公开(公告)号：US06324575B1

公开(公告)日：2001-11-27

申请号：US09240360

申请日：1999-01-29

Applicant: Vipin Kumar Jain ,  Peter Si-Sheng Wang

Inventor： Vipin Kumar Jain ,  Peter Si-Sheng Wang

IPC: G06F1300

CPC classification number: H04L12/185

Abstract: A method and system for intelligently selecting the multicast filtering mode of a port in a switch. In one embodiment the present invention determines whether a client is coupled to a port of a switch. In such an embodiment, provided that a client is coupled to the port, the present invention monitors the client to determine if the client is 802.1p compliant. Next, in this embodiment, provided that the client is 802.1p compliant, the present invention automatically selects a Filter Unregistered Groups mode for the port to which the client is coupled. Conversely, if the client is not 802.1p compliant, the present invention selects a Forward All Groups mode for the port to which the client is coupled. In so doing, the present invention intelligently selects the optimal multicast filter mode for a switch and its connected clients. Additionally, the present invention eliminates the need for expensive, time-consuming, and error-prone network administrator intervention.

Abstract translation: 一种用于智能地选择交换机端口的组播过滤模式的方法和系统。 在一个实施例中，本发明确定客户端是否耦合到交换机的端口。 在这样的实施例中，只要客户机耦合到端口，本发明监视客户端以确定客户端是否符合802.1p。 接下来，在本实施例中，只要客户端符合802.1p，本发明就为客户机所耦合的端口自动选择过滤器未注册组模式。 相反，如果客户端不符合802.1p标准，则本发明为该客户端所耦合的端口选择“转发所有组”模式。 这样做，本发明智能地选择交换机及其连接的客户端的最佳组播过滤器模式。 此外，本发明消除了对昂贵，耗时和容易出错的网络管理员干预的需要。

公开(公告)号：US06912589B1

公开(公告)日：2005-06-28

申请号：US09281726

申请日：1999-03-30

Applicant: Vipin Kumar Jain ,  Peter Si-Sheng Wang

Inventor： Vipin Kumar Jain ,  Peter Si-Sheng Wang

IPC: G06F15/16 ,  H04L12/18 ,  H04L12/28 ,  H04L12/46

CPC classification number: H04L12/1886 ,  H04L12/4645 ,  H04L12/467 ,  H04L12/4675

Abstract: A method and system for efficiently handling forwarding of multicast packets by ignoring VLAN (virtual local area network) context during lookup. In one embodiment, the present invention receives, at an intermediate device, multicast registration information for a client. The present embodiment then creates a forwarding database of the multicast registration information. In the present embodiment, when handling a multicast packet at an intermediate device, the present invention accesses the multicast registration information stored in the forwarding database. More particularly, in this embodiment, the present invention accesses the multicast registration information stored in the forwarding database without utilizing VLAN context of the client. As a result, the present invention allows the intermediate device to forward a single multicast packet which will later be supplied to registered member ports. The member ports apply the appropriate VLAN context. In so doing, the present invention prevents unnecessary replication of multicast packets and avoids superfluous expensive lookups in multicast registration tables.

Abstract translation: 一种通过在查找期间忽略VLAN（虚拟局域网）上下文来有效地处理组播数据包转发的方法和系统。 在一个实施例中，本发明在中间设备处接收客户端的多播注册信息。 然后，本实施例创建多播注册信息的转发数据库。 在本实施例中，当在中间设备处理多播分组时，本发明访问存储在转发数据库中的多播登记信息。 更具体地，在本实施例中，本发明访问存储在转发数据库中的多播注册信息，而不使用客户端的VLAN上下文。 结果，本发明允许中间设备转发稍后将被提供给注册成员端口的单个多播分组。 成员端口应用适当的VLAN上下文。 这样做，本发明可以防止多播分组的不必要复制，避免多播注册表中多余的昂贵查询。

公开(公告)号：US06765914B1

公开(公告)日：2004-07-20

申请号：US09544806

申请日：2000-04-07

Applicant: Vipin Kumar Jain ,  Cynthia M. Jung

Inventor： Vipin Kumar Jain ,  Cynthia M. Jung

IPC: H04L1256

CPC classification number: H04L45/04 ,  H04L12/4641 ,  H04L12/467 ,  H04L45/583 ,  H04L49/25 ,  H04L49/354

Abstract: The present invention is drawn to an system and a method for configuring subnets within a switch network that is typically comprised of switches and a router coupled together via a common shared bus. In one embodiment, a VLAN-defined (virtual local area network-defined) subnet is configured by mapping a subnet to a VLAN. All subnet members share a single VLAN ID irrespective of device boundaries of the switch network. In particular, in contrast to the span of a conventional subnet, the span of the VLAN-defined subnet is not required to be confined within a single switch's device boundary. As such, the present invention provides flexibility in configuring subnets. Moreover, an intra-VLAN packet forwarding mechanism is provided for said VLAN-defined subnet such that a packet can be transmitted between any two subnet members. This intra-VLAN packet forwarding mechanism avoids routing even when the VLAN-defined subnet spans more than one switch. Advantageously, packet transmission bottleneck found typically in the router is eliminated. Finally, in the presence of other of similarly configured VLAN-defined VLAN's, inter-VLAN packet forwarding can be provided flexibly with or without routing.

