公开(公告)号：US20100235593A1

公开(公告)日：2010-09-16

申请号：US12403906

申请日：2009-03-13

Applicant: Navindra YADAV ,  Shree Murthy ,  Vijayaraghavan Doraiswami ,  Peter Geoffrey Jones

Inventor： Navindra YADAV ,  Shree Murthy ,  Vijayaraghavan Doraiswami ,  Peter Geoffrey Jones

IPC: G06F12/16

CPC classification number: H04L67/1095 ,  H04L45/00 ,  H04L45/24 ,  H04L45/28 ,  H04L69/28

Abstract: In an example embodiment, packets for a selected flow are replicated and sent over one or more diverse paths, such as a primary path and at least one secondary path, to a destination switching device. At the destination switching device, one copy of the replicated packets is selected for delivery to the destination, and the remaining copies are discarded. In the event that packets are not received at the destination switching device due to loss of connection on the primary path or packets are not timely delivered due to congestion on the primary path, a different path may be selected as the primary path.

Abstract translation: 在示例实施例中，用于所选流的分组被复制并通过一个或多个不同路径（诸如主路径和至少一个次要路径）发送到目的地交换设备。 在目的地交换设备处，选择复制的分组的一个副本以传送到目的地，并且剩余的副本被丢弃。 如果由于主路径上的连接丢失而在目的地交换设备处没有接收到分组，否则由于主路径上的拥塞而不能及时地传送分组，可以选择不同的路径作为主要路径。

公开(公告)号：US07710900B2

公开(公告)日：2010-05-04

申请号：US11470240

申请日：2006-09-05

Applicant: Robert Andrews ,  Navindra Yadav ,  Shree Murthy

Inventor： Robert Andrews ,  Navindra Yadav ,  Shree Murthy

IPC: H04L12/28

CPC classification number: H04L41/0866 ,  H04L12/66 ,  H04L41/0806 ,  H04L41/0853 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/5003 ,  H04L45/00

Abstract: Method and system for providing a dynamic network configuration and management based on defining and applying high level administrative intents including retrieving one or more attributes associated with one or more logical groups in a network, determining one or more network policies based on the one or more retrieved attributes, associating the one or more logical groups to a respective network group identifier, and generating a network group list associated with the one or more network group identifiers, is disclosed.

Abstract translation: 用于基于定义和应用高级管理意图提供动态网络配置和管理的方法和系统，包括检索与网络中的一个或多个逻辑组相关联的一个或多个属性，基于一个或多个检索到的一个或多个检索到的一个或多个网络策略 属性，将一个或多个逻辑组关联到相应的网络组标识符，以及生成与一个或多个网络组标识符相关联的网络组列表。

公开(公告)号：US6118760A

公开(公告)日：2000-09-12

申请号：US884946

申请日：1997-06-30

Applicant: William T. Zaumen ,  Donald L. Hoffman ,  Shree Murthy

Inventor： William T. Zaumen ,  Donald L. Hoffman ,  Shree Murthy

IPC: G06F17/30 ,  H04L12/56 ,  H04L29/06 ,  H04Q11/04

CPC classification number: G06F17/30982 ,  H04L29/06 ,  H04L49/90 ,  H04L69/28

Abstract: The invention generally provides for a network element and methods in the network element for allowing a matching entry in a forwarding memory to be found in a single search of the memory, for determining when an entry should be placed in the memory, and for determining when an entry should be removed from the memory, in order to make more efficient use of the fixed space available in the memory. The invention is particularly useful in making more efficient use of a Content Addressable Memory (CAM) for storing flow entries, and configuring the CAM to index an associated memory that stores forwarding and quality of service information for each CAM entry.

