公开(公告)号：US20130301652A1

公开(公告)日：2013-11-14

申请号：US13528956

申请日：2012-06-21

申请人： Doron Oz ,  Rohit Uberoi ,  Dushyant Joshi ,  Senthil M. Sivakumar

发明人： Doron Oz ,  Rohit Uberoi ,  Dushyant Joshi ,  Senthil M. Sivakumar

IPC分类号： H04L29/00

CPC分类号： H04L67/10 ,  G06F9/5022 ,  G06F2209/5011 ,  G06F2209/5014 ,  H04L69/22

摘要： In one embodiment, excess committed network appliance resources are shared for providing services within a network appliance. One approach maintains service resources in a committed service resource pool and one or more other pools of service resources. Service resources are taken from a corresponding pool as needed. Service resources are reallocated to the committed resource pool as needed to ensure that service resources are available to service corresponding packet streams at their corresponding committed rate. Examples of such services provided by a network appliance include, but are not limited to, network address translation (NAT), firewall, Internet Protocol Security (IPsec), virtual private network (VPN), or deep packet inspection (DPI) services.

摘要翻译： 在一个实施例中，多余的承诺网络设备资源被共享以在网络设备内提供服务。 一种方法在服务资源池和一个或多个服务资源池中维护服务资源。 服务资源根据需要从相应的池中取出。 服务资源根据需要重新分配到承诺资源池，以确保服务资源可用于以相应的承诺速率对相应的数据包进行服务。 由网络设备提供的这种服务的示例包括但不限于网络地址转换（NAT），防火墙，因特网协议安全（IPsec），虚拟专用网（VPN）或深度分组检测（DPI）服务。

公开(公告)号：US09225771B2

公开(公告)日：2015-12-29

申请号：US13528956

申请日：2012-06-21

申请人： Doron Oz ,  Rohit Uberoi ,  Dushyant Joshi ,  Senthil M. Sivakumar

发明人： Doron Oz ,  Rohit Uberoi ,  Dushyant Joshi ,  Senthil M. Sivakumar

IPC分类号： H04J3/16 ,  H04J3/22 ,  H04L29/08 ,  H04L29/06 ,  G06F9/50

CPC分类号： H04L67/10 ,  G06F9/5022 ,  G06F2209/5011 ,  G06F2209/5014 ,  H04L69/22

摘要： In one embodiment, excess committed network appliance resources are shared for providing services within a network appliance. One approach maintains service resources in a committed service resource pool and one or more other pools of service resources. Service resources are taken from a corresponding pool as needed. Service resources are reallocated to the committed resource pool as needed to ensure that service resources are available to service corresponding packet streams at their corresponding committed rate. Examples of such services provided by a network appliance include, but are not limited to, network address translation (NAT), firewall, Internet Protocol Security (IPsec), virtual private network (VPN), or deep packet inspection (DPI) services.

摘要翻译： 在一个实施例中，多余的承诺网络设备资源被共享以在网络设备内提供服务。 一种方法在服务资源池和一个或多个服务资源池中维护服务资源。 服务资源根据需要从相应的池中取出。 服务资源根据需要重新分配到承诺资源池，以确保服务资源可用于以相应的承诺速率对相应的数据包进行服务。 由网络设备提供的这种服务的示例包括但不限于网络地址转换（NAT），防火墙，因特网协议安全（IPsec），虚拟专用网（VPN）或深度分组检测（DPI）服务。

公开(公告)号：US07356045B2

公开(公告)日：2008-04-08

申请号：US10278327

申请日：2002-10-22

申请人： Suresh K. Satapati ,  Senthil M. Sivakumar ,  Jieping Chen

发明人： Suresh K. Satapati ,  Senthil M. Sivakumar ,  Jieping Chen

IPC分类号： H04J3/16

CPC分类号： H04L29/12358 ,  H04L12/4604 ,  H04L29/12377 ,  H04L45/04 ,  H04L45/742 ,  H04L61/251 ,  H04L61/2517 ,  H04L69/16 ,  H04L69/167

摘要： A method for transparently sharing at least one IPv4 address among a plurality of hosts wherein at least a first host of the plurality of hosts uses the IPv4 protocol and wherein at least a second host of the plurality of hosts uses an IPv6 protocol is provided. A first data having a first source address and a first destination address is received. A network address translation with port address translation is performed, if the first data is in an IPv4 protocol. A network address translation protocol translation with port address translation is performed, if the first data is in an IPv6 protocol.