Abstract translation: 本发明涉及一种用于配置交换机网络内的子网的系统和方法，所述子网通常由交换机和经由公共共享总线耦合在一起的路由器组成。 在一个实施例中，通过将子网映射到VLAN来配置VLAN定义（虚拟局域网定义）子网。 所有子网成员与交换机网络的设备边界无关，共享一个VLAN ID。 特别地，与传统子网的跨度相反，VLAN定义子网的跨度不需要限制在单个交换机的设备边界内。 因此，本发明提供了配置子网的灵活性。 此外，为所述VLAN定义的子网提供了VLAN内分组转发机制，使得分组可以在任何两个子网成员之间传输。 即使VLAN定义的子网跨越多个交换机，该VLAN内报文转发机制也避免了路由。 有利的是，消除了路由器中通常发现的分组传输瓶颈。 最后，在存在其他类似配置的VLAN定义的VLAN的情况下，可以灵活地提供VLAN间转发，带或不带路由。

公开(公告)号：US06614787B1

公开(公告)日：2003-09-02

申请号：US09283027

申请日：1999-03-30

Applicant: Vipin Kumar Jain ,  Peter Si-Sheng Wang

Inventor： Vipin Kumar Jain ,  Peter Si-Sheng Wang

IPC: H04L1228

CPC classification number: H04L12/4675 ,  H04L12/185 ,  H04L12/1886 ,  H04L12/4645 ,  H04L12/467 ,  H04L12/4691

Abstract: A method and system for efficiently handling multicast packets by aggregating VLAN (virtual local area network) context. In one embodiment, multicast registration information is received for a first client in one VLAN and then multicast registration information for the second client in a second VLAN. An aggregated list is created of the multicast registration information for the first client and the second client. In this embodiment, the aggregated list of the multicast registration information is forwarded for the first client and the second client to a second intermediate device. Then, when handling a multicast packet at the second intermediate device, the present invention accesses the aggregated list of the multicast registration information for the first client and the second client. As a result, the present invention allows the second intermediate device to perceive having only a single VLAN registered to receive the multicast packet.

Abstract translation: 通过聚合VLAN（虚拟局域网）上下文来有效处理组播数据包的方法和系统。 在一个实施例中，针对一个VLAN中的第一客户机接收到多播注册信息，然后在第二VLAN中为第二客户端的多播注册信息。 创建用于第一客户端和第二客户端的多播注册信息的聚合列表。 在本实施例中，将第一客户机和第二客户机的组播注册信息的聚合列表转发给第二中间设备。 然后，当在第二中间设备处理多播分组时，本发明访问第一客户端和第二客户端的多播注册信息的聚合列表。 结果，本发明允许第二中间设备感知到只有单个VLAN被注册以接收多播分组。

公开(公告)号：US6021495A

公开(公告)日：2000-02-01

申请号：US866818

申请日：1997-05-30

Applicant: Vipin Kumar Jain ,  Danny M. Nessett ,  William Paul Sherer

Inventor： Vipin Kumar Jain ,  Danny M. Nessett ,  William Paul Sherer

IPC: H04L12/56 ,  H04L29/06 ,  G06F12/00

CPC classification number: H04L63/08 ,  H04L63/162

Abstract: A network intermediate system authenticates end systems attached to ports of the intermediate system. An authentication routine is called on a port each time an intermediate system detects any interruption in the physical connection with the port, including reboot of the end system connected to the port. Network data is not fully transmitted or received to any port that has not been authenticated. The invention distributes a user authentication to the point where an end system initially connects to a network, to prevent an authorized reception or transmission of network data that is not prevented under existing network login systems. The invention may be incorporated into an intermediate system, into intermediate system software, or into applications specific integrated circuits designed for use in an intermediate system. The invention may include components that interact specifically with installed components in an end system or elsewhere in a network.

Abstract translation: 网络中间系统认证连接到中间系统端口的端系统。 每次中间系统检测到与端口的物理连接中断时，都会在端口上调用认证例程，包括重新启动连接到端口的终端系统。 网络数据未完全传输或接收到尚未认证的任何端口。 本发明将用户认证分配到终端系统最初连接到网络的点，以防止在现有网络登录系统下未被阻止的网络数据的授权接收或传输。 本发明可以并入中间系统，中间系统软件，或被设计用于中间系统的专用集成电路。 本发明可以包括与终端系统中的安装的组件或网络中的其他地方特定交互的组件。

公开(公告)号：US06311218B1

公开(公告)日：2001-10-30

申请号：US08955869

申请日：1997-10-28

Applicant: Vipin Kumar Jain ,  Danny M. Nessett ,  William Paul Sherer

Inventor： Vipin Kumar Jain ,  Danny M. Nessett ,  William Paul Sherer

IPC: G06F1516

CPC classification number: H04L63/0442 ,  H04L12/413 ,  H04L12/44 ,  H04L12/4625 ,  H04L29/06 ,  H04L63/0823 ,  H04L69/324

Abstract: An intermediate system authenticates using cryptography. The authentication routine requires a user to supply a secret known only to the user before allowing data to be transmitted. The secret is never transmitted. The invention may be incorporated into an intermediate system, into intermediate system software, or into application specific integrated circuits designed for use in an intermediate system. The invention may include components that interact specifically with installed components in an end system or elsewhere in a network.

Abstract translation: 中间系统使用加密技术进行身份验证。 认证例程要求用户在允许传输数据之前提供仅向用户提供的秘密。 秘密从未传播。 本发明可以并入中间系统，中间系统软件，或被设计用于中间系统的专用集成电路中。 本发明可以包括与终端系统中的安装的组件或网络中的其他地方特定交互的组件。