公开(公告)号：US07792930B1

公开(公告)日：2010-09-07

申请号：US10985016

申请日：2004-11-10

申请人： David Lei Zhang ,  Brian Yean-Shiang Leu ,  Chi-Chang Lin ,  Xiangang Huang ,  James E. Fehrle

发明人： David Lei Zhang ,  Brian Yean-Shiang Leu ,  Chi-Chang Lin ,  Xiangang Huang ,  James E. Fehrle

IPC分类号： G06F15/177

CPC分类号： H04L41/0869 ,  H04L41/082 ,  H04L41/0843

摘要： A set of network devices having varying device attributes, such as varying attributes due to different operating system versions, different hardware versions, or different hardware platforms, may be efficiently managed. A syntax file may be used to describe constraints relating to attributes of multiple versions of the network devices. At least one device configuration file (DCF) stores version-based differences relating to the different versions of the network devices, the syntax file and at least one the one DCF collectively describe a set of constraints for the attributes of the network devices.

摘要翻译： 可以有效地管理具有变化的设备属性的一组网络设备，诸如由于不同的操作系统版本，不同的硬件版本或不同的硬件平台引起的变化的属性。 可以使用语法文件来描述与网络设备的多个版本的属性相关的约束。 至少一个设备配置文件（DCF）存储与网络设备的不同版本相关的基于版本的差异，语法文件以及至少一个DCF共同描述了用于网络设备的属性的一组约束。

公开(公告)号：US07093280B2

公开(公告)日：2006-08-15

申请号：US09967893

申请日：2001-09-27

申请人： Yan Ke ,  Yuming Mao ,  Wilson Xu ,  Brian Yean-Shiang Leu

发明人： Yan Ke ,  Yuming Mao ,  Wilson Xu ,  Brian Yean-Shiang Leu

IPC分类号： H04L9/32 ,  G06F17/00

CPC分类号： H04L63/02 ,  H04L12/4641 ,  H04L12/4645 ,  H04L12/467 ,  H04L49/25 ,  H04L49/351 ,  H04L49/354 ,  H04L63/0209 ,  H04L63/0272 ,  H04L63/08 ,  H04L63/20

摘要： Methods and apparatus, including computer program products, implementing and using techniques for processing a data packet in a packet forwarding device. A data packet is received. A virtual local area network destination is determined for the received data packet, and a set of rules associated with the virtual local area network destination is identified. The rules are applied to the data packet. If a virtual local area network destination has been determined for the received data packet, the data packet is output to the destination, using the result from the application of the rules. If no destination has been determined, the data packet is dropped. A security system for partitioning security system resources into a plurality of separate security domains that are configurable to enforce one or more policies and to allocate security system resources to the one or more security domains, is also described.

公开(公告)号：US09185075B2

公开(公告)日：2015-11-10

申请号：US11422477

申请日：2006-06-06

申请人： Yan Ke ,  Yuming Mao ,  Wilson Xu ,  Brian Yean-Shiang Leu

发明人： Yan Ke ,  Yuming Mao ,  Wilson Xu ,  Brian Yean-Shiang Leu

IPC分类号： H04L29/06 ,  H04L12/46 ,  H04L12/931 ,  H04L12/947

CPC分类号： H04L63/02 ,  H04L12/4641 ,  H04L12/4645 ,  H04L12/467 ,  H04L49/25 ,  H04L49/351 ,  H04L49/354 ,  H04L63/0209 ,  H04L63/0272 ,  H04L63/08 ,  H04L63/20

摘要： Methods and apparatus, including computer program products, implementing and using techniques for processing a data packet in a packet forwarding device. A data packet is received. A virtual local area network destination is determined for the received data packet, and a set of rules associated with the virtual local area network destination is identified. The rules are applied to the data packet. If a virtual local area network destination has been determined for the received data packet, the data packet is output to the destination, using the result from the application of the rules. If no destination has been determined, the data packet is dropped. A security system for partitioning security system resources into a plurality of separate security domains that are configurable to enforce one or more policies and to allocate security system resources to the one or more security domains, is also described.