利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

12 条记录 (耗时 0.022 秒)

    Transparently proxying transport protocol connections using an external server
    1.
    发明申请
    Transparently proxying transport protocol connections using an external server 有权
    使用外部服务器透明代理传输协议连接

    公开(公告)号:US20070233877A1

    公开(公告)日:2007-10-04

    申请号:US11396249

    申请日:2006-03-30

    申请人: Diheng Qu Nicholas Leavy Richard Fox

    发明人: Diheng Qu Nicholas Leavy Richard Fox

    IPC分类号: G06F15/16 G06F15/173

    CPC分类号: H04L63/14 H04L29/12377 H04L29/12509 H04L61/2517 H04L61/2567 H04L67/2814

    摘要: Methods and apparatus are disclosed for processing data packets using a router and a proxy in order to transparently proxy a connection between a client and a server. One method involves mapping a TCP connection to a connection ID and sending a segment from the TCP connection to a proxy, including the connection ID, a direction value and an identifier of an assigned proxy application, such that the segment appears to be from the connection. The method further involves a proxy creating and reading from an IP socket which corresponds to the segment, the connection ID, direction and assigned proxy application and then spoofing the segment using the connection ID, a second direction value, and an identifier of the assigned proxy application.

    摘要翻译: 公开了使用路由器和代理处理数据包的方法和装置,以透明地代理客户端和服务器之间的连接。 一种方法涉及将TCP连接映射到连接ID并将从TCP连接发送到代理的段,包括连接ID,方向值和分配的代理应用程序的标识符,使得该段似乎来自该连接 。 该方法还包括代理从IP套接字创建和读取,所述IP套接字对应于段,连接ID,方向和分配的代理应用,然后使用连接ID,第二方向值和所分配的代理的标识符来欺骗该段 应用。

    Transparently proxying transport protocol connections using an external server
    2.
    发明授权
    Transparently proxying transport protocol connections using an external server 有权
    使用外部服务器透明代理传输协议连接

    公开(公告)号:US09154512B2

    公开(公告)日:2015-10-06

    申请号:US11396249

    申请日:2006-03-30

    申请人: Diheng Qu Nicholas Leavy

    发明人: Diheng Qu Nicholas Leavy Richard Fox

    IPC分类号: G06F15/173 G06F15/16 H04L29/06 H04L29/12 H04L29/08

    CPC分类号: H04L63/14 H04L29/12377 H04L29/12509 H04L61/2517 H04L61/2567 H04L67/2814

    摘要: Methods and apparatus are disclosed for processing data packets using a router and a proxy in order to transparently proxy a connection between a client and a server. One method involves mapping a TCP connection to a connection ID and sending a segment from the TCP connection to a proxy, including the connection ID, a direction value and an identifier of an assigned proxy application, such that the segment appears to be from the connection. The method further involves a proxy creating and reading from an IP socket which corresponds to the segment, the connection ID, direction and assigned proxy application and then spoofing the segment using the connection ID, a second direction value, and an identifier of the assigned proxy application.

    摘要翻译: 公开了使用路由器和代理处理数据包的方法和装置,以透明地代理客户端和服务器之间的连接。 一种方法涉及将TCP连接映射到连接ID并将从TCP连接发送到代理的段,包括连接ID,方向值和分配的代理应用程序的标识符,使得该段似乎来自该连接 。 该方法还包括代理从IP套接字创建和读取,所述IP套接字对应于段,连接ID,方向和分配的代理应用,然后使用连接ID,第二方向值和所分配的代理的标识符来欺骗该段 应用。

    System and method for non-disruptive management of servers in a network environment
    3.
    发明授权
    System and method for non-disruptive management of servers in a network environment 有权
    网络环境中服务器无中断管理的系统和方法

    公开(公告)号:US09088584B2

    公开(公告)日:2015-07-21

    申请号:US13329023

    申请日:2011-12-16

    申请人: Chao Feng Samar Sharma Ronak Desai Diheng Qu

    发明人: Chao Feng Samar Sharma Ronak Desai Diheng Qu

    IPC分类号: G06F11/00 H04L29/08 G06F11/20

    CPC分类号: H04L67/1031 G06F11/16 G06F11/2007 G06F11/2028 G06F11/203 G06F11/2035 G06F11/2038

    摘要: An example method includes disengaging a target node from a cluster, where the disengaging comprises: selecting an inheritor; migrating flows from the target node to the inheritor; informing a migration manager that the target node is disengaged from the cluster; and broadcasting to peer nodes of the target node that the target node is replaced by the inheritor. In particular implementations of the present disclosure, the cluster can include a first layer of a network topology including a forwarding engine that implements hash-based packet forwarding; a second layer of the network topology comprising the target node and the inheritor, where the target node and the inheritor implement flow-based packet forwarding; and a third layer including service nodes configured for packet processing in a network.

