公开(公告)号：US10268656B1

公开(公告)日：2019-04-23

申请号：US13111131

申请日：2011-05-19

Applicant: Yonghui Cheng ,  Siu-Wang Leung ,  Wilson Xu ,  Liang Li

Inventor： Yonghui Cheng ,  Siu-Wang Leung ,  Wilson Xu ,  Liang Li

IPC: G06F17/30 ,  G06F16/957

Abstract: Enforcing a policy based at least in part on URL information is disclosed. A uniform resource locator (URL) is received. A portion of the URL, or a transformation thereof, is matched against a bloom filter. Based on a result of the match, a first query is performed. A policy is enforced based at least in part on a category received as a result of a second query. In some cases, the first and second query are the same.

公开(公告)号：US08150977B1

公开(公告)日：2012-04-03

申请号：US13078688

申请日：2011-04-01

Applicant: Yonghui Cheng ,  Yi Sun

Inventor： Yonghui Cheng ,  Yi Sun

IPC: G06F15/16 ,  G06F12/00

CPC classification number: H04L63/145 ,  H04L47/193 ,  H04L47/2416 ,  H04L47/50 ,  H04L47/52 ,  H04L49/9047 ,  H04L67/325

Abstract: A network device is described in which a dedicated resource scheduler monitors memory consumption to provide for improved processing of communication sessions. The scheduler maintains a dependency list of communication sessions, and reserves memory for communication sessions as requests for memory are received. The amount of memory reserved is determined based on the amount of memory currently reserved for the communication sessions in the dependency list. The network device may control ongoing communication sessions by way of window manipulation. Communication sessions are processed in a first mode when available memory has not reached a predetermined amount, while communication sessions are processed in a second mode when available memory reaches a predetermined amount.

Abstract translation: 描述了一种网络设备，其中专用资源调度器监视存储器消耗以提供通信会话的改进处理。 调度器维护通信会话的依赖列表，并且在接收到对存储器的请求时，为通信会话保留存储器。 基于当前为依赖关系列表中的通信会话保留的存储器量来确定存储器量。 网络设备可以通过窗口操纵来控制正在进行的通信会话。 当可用存储器尚未达到预定量时，以第一模式处理通信会话，而当可用存储器达到预定量时，在第二模式中处理通信会话。

公开(公告)号：US08185946B2

公开(公告)日：2012-05-22

申请号：US12471214

申请日：2009-05-22

Applicant: Jesse Shu ,  Yonghui Cheng

Inventor： Jesse Shu ,  Yonghui Cheng

IPC: G06F9/00

CPC classification number: H04L63/0236 ,  H04W12/02 ,  H04W12/12 ,  H04W76/30

Abstract: Methods of screening incoming packets are provided. A first firewall detects a tunnel formation. A second firewall maintains a list of open firewall sessions. Each tunnel has one or more associated firewall sessions. The first firewall detects variable situations, such as when the tunnel is torn down, and notifies the second firewall so that, for example, the second firewall can act to clear an associated firewall session from the firewall session list. Incoming packets that are associated with firewall sessions that have been cleared from the firewall session list may not be passed through the second firewall.

Abstract translation: 提供筛选进入包的方法。 第一个防火墙检测隧道形成。 第二个防火墙维护一个打开的防火墙会话列表。 每个隧道都有一个或多个关联的防火墙会话。 第一个防火墙检测可变情况，例如当隧道拆除时，通知第二个防火墙，以便例如第二个防火墙可以从防火墙会话列表中清除相关的防火墙会话。 与从防火墙会话列表中清除的防火墙会话关联的传入数据包可能不会通过第二个防火墙传递。

公开(公告)号：US08127349B2

公开(公告)日：2012-02-28

申请号：US12834726

申请日：2010-07-12

Applicant: Changming Liu ,  Choung-Yaw Shieh ,  Yonghui Cheng

Inventor： Changming Liu ,  Choung-Yaw Shieh ,  Yonghui Cheng

IPC: G06F9/00 ,  G06F15/16 ,  G06F17/00

CPC classification number: H04L45/00 ,  H04L12/4633 ,  H04L29/06 ,  H04L63/0272 ,  H04L63/20

Abstract: A system establishes a virtual private network (VPN) tunnel to a destination and determines a next hop for the VPN tunnel. The system inserts the next hop, and an address associated with the destination, into an entry of a first table. The system inserts the next hop, and a tunnel identifier corresponding to the established VPN tunnel, into an entry of a second table. The system associates one or more security parameters, used to encrypt traffic sent via the VPN tunnel, with the tunnel identifier.

