公开(公告)号：US09201704B2

公开(公告)日：2015-12-01

申请号：US13440735

申请日：2012-04-05

申请人： David Wei-Shen Chang ,  Abhijit Patra ,  Nagaraj A. Bagepalli ,  Murali Anantha ,  Jason Zhen Zhang

发明人： David Wei-Shen Chang ,  Abhijit Patra ,  Nagaraj A. Bagepalli ,  Murali Anantha ,  Jason Zhen Zhang

IPC分类号： G06F15/16 ,  G06F15/177 ,  G06F9/50 ,  G06F9/455 ,  G06F9/48

CPC分类号： G06F9/5077 ,  G06F9/45558 ,  G06F9/4856 ,  G06F9/5072 ,  G06F2009/4557

摘要： A method includes managing a virtual machine (VM) in a cloud extension, where the VM is part of a distributed virtual switch (DVS) of an enterprise network, abstracting an interface that is transparent to a cloud infrastructure of the cloud extension, and intercepting network traffic from the VM, where the VM can communicate securely with the enterprise network. The cloud extension comprises a nested VM container (NVC) that includes an emulator configured to enable abstracting the interface, and dual transmission control protocol/Internet Protocol stacks for supporting a first routing domain for communication with the cloud extension, and a second routing domain for communication with the enterprise network. The NVC may be agnostic with respect to operating systems running on the VM. The method further includes migrating the VM from the enterprise network to the cloud extension through suitable methods.

摘要翻译： 一种方法包括管理云扩展中的虚拟机（VM），其中VM是企业网络的分布式虚拟交换机（DVS）的一部分，抽象出对云扩展的云基础架构透明的接口，并拦截 来自虚拟机的网络流量，VM可以与企业网络进行安全通信。 云扩展包括嵌套VM容器（NVC），其包括被配置为实现对接口进行抽象的仿真器，以及用于支持用于与云扩展通信的第一路由域的双传输控制协议/因特网协议栈，以及用于 与企业网络通信。 对于在VM上运行的操作系统，NVC可能是无关紧要的。 该方法还包括通过适当的方法将VM从企业网络迁移到云扩展。

公开(公告)号：US08639842B1

公开(公告)日：2014-01-28

申请号：US11479981

申请日：2006-06-30

申请人： Nagaraj A. Bagepalli ,  Abhijit Patra ,  Murali Bashyam ,  David Wei-Shen Chang ,  Mahesh Jethanandani

发明人： Nagaraj A. Bagepalli ,  Abhijit Patra ,  Murali Bashyam ,  David Wei-Shen Chang ,  Mahesh Jethanandani

IPC分类号： G06F15/16 ,  G06F15/173

CPC分类号： G06F9/5033 ,  H04L63/0272 ,  H04L65/605 ,  H04L67/1027 ,  H04L67/1038

摘要： Systems and procedures are presented for communicating multiple data streams through an SSLVPN gateway. One implementation of a method includes receiving a plurality of incoming data streams and load balancing the incoming data streams. The load balancing includes assigning a first set of one or more incoming data streams to a first subprocessor, and responding to the first set of incoming data streams with outgoing data streams that include a first identifier that indicates the first subprocessor. One implementation of a network element includes a plurality of subprocessors and a dispatcher module. The dispatcher module is coupled to the plurality of subprocessors, and is configured to recognize an identifier in a received data stream. The dispatcher module dispatches the received data stream to a corresponding subprocessor of the plurality of processors in response to the identifier in the received data stream.

摘要翻译： 呈现系统和程序，用于通过SSLVPN网关传送多个数据流。 一种方法的实现包括接收多个输入数据流并负载平衡输入数据流。 负载平衡包括将第一组一个或多个输入数据流分配给第一子处理器，以及响应于包括指示第一子处理器的第一标识符的输出数据流的第一组输入数据流。 网元的一个实现包括多个子处理器和调度器模块。 调度器模块耦合到多个子处理器，并且被配置为识别接收的数据流中的标识符。 调度器模块响应于接收到的数据流中的标识符将接收到的数据流分派到多个处理器的对应的子处理器。

