-
1.发明申请公开(公告)号:US20190253454A1
公开(公告)日:2019-08-15
申请号:US16391351
申请日:2019-04-23
CPC分类号: H04L63/164 , H04L12/4633 , H04L63/0272 , H04L63/0471
摘要: A mechanism to facilitate a private network (VPN)-as-a-service, preferably within the context of an overlay IP routing mechanism implemented within an overlay network. A network-as-a-service customer operates endpoints that are desired to be connected to one another securely and privately using the overlay IP (OIP) routing mechanism. The overlay provides delivery of packets end-to-end between overlay network appliances positioned at the endpoints. During such delivery, the appliances are configured such that the data portion of each packet has a distinct encryption context from the encryption context of the TCP/IP portion of the packet. By establishing and maintaining these distinct encryption contexts, the overlay network can decrypt and access the TCP/IP flow. This enables the overlay network provider to apply one or more TCP optimizations. At the same time, the separate encryption contexts ensure the data portion of each packet is never available in the clear at any point during transport.
-
公开(公告)号:US20210243128A1
公开(公告)日:2021-08-05
申请号:US17233742
申请日:2021-04-19
发明人: William R. Sears , Martin K. Lohner
IPC分类号: H04L12/851 , H04L12/803
摘要: A method of congestion control implemented by a sender over a network link that includes a router having a queue. During a first state, information is received from a receiver. The information comprises an estimated maximum bandwidth for the link, a one-way transit time for traffic over the link, and an indication whether the network link is congested. In response to the link being congested, the sender transitions to a second state. While in the second state, a sending rate of packets in reduced, in part to attempt to drain the queue of data packets contributed by the sender. The sender transitions to a third state when the sender estimates that the queue has been drained of the data packets contributed. During the third state, the sending rate is increased until either the sender transitions back to the first state, or receives a new indication that the link is congested.
-
公开(公告)号:US09813343B2
公开(公告)日:2017-11-07
申请号:US14559745
申请日:2014-12-03
IPC分类号: H04L12/803 , H04L29/06 , H04L12/46 , H04L29/08
CPC分类号: H04L47/125 , H04L12/4633 , H04L63/0272 , H04L63/164 , H04L67/1023
摘要: A mechanism to facilitate a private network (VPN)-as-a-service, preferably within the context of an overlay IP routing mechanism implemented within an overlay network. The overlay provides delivery of packets end-to-end between overlay network appliances positioned at the endpoints. During such delivery, the appliances are configured such that the data portion of each packet has a distinct encryption context from the encryption context of the TCP/IP portion of the packet. By establishing and maintaining these distinct encryption contexts, the overlay network can decrypt and access the TCP/IP flow. This enables the overlay network provider to apply one or more TCP optimizations. At the same time, the separate encryption contexts ensure the data portion of each packet is never available in the clear at any point during transport. According to another feature, data flows within the overlay directed to a particular edge region may be load-balanced while still preserving IPsec replay protection.
-
公开(公告)号:US20240064104A1
公开(公告)日:2024-02-22
申请号:US18385776
申请日:2023-10-31
发明人: William R. Sears , Martin K. Lohner
IPC分类号: H04L47/24 , H04L47/125
CPC分类号: H04L47/24 , H04L47/125 , H04L12/4633
摘要: A method of congestion control implemented by a sender over a network link that includes a router having a queue. During a first state, information is received from a receiver. The information comprises an estimated maximum bandwidth for the link, a one-way transit time for traffic over the link, and an indication whether the network link is congested. In response to the link being congested, the sender transitions to a second state. While in the second state, a sending rate of packets in reduced, in part to attempt to drain the queue of data packets contributed by the sender. The sender transitions to a third state when the sender estimates that the queue has been drained of the data packets contributed. During the third state, the sending rate is increased until either the sender transitions back to the first state, or receives a new indication that the link is congested.
-
公开(公告)号:US11070473B2
公开(公告)日:2021-07-20
申请号:US15802526
申请日:2017-11-03
IPC分类号: H04L12/803 , H04L29/06 , H04L29/08 , H04L12/46
摘要: A mechanism to facilitate a private network (VPN)-as-a-service, preferably within the context of an overlay IP routing mechanism implemented within an overlay network. The overlay provides delivery of packets end-to-end between overlay network appliances positioned at the endpoints. During such delivery, the appliances are configured such that the data portion of each packet has a distinct encryption context from the encryption context of the TCP/IP portion of the packet. By establishing and maintaining these distinct encryption contexts, the overlay network can decrypt and access the TCP/IP flow. This enables the overlay network provider to apply one or more TCP optimizations. At the same time, the separate encryption contexts ensure the data portion of each packet is never available in the clear at any point during transport. According to another feature, data flows within the overlay directed to a particular edge region may be load-balanced while still preserving IPsec replay protection.
-
公开(公告)号:US20180069797A1
公开(公告)日:2018-03-08
申请号:US15802526
申请日:2017-11-03
IPC分类号: H04L12/803 , H04L29/08 , H04L12/46 , H04L29/06
CPC分类号: H04L47/125 , H04L12/4633 , H04L63/0272 , H04L63/164 , H04L67/1023
摘要: A mechanism to facilitate a private network (VPN)-as-a-service, preferably within the context of an overlay IP routing mechanism implemented within an overlay network. The overlay provides delivery of packets end-to-end between overlay network appliances positioned at the endpoints. During such delivery, the appliances are configured such that the data portion of each packet has a distinct encryption context from the encryption context of the TCP/IP portion of the packet. By establishing and maintaining these distinct encryption contexts, the overlay network can decrypt and access the TCP/IP flow. This enables the overlay network provider to apply one or more TCP optimizations. At the same time, the separate encryption contexts ensure the data portion of each packet is never available in the clear at any point during transport. According to another feature, data flows within the overlay directed to a particular edge region may be load-balanced while still preserving IPsec replay protection.