Abstract translation: 系统建立到目的地的虚拟专用网（VPN）隧道，并确定VPN隧道的下一跳。 系统将下一跳和与目的地相关联的地址插入到第一个表的条目中。 系统将下一跳和对应于已建立的VPN隧道的隧道标识符插入第二个表的条目。 该系统将用于加密经由VPN隧道发送的流量的一个或多个安全参数与隧道标识符相关联。

公开(公告)号：US07930408B1

公开(公告)日：2011-04-19

申请号：US12476315

申请日：2009-06-02

Applicant: Yonghui Cheng ,  Yi Sun

Inventor： Yonghui Cheng ,  Yi Sun

IPC: G06F15/16 ,  G06F12/00

CPC classification number: H04L63/145 ,  H04L47/193 ,  H04L47/2416 ,  H04L47/50 ,  H04L47/52 ,  H04L49/9047 ,  H04L67/325

Abstract: A network device is described in which a dedicated resource scheduler monitors memory consumption to provide for improved processing of communication sessions. The scheduler maintains a dependency list of communication sessions, and reserves memory for communication sessions as requests for memory are received. The amount of memory reserved is determined based on the amount of memory currently reserved for the communication sessions in the dependency list. The network device may control ongoing communication sessions by way of window manipulation. Communication sessions are processed in a first mode when available memory has not reached a predetermined amount, while communication sessions are processed in a second mode when available memory reaches a predetermined amount.

Abstract translation: 描述了一种网络设备，其中专用资源调度器监视存储器消耗以提供通信会话的改进处理。 调度器维护通信会话的依赖列表，并且在接收到对存储器的请求时，为通信会话保留存储器。 基于当前为依赖关系列表中的通信会话保留的存储器量来确定存储器量。 网络设备可以通过窗口操纵来控制正在进行的通信会话。 当可用存储器尚未达到预定量时，以第一模式处理通信会话，而当可用存储器达到预定量时，在第二模式中处理通信会话。

公开(公告)号：US20090235348A1

公开(公告)日：2009-09-17

申请号：US12471214

申请日：2009-05-22

Applicant: Jesse SHU ,  Yonghui CHENG

Inventor： Jesse SHU ,  Yonghui CHENG

IPC: H04L9/00

CPC classification number: H04L63/0236 ,  H04W12/02 ,  H04W12/12 ,  H04W76/30

Abstract: Methods of screening incoming packets are provided. A first firewall detects a tunnel formation. A second firewall maintains a list of open firewall sessions. Each tunnel has one or more associated firewall sessions. The first firewall detects variable situations, such as when the tunnel is torn down, and notifies the second firewall so that, for example, the second firewall call act to clear an associated firewall session from the firewall session list. Incoming packets that are associated with firewall sessions that have been cleared from the firewall session list may not be passed through the second firewall.

Abstract translation: 提供筛选进入包的方法。 第一个防火墙检测隧道形成。 第二个防火墙维护一个打开的防火墙会话列表。 每个隧道都有一个或多个关联的防火墙会话。 第一个防火墙检测可变情况，例如当隧道被拆除时，通知第二个防火墙，以便例如第二个防火墙呼叫用来从防火墙会话列表中清除相关的防火墙会话。 与从防火墙会话列表中清除的防火墙会话关联的传入数据包可能不会通过第二个防火墙传递。

公开(公告)号：US08478999B2

公开(公告)日：2013-07-02

申请号：US12550806

申请日：2009-08-31

Applicant: Yonghui Cheng ,  Choung-Yaw Shieh

Inventor： Yonghui Cheng ,  Choung-Yaw Shieh

IPC: H04L29/06

CPC classification number: H04L69/40 ,  H04L63/0272

Abstract: A network device implements congestion management of sessions of a network protocol. In one implementation, an incoming request component receives session requests for a negotiation session between the network device and a second network device. A capacity pool stores a value relating to capacity of the network device to continue to efficiently process the session requests. New sessions are initiated when the value stored in the capacity pool is less than an estimate of the capacity of the network device at which the network device maximizes processor usage while minimizing session timeouts.

