公开(公告)号：US09246794B2

公开(公告)日：2016-01-26

申请号：US13566029

申请日：2012-08-03

申请人： Pascal Thubert ,  Patrice Bellagamba ,  Dirk Anteunis ,  Eric Michel Levy-Abegnoli

发明人： Pascal Thubert ,  Patrice Bellagamba ,  Dirk Anteunis ,  Eric Michel Levy-Abegnoli

IPC分类号： H04L12/28 ,  H04L12/705 ,  H04L12/723 ,  H04L12/751 ,  H04L12/721 ,  H04L12/707 ,  H04L12/703

CPC分类号： H04L45/18 ,  H04L45/02 ,  H04L45/12 ,  H04L45/1283 ,  H04L45/22 ,  H04L45/28 ,  H04L45/507

摘要： In one embodiment, a method comprises creating, in a computing network, a loop-free routing topology for reaching a destination device, the loop-free routing topology comprising distinct paths for reaching the destination device; generating a set of serialized representations describing the loop-free routing topology, each serialized representation describing a corresponding one of the paths; and propagating the set of serialized representations from the destination device to network nodes in the computing network, enabling the network nodes to establish loop-free label switched paths for reaching the destination device via the loop-free routing topology.

摘要翻译： 在一个实施例中，一种方法包括在计算网络中创建用于到达目的地设备的无环路由拓扑，所述无环路由拓扑包括用于到达目的地设备的不同路径; 生成描述无环路由拓扑的一系列序列化表示，每个序列化表示描述对应的一个路径; 并将该集合的序列化表示从目的地设备传播到计算网络中的网络节点，使得网络节点能够建立无循环标签交换路径，以经由无环路由拓扑到达目的地设备。

公开(公告)号：US20090024758A1

公开(公告)日：2009-01-22

申请号：US11826594

申请日：2007-07-17

申请人： Eric Michel Levy-Abegnoli ,  Pascal Thubert ,  Richard Gayraud

发明人： Eric Michel Levy-Abegnoli ,  Pascal Thubert ,  Richard Gayraud

IPC分类号： G06F15/16

CPC分类号： H04W12/12 ,  H04L45/745 ,  H04L63/1416 ,  H04L63/1458 ,  H04W80/04

摘要： In one embodiment, a method comprises initiating neighbor discovery in response to detecting an absence of an IP destination address of a received data packet within a neighbor cache, including outputting a neighbor solicitation message targeting the IP destination address into a network served by the router, generating a hash index value based on the IP destination address combined with a randomized token stored in the router, and storing the data packet in a selected one of a plurality of pending message queues in the router based on the corresponding hash index value, each pending message queue configured for storing stored data packets having the corresponding hash index value and awaiting respective solicited neighbor advertisement messages from the network; and detecting whether the router is encountering a neighbor discovery denial of service attack based on a determined distribution of the stored data packets among the pending message queues.

摘要翻译： 在一个实施例中，一种方法包括响应于检测到相邻高速缓存中接收到的数据分组的IP目的地地址的不存在而启动邻居发现，包括将针对该IP目的地地址的邻居请求消息输出到由路由器服务的网络中， 基于与存储在路由器中的随机化标记组合的IP目的地地址生成散列索引值，并且基于相应的散列索引值将数据分组存储在路由器中的多个未决消息队列中的所选择的一个中，每个等待 消息队列，用于存储具有相应哈希索引值的存储数据分组，并且等待来自网络的相应的被请求的相邻广告消息; 以及基于所确定的等待消息队列中存储的数据分组的分布来检测路由器是否遇到邻居发现拒绝服务攻击。

公开(公告)号：US09088502B2

公开(公告)日：2015-07-21

申请号：US13113113

申请日：2011-05-23

申请人： Pascal Thubert ,  Patrice Bellagamba ,  Dirk Anteunis ,  Eric Michel Levy-Abegnoli

发明人： Pascal Thubert ,  Patrice Bellagamba ,  Dirk Anteunis ,  Eric Michel Levy-Abegnoli

IPC分类号： H04L12/28 ,  H04L12/721 ,  H04L12/705

CPC分类号： H04L45/18 ,  H04L41/0803 ,  H04L45/02 ,  H04L45/14

摘要： In one embodiment, a method comprises creating, in a computing network, a loop-free routing topology comprising a plurality of routing arcs for reaching a destination device, each routing arc comprising a first network device as a first end of the routing arc, a second network device as a second end of the routing arc, and at least a third network device configured for routing any network traffic along the routing arc toward the destination device via any one of the first or second ends of the routing arc; and causing the network traffic to be forwarded along at least one of the routing arcs to the destination device.