Abstract translation: 本发明通常提供网络元件中的网络元件和方法，用于允许在存储器的单次搜索中找到转发存储器中的匹配条目，以确定何时应该将条目放置在存储器中，并且用于确定何时 应从内存中删除一个条目，以便更有效地使用内存中可用的固定空间。 本发明特别可用于更有效地使用用于存储流条目的内容寻址存储器（CAM），并且配置CAM以索引存储用于每个CAM条目的转发和服务质量信息的相关联的存储器。

公开(公告)号：US6081522A

公开(公告)日：2000-06-27

申请号：US885559

申请日：1997-06-30

Applicant: Ariel Hendel ,  Leo A. Hejza ,  Shree Murthy

Inventor： Ariel Hendel ,  Leo A. Hejza ,  Shree Murthy

IPC: H04L12/56 ,  H04L12/28

CPC classification number: H04L45/742 ,  H04L49/602 ,  H04L49/205 ,  H04L49/3027 ,  H04L49/354

Abstract: A multi-layer network element for forwarding received packets from an input port to one or more output ports. The packet is examined to look for different types of forwarding information. An associative memory is searched once for each type of information. The results from the two searches are combined to forward the packet to the appropriate one or more output ports. The packet may be examined for other information as well to make the forwarding decisions. In one embodiment, the invention examines the packet for layer 2 information as the first type and layer 3, and perhaps some layer 4, information as the second type. The results are merged to determine the most appropriate combination of layer 2 or layer 3 forwarding decisions for the packet.

Abstract translation: 一种用于将接收的分组从输入端口转发到一个或多个输出端口的多层网元。 检查数据包以查找不同类型的转发信息。 对于每种类型的信息搜索一次联想记忆。 将两个搜索的结果组合以将分组转发到适当的一个或多个输出端口。 可以检查分组以获得其他信息以做出转发决定。 在一个实施例中，本发明将层2信息的分组视为第一类型和层3，以及可能的一些第4层信息作为第二类型。 结果被合并以确定分组的第2层或第3层转发决策的最合适的组合。

公开(公告)号：US08755319B2

公开(公告)日：2014-06-17

申请号：US12027977

申请日：2008-02-07

Applicant: Suresh Katukam ,  Navindra Yadav ,  Shree Murthy ,  Abhay Roy

Inventor： Suresh Katukam ,  Navindra Yadav ,  Shree Murthy ,  Abhay Roy

IPC: H04L12/26

CPC classification number: H04W40/36 ,  H04L45/025

Abstract: In one embodiment, detecting a host device on a port of a forwarder switch in a network, detecting a movement of the host device from a first forwarder switch to a second forwarder switch, and multicast broadcasting an updated device information for the host device to a convergence group switches and a proximity group switches, where the convergence group switches includes switches in the network that are not configured as forwarder switches, and the proximity group switches include forwarder switches grouped together based on radio proximity is provided.

Abstract translation: 在一个实施例中，检测网络中的转发器交换机的端口上的主机设备，检测主机设备从第一转发器交换机到第二转发器交换机的移动，以及多播广播主机设备的更新设备信息到 汇聚组交换机和接近组交换机，其中收敛组交换机包括未配置为转发器交换机的网络中的交换机，并且提供接近组交换机包括基于无线电接近度分组在一起的转发器交换机。

公开(公告)号：US08650618B2

公开(公告)日：2014-02-11

申请号：US12507422

申请日：2009-07-22

Applicant: Rajiv Asati ,  Mohamed Khalid ,  Sunil Cherukuri ,  Kenneth A. Durazzo ,  Shree Murthy

Inventor： Rajiv Asati ,  Mohamed Khalid ,  Sunil Cherukuri ,  Kenneth A. Durazzo ,  Shree Murthy

IPC: G06F7/04

CPC classification number: H04L63/0272 ,  H04L12/4633 ,  H04L12/4641 ,  H04L63/0892 ,  H04L63/102 ,  H04L63/164

