公开(公告)号：US09516142B2

公开(公告)日：2016-12-06

申请号：US13459160

申请日：2012-04-28

申请人： Adekunle Bello ,  Radhika Chirra ,  Nikhil Hegde ,  Aruna Yedavilli

发明人： Adekunle Bello ,  Radhika Chirra ,  Nikhil Hegde ,  Aruna Yedavilli

IPC分类号： H04L29/08 ,  H04L29/06 ,  H04L12/801 ,  H04L12/807 ,  H04L12/26

CPC分类号： H04L67/1097 ,  H04L43/16 ,  H04L47/193 ,  H04L47/27 ,  H04L47/822 ,  H04L63/1458 ,  H04L67/143 ,  H04L69/16 ,  H04L69/163

摘要： A method, programmed medium and system are provided for preventing the denial of file system access to a plurality of clients accessing a NFS server. In one example, an NFS server is configured to listen on a server port. The server runs a separate daemon which “watches” client requests as they are received at the NFS server. The server processing system tracks the number of times a client sends consecutive TCP zero-window packets in response to a data packet from the server. If the number of zero-window packets crosses a user-defined threshold, then a routine is called to stop responding to that client using a backoff algorithm. When the server reaches a point where the number of available threads or any other relevant resource dips below a user-defined threshold, the server process starts terminating connections to the clients starting from the ones with the oldest entry in the table.

摘要翻译： 提供了一种编程介质和系统的方法，用于防止文件系统访问访问NFS服务器的多个客户机的访问。 在一个示例中，NFS服务器配置为在服务器端口上侦听。 服务器运行一个单独的守护进程，它在NFS服务器上收到客户端请求。 服务器处理系统跟踪客户端响应于来自服务器的数据分组发送连续的TCP零窗口分组的次数。 如果零窗口数据包的数量跨越用户定义的阈值，则调用例程以使用退避算法停止对该客户端的响应。 当服务器达到可用线程数或任何其他相关资源下降到低于用户定义阈值的点时，服务器进程将从具有表中最早条目的服务器开始终止与客户端的连接。

公开(公告)号：US20120215916A1

公开(公告)日：2012-08-23

申请号：US13459160

申请日：2012-04-28

申请人： Adekunle Bello ,  Radhika Chirra ,  Nikhil Hegde ,  Aruna Yedavilli

发明人： Adekunle Bello ,  Radhika Chirra ,  Nikhil Hegde ,  Aruna Yedavilli

IPC分类号： G06F15/173

CPC分类号： H04L67/1097 ,  H04L43/16 ,  H04L47/193 ,  H04L47/27 ,  H04L47/822 ,  H04L63/1458 ,  H04L67/143 ,  H04L69/16 ,  H04L69/163

摘要： A method, programmed medium and system are provided for preventing the denial of file system access to a plurality of clients accessing a NFS server. In one example, an NFS server is configured to listen on a server port. The server runs a separate daemon which “watches” client requests as they are received at the NFS server. The server processing system tracks the number of times a client sends consecutive TCP zero-window packets in response to a data packet from the server. If the number of zero-window packets crosses a user-defined threshold, then a routine is called to stop responding to that client using a backoff algorithm. When the server reaches a point where the number of available threads or any other relevant resource dips below a user-defined threshold, the server process starts terminating connections to the clients starting from the ones with the oldest entry in the table.

摘要翻译： 提供了一种编程介质和系统的方法，用于防止文件系统访问访问NFS服务器的多个客户机的访问。 在一个示例中，NFS服务器配置为在服务器端口上侦听。 服务器运行一个单独的守护进程，它在NFS服务器上收到客户端请求。 服务器处理系统跟踪客户端响应于来自服务器的数据分组发送连续的TCP零窗口分组的次数。 如果零窗口数据包的数量跨越用户定义的阈值，则调用例程以使用退避算法停止对该客户端的响应。 当服务器达到可用线程数或任何其他相关资源下降到低于用户定义阈值的点时，服务器进程将从具有表中最早条目的服务器开始终止与客户端的连接。

公开(公告)号：US20110113134A1

公开(公告)日：2011-05-12

申请号：US12614511

申请日：2009-11-09

申请人： Adekunle Bello ,  Radhika Chirra ,  Nikhil Hegde ,  Aruna Yedavilli

发明人： Adekunle Bello ,  Radhika Chirra ,  Nikhil Hegde ,  Aruna Yedavilli

IPC分类号： G06F15/173

CPC分类号： H04L67/1097 ,  H04L43/16 ,  H04L47/193 ,  H04L47/27 ,  H04L47/822 ,  H04L63/1458 ,  H04L67/143 ,  H04L69/16 ,  H04L69/163

