公开(公告)号：US20160099859A1

公开(公告)日：2016-04-07

申请号：US14507142

申请日：2014-10-06

Applicant: Futurewei Technologies, Inc.

Inventor： Mehdi Arashmid Akhavain Mohammadi ,  Peter Ashwood-Smith ,  Tao Wan

IPC: H04L12/26 ,  H04L12/741 ,  H04L12/721

CPC classification number: H04L43/50 ,  H04L45/12 ,  H04L45/28 ,  H04L45/34 ,  H04L45/36 ,  H04L45/566 ,  H04L45/74

Abstract: A packet forwarding validation method comprising receiving a data packet that comprises a next-hop index and a plurality of next-hop identifiers, wherein the next-hop index references a next-hop identifier from the plurality of next-hop identifiers, and wherein the plurality of next-hop identifiers indicates a sequence of next-hops through a network for the data packet, identifying a previous-hop network node using the next-hop index and the plurality of next-hop identifiers, determining a transmitter network node of the data packet, comparing the previous-hop network node and the transmitter network node, detecting a forwarding error when the previous-hop network node and the transmitter network node are not the same, and processing the data packet when the previous-hop network node and the transmitter network node are the same.

Abstract translation: 一种分组转发验证方法，包括接收包括下一跳索引和多个下一跳标识符的数据分组，其中所述下一跳索引从所述多个下一跳标识符引用下一跳标识符，并且其中 多个下一跳标识符指示通过网络为数据分组的下一跳的序列，使用下一跳索引识别上一跳网络节点和多个下一跳标识符，确定所述下一跳标识符的发射机网络节点 数据包，比较前一跳网络节点和发射机网络节点，当前一跳网络节点和发射机网络节点不相同时检测转发错误，并且当前一跳网络节点和 发射机网络节点是相同的。

公开(公告)号：US20140201374A1

公开(公告)日：2014-07-17

申请号：US14152909

申请日：2014-01-10

Applicant: FUTUREWEI TECHNOLOGIES, INC.

Inventor： Peter Ashwood-Smith ,  Mehdi Arashmid Akhavain Mohammadi ,  Evelyne Roch

IPC: H04L12/24 ,  G06F9/50

CPC classification number: H04L41/18 ,  G06F9/50 ,  H04L49/70

Abstract: An apparatus for performing network function virtualization (NFV), comprising: a memory, a processor coupled to the memory, wherein the memory includes instructions that when executed by the processor cause the apparatus to perform the following: receive an instruction to virtualize a network device within a network, divide, according to the instruction, the network device into a plurality of network functions (NFs) used to form a virtualized network node that corresponds to the network device, launch the NFs within one or more virtual containers, and group the virtual containers together using a group identifier (ID) that corresponds to the virtualized network node, wherein each of the NFs correspond to a network function performed by the network device prior to virtualization.

Abstract translation: 一种用于执行网络功能虚拟化（NFV）的装置，包括：存储器，耦合到所述存储器的处理器，其中所述存储器包括当所述处理器执行时执行以下操作的指令：接收虚拟化网络设备的指令 在网络内，根据该指令将网络设备划分成用于形成对应于网络设备的虚拟网络节点的多个网络功能（NF），在一个或多个虚拟容器内启动NF，并将 虚拟容器在一起使用对应于虚拟化网络节点的组标识符（ID），其中每个NF对应于虚拟化之前由网络设备执行的网络功能。

公开(公告)号：US09847915B2

公开(公告)日：2017-12-19

申请号：US14152909

申请日：2014-01-10

Applicant: Futurewei Technologies, Inc.

Inventor： Peter Ashwood-Smith ,  Mehdi Arashmid Akhavain Mohammadi ,  Evelyne Roch

IPC: G06F15/173 ,  H04L12/24 ,  G06F9/50 ,  H04L12/931

CPC classification number: H04L41/18 ,  G06F9/50 ,  H04L49/70

Abstract: An apparatus for performing network function virtualization (NFV), comprising: a memory, a processor coupled to the memory, wherein the memory includes instructions that when executed by the processor cause the apparatus to perform the following: receive an instruction to virtualize a network device within a network, divide, according to the instruction, the network device into a plurality of network functions (NFs) used to form a virtualized network node that corresponds to the network device, launch the NFs within one or more virtual containers, and group the virtual containers together using a group identifier (ID) that corresponds to the virtualized network node, wherein each of the NFs correspond to a network function performed by the network device prior to virtualization.

公开(公告)号：US20150229618A1

公开(公告)日：2015-08-13

申请号：US14177913

申请日：2014-02-11

Applicant: FUTUREWEI TECHNOLOGIES, INC.

Inventor： Tao Wan ,  Peter Ashwood-Smith ,  Mehdi Arashmid Akhavain Mohammadi ,  Guoli Yin ,  Yapeng Wu

IPC: H04L29/06 ,  H04L12/721

CPC classification number: H04L63/0823 ,  H04L45/34 ,  H04L63/12 ,  H04L63/162

Abstract: Embodiments are provided for securing source routing using public key based digital signature. If a protected source route is tampered with, a public key based method allows a downstream node to detect the tampering. The method is based on using digital signatures to protect the integrity of source routes. When creating a source route for a traffic flow, a designated network component computes a digital signature and adds the digital signature to the packets. When the packets are received at a node on the route, the node uses the digital signature and a public key to verify the source route and determines accordingly whether the source route has been tampered with. If tampering is detected, the receiving node stops the forwarding of the packets.

Abstract translation: 提供了使用基于公钥的数字签名来保护源路由的实施例。 如果受保护的源路由被篡改，基于公钥的方法允许下游节点检测到篡改。 该方法基于使用数字签名来保护源路由的完整性。 当为流量流创建源路由时，指定的网络组件计算数字签名并将数字签名添加到分组。 当路由节点接收到报文时，节点使用数字签名和公钥来验证源路由，并确定源路由是否被篡改。 如果检测到篡改，则接收节点停止转发数据包。