Abstract: Apparatus, methods, and other embodiments associated with providing service insertion architecture (SIA) differentiated services in a virtual private network (VPN) environment are described. Embodiments may provision an authentication, authorization, and accounting (AAA) server with user-to-SIA service-context mapping information. With the AAA server provisioned, embodiments may acquire, in an IPSec VPN hub, during IPSec tunnel user authentication, from the AAA server, the user-to-SIA service-context mapping information. With the mapping information available, embodiments may dynamically map an SIA service to an IPSec VPN tunnel user based on the service information acquired from the Service Broker or Pseudo-Service Broker. The dynamic mapping facilitates providing differentiated services in the SIA by facilitating forwarding an IPSec packet received on the IPSec VPN tunnel from the user to a service node associated with the SIA service based, at least in part, on the IPSec SADB entry modified using the service information.

Abstract translation: 描述了与在虚拟专用网络（VPN）环境中提供服务插入架构（SIA）差异化服务相关联的装置，方法和其他实施例。 实施例可以提供具有用户到SIA服务 - 上下文映射信息的认证，授权和计费（AAA）服务器。 在提供AAA服务器的情况下，实施例可以在IPSec VPN集线器中从AAA服务器获取用户到SIA服务上下文映射信息的IPSec隧道用户认证期间。 利用可用的映射信息，实施例可以基于从服务代理或伪服务代理获取的服务信息来动态地将SIA服务映射到IPSec VPN隧道用户。 动态映射有助于在SIA中提供差分服务，方法是至少部分地基于使用该服务修改的IPSec SADB条目，将在IPSec VPN隧道上接收的IPSec分组从用户转发到与SIA服务相关联的服务节点 信息。

公开(公告)号：US20130042106A1

公开(公告)日：2013-02-14

申请号：US13207775

申请日：2011-08-11

Applicant: Andrew Persaud ,  Kavitha Kamarthy ,  Shree Murthy ,  Scott Fanning ,  David A. McGrew ,  Thirunavukkarasu Suresh

Inventor： Andrew Persaud ,  Kavitha Kamarthy ,  Shree Murthy ,  Scott Fanning ,  David A. McGrew ,  Thirunavukkarasu Suresh

IPC: G06F12/14 ,  H04L9/32

CPC classification number: H04L63/0428 ,  G06F21/606 ,  G06F21/6272 ,  H04L9/0822 ,  H04L9/083 ,  H04L9/0894 ,  H04L9/0897 ,  H04L63/104 ,  H04L2209/76

Abstract: Techniques are provided for securely storing data files in, or retrieving data files from, cloud storage. A data file transmitted to cloud storage from a client in an enterprise computing environment is intercepted by at least one network device. Using security information received from a management server, the data file is converted into an encrypted object configured to remain encrypted while at rest in the cloud storage.

Abstract translation: 提供技术用于将数据文件安全地存储在云存储中或从云存储中检索数据文件。 在企业计算环境中从客户端发送到云存储的数据文件被至少一个网络设备拦截。 使用从管理服务器接收的安全信息，数据文件被转换成被配置为在云存储中休息时保持加密的加密对象。

公开(公告)号：US07995498B2

公开(公告)日：2011-08-09

申请号：US11353311

申请日：2006-02-13

Applicant: Robert Andrews ,  Navindra Yadav ,  Shree Murthy ,  Gnanaprakasam Pandian ,  Murali Duvvury ,  Sudhakar Padavala

Inventor： Robert Andrews ,  Navindra Yadav ,  Shree Murthy ,  Gnanaprakasam Pandian ,  Murali Duvvury ,  Sudhakar Padavala

IPC: H04L12/28

CPC classification number: H04L41/0886 ,  H04L12/66 ,  H04L41/0816

Abstract: A method and system provides dynamic configuration of network elements using hierarchical inheritance. The method includes monitoring a data network, detecting a change associated with a configuration of the data network, identifying one or more member groups affected by the detected change, and modifying the network configuration for the one or more member groups in the data network.