公开(公告)号：US20130297769A1

公开(公告)日：2013-11-07

申请号：US13462200

申请日：2012-05-02

申请人： David Wei-Shen Chang ,  Abhijit Patra ,  Nagaraj A. Bagepalli

发明人： David Wei-Shen Chang ,  Abhijit Patra ,  Nagaraj A. Bagepalli

IPC分类号： G06F15/173

CPC分类号： G06F9/5077 ,  G06F9/445 ,  G06F9/45558 ,  G06F17/50 ,  G06F2009/4557 ,  H04L41/145 ,  H04L67/34 ,  H04L67/38

摘要： A method includes simulating network resources of a portion of a cloud in a simulated cloud within a enterprise network, the cloud being communicable with the enterprise network over a first communication channel, which may be external to the enterprise network. The method can also include simulating network behavior of the first communication channel in a second communication channel within the enterprise network, and validating application performance in the simulated cloud. Simulating network resources includes providing a cloud resources abstraction layer in the enterprise network, and allocating enterprise network resources in the enterprise network to the simulated cloud by the cloud resources abstraction layer. The method further includes adding a virtual network service appliance to the simulated cloud, and determining a change to a network topology of the enterprise network to accommodate the virtual appliance without materially impacting application performance.

摘要翻译： 一种方法包括模拟企业网络内的模拟云中的云的一部分的网络资源，云可以通过可能在企业网络外部的第一通信信道与企业网络通信。 该方法还可以包括在企业网络内的第二通信信道中模拟第一通信信道的网络行为，以及验证模拟云中的应用性能。 模拟网络资源包括在企业网络中提供云资源抽象层，并通过云资源抽象层将企业网络中的企业网络资源分配给模拟云。 该方法还包括将虚拟网络服务设备添加到模拟云中，以及确定对企业网络的网络拓扑的改变以适应虚拟设备，而不会对应用程序性能造成重大影响。

公开(公告)号：US20130268643A1

公开(公告)日：2013-10-10

申请号：US13440735

申请日：2012-04-05

申请人： David Wei-Shen Chang ,  Abhijit Patra ,  Nagaraj A. Bagepalli ,  Murali Anantha ,  Jason Zhen Zhang

发明人： David Wei-Shen Chang ,  Abhijit Patra ,  Nagaraj A. Bagepalli ,  Murali Anantha ,  Jason Zhen Zhang

IPC分类号： G06F15/173 ,  G06F9/455

CPC分类号： G06F9/5077 ,  G06F9/45558 ,  G06F9/4856 ,  G06F9/5072 ,  G06F2009/4557

摘要： A method includes managing a virtual machine (VM) in a cloud extension, where the VM is part of a distributed virtual switch (DVS) of an enterprise network, abstracting an interface that is transparent to a cloud infrastructure of the cloud extension, and intercepting network traffic from the VM, where the VM can communicate securely with the enterprise network. The cloud extension comprises a nested VM container (NVC) that includes an emulator configured to enable abstracting the interface, and dual transmission control protocol/Internet Protocol stacks for supporting a first routing domain for communication with the cloud extension, and a second routing domain for communication with the enterprise network. The NVC may be agnostic with respect to operating systems running on the VM. The method further includes migrating the VM from the enterprise network to the cloud extension through suitable methods.

摘要翻译： 一种方法包括管理云扩展中的虚拟机（VM），其中VM是企业网络的分布式虚拟交换机（DVS）的一部分，抽象出对云扩展的云基础架构透明的接口，并拦截 来自虚拟机的网络流量，VM可以与企业网络进行安全通信。 云扩展包括嵌套VM容器（NVC），其包括被配置为实现对接口进行抽象的仿真器，以及用于支持用于与云扩展通信的第一路由域的双传输控制协议/因特网协议栈，以及用于 与企业网络通信。 对于在VM上运行的操作系统，NVC可能是无关紧要的。 该方法还包括通过适当的方法将VM从企业网络迁移到云扩展。

公开(公告)号：US09223634B2

公开(公告)日：2015-12-29

申请号：US13462200

申请日：2012-05-02

申请人： David Wei-Shen Chang ,  Abhijit Patra ,  Nagaraj A. Bagepalli

发明人： David Wei-Shen Chang ,  Abhijit Patra ,  Nagaraj A. Bagepalli

IPC分类号： G06F9/455 ,  G06F9/50 ,  H04L12/24 ,  H04L29/08 ,  G06F9/445 ,  H04L29/06 ,  G06F17/50

CPC分类号： G06F9/5077 ,  G06F9/445 ,  G06F9/45558 ,  G06F17/50 ,  G06F2009/4557 ,  H04L41/145 ,  H04L67/34 ,  H04L67/38

摘要： A method includes simulating network resources of a portion of a cloud in a simulated cloud within a enterprise network, the cloud being communicable with the enterprise network over a first communication channel, which may be external to the enterprise network. The method can also include simulating network behavior of the first communication channel in a second communication channel within the enterprise network, and validating application performance in the simulated cloud. Simulating network resources includes providing a cloud resources abstraction layer in the enterprise network, and allocating enterprise network resources in the enterprise network to the simulated cloud by the cloud resources abstraction layer. The method further includes adding a virtual network service appliance to the simulated cloud, and determining a change to a network topology of the enterprise network to accommodate the virtual appliance without materially impacting application performance.