-
公开(公告)号:US11805061B2
公开(公告)日:2023-10-31
申请号:US17233742
申请日:2021-04-19
发明人: William R. Sears , Martin K. Lohner
IPC分类号: H04L47/24 , H04L47/125 , H04L12/46
CPC分类号: H04L47/24 , H04L47/125 , H04L12/4633
摘要: A method of congestion control implemented by a sender over a network link that includes a router having a queue. During a first state, information is received from a receiver. The information comprises an estimated maximum bandwidth for the link, a one-way transit time for traffic over the link, and an indication whether the network link is congested. In response to the link being congested, the sender transitions to a second state. While in the second state, a sending rate of packets in reduced, in part to attempt to drain the queue of data packets contributed by the sender. The sender transitions to a third state when the sender estimates that the queue has been drained of the data packets contributed. During the third state, the sending rate is increased until either the sender transitions back to the first state, or receives a new indication that the link is congested.
-
公开(公告)号:US11411996B2
公开(公告)日:2022-08-09
申请号:US16391351
申请日:2019-04-23
摘要: A mechanism to facilitate a private network (VPN)-as-a-service, preferably within the context of an overlay IP routing mechanism implemented within an overlay network. A network-as-a-service customer operates endpoints that are desired to be connected to one another securely and privately using the overlay IP (OIP) routing mechanism. The overlay provides delivery of packets end-to-end between overlay network appliances positioned at the endpoints. During such delivery, the appliances are configured such that the data portion of each packet has a distinct encryption context from the encryption context of the TCP/IP portion of the packet. By establishing and maintaining these distinct encryption contexts, the overlay network can decrypt and access the TCP/IP flow. This enables the overlay network provider to apply one or more TCP optimizations. At the same time, the separate encryption contexts ensure the data portion of each packet is never available in the clear at any point during transport.
-
9.发明申请Virtual private network (VPN)-as-a-service with load-balanced tunnel endpoints 有权具有负载均衡的隧道端点的虚拟专用网(VPN)-as-a-service公开(公告)号:US20150188823A1
公开(公告)日:2015-07-02
申请号:US14559745
申请日:2014-12-03
IPC分类号: H04L12/803 , H04L29/08 , H04L29/06 , H04L12/46 , H04L12/931
CPC分类号: H04L47/125 , H04L12/4633 , H04L63/0272 , H04L63/164 , H04L67/1023
摘要: A mechanism to facilitate a private network (VPN)-as-a-service, preferably within the context of an overlay IP routing mechanism implemented within an overlay network. The overlay provides delivery of packets end-to-end between overlay network appliances positioned at the endpoints. During such delivery, the appliances are configured such that the data portion of each packet has a distinct encryption context from the encryption context of the TCP/IP portion of the packet. By establishing and maintaining these distinct encryption contexts, the overlay network can decrypt and access the TCP/IP flow. This enables the overlay network provider to apply one or more TCP optimizations. At the same time, the separate encryption contexts ensure the data portion of each packet is never available in the clear at any point during transport. According to another feature, data flows within the overlay directed to a particular edge region may be load-balanced while still preserving IPsec replay protection.
摘要翻译: 优选地在覆盖网络内实现的覆盖IP路由机制的上下文中促进私有网络(VPN)的一种服务的机制。 覆盖层提供在端点之间的覆盖网络设备之间端对端传递数据包。 在这种传送期间,设备被配置为使得每个分组的数据部分具有来自分组的TCP / IP部分的加密上下文的不同的加密上下文。 通过建立和维护这些不同的加密上下文,覆盖网络可以解密和访问TCP / IP流。 这使覆盖网络提供商能够应用一个或多个TCP优化。 同时,单独的加密上下文确保每个数据包的数据部分在传输过程中的任何时刻都不会清除。 根据另一特征,定向到特定边缘区域的覆盖内的数据流可以是负载平衡的,同时保持IPsec重放保护。
-
公开(公告)号:US20220385639A1
公开(公告)日:2022-12-01
申请号:US17884068
申请日:2022-08-09
IPC分类号: H04L9/40 , H04L45/64 , H04L12/46 , H04L45/02 , H04L47/193
摘要: A mechanism to facilitate a private network (VPN)-as-a-service, preferably within the context of an overlay IP routing mechanism implemented within an overlay network. A network-as-a-service customer operates endpoints that are desired to be connected to one another securely and privately using the overlay IP (OIP) routing mechanism. The overlay provides delivery of packets end-to-end between overlay network appliances positioned at the endpoints. During such delivery, the appliances are configured such that the data portion of each packet has a distinct encryption context from the encryption context of the TCP/IP portion of the packet. By establishing and maintaining these distinct encryption contexts, the overlay network can decrypt and access the TCP/IP flow. This enables the overlay network provider to apply one or more TCP optimizations. At the same time, the separate encryption contexts ensure the data portion of each packet is never available in the clear at any point during transport.
-
-
-
-
-
-
-
-
-
搜索结果
14 条记录 (耗时 0.015 秒)
