first network path and packets identifying the second network address traverse a second network path that is routed physically separately from the first network path. A transport layer network protocol association is established in the network between a first node and the multi-homed node. One or more data messages are sent to the second node and identify the primary network address. Network feedback information indicates one or more performance characteristics of the first network path. In response, the data messages are automatically modified to identify the secondary network address.
摘要翻译: 多宿主网络节点包括使用主网络地址和辅助网络地址可寻址的接口。 标识主网络地址的网络分组穿过第一网络路径,标识第二网络地址的分组穿过与第一网络路径物理分开路由的第二网络路径。 在第一节点和多归位节点之间的网络中建立传输层网络协议关联。 将一个或多个数据消息发送到第二个节点并识别主要网络地址。 网络反馈信息指示第一网络路径的一个或多个性能特征。 作为响应,数据消息被自动修改以识别辅助网络地址。
-
10.发明授权
公开(公告)号:US06072790A
公开(公告)日:2000-06-06
申请号:US311450
申请日:1999-05-13
摘要: A switch (101) performs distribution functions by distributing packets to base stations that were most recently heard from. More particularly, as a gateway (115) provides frames to the switch (101), the switch (101) distributes the frames to all base stations in communication with a remote unit (113). In order to determine the plurality of base stations requiring the frames, an identification of base stations (on a per-call basis) currently backhauling data to the switch (101) for the call is maintained. The switch (101) then distributes frames received from the gateway (115) to those base stations currently providing uplink frames to the switch (101) for the particular call.
摘要翻译: 交换机(101)通过向最近听到的基站分发分组来执行分发功能。 更具体地,当网关(115)向交换机(101)提供帧时,交换机(101)将帧分配给与远程单元(113)通信的所有基站。 为了确定需要这些帧的多个基站,维护当前用于呼叫的交换机(101)回程数据的基站(基于每个呼叫)的标识。 然后,交换机(101)将从网关(115)接收的帧分配给当前提供上行链路帧的基站,用于特定呼叫的交换机(101)。
-
-
-
-
-
-
-
-
-
搜索结果
20 条记录 (耗时 0.021 秒)