摘要翻译： 一种方法包括模拟企业网络内的模拟云中的云的一部分的网络资源，云可以通过可能在企业网络外部的第一通信信道与企业网络通信。 该方法还可以包括在企业网络内的第二通信信道中模拟第一通信信道的网络行为，以及验证模拟云中的应用性能。 模拟网络资源包括在企业网络中提供云资源抽象层，并通过云资源抽象层将企业网络中的企业网络资源分配给模拟云。 该方法还包括将虚拟网络服务设备添加到模拟云中，以及确定对企业网络的网络拓扑的改变以适应虚拟设备，而不会对应用程序性能造成重大影响。

公开(公告)号：US07623468B2

公开(公告)日：2009-11-24

申请号：US10927290

申请日：2004-08-25

申请人： Rina Panigrahy ,  Jackie Liu ,  Daniel Yu-Kwong Ng ,  Sanjay Jain ,  Nagaraj A. Bagepalli ,  Abhijit Patra

发明人： Rina Panigrahy ,  Jackie Liu ,  Daniel Yu-Kwong Ng ,  Sanjay Jain ,  Nagaraj A. Bagepalli ,  Abhijit Patra

IPC分类号： H04L12/56

CPC分类号： H04L63/0254 ,  H04L63/1408 ,  H04L69/22

摘要： The present invention provides a packet processing device and method. A parsing processor provides instruction-driven content inspection of network packets at 10-Gbps and above with a parsing engine that executes parsing instructions. A flow state unit maintains statefulness of packet flows to allow content inspection across several related network packets. A state-graph unit traces state-graph nodes to keyword indications and/or parsing instructions. The parsing instructions can be derived from a high-level application to emulate user-friendly parsing logic. The parsing processor sends parsed packets to a network processor unit for further processing.

公开(公告)号：US20130283364A1

公开(公告)日：2013-10-24

申请号：US13454528

申请日：2012-04-24

申请人： David W. Chang ,  Abhijit Patra ,  Nagaraj A. Bagepalli ,  Kyle Mestery

发明人： David W. Chang ,  Abhijit Patra ,  Nagaraj A. Bagepalli ,  Kyle Mestery

IPC分类号： G06F21/00

CPC分类号： H04L49/70 ,  G06F9/45558 ,  G06F2009/4557 ,  G06F2009/45595 ,  H04L12/462 ,  H04L12/4625 ,  H04L12/4633 ,  H04L12/4641 ,  H04L2012/5617

摘要： In one embodiment, a secure transport layer tunnel may be established over a public network between a first cloud gateway in a private cloud and a second cloud gateway in a public cloud, where the secure transport layer tunnel is configured to provide a link layer network extension between the private cloud and the public cloud. In addition, a cloud virtual Ethernet module (cVEM) may be executed (instantiated) within the public cloud, where the cVEM is configured to switch inter-virtual-machine (VM) traffic between the private cloud and one or more private application VMs in the public cloud connected to the cVEM.

摘要翻译： 在一个实施例中，可以通过私有云中的第一云网关和公共云中的第二云网关之间的公共网络建立安全传输层隧道，其中安全传输层隧道被配置为提供链路层网络扩展 在私有云和公共云之间。 此外，云虚拟以太网模块（cVEM）可以在公共云内执行（实例化），其中cVEM被配置为在专用云和一个或多个私有应用VM之间切换虚拟机（VM）流量， 公共云连接到cVEM。

公开(公告)号：US07586851B2

公开(公告)日：2009-09-08

申请号：US10832796

申请日：2004-04-26

申请人： Rina Panigrahy ,  Jackie Liu ,  Daniel Yu-Kwong Ng ,  Sanjay Jain ,  Nagaraj A. Bagepalli ,  Abhijit Patra

发明人： Rina Panigrahy ,  Jackie Liu ,  Daniel Yu-Kwong Ng ,  Sanjay Jain ,  Nagaraj A. Bagepalli ,  Abhijit Patra

IPC分类号： H04L12/56 ,  H04J1/16

CPC分类号： H04L63/0254 ,  H04L63/1408 ,  H04L69/22

摘要： The present invention provides a packet processing device and method. A parsing processor provides instruction-driven content inspection of network packets at 10-Gbps and above with a parsing engine that executes parsing instructions. A flow state unit maintains statefulness of packet flows to allow content inspection across several related network packets. A state-graph unit traces state-graph nodes to keyword indications and/or parsing instructions. The parsing instructions can be derived from a high-level application to emulate user-friendly parsing logic. The parsing processor sends parsed packets to a network processor unit for further processing.