摘要翻译： 一种用于在多个主机之间透明地共享至少一个IPv4地址的方法，其中所述多个主机中的至少第一主机使用所述IPv4协议，并且其中所述多个主机中的至少第二主机使用IPv6协议。 接收具有第一源地址和第一目的地地址的第一数据。 如果第一个数据是IPv4协议，则执行具有端口地址转换的网络地址转换。 如果第一个数据是IPv6协议，则执行具有端口地址转换的网络地址转换协议转换。

公开(公告)号：US07333510B1

公开(公告)日：2008-02-19

申请号：US10194608

申请日：2002-07-12

申请人： Markus G. Hies ,  Senthil M. Sivakumar ,  Suresh K. Satapati

发明人： Markus G. Hies ,  Senthil M. Sivakumar ,  Suresh K. Satapati

IPC分类号： H04L12/56

CPC分类号： H04L12/5692 ,  H04L29/12358 ,  H04L29/12424 ,  H04L29/12443 ,  H04L61/251 ,  H04L61/2535 ,  H04L61/2542

摘要： A method for providing handling of data sent between a first network and at least a second network and a third network, wherein the first network is of a first protocol and the at least second and third networks are of a second protocol at least partially overlap is provided. A packet transmitted from the first network is received. The packet has a first address prefix if the packet is directed to the second network and has a second address prefix if the packet is directed to the third network. A destination address of the packet and a source address of the packet are translated from the first protocol to the second protocol. The packet is directed to the second network if the packet has the first address prefix. The packet is directed to the third network if the packet has the second address prefix.

摘要翻译： 一种用于提供在第一网络和至少第二网络和第三网络之间发送的数据的处理的方法，其中所述第一网络是第一协议，并且所述至少第二和第三网络具有至少部分重叠的第二协议 提供。 接收从第一网络发送的分组。 如果分组被引导到第二网络，则分组具有第一地址前缀，并且如果分组被定向到第三网络，则分组具有第二地址前缀。 分组的目的地址和分组的源地址从第一协议转换到第二协议。 如果分组具有第一地址前缀，则分组被引导到第二网络。 如果分组具有第二地址前缀，则分组被引导到第三网络。

公开(公告)号：US07334049B1

公开(公告)日：2008-02-19

申请号：US10026272

申请日：2001-12-21

申请人： Mahadev Somasundaram ,  Siva S. Jayasenan ,  Senthil M. Sivakumar

发明人： Mahadev Somasundaram ,  Siva S. Jayasenan ,  Senthil M. Sivakumar

IPC分类号： G06F15/16

CPC分类号： H04L69/22 ,  H04L69/16 ,  H04L69/161

摘要： Disclosed are methods and apparatus for performing network address translation (NAT) in a fully connected mesh with NAT virtual interface (NVI). In general terms, mechanisms (e.g., within a combination router/NAT device) are provided for translating network addresses of traffic going between two private domains or realms. These mechanisms may also be used to translate traffic going between a private and public domain. When a particular private address is translated into a public address, a binding is formed between the pre-translation address, the post-translation address, and the interface associated with the private or public address (e.g., an interface of the router/NAT device). Since bindings of different interfaces are tracked, a private address and its associated particular interface may be associated with a particular public address. Accordingly, the translation mechanisms of the present invention may be applied to two duplicate private addresses from two different private domains because the two identical private addresses are distinguished based on their different interfaces.

摘要翻译： 公开的是在与NAT虚拟接口（NVI）完全连接的网络中执行网络地址转换（NAT）的方法和装置。 一般来说，提供了机制（例如，在组合路由器/ NAT设备内）来翻译在两个私有域或领域之间的业务的网络地址。 这些机制也可用于翻译私有和公共领域之间的交通。 当特定私人地址被转换成公共地址时，在预翻译地址，翻译后地址和与专用或公共地址相关联的接口（例如，路由器/ NAT设备的接口）之间形成绑定 ）。 由于跟踪不同接口的绑定，所以私有地址及其相关联的特定接口可以与特定的公共地址相关联。 因此，本发明的翻译机制可以应用于来自两个不同私有域的两个重复私有地址，因为基于它们不同的接口区分两个相同的私有地址。

公开(公告)号：US07542463B2

公开(公告)日：2009-06-02

申请号：US10950288

申请日：2004-09-24

申请人： Kaushik P. Biswas ,  Thimmappa Thejaswi ,  Senthil M. Sivakumar ,  Siva S. Jayasenan

发明人： Kaushik P. Biswas ,  Thimmappa Thejaswi ,  Senthil M. Sivakumar ,  Siva S. Jayasenan

IPC分类号： H04J11/00

CPC分类号： H04L61/00 ,  H04L29/12009

摘要： Communicating packets along a control channel and a media channel includes receiving at a network address translator a first message having a first internal address from a first communication device. The first internal address is translated to a first external control address operable to route a control packet along a control channel. A second message having a first embedded media address is received from the first communication device. The first embedded media address is translated to a first external media address operable to route a media packet along a media channel.