摘要： A method, programmed medium and system are provided for preventing the denial of file system access to a plurality of clients accessing a NFS server. In one example, an NFS server is configured to listen on a server port. The server runs a separate daemon which “watches” client requests as they are received at the NFS server. The server processing system tracks the number of times a client sends consecutive TCP zero-window packets in response to a data packet from the server. If the number of zero-window packets crosses a user-defined threshold, then a routine is called to stop responding to that client using a backoff algorithm. When the server reaches a point where the number of available threads or any other relevant resource dips below a user-defined threshold, the server process starts terminating connections to the clients starting from the ones with the oldest entry in the table.

摘要翻译： 提供了一种编程介质和系统的方法，用于防止文件系统访问访问NFS服务器的多个客户机的访问。 在一个示例中，NFS服务器配置为在服务器端口上侦听。 服务器运行一个单独的守护进程，它在NFS服务器上收到客户端请求。 服务器处理系统跟踪客户端响应于来自服务器的数据分组发送连续的TCP零窗口分组的次数。 如果零窗口数据包的数量跨越用户定义的阈值，则调用例程以使用退避算法停止对该客户端的响应。 当服务器达到可用线程数或任何其他相关资源下降到低于用户定义阈值的点时，服务器进程将从具有表中最早条目的服务器开始终止与客户端的连接。

公开(公告)号：US09021510B2

公开(公告)日：2015-04-28

申请号：US13584359

申请日：2012-08-13

申请人： Adekunle Bello ,  Andrew Dunshea ,  Nikhil Hegde ,  Paul H. Hernandez ,  Aruna Yedavilli

发明人： Adekunle Bello ,  Andrew Dunshea ,  Nikhil Hegde ,  Paul H. Hernandez ,  Aruna Yedavilli

IPC分类号： G06F15/173 ,  G06F9/54

CPC分类号： G06F9/547

摘要： A service module that provides for discovery of one or more network interfaces connecting a prospective remote procedure call (RPC) client, facilitates the provision of RPC programs in a network including multi-horned systems. When a request for a network address to an RPC application providing an RPC program is received from the RPC client, the RPC bind daemon discovers from the module, using the client response address, over which interface(s) the client is accessible. The daemon then selects an address of a network path to the RPC application that the prospective client can access and returns the corresponding network address. The service module monitors the network stack for RPC get address requests and builds tables of client address entries with corresponding network interface identifiers. The entries are retired according to an aging policy.

摘要翻译： 提供用于发现连接预期远程过程调用（RPC）客户端的一个或多个网络接口的服务模块，有助于在包括多角度系统的网络中提供RPC程序。 当从RPC客户端接收到提供RPC程序的RPC应用程序的网络地址的请求时，RPC绑定守护程序使用客户端响应地址从模块发现客户端可访问哪个接口。 守护程序然后选择预期客户端可以访问的RPC应用程序的网络路径的地址，并返回相应的网络地址。 服务模块监视网络堆栈以获取RPC获取地址请求，并使用相应的网络接口标识符构建客户端地址表的表。 这些条目根据老龄化政策退休。

公开(公告)号：US20120324483A1

公开(公告)日：2012-12-20

申请号：US13584359

申请日：2012-08-13

申请人： Adekunle Bello ,  Andrew Dunshea ,  Nikhil Hegde ,  Paul H. Hernandez ,  Aruna Yedavilli

发明人： Adekunle Bello ,  Andrew Dunshea ,  Nikhil Hegde ,  Paul H. Hernandez ,  Aruna Yedavilli

IPC分类号： G06F9/44

CPC分类号： G06F9/547

摘要： A service module that provides for discovery of one or more network interfaces connecting a prospective remote procedure call (RPC) client, facilitates the provision of RPC programs in a network including multi-horned systems. When a request for a network address to an RPC application providing an RPC program is received from the RPC client, the RPC bind daemon discovers from the module, using the client response address, over which interface(s) the client is accessible. The daemon then selects an address of a network path to the RPC application that the prospective client can access and returns the corresponding network address. The service module monitors the network stack for RPC get address requests and builds tables of client address entries with corresponding network interface identifiers. The entries are retired according to an aging policy.

