公开(公告)号：US07689485B2

公开(公告)日：2010-03-30

申请号：US10630178

申请日：2003-07-29

申请人： Bhushan Mangesh Kanekar ,  Venkateshwar Rao Pullela ,  Dileep Kumar Devireddy ,  Suresh Gurajapu ,  Gyaneshwar S. Saharia ,  Atul Rawat

发明人： Bhushan Mangesh Kanekar ,  Venkateshwar Rao Pullela ,  Dileep Kumar Devireddy ,  Suresh Gurajapu ,  Gyaneshwar S. Saharia ,  Atul Rawat

IPC分类号： G06Q99/00

CPC分类号： G06F17/30982 ,  G06Q40/00 ,  G06Q40/12

摘要： Methods, apparatus, and other mechanisms are disclosed for generating accounting or other data based on that indicated in access control lists or other specifications, and typically using associative memory entries in one or more associative memory banks and/or memory devices. One implementation identifies an access control list including multiple access control list entries, with a subset of these access control list entries identifying accounting requests. Accounting mechanisms are associated with each of said access control list entries in the subset of access control list entries identifying accounting requests. An item is identified, and a corresponding accounting mechanism is updated. In one implementation, the item includes at least one autonomous system number. In one implementation, at least one of the accounting mechanisms is associated with at least two different access control list entries in the subset of access control list entries identifying accounting requests.

摘要翻译： 公开了用于基于访问控制列表或其他规范中指示的并且通常在一个或多个关联存储器组和/或存储器件中使用关联存储器条目来生成计帐或其他数据的方法，装置和其他机制。 一个实现标识包括多个访问控制列表条目的访问控制列表，其中这些访问控制列表条目的子集标识记帐请求。 计帐机制与识别计费请求的访问控制列表条目的子集中的每个所述访问控制列表条目相关联。 识别项目，并更新相应的计帐机制。 在一个实现中，该项目包括至少一个自主系统号码。 在一个实现中，至少一个计帐机制与识别计费请求的访问控制列表条目的子集中的至少两个不同的访问控制列表条目相关联。

公开(公告)号：US07724728B2

公开(公告)日：2010-05-25

申请号：US11122612

申请日：2005-05-05

申请人： Venkateshwar Rao Pullela ,  Ambarish Kenghe ,  Ramesh V N Ponnapalli ,  Dileep Kumar Devireddy ,  Suresh Gurajapu

发明人： Venkateshwar Rao Pullela ,  Ambarish Kenghe ,  Ramesh V N Ponnapalli ,  Dileep Kumar Devireddy ,  Suresh Gurajapu

IPC分类号： H04L12/66 ,  H04L12/28 ,  G06F7/04 ,  G06F9/00

CPC分类号： H04L12/4641

摘要： Disclosed are, inter alia, methods, apparatus, data structures, computer-readable media, and mechanisms, for policy-based processing of packets, including mechanisms for managing the policies. A user is authenticated and its user group identifier is identified. A packet is received and is associated with the user group identifier, and one or more fields (typically other than the source address field) of the packet are used to identify a second group identifier. A lookup operation is then performed on a policy based on the first and second group identifiers to identify a packet processing action to be performed on the packet. These identifiers are typically not network addresses, which disassociates the policy from physical network addresses (which often are dynamically assigned and may also vary based on the access point into the network of a user), and allows a switching device to process packets based on a policy stated using group identifiers.

摘要翻译： 公开了用于分组的基于策略的处理的方法，装置，数据结构，计算机可读介质和机制，包括用于管理策略的机制。 用户被认证，并且其用户组标识符被识别。 接收到分组并与用户组标识符相关联，并且使用分组的一个或多个字段（通常不是源地址字段）来标识第二组标识符。 然后基于第一组标识符和第二组标识符对策略执行查找操作，以识别要对分组执行的分组处理动作。 这些标识符通常不是网络地址，其将策略与物理网络地址（其通常被动态地分配，并且还可以基于到用户的网络的接入点）而变化），并且允许交换设备基于 政策声明使用组标识符。

公开(公告)号：US20090327514A1

公开(公告)日：2009-12-31

申请号：US12164631

申请日：2008-06-30

申请人： Marco Foschiano ,  Sudheer Babu Chittireddy ,  Christophe Paggen ,  Munawar Hossain ,  Suresh Gurajapu ,  Vardarajan Venkatesh

发明人： Marco Foschiano ,  Sudheer Babu Chittireddy ,  Christophe Paggen ,  Munawar Hossain ,  Suresh Gurajapu ,  Vardarajan Venkatesh