摘要翻译： 沿着控制信道和媒体信道通信分组包括在网络地址转换器处接收具有来自第一通信设备的第一内部地址的第一消息。 第一内部地址被转换为可操作以沿着控制信道路由控制分组的第一外部控制地址。 从第一通信设备接收具有第一嵌入式媒体地址的第二消息。 第一嵌入式媒体地址被转换为可操作以沿着媒体信道路由媒体分组的第一外部媒体地址。

公开(公告)号：US07518987B2

公开(公告)日：2009-04-14

申请号：US11189478

申请日：2005-07-25

申请人： Kaushik P. Biswas ,  Senthil M. Sivakumar

发明人： Kaushik P. Biswas ,  Senthil M. Sivakumar

IPC分类号： G06F11/00 ,  G06F15/16 ,  G01R31/08

CPC分类号： H04L65/1006 ,  H04L29/12094 ,  H04L29/12301 ,  H04L29/12367 ,  H04L61/1529 ,  H04L61/2076 ,  H04L61/2514 ,  H04L67/14 ,  H04L69/40

摘要： Disclosed are methods and apparatus for facilitating reliable session based communication with a local host via a subnet of redundant network devices that also implement network address translation (NAT) or the like. In general, embodiments of the present invention include mechanisms for reestablishing access to a local host after the local host's active network device has failed and been replaced by a new active network device with an address space that differs from the failed network device. In this invention, the network devices associated with the same local host also implement NAT, or the like. In brief, for each of its associated local hosts, the new active network device causes an address server to be updated with a new public address that is assigned from its address space to the local host. This update allows other remote hosts access to the local hosts by obtaining the updated address information from the address server. Communication sessions that were established prior to the failing active network device may also be retained by the new active network device. In this aspect, for each ongoing particular session between a remote host and a local host of the new active network device, the new active network device updates the remote host with a new public address assigned to local host for use in the particular session.

摘要翻译： 公开了用于通过还实现网络地址转换（NAT）等的冗余网络设备的子网来促进与本地主机的基于会话的通信的方法和装置。 通常，本发明的实施例包括在本地主机的活动网络设备发生故障之后重新建立对本地主机的访问的机制，并且被具有不同于故障网络设备的地址空间的新的活动网络设备所替代。 在本发明中，与同一本地主机相关联的网络设备也实现NAT等。 简而言之，对于每个相关联的本地主机，新的活动网络设备使得使用从其地址空间分配给本地主机的新的公共地址来更新地址服务器。 此更新允许其他远程主机通过从地址服务器获取更新的地址信息来访问本地主机。 在故障的活动网络设备之前建立的通信会话也可以由新的活动网络设备保留。 在这方面，对于远程主机和新的活动网络设备的本地主机之间的每个正在进行的特定会话，新的活动网络设备使用分配给本地主机的新的公共地址来更新远程主机以在特定会话中使用。

公开(公告)号：US07443849B2

公开(公告)日：2008-10-28

申请号：US11026891

申请日：2004-12-30

申请人： Kaushik P. Biswas ,  Senthil M. Sivakumar ,  Melinda L. Shore

发明人： Kaushik P. Biswas ,  Senthil M. Sivakumar ,  Melinda L. Shore

IPC分类号： H04L12/28 ,  H04L12/56 ,  H04J3/16 ,  H04J3/22

CPC分类号： H04L29/12009 ,  H04L29/12528 ,  H04L29/12537 ,  H04L61/2575 ,  H04L61/2578 ,  H04L69/40

摘要： Disclosed are methods and apparatus for facilitating translation of packet addresses (or ports) by one or more translation devices (e.g., Network Address Translation or NAT devices) using a specialized protocol to handle an address (or port) that is used to form part of a payload. In one implementation, this specialized protocol is referred to as Network Layer Signaling (NLS). As a packet traverses along a path containing one or more translation devices, each translation device is configured to translate an address (or port) of such packet's IP header if the packet is traversing between different domains (e.g., traversing between a private and public domain or between two different private domains). One or more of these translation devices may also be configured to implement the specialized protocol which includes translation device traversal mechanisms for detecting whether the traversal path contains a translation device that fails to implement such specialized protocol. When such a failure is detected, recovery mechanisms are also triggered.

摘要翻译： 公开了一种用于利用专用协议来利用一个或多个翻译设备（例如，网络地址转换或NAT设备）来转换分组地址（或端口）以处理用于形成部分的地址（或端口）的方法和装置 有效载荷 在一个实现中，该专用协议被称为网络层信令（NLS）。 当分组沿着包含一个或多个翻译设备的路径穿越时，如果分组在不同域之间遍历（例如，在私有域和公共域之间遍历），则每个翻译设备被配置为转换该分组的IP报头的地址（或端口） 或两个不同的私有域之间）。 这些翻译装置中的一个或多个还可以被配置为实现专用协议，其包括用于检测穿越路径是否包含不能实现这种专用协议的翻译装置的翻译装置遍历机制。 当检测到这种故障时，还会触发恢复机制。