摘要翻译： 提供用于发现连接预期远程过程调用（RPC）客户端的一个或多个网络接口的服务模块，有助于在包括多角度系统的网络中提供RPC程序。 当从RPC客户端接收到提供RPC程序的RPC应用程序的网络地址的请求时，RPC绑定守护程序使用客户端响应地址从模块发现客户端可访问哪个接口。 守护程序然后选择预期客户端可以访问的RPC应用程序的网络路径的地址，并返回相应的网络地址。 服务模块监视网络堆栈以获取RPC获取地址请求，并使用相应的网络接口标识符构建客户端地址表的表。 这些条目根据老龄化政策退休。

公开(公告)号：US08266639B2

公开(公告)日：2012-09-11

申请号：US12631016

申请日：2009-12-04

申请人： Adekunle Bello ,  Andrew Dunshea ,  Nikhil Hegde ,  Paul H. Hernandez ,  Aruna Yedavilli

发明人： Adekunle Bello ,  Andrew Dunshea ,  Nikhil Hegde ,  Paul H. Hernandez ,  Aruna Yedavilli

IPC分类号： G06F9/44

CPC分类号： G06F9/547

摘要： A service module that provides for discovery of one or more network interfaces connecting a prospective remote procedure call (RPC) client, facilitates the provision of RPC programs in a network including multi-horned systems. When a request for a network address to an RPC application providing an RPC program is received from the RPC client, the RPC bind daemon discovers from the module, using the client response address, over which interface(s) the client is accessible. The daemon then selects an address of a network path to the RPC application that the prospective client can access and returns the corresponding network address. The service module monitors the network stack for RPC get address requests and builds tables of client address entries with corresponding network interface identifiers. The entries are retired according to an aging policy. When multiple network paths to the RPC application are available, the service can be selected using a heuristic such as preferred interface, non-firewalled interface, least number of return path links or other criteria.

摘要翻译： 提供用于发现连接预期远程过程调用（RPC）客户端的一个或多个网络接口的服务模块，有助于在包括多角度系统的网络中提供RPC程序。 当从RPC客户端接收到提供RPC程序的RPC应用程序的网络地址的请求时，RPC绑定守护程序使用客户端响应地址从模块发现客户端可访问哪个接口。 守护程序然后选择预期客户端可以访问的RPC应用程序的网络路径的地址，并返回相应的网络地址。 服务模块监视网络堆栈以获取RPC获取地址请求，并使用相应的网络接口标识符构建客户端地址表的表。 这些条目根据老龄化政策退休。 当到达RPC应用程序的多个网络路径可用时，可以使用诸如首选接口，非防火墙接口，最少数量的返回路径链路或其他标准的启发式来选择服务。

公开(公告)号：US20110138404A1

公开(公告)日：2011-06-09

申请号：US12631016

申请日：2009-12-04

申请人： Adekunle Bello ,  Andrew Dunshea ,  Nikhil Hegde ,  Paul H. Hernandez ,  Aruna Yedavilli

发明人： Adekunle Bello ,  Andrew Dunshea ,  Nikhil Hegde ,  Paul H. Hernandez ,  Aruna Yedavilli

IPC分类号： G06F13/00 ,  G06F15/173

CPC分类号： G06F9/547

摘要： A service module that provides for discovery of one or more network interfaces connecting a prospective remote procedure call (RPC) client, facilitates the provision of RPC programs in a network including multi-horned systems. When a request for a network address to an RPC application providing an RPC program is received from the RPC client, the RPC bind daemon discovers from the module, using the client response address, over which interface(s) the client is accessible. The daemon then selects an address of a network path to the RPC application that the prospective client can access and returns the corresponding network address. The service module monitors the network stack for RPC get address requests and builds tables of client address entries with corresponding network interface identifiers. The entries are retired according to an aging policy. When multiple network paths to the RPC application are available, the service can be selected using a heuristic such as preferred interface, non-firewalled interface, least number of return path links or other criteria.

