公开(公告)号：US20160099859A1

公开(公告)日：2016-04-07

申请号：US14507142

申请日：2014-10-06

Applicant: Futurewei Technologies, Inc.

Inventor： Mehdi Arashmid Akhavain Mohammadi ,  Peter Ashwood-Smith ,  Tao Wan

IPC: H04L12/26 ,  H04L12/741 ,  H04L12/721

CPC classification number: H04L43/50 ,  H04L45/12 ,  H04L45/28 ,  H04L45/34 ,  H04L45/36 ,  H04L45/566 ,  H04L45/74

Abstract: A packet forwarding validation method comprising receiving a data packet that comprises a next-hop index and a plurality of next-hop identifiers, wherein the next-hop index references a next-hop identifier from the plurality of next-hop identifiers, and wherein the plurality of next-hop identifiers indicates a sequence of next-hops through a network for the data packet, identifying a previous-hop network node using the next-hop index and the plurality of next-hop identifiers, determining a transmitter network node of the data packet, comparing the previous-hop network node and the transmitter network node, detecting a forwarding error when the previous-hop network node and the transmitter network node are not the same, and processing the data packet when the previous-hop network node and the transmitter network node are the same.

Abstract translation: 一种分组转发验证方法，包括接收包括下一跳索引和多个下一跳标识符的数据分组，其中所述下一跳索引从所述多个下一跳标识符引用下一跳标识符，并且其中 多个下一跳标识符指示通过网络为数据分组的下一跳的序列，使用下一跳索引识别上一跳网络节点和多个下一跳标识符，确定所述下一跳标识符的发射机网络节点 数据包，比较前一跳网络节点和发射机网络节点，当前一跳网络节点和发射机网络节点不相同时检测转发错误，并且当前一跳网络节点和 发射机网络节点是相同的。

公开(公告)号：US20150229618A1

公开(公告)日：2015-08-13

申请号：US14177913

申请日：2014-02-11

Applicant: FUTUREWEI TECHNOLOGIES, INC.

Inventor： Tao Wan ,  Peter Ashwood-Smith ,  Mehdi Arashmid Akhavain Mohammadi ,  Guoli Yin ,  Yapeng Wu

IPC: H04L29/06 ,  H04L12/721

CPC classification number: H04L63/0823 ,  H04L45/34 ,  H04L63/12 ,  H04L63/162

Abstract: Embodiments are provided for securing source routing using public key based digital signature. If a protected source route is tampered with, a public key based method allows a downstream node to detect the tampering. The method is based on using digital signatures to protect the integrity of source routes. When creating a source route for a traffic flow, a designated network component computes a digital signature and adds the digital signature to the packets. When the packets are received at a node on the route, the node uses the digital signature and a public key to verify the source route and determines accordingly whether the source route has been tampered with. If tampering is detected, the receiving node stops the forwarding of the packets.

Abstract translation: 提供了使用基于公钥的数字签名来保护源路由的实施例。 如果受保护的源路由被篡改，基于公钥的方法允许下游节点检测到篡改。 该方法基于使用数字签名来保护源路由的完整性。 当为流量流创建源路由时，指定的网络组件计算数字签名并将数字签名添加到分组。 当路由节点接收到报文时，节点使用数字签名和公钥来验证源路由，并确定源路由是否被篡改。 如果检测到篡改，则接收节点停止转发数据包。

公开(公告)号：US20150244583A1

公开(公告)日：2015-08-27

申请号：US14191526

申请日：2014-02-27

Applicant: FutureWei Technologies, Inc.

Inventor： Tao Wan ,  Guoli Yin ,  Yapeng Wu ,  Peter Ashwood-Smith ,  Xingjun Chu

IPC: H04L12/24 ,  H04L29/08

CPC classification number: H04L41/145 ,  H04L41/12 ,  H04L41/22

Abstract: Embodiments are provided herein for creating virtual networks with service chains, such as n-tier networks, in the cloud. In an embodiment, a network diagram for a virtual network is received from a user via a graphical user interface. The network diagram comprises elements that represent virtual or physical network components. The network components include switches, routers, firewalls, links, service appliances, virtual machines, servers, or other network components. Upon successfully validating the network diagram, via a validation step, the network diagram is compiled into application programming interface (API) calls ready for execution. The executed APIs are used to establish the virtual network on a physical network infrastructure. The virtual network comprises virtual network components corresponding to the elements or the network diagram.

Abstract translation: 本文提供的实施例用于在云中创建具有诸如n层网络的服务链的虚拟网络。 在一个实施例中，经由图形用户界面从用户接收虚拟网络的网络图。 网络图包括表示虚拟或物理网络组件的元素。 网络组件包括交换机，路由器，防火墙，链路，服务设备，虚拟机，服务器或其他网络组件。 在成功验证网络图后，通过验证步骤将网络图编译成应用程序编程接口（API）调用准备执行。 执行的API用于在物理网络基础架构上建立虚拟网络。 虚拟网络包括对应于元素或网络图的虚拟网络组件。