摘要翻译： 在一个实施例中，一种方法包括在计算网络中创建包括用于到达目的地设备的多个路由弧的无环路由拓扑，每个路由弧包括作为路由电弧的第一端的第一网络设备， 第二网络设备作为路由电弧的第二端，以及至少第三网络设备，被配置为经由所述路由电弧的所述第一或第二端中的任何一个沿着所述路由电弧将任何网络业务路由到目的地设备; 并且使得网络业务沿着至少一个路由弧被转发到目的地设备。

公开(公告)号：US08266427B2

公开(公告)日：2012-09-11

申请号：US11808362

申请日：2007-06-08

申请人： Pascal Thubert ,  Eric Michel Levy-Abegnoli ,  Alpesh S. Patel

发明人： Pascal Thubert ,  Eric Michel Levy-Abegnoli ,  Alpesh S. Patel

IPC分类号： H04L29/06

CPC分类号： H04L63/062 ,  H04L29/12216 ,  H04L29/12915 ,  H04L61/2007 ,  H04L61/6059 ,  H04L63/12 ,  H04W12/04 ,  H04W12/10

摘要： In one embodiment, a method comprises receiving by an agent a request from a network node for generation of a secure IPv6 address for use by the network node, the request including a selected subset of parameters selected by the network node and required for generation of the secure IPv6 address according to a prescribed secure address generation procedure, the selected subset including at least a public key owned by the network node; dynamically generating by the agent at least a second of the parameters required for generation of the secure IPv6 address; generating by the agent the secure IPv6 address based on the selected subset and the second of the parameters required for generation of the secure IPv6 address; and outputting, to the network node, an acknowledgment to the request and that includes the secure IPv6 address, and the parameters required for generation of the secure IPv6 address.

摘要翻译： 在一个实施例中，一种方法包括由代理接收来自网络节点的用于生成由网络节点使用的安全IPv6地址的请求，所述请求包括由网络节点选择的所选择的参数子集，并且需要用于生成 安全的IPv6地址根据规定的安全地址生成过程，所选择的子集至少包括由网络节点拥有的公钥; 由所述代理动态产生生成所述安全IPv6地址所需的至少二分之一的参数; 由代理生成基于选择的子集的安全IPv6地址和产生安全IPv6地址所需的第二参数; 以及向所述网络节点输出对所述请求的确认，并且包括所述安全IPv6地址以及所述安全IPv6地址的生成所需的参数。

公开(公告)号：US08219800B2

公开(公告)日：2012-07-10

申请号：US11808059

申请日：2007-06-06

申请人： Eric Michel Levy-Abegnoli ,  Pascal Thubert

发明人： Eric Michel Levy-Abegnoli ,  Pascal Thubert

IPC分类号： H04L29/06

CPC分类号： H04L45/00 ,  H04L45/02 ,  H04L63/0823 ,  H04L63/1416 ,  H04L63/1466

摘要： In one embodiment, a method comprises receiving, by a router in a network, a router advertisement message on a network link of the network; detecting within the router advertisement message, by the router, an advertised address prefix and an identified router having transmitted the router advertisement message within the network; determining, by the router, whether the identified router is authorized to at least one of advertise itself as a router, or advertise the advertised address prefix on the network link; and selectively initiating, by the router, a defensive operation against the identified router based on the router determining the identified router is not authorized to advertise itself as a router, or advertise the advertised address prefix on the network link.

摘要翻译： 在一个实施例中，一种方法包括由网络中的路由器接收网络的网络链路上的路由器通告消息; 在路由器通告消息内检测由路由器发布的地址前缀和已经在网络内发送了路由器通告消息的已识别路由器; 由所述路由器确定所识别的路由器是否被授权至少一个将自身公告为路由器，或者在所述网络链路上通告所通告的地址前缀; 并且由路由器选择性地启动基于确定所识别的路由器的路由器对所识别的路由器的防御性操作，所述路由器不被授权将其自身作为路由器进行通告，或者在网络链路上通告所通告的地址前缀。