    摘要翻译: 示例性方法包括从群集分离目标节点,其中分离包括:选择继承者; 将流从目标节点迁移到继承者; 通知迁移管理器目标节点与群集脱离; 并且向目标节点的对等节点广播目标节点被继承者替换。 在本公开的特定实现中,集群可以包括网络拓扑的第一层,包括实现基于散列的分组转发的转发引擎; 所述网络拓扑的第二层包括所述目标节点和所述继承者,其中所述目标节点和所述继承者实现基于流的分组转发; 以及包括被配置用于网络中的分组处理的服务节点的第三层。

    SYSTEM AND METHOD FOR CLUSTER LINK AGGREGATION CONTROL IN A NETWORK ENVIRONMENT
    4.
    发明申请
    SYSTEM AND METHOD FOR CLUSTER LINK AGGREGATION CONTROL IN A NETWORK ENVIRONMENT 有权
    网络环境中聚类链路聚合控制的系统和方法

    公开(公告)号:US20140025736A1

    公开(公告)日:2014-01-23

    申请号:US13555717

    申请日:2012-07-23

    申请人: Xun Wang Diheng Qu

    发明人: Xun Wang Diheng Qu

    IPC分类号: G06F15/16

    CPC分类号: H04L45/245 G06F17/30705 H04L45/125 H04L45/28 H04L45/46 Y02D50/30

    摘要: A method is provided in one example and includes receiving a request message from a first network element using an out-of-band control link. The request message includes a request to bundle a first port associated with the first network element into a channel group associated with a cluster. The cluster includes a plurality of clustered network elements. The method further includes determining a status of the first port with respect to the channel group, and sending a reply message to the first network element using the out-of-band control link. The reply message indicates the determined status of the first port of the first network element.

    摘要翻译: 在一个示例中提供了一种方法,并且包括使用带外控制链接从第一网络元件接收请求消息。 请求消息包括将与第一网络元件相关联的第一端口捆绑到与集群相关联的信道组中的请求。 集群包括多个集群网元。 该方法还包括:确定第一端口相对于信道组的状态,以及使用带外控制链路向第一网络单元发送应答消息。 回复消息指示确定第一网元的第一端口的状态。

    System and method for cluster link aggregation control in a network environment
    5.
    发明授权
    System and method for cluster link aggregation control in a network environment 有权
    网络环境中集群链路聚合控制的系统和方法

    公开(公告)号:US09143439B2

    公开(公告)日:2015-09-22

    申请号:US13555717

    申请日:2012-07-23

    申请人: Xun Wang Diheng Qu

    发明人: Xun Wang Diheng Qu

    IPC分类号: G06F15/16 H04L12/709 H04L12/715 G06F17/30 H04L12/729 H04L12/703

    CPC分类号: H04L45/245 G06F17/30705 H04L45/125 H04L45/28 H04L45/46 Y02D50/30

    摘要: A method is provided in one example and includes receiving a request message from a first network element using an out-of-band control link. The request message includes a request to bundle a first port associated with the first network element into a channel group associated with a cluster. The cluster includes a plurality of clustered network elements. The method further includes determining a status of the first port with respect to the channel group, and sending a reply message to the first network element using the out-of-band control link. The reply message indicates the determined status of the first port of the first network element.

    摘要翻译: 在一个示例中提供了一种方法,并且包括使用带外控制链接从第一网络元件接收请求消息。 请求消息包括将与第一网络元件相关联的第一端口捆绑到与集群相关联的信道组中的请求。 集群包括多个集群网元。 该方法还包括:确定第一端口相对于信道组的状态,以及使用带外控制链路向第一网络单元发送应答消息。 回复消息指示确定第一网元的第一端口的状态。

    Method and apparatus for optimizing firewall processing
    8.
    发明授权
    Method and apparatus for optimizing firewall processing 有权
    优化防火墙处理的方法和装置

    公开(公告)号:US06854063B1

    公开(公告)日:2005-02-08

    申请号:US09517961

    申请日:2000-03-03

    申请人: Diheng Qu Kevin Li Sami Boutros Seren Fan Steve Truong

    发明人: Diheng Qu Kevin Li Sami Boutros Seren Fan Steve Truong

    IPC分类号: H04L29/06 G06F15/173 G06F15/177 H04L9/00 H04L12/28 H04L12/56

    CPC分类号: H04L63/0245 H04L63/0254 H04L63/101

    摘要: A firewall system and method which optimizes the performance of the firewall process by reducing overhead associated with ACL verification and firewall application-level authorization. The firewall system comprises a session manager operating in the firewall services component and a firewall module operating in the switching process component. In one embodiment, the firewall module is configured to provide certain “non-application” level inspection of data packets and update the context of “sessions” associated with the data packets without sending the packets to the firewall services component using session information provided by the session manager.