IPC分类号： G06F15/16

CPC分类号： H04L45/00 ,  H04L45/64

摘要： Methods and apparatus for intelligent sharing and tighter integration between a service engine (SE) for network communication and a high-speed forwarding device, such that certain network flows may be offloaded from the SE to benefit from the high-speed forwarding capacity of such a device are provided. To accomplish the integration, an application binary interface (ABI) may be employed as an in-band high-priority communication protocol between the data planes of the SE and the high-speed forwarding device, and an application programming interface (API) may be utilized to leverage the ABI and any in-band or out-of-band channel to allow the master SE to control the high-speed slave device. Such integration techniques are not limited to a few specialized hardware components, but may also be applied to other types of hardware resources, such as flow tables, quality of service (QoS) tables, access control list (ACL) tables for security, forwarding and adjacency tables, etc.

摘要翻译： 用于网络通信的服务引擎（SE）和高速转发设备之间的智能共享和更紧密集成的方法和装置，使得可以从SE中卸载某些网络流，以受益于这样的高速转发能力 设备。 为了实现集成，可以将应用二进制接口（ABI）用作在SE和高速转发设备的数据平面之间的带内高优先级通信协议，并且应用编程接口（API）可以是 用于利用ABI和任何带内或带外通道来允许主机控制高速从机设备。 这样的集成技术不限于几个专门的硬件组件，而是也可以应用于其他类型的硬件资源，例如流表，服务质量（QoS）表，用于安全，转发和访问的访问控制列表（ACL）表 邻接表等

公开(公告)号：US08520540B1

公开(公告)日：2013-08-27

申请号：US12847350

申请日：2010-07-30

申请人： Marco E. Foschiano ,  Kalyan Kumar Ghosh ,  Munish Mehta ,  Suresh Gurajapu

发明人： Marco E. Foschiano ,  Kalyan Kumar Ghosh ,  Munish Mehta ,  Suresh Gurajapu

IPC分类号： G01R31/08

CPC分类号： H04L43/0852 ,  H04L43/087 ,  H04L43/106

摘要： Techniques are provided for receiving one or more packets at a network device in a network. The one or more packets are part of normal network communication traffic. Device specific information associated with the one or more packets is generated that is unique to or available at the network device. One or more duplicate packets corresponding to the one or more packets are generated. The device specific information is encapsulated within the one or more duplicate packets for transmission over the network. The one or more duplicate packets are received at a network analyzer in the network. The device specific information associated with the one or more packets that is unique to the network device is extracted from the one or more duplicate packets and analyzed to determine network metrics for the one or more packets.

摘要翻译： 提供了用于在网络中的网络设备处接收一个或多个分组的技术。 一个或多个分组是正常网络通信业务的一部分。 生成与一个或多个分组相关联的设备特定信息，其在网络设备上是唯一的或可用的。 生成与一个或多个分组对应的一个或多个重复分组。 设备特定信息被封装在一个或多个重复分组内，以便通过网络进行传输。 在网络中的网络分析器处接收一个或多个重复分组。 从一个或多个重复分组中提取与网络设备唯一的一个或多个分组相关联的设备特定信息，并进行分析以确定一个或多个分组的网络度量。

公开(公告)号：US08327014B2

公开(公告)日：2012-12-04

申请号：US12164631

申请日：2008-06-30

申请人： Marco Foschiano ,  Sudheer Babu Chittireddy ,  Christophe Paggen ,  Munawar Hossain ,  Suresh Gurajapu ,  Vardarajan Venkatesh

发明人： Marco Foschiano ,  Sudheer Babu Chittireddy ,  Christophe Paggen ,  Munawar Hossain ,  Suresh Gurajapu ,  Vardarajan Venkatesh

IPC分类号： G06F15/16

CPC分类号： H04L45/00 ,  H04L45/64

摘要： Methods and apparatus for intelligent sharing and tighter integration between a service engine (SE) for network communication and a high-speed forwarding device, such that certain network flows may be offloaded from the SE to benefit from the high-speed forwarding capacity of such a device are provided. To accomplish the integration, an application binary interface (ABI) may be employed as an in-band high-priority communication protocol between the data planes of the SE and the high-speed forwarding device, and an application programming interface (API) may be utilized to leverage the ABI and any in-band or out-of-band channel to allow the master SE to control the high-speed slave device. Such integration techniques are not limited to a few specialized hardware components, but may also be applied to other types of hardware resources, such as flow tables, quality of service (QoS) tables, access control list (ACL) tables for security, forwarding and adjacency tables, etc.