公开(公告)号：US08312541B2

公开(公告)日：2012-11-13

申请号：US11826594

申请日：2007-07-17

申请人： Eric Michel Levy-Abegnoli ,  Pascal Thubert ,  Richard Gayraud

发明人： Eric Michel Levy-Abegnoli ,  Pascal Thubert ,  Richard Gayraud

IPC分类号： H04L29/06

CPC分类号： H04W12/12 ,  H04L45/745 ,  H04L63/1416 ,  H04L63/1458 ,  H04W80/04

摘要： In one embodiment, a method comprises initiating neighbor discovery in response to detecting an absence of an IP destination address of a received data packet within a neighbor cache, including outputting a neighbor solicitation message targeting the IP destination address into a network served by the router, generating a hash index value based on the IP destination address combined with a randomized token stored in the router, and storing the data packet in a selected one of a plurality of pending message queues in the router based on the corresponding hash index value, each pending message queue configured for storing stored data packets having the corresponding hash index value and awaiting respective solicited neighbor advertisement messages from the network; and detecting whether the router is encountering a neighbor discovery denial of service attack based on a determined distribution of the stored data packets among the pending message queues.

摘要翻译： 在一个实施例中，一种方法包括响应于检测到相邻高速缓存中接收到的数据分组的IP目的地地址的不存在而启动邻居发现，包括将针对该IP目的地地址的邻居请求消息输出到由路由器服务的网络中， 基于与存储在路由器中的随机化标记组合的IP目的地地址生成散列索引值，并且基于相应的散列索引值将数据分组存储在路由器中的多个未决消息队列中的所选择的一个中，每个等待 消息队列，用于存储具有相应哈希索引值的存储数据分组，并且等待来自网络的相应的被请求的相邻广告消息; 以及基于所确定的等待消息队列中存储的数据分组的分布来检测路由器是否遇到邻居发现拒绝服务攻击。

公开(公告)号：US20080304457A1

公开(公告)日：2008-12-11

申请号：US11808362

申请日：2007-06-08

申请人： Pascal Thubert ,  Eric Michel Levy-Abegnoli ,  Alpesh S. Patel

发明人： Pascal Thubert ,  Eric Michel Levy-Abegnoli ,  Alpesh S. Patel

IPC分类号： H04Q7/24

CPC分类号： H04L63/062 ,  H04L29/12216 ,  H04L29/12915 ,  H04L61/2007 ,  H04L61/6059 ,  H04L63/12 ,  H04W12/04 ,  H04W12/10

摘要： In one embodiment, a method comprises receiving by an agent a request from a network node for generation of a secure IPv6 address for use by the network node, the request including a selected subset of parameters selected by the network node and required for generation of the secure IPv6 address according to a prescribed secure address generation procedure, the selected subset including at least a public key owned by the network node; dynamically generating by the agent at least a second of the parameters required for generation of the secure IPv6 address; generating by the agent the secure IPv6 address based on the selected subset and the second of the parameters required for generation of the secure IPv6 address; and outputting, to the network node, an acknowledgment to the request and that includes the secure IPv6 address, and the parameters required for generation of the secure IPv6 address.

摘要翻译： 在一个实施例中，一种方法包括由代理接收来自网络节点的用于生成由网络节点使用的安全IPv6地址的请求，所述请求包括由网络节点选择的所选择的参数子集，并且需要用于生成 安全的IPv6地址根据规定的安全地址生成过程，所选择的子集至少包括由网络节点拥有的公钥; 由所述代理动态产生生成所述安全IPv6地址所需的至少二分之一的参数; 由代理生成基于选择的子集的安全IPv6地址和产生安全IPv6地址所需的第二参数; 以及向所述网络节点输出对所述请求的确认，并且包括所述安全IPv6地址以及所述安全IPv6地址的生成所需的参数。

公开(公告)号：US08897135B2

公开(公告)日：2014-11-25

申请号：US13371065

申请日：2012-02-10

申请人： Pascal Thubert ,  Dirk Anteunis ,  Eric Michel Levy-Abegnoli ,  Patrice Bellagamba

发明人： Pascal Thubert ,  Dirk Anteunis ,  Eric Michel Levy-Abegnoli ,  Patrice Bellagamba

IPC分类号： G01R31/08

CPC分类号： H04L47/125 ,  H04L41/0663 ,  H04L45/02 ,  H04L45/18 ,  H04L45/22

摘要： In one embodiment, a method comprises creating, in a computing network, a loop-free routing topology comprising a plurality of routing arcs for reaching a destination device, each routing arc comprising a first network device as a first end of the routing arc, a second network device as a second end of the routing arc, and at least a third network device configured for routing any network traffic along the routing arc toward the destination device via any one of the first or second ends of the routing arc; and load balancing the network traffic along the routing arcs based on traffic metrics obtained at the first and second ends of the routing arcs, including selectively sending a backpressure command to a first one of the routing arcs supplying at least a portion of the network traffic to a congested one of the routing arcs.