    摘要翻译: 防火墙系统和方法,通过减少与ACL验证和防火墙应用级授权相关的开销来优化防火墙进程的性能。 防火墙系统包括在防火墙服务组件中操作的会话管理器和在切换过程组件中操作的防火墙模块。 在一个实施例中,防火墙模块被配置为提供数据分组的某些“非应用”级别检查,并且更新与数据分组相关联的“会话”的上下文,而不会使用由所述数据分组提供的会话信息将分组发送到防火墙服务组件 会话经理。

    SYSTEM AND METHOD FOR NON-DISRUPTIVE MANAGEMENT OF SERVERS IN A NETWORK ENVIRONMENT
    9.
    发明申请
    SYSTEM AND METHOD FOR NON-DISRUPTIVE MANAGEMENT OF SERVERS IN A NETWORK ENVIRONMENT 有权
    网络环境中服务器的非破坏性管理的系统和方法

    公开(公告)号:US20130155902A1

    公开(公告)日:2013-06-20

    申请号:US13329023

    申请日:2011-12-16

    申请人: Chao Feng Samar Sharma Ronak Desai Diheng Qu

    发明人: Chao Feng Samar Sharma Ronak Desai Diheng Qu

    IPC分类号: H04L12/28

    CPC分类号: H04L67/1031 G06F11/16 G06F11/2007 G06F11/2028 G06F11/203 G06F11/2035 G06F11/2038

    摘要: An example method includes disengaging a target node from a cluster, where the disengaging comprises: selecting an inheritor; migrating flows from the target node to the inheritor; informing a migration manager that the target node is disengaged from the cluster; and broadcasting to peer nodes of the target node that the target node is replaced by the inheritor. In particular implementations of the present disclosure, the cluster can include a first layer of a network topology including a forwarding engine that implements hash-based packet forwarding; a second layer of the network topology comprising the target node and the inheritor, where the target node and the inheritor implement flow-based packet forwarding; and a third layer including service nodes configured for packet processing in a network.

    摘要翻译: 示例性方法包括从群集分离目标节点,其中分离包括:选择继承者; 将流从目标节点迁移到继承者; 通知迁移管理器目标节点与群集脱离; 并且向目标节点的对等节点广播目标节点被继承者替换。 在本公开的特定实现中,集群可以包括网络拓扑的第一层,包括实现基于散列的分组转发的转发引擎; 所述网络拓扑的第二层包括所述目标节点和所述继承者,其中所述目标节点和所述继承者实现基于流的分组转发; 以及包括被配置用于网络中的分组处理的服务节点的第三层。

    Local authentication of a client at a network device
    10.
    发明授权
    Local authentication of a client at a network device 有权

    公开(公告)号:US07506054B1

    公开(公告)日:2009-03-17

    申请号:US10611460

    申请日:2003-06-30

    申请人: Tzong-Fen Fuh Serene H. Fan Diheng Qu

    发明人: Tzong-Fen Fuh Serene H. Fan Diheng Qu

    IPC分类号: G06F15/173

    CPC分类号: H04L63/0227 H04L63/0281 H04L63/029 H04L63/083 H04L63/10 H04L67/306

    摘要: A method and apparatus that provide network access control are disclosed. In one embodiment, a network device is configured to intercept network traffic initiated from a client and directed toward a network resource, and to locally authenticate the client. Authentication is carried out by comparing information identifying the client to authentication information stored in the network device. In one embodiment, an authentication cache in the network device stores the authentication information. If the client identifying information is authenticated successfully against the stored authentication information, the network device is dynamically re-configured to allow network traffic initiated by the client to reach the network resource. If local authentication fails, new stored authentication is created for the client, and the network device attempts to authenticate the client using a remote authentication server. If remote authentication is successful, the local authentication information is updated so that subsequent requests can authenticate locally. As a result, a client may be authenticated locally at a router or similar device, reducing network traffic to the authentication server.