Abstract translation: 一种方法和系统使用分层继承来提供网络元素的动态配置。 该方法包括监视数据网络，检测与数据网络的配置相关联的改变，识别受检测到的改变影响的一个或多个成员组，以及修改数据网络中的一个或多个成员组的网络配置。

公开(公告)号：US20110023090A1

公开(公告)日：2011-01-27

申请号：US12507422

申请日：2009-07-22

Applicant: Rajiv ASATI ,  Mohamed KHALID ,  Sunil CHERUKURI ,  Kenneth A. DURAZZO ,  Shree MURTHY

Inventor： Rajiv ASATI ,  Mohamed KHALID ,  Sunil CHERUKURI ,  Kenneth A. DURAZZO ,  Shree MURTHY

IPC: G06F21/00 ,  H04L9/32

CPC classification number: H04L63/0272 ,  H04L12/4633 ,  H04L12/4641 ,  H04L63/0892 ,  H04L63/102 ,  H04L63/164

Abstract: Apparatus, methods, and other embodiments associated with providing service insertion architecture (SIA) differentiated services in a virtual private network (VPN) environment are described. Embodiments may provision an authentication, authorization, and accounting (AAA) server with user-to-SIA service-context mapping information. With the AAA server provisioned, embodiments may acquire, in an IPSec VPN hub, during IPSec tunnel user authentication, from the AAA server, the user-to-SIA service-context mapping information. With the mapping information available, embodiments may dynamically map an SIA service to an IPSec VPN tunnel user based on the service information acquired from the Service Broker or Pseudo-Service Broker. The dynamic mapping facilitates providing differentiated services in the SIA by facilitating forwarding an IPSec packet received on the IPSec VPN tunnel from the user to a service node associated with the SIA service based, at least in part, on the IPSec SADB entry modified using the service information.

Abstract translation: 描述了与在虚拟专用网络（VPN）环境中提供服务插入架构（SIA）差异化服务相关联的装置，方法和其他实施例。 实施例可以提供具有用户到SIA服务 - 上下文映射信息的认证，授权和计费（AAA）服务器。 在提供AAA服务器的情况下，实施例可以在IPSec VPN集线器中从AAA服务器获取用户到SIA服务上下文映射信息的IPSec隧道用户认证期间。 利用可用的映射信息，实施例可以基于从服务代理或伪服务代理获取的服务信息来动态地将SIA服务映射到IPSec VPN隧道用户。 动态映射有助于在SIA中提供差分服务，方法是至少部分地基于使用该服务修改的IPSec SADB条目，将在IPSec VPN隧道上接收的IPSec分组从用户转发到与SIA服务相关联的服务节点 信息。

公开(公告)号：US20080276004A1

公开(公告)日：2008-11-06

申请号：US11742971

申请日：2007-05-01

Applicant: Allan Thomson ,  David S. Stephenson ,  Subhasri Dhesikan ,  Vijayaraghavan Doraiswami ,  Shree Murthy

Inventor： Allan Thomson ,  David S. Stephenson ,  Subhasri Dhesikan ,  Vijayaraghavan Doraiswami ,  Shree Murthy

IPC: H04L12/28 ,  G06F17/00

CPC classification number: H04W4/02 ,  H04L29/12226 ,  H04L61/2015 ,  H04L67/18

Abstract: A method for populating location wiremap databases. In particular implementations, a method includes establishing a link layer connection with a client on a switch port, where the switch port is associated with a port identifier and is mapped to a location; identifying one or more connection attributes of the connection, where the connection attributes comprise a network layer address of the client; and transmitting the port identifier and the network layer address of the client to a location server.

Abstract translation: 填充位置线图数据库的方法。 在特定实现中，一种方法包括与交换机端口上的客户端建立链路层连接，其中交换机端口与端口标识符相关联并被映射到一个位置; 识别所述连接的一个或多个连接属性，其中所述连接属性包括所述客户端的网络层地址; 并将客户端的端口标识符和网络层地址发送到位置服务器。