摘要翻译： 提供用于发现连接预期远程过程调用（RPC）客户端的一个或多个网络接口的服务模块，有助于在包括多角度系统的网络中提供RPC程序。 当从RPC客户端接收到提供RPC程序的RPC应用程序的网络地址的请求时，RPC绑定守护程序使用客户端响应地址从模块发现客户端可访问哪个接口。 守护程序然后选择预期客户端可以访问的RPC应用程序的网络路径的地址，并返回相应的网络地址。 服务模块监视网络堆栈以获取RPC获取地址请求，并使用相应的网络接口标识符构建客户端地址表的表。 这些条目根据老龄化政策退休。 当到达RPC应用程序的多个网络路径可用时，可以使用诸如首选接口，非防火墙接口，最少数量的返回路径链路或其他标准的启发式来选择服务。

公开(公告)号：US08555369B2

公开(公告)日：2013-10-08

申请号：US13269897

申请日：2011-10-10

申请人： Radhika Chirra ,  Nikhil Hegde ,  Richard J. Knight ,  Rashmi Narasimhan

发明人： Radhika Chirra ,  Nikhil Hegde ,  Richard J. Knight ,  Rashmi Narasimhan

IPC分类号： H04L29/06

CPC分类号： H04L63/0263 ,  H04L63/0428 ,  H04L63/20

摘要： A kernel extension is configured to intercept a call to associate a socket with a port of a node in a network. The call originates from a kernel of the node. The kernel extension is configured to determine the port from the call. The kernel extension is configured to determine that the port is one of a plurality of ports for which the node has authority to modify firewall rules of a firewall of the network. The kernel extension is configured to modify firewall rules maintained by the firewall to allow communications for the port to the node through the firewall.

摘要翻译： 内核扩展被配置为截取一个呼叫以将一个套接字与网络中某个节点的端口相关联。 呼叫源自节点的内核。 内核扩展配置为从呼叫确定端口。 内核扩展被配置为确定端口是节点有权修改网络的防火墙的防火墙规则的多个端口之一。 内核扩展被配置为修改由防火墙维护的防火墙规则，以允许通过防火墙将端口通信到节点。

公开(公告)号：US20130091538A1

公开(公告)日：2013-04-11

申请号：US13269897

申请日：2011-10-10

申请人： Radhika Chirra ,  Nikhil Hegde ,  Richard J. Knight ,  Rashmi Narasimhan

发明人： Radhika Chirra ,  Nikhil Hegde ,  Richard J. Knight ,  Rashmi Narasimhan

IPC分类号： G06F17/00

CPC分类号： H04L63/0263 ,  H04L63/0428 ,  H04L63/20

摘要： A kernel extension is configured to intercept a call to associate a socket with a port of a node in a network. The call originates from a kernel of the node. The kernel extension is configured to determine the port from the call. The kernel extension is configured to determine that the port is one of a plurality of ports for which the node has authority to modify firewall rules of a firewall of the network. The kernel extension is configured to modify firewall rules maintained by the firewall to allow communications for the port to the node through the firewall.

摘要翻译： 内核扩展被配置为截取一个呼叫以将一个套接字与网络中某个节点的端口相关联。 呼叫源自节点的内核。 内核扩展配置为从呼叫确定端口。 内核扩展被配置为确定端口是节点有权修改网络的防火墙的防火墙规则的多个端口之一。 内核扩展被配置为修改由防火墙维护的防火墙规则，以允许通过防火墙将端口通信到节点。

公开(公告)号：US09055003B2

公开(公告)日：2015-06-09

申请号：US13039908

申请日：2011-03-03

申请人： Kavitha Vittal Murthy Baratakke ,  Adekunle Bello ,  Nikhil Hegde ,  Rashmi Narasimhan

发明人： Kavitha Vittal Murthy Baratakke ,  Adekunle Bello ,  Nikhil Hegde ,  Rashmi Narasimhan

IPC分类号： G06F15/173 ,  H04L12/931 ,  H04L12/825

CPC分类号： H04L49/70 ,  H04L47/266 ,  H04L49/501 ,  Y02D50/10

摘要： In a method for regulating network bandwidth in a virtualized computer environment, a computer having a hypervisor program receives a request from a first virtual client to transmit data. In response, the computer transfers the data from a memory of the first virtual client to a memory of a virtual server. The computer receives an error notification from a shared virtual network adapter of the virtual server, indicative of insufficient network bandwidth available to transmit the data. In response, the computer notifies the first virtual client that insufficient network bandwidth is available to transmit the data.

摘要翻译： 在用于调节虚拟化计算机环境中的网络带宽的方法中，具有管理程序程序的计算机接收来自第一虚拟客户端的请求以发送数据。 作为响应，计算机将数据从第一虚拟客户端的存储器传送到虚拟服务器的存储器。 计算机从虚拟服务器的共享虚拟网络适配器接收错误通知，指示可用于发送数据的网络带宽不足。 作为响应，计算机通知第一虚拟客户端网络带宽不足以传送数据。