摘要翻译： 本发明提供一种分组处理装置和方法。 解析处理器使用执行解析指令的解析引擎，以10Gbps及以上的网络分组提供指令驱动的内容检查。 流状态单元保持分组流的状态，以允许跨多个相关网络分组的内容检查。 状态图单元将状态图节点跟踪到关键字指示和/或解析指令。 解析指令可以从高级应用程序导出，以模拟用户友好的解析逻辑。 解析处理器将解析的分组发送到网络处理器单元用于进一步处理。

公开(公告)号：US09203784B2

公开(公告)日：2015-12-01

申请号：US13454528

申请日：2012-04-24

申请人： David W. Chang ,  Abhijit Patra ,  Nagaraj A. Bagepalli ,  Kyle Mestery

发明人： David W. Chang ,  Abhijit Patra ,  Nagaraj A. Bagepalli ,  Kyle Mestery

IPC分类号： G06F21/00 ,  H04L12/931 ,  H04L12/70 ,  H04L12/46

CPC分类号： H04L49/70 ,  G06F9/45558 ,  G06F2009/4557 ,  G06F2009/45595 ,  H04L12/462 ,  H04L12/4625 ,  H04L12/4633 ,  H04L12/4641 ,  H04L2012/5617

摘要： In one embodiment, a secure transport layer tunnel may be established over a public network between a first cloud gateway in a private cloud and a second cloud gateway in a public cloud, where the secure transport layer tunnel is configured to provide a link layer network extension between the private cloud and the public cloud. In addition, a cloud virtual Ethernet module (cVEM) may be executed (instantiated) within the public cloud, where the cVEM is configured to switch inter-virtual-machine (VM) traffic between the private cloud and one or more private application VMs in the public cloud connected to the cVEM.

摘要翻译： 在一个实施例中，可以通过私有云中的第一云网关和公共云中的第二云网关之间的公共网络建立安全传输层隧道，其中安全传输层隧道被配置为提供链路层网络扩展 在私有云和公共云之间。 此外，云虚拟以太网模块（cVEM）可以在公共云内执行（实例化），其中cVEM被配置为在专用云和一个或多个私有应用VM之间切换虚拟机（VM）流量， 公共云连接到cVEM。

公开(公告)号：US08730980B2

公开(公告)日：2014-05-20

申请号：US13337379

申请日：2011-12-27

申请人： Nagaraj Bagepalli ,  Abhijit Patra ,  David Chang

发明人： Nagaraj Bagepalli ,  Abhijit Patra ,  David Chang

IPC分类号： H04L12/56

CPC分类号： H04L49/356 ,  H04L49/70

摘要： Techniques are provided to start a virtual service node that is configured to provide network traffic services for one or more virtual machines. The virtual service node has at least one associated service profile comprising identifiers for corresponding service policies for network traffic services. The service policies identified in the at least one associated service profile are retrieved. A virtual machine is started with an associated virtual interface and a port profile is applied to the virtual interface, including information identifying the service profile. Information is provided to the virtual service node that informs the virtual service node of network parameters and assigned service profile of the virtual machine. Network traffic associated with the virtual machine is intercepted and redirected to the virtual service node. A virtual service data path is provided that enables dynamic service binding, virtual machine mobility support, and virtual service node chaining and/or clustering.

摘要翻译： 提供技术来启动被配置为为一个或多个虚拟机提供网络流量服务的虚拟服务节点。 虚拟服务节点具有包括用于网络业务服务的相应服务策略的标识符的至少一个相关联的服务简档。 检索在至少一个关联服务简档中标识的服务策略。 启动一个虚拟机与一个关联的虚拟接口，端口配置文件应用于虚拟接口，包括标识服务配置文件的信息。 信息被提供给向虚拟服务节点通知虚拟机的网络参数和分配的服务简档的虚拟服务节点。 与虚拟机关联的网络流量被拦截并重定向到虚拟服务节点。 提供虚拟服务数据路径，其实现动态服务绑定，虚拟机移动性支持以及虚拟服务节点链接和/或聚类。