-
公开(公告)号:US07076801B2
公开(公告)日:2006-07-11
申请号:US09878824
申请日:2001-06-11
申请人: Fengmin Gong , Chandramouli Sargor , Feiyi Wang
发明人: Fengmin Gong , Chandramouli Sargor , Feiyi Wang
IPC分类号: G06F15/16
CPC分类号: H04L63/0281 , H04L63/029 , H04L63/14
摘要: The invention relates to a reconfigurable scalable intrusion-tolerant network that is interposed between a service requesting client and a protected server to minimize the impact of intrusive events. The apparatus may include a proxy server for receiving the requests from a client and forwarding them to a protected server. Acceptance monitors receive the response from a protected server and apply one or more acceptance tests. A ballot monitor receives the result of the acceptance tests and determines a response to the client. The network may also include an intrusion sensor to detect threats to the network and a reconfigurer to alter the network forwarding scheme. Reconfiguration may include isolating network elements, creating parallel paths, implementing redundant operations, or assessing the validity of responses.
-
2.发明申请FLEXIBLE, COST-EFFECTIVE SOLUTION FOR PEER-TO-PEER, GAMING, AND APPLICATION TRAFFIC DETECTION & TREATMENT 有权灵活,成本有效的解决方案,用于对等,游戏和应用交通检测与处理公开(公告)号:US20120327773A1
公开(公告)日:2012-12-27
申请号:US13605537
申请日:2012-09-06
IPC分类号: H04L12/24
CPC分类号: H04L47/245 , H04L43/026
摘要: A method and apparatus for detecting peer traffic based on a heuristic