摘要翻译： 用于网络通信的服务引擎（SE）和高速转发设备之间的智能共享和更紧密集成的方法和装置，使得可以从SE中卸载某些网络流，以受益于这样的高速转发能力 设备。 为了实现集成，可以将应用二进制接口（ABI）用作在SE和高速转发设备的数据平面之间的带内高优先级通信协议，并且应用编程接口（API）可以是 用于利用ABI和任何带内或带外通道来允许主机控制高速从机设备。 这样的集成技术不限于几个专门的硬件组件，而是也可以应用于其他类型的硬件资源，例如流表，服务质量（QoS）表，用于安全，转发和访问的访问控制列表（ACL）表 邻接表等

公开(公告)号：US20060233173A1

公开(公告)日：2006-10-19

申请号：US11122612

申请日：2005-05-05

申请人： Venkateshwar Pullela ,  Ambarish Kenghe ,  Ramesh Ponnapalli ,  Dileep Devireddy ,  Suresh Gurajapu

发明人： Venkateshwar Pullela ,  Ambarish Kenghe ,  Ramesh Ponnapalli ,  Dileep Devireddy ,  Suresh Gurajapu

IPC分类号： H04L12/28

CPC分类号： H04L12/4641

摘要： Disclosed are, inter alia, methods, apparatus, data structures, computer-readable media, and mechanisms, for policy-based processing of packets, including mechanisms for managing the policies. A user is authenticated and its user group identifier is identified. A packet is received and is associated with the user group identifier, and one or more fields (typically other than the source address field) of the packet are used to identify a second group identifier. A lookup operation is then performed on a policy based on the first and second group identifiers to identify a packet processing action to be performed on the packet. These identifiers are typically not network addresses, which disassociates the policy from physical network addresses (which often are dynamically assigned and may also vary based on the access point into the network of a user), and allows a switching device to process packets based on a policy stated using group identifiers.

摘要翻译： 公开了用于分组的基于策略的处理的方法，装置，数据结构，计算机可读介质和机制，包括用于管理策略的机制。 用户被认证，并且其用户组标识符被识别。 接收到分组并与用户组标识符相关联，并且使用分组的一个或多个字段（通常不是源地址字段）来标识第二组标识符。 然后基于第一组标识符和第二组标识符对策略执行查找操作，以识别要对分组执行的分组处理动作。 这些标识符通常不是网络地址，其将策略与物理网络地址（其通常被动态地分配，并且还可以基于到用户的网络的接入点）而变化），并且允许交换设备基于 政策声明使用组标识符。

公开(公告)号：US06243379B1

公开(公告)日：2001-06-05

申请号：US08835072

申请日：1997-04-04

申请人： Mahesh Veerina ,  Suresh Gurajapu ,  Raghu Bathina

发明人： Mahesh Veerina ,  Suresh Gurajapu ,  Raghu Bathina

IPC分类号： H04L1228

CPC分类号： H04L61/2517 ,  H04L12/46 ,  H04L29/12009 ,  H04L29/12377 ,  H04L29/12924 ,  H04L61/6063

摘要： Router circuit, provides Internet protocol (IP) address translation to enable connection or packet-level multiplexing over multiple single-user IP address account links. Connection-level multiplexing (CLM) provide between LAN and WAN addresses outbound packet transfer by replacing private packet source IP address and port number with said external IP address port number, and inbound packet transfer by replacing external packet destination IP address and port number with private IP address and port number. Look-up table provides bi-directional translation or effective multiplexing of IP addresses and port assignments for incoming or outgoing packets. Packet-level multiplexing (PLM) provides between LAN1 and LAN2 addresses outbound packet processing, wherein destination IP address and port number are replaced with external IP address and port number, and inbound packet processing, wherein source IP address and port number are replaced with internal IP address and port number. Link or port allocation are optimizable according to round-robin or bandwidth loading algorithm.

摘要翻译： 路由器电路提供Internet协议（IP）地址转换，以通过多个单用户IP地址帐户链路实现连接或分组级复用。 连接级复用（CLM）通过用专用的IP地址端口号替换专用的数据包源IP地址和端口号，在LAN和WAN之间提供出站数据包传输，并通过将私有数据包的目标IP地址和端口号替换为私有数据包进行传入 IP地址和端口号。 查找表提供双向转换或有效复用IP地址和输入或传出数据包的端口分配。 分组级复用（PLM）在LAN1和LAN2之间提供出站分组处理，其中目的地IP地址和端口号被替换为外部IP地址和端口号，以及入站分组处理，其中源IP地址和端口号由内部 IP地址和端口号。 根据循环或带宽加载算法可以优化链路或端口分配。