摘要翻译： 在一个实施例中，一种方法包括在计算网络中创建包括用于到达目的地设备的多个路由弧的无环路由拓扑，每个路由弧包括作为路由电弧的第一端的第一网络设备， 第二网络设备作为路由电弧的第二端，以及至少第三网络设备，被配置为经由所述路由电弧的所述第一或第二端中的任何一个沿着所述路由电弧将任何网络业务路由到目的地设备; 以及基于在所述路由弧的第一和第二端处获得的流量度量来沿着所述路由弧负载平衡网络流量，包括选择性地向所述路由弧中的所述路由弧中的第一个提供所述网络业务的至少一部分， 拥塞的一个路由弧。

公开(公告)号：US20080307516A1

公开(公告)日：2008-12-11

申请号：US11808059

申请日：2007-06-06

申请人： Eric Michel Levy-Abegnoli ,  Pascal Thubert

发明人： Eric Michel Levy-Abegnoli ,  Pascal Thubert

IPC分类号： H04L9/32 ,  G06F17/00 ,  H04L9/00

CPC分类号： H04L45/00 ,  H04L45/02 ,  H04L63/0823 ,  H04L63/1416 ,  H04L63/1466

摘要： In one embodiment, a method comprises receiving, by a router in a network, a router advertisement message on a network link of the network; detecting within the router advertisement message, by the router, an advertised address prefix and an identified router having transmitted the router advertisement message within the network; determining, by the router, whether the identified router is authorized to at least one of advertise itself as a router, or advertise the advertised address prefix on the network link; and selectively initiating, by the router, a defensive operation against the identified router based on the router determining the identified router is not authorized to advertise itself as a router, or advertise the advertised address prefix on the network link.

摘要翻译： 在一个实施例中，一种方法包括由网络中的路由器接收网络的网络链路上的路由器通告消息; 在路由器通告消息内检测由路由器发布的地址前缀和已经在网络内发送了路由器通告消息的已识别路由器; 由所述路由器确定所识别的路由器是否被授权至少一个将自身公告为路由器，或者在所述网络链路上通告所通告的地址前缀; 并且由路由器选择性地启动基于确定所识别的路由器的路由器对所识别的路由器的防御性操作，所述路由器不被授权将其自身作为路由器进行通告，或者在网络链路上通告所通告的地址前缀。

公开(公告)号：US09319962B2

公开(公告)日：2016-04-19

申请号：US14043974

申请日：2013-10-02

申请人： Patrick Wetterwald ,  Jean-Philippe Vasseur ,  Pascal Thubert

发明人： Patrick Wetterwald ,  Jean-Philippe Vasseur ,  Pascal Thubert

IPC分类号： H04W40/04 ,  H04W72/04 ,  H04W40/34 ,  H04W40/38 ,  H04L12/721 ,  H04L12/707 ,  H04L12/703

CPC分类号： H04W40/04 ,  H04L45/12 ,  H04L45/22 ,  H04L45/28 ,  H04W40/34 ,  H04W40/38 ,  H04W72/0446 ,  Y02D70/144 ,  Y02D70/32

摘要： In one embodiment, an initial path is established in a wireless deterministic network between a source and a destination through one or more intermediate nodes, which are typically informed of a required metric between the source and the destination for communicating a packet. The initial path is locally (e.g., without contacting a path computation engine) reconfigured to bypass at least one of the intermediate nodes creating a new path, with the new path meeting the requirement(s) of the metric. Note, “locally reconfiguring” refers to the network nodes themselves determining a replacement path without reliance on a path computation engine or other entity (e.g., network management system, operating support system) in determining the replacement path. In one embodiment, a network node not on the initial path replaces a node on the initial path while using the same receive and send timeslots used in the initial path.

摘要翻译： 在一个实施例中，通过一个或多个中间节点在源和目的地之间的无线确定性网络中建立初始路径，所述中间节点通常被通知源和目的地之间用于传送分组的所需度量。 初始路径在本地（例如，不接触路径计算引擎）被重新配置为绕过创建新路径的至少一个中间节点，新路径满足度量的要求。 注意，“本地重新配置”是指网络节点本身在不依赖路径计算引擎或其他实体（例如，网络管理系统，操作支持系统））确定替换路径时确定替换路径。 在一个实施例中，不在初始路径上的网络节点替换初始路径上的节点，同时使用在初始路径中使用的相同的接收和发送时隙。