公开(公告)号：US20120137358A1

公开(公告)日：2012-05-31

申请号：US13369735

申请日：2012-02-09

Applicant: Changming LIU ,  Choung-Yaw SHIEH ,  Yonghui CHENG

Inventor： Changming LIU ,  Choung-Yaw SHIEH ,  Yonghui CHENG

IPC: H04L9/00 ,  G06F21/00

CPC classification number: H04L45/00 ,  H04L12/4633 ,  H04L29/06 ,  H04L63/0272 ,  H04L63/20

Abstract: A system establishes a virtual private network (VPN) tunnel to a destination and determines a next hop for the VPN tunnel. The system inserts the next hop, and an address associated with the destination, into an entry of a first table. The system inserts the next hop, and a tunnel identifier corresponding to the established VPN tunnel, into an entry of a second table. The system associates one or more security parameters, used to encrypt traffic sent via the VPN tunnel, with the tunnel identifier.

Abstract translation: 系统建立到目的地的虚拟专用网（VPN）隧道，并确定VPN隧道的下一跳。 系统将下一跳和与目的地相关联的地址插入到第一个表的条目中。 系统将下一跳和对应于已建立的VPN隧道的隧道标识符插入第二个表的条目。 该系统将用于加密经由VPN隧道发送的流量的一个或多个安全参数与隧道标识符相关联。

公开(公告)号：US07848335B1

公开(公告)日：2010-12-07

申请号：US11260839

申请日：2005-10-27

Applicant: Yong Kang ,  Changming Liu ,  Yonghui Cheng

Inventor： Yong Kang ,  Changming Liu ,  Yonghui Cheng

IPC: H04L12/28

CPC classification number: H04L63/0272 ,  H04L12/4633 ,  H04L12/4641 ,  H04L45/10 ,  H04L45/54 ,  H04L2212/00

Abstract: A virtual private network (VPN) tunnel is established that extends from a source spoke to a destination spoke in a hub-and-spoke enterprise network. Prior to establishing the VPN tunnel, packets are sent from the source spoke to the destination spoke through the hub network. In this manner, packets are not dropped while the VPN tunnel is being set up. The VPN tunnel is established by querying a server for the network address of a destination router in the destination spoke, then setting up the VPN tunnel using a secure communication protocol. An extension to the Internet Key Exchange (IKE) protocol is used to obtain the private network address of the destination router during setup of the VPN tunnel. A forwarding table is updated after the VPN tunnel is established to reroute the packets through the new VPN tunnel.

Abstract translation: 建立了一个虚拟专用网（VPN）隧道，该隧道从辐射源辐射到中心辐射企业网络中的目的地。 在建立VPN隧道之前，通过集线器网络将数据包从源辐条发送到目的地。 以这种方式，在VPN隧道建立时，数据包不会丢弃。 通过向服务器查询目的地分支中的目的地路由器的网络地址，然后使用安全通信协议设置VPN隧道来建立VPN隧道。 在VPN隧道建立过程中，使用Internet密钥交换协议（IKE）协议来扩展目的路由器的私有网络地址。 在建立VPN隧道后，通过新的VPN隧道重新路由数据包，更新转发表。

公开(公告)号：US07602709B1

公开(公告)日：2009-10-13

申请号：US10990352

申请日：2004-11-17

Applicant: Yonghui Cheng ,  Choung-Yaw Shieh

Inventor： Yonghui Cheng ,  Choung-Yaw Shieh

IPC: H04L12/26

CPC classification number: H04L69/40 ,  H04L63/0272

Abstract: A network device implements congestion management of sessions of a network protocol. In one implementation, an incoming request component receives session requests for a negotiation session between the network device and a second network device. A capacity pool stores a value relating to capacity of the network device to continue to efficiently process the session requests. New sessions are initiated when the value stored in the capacity pool is less than an estimate of the capacity of the network device at which the network device maximizes processor usage while minimizing session timeouts.

Abstract translation: 网络设备实现网络协议会话的拥塞管理。 在一个实现中，传入请求组件接收在网络设备和第二网络设备之间的协商会话的会话请求。 容量池存储与网络设备的容量相关的值，以继续有效地处理会话请求。 当存储在容量池中的值小于网络设备在网络设备最大化处理器使用量并最小化会话超时的容量的估计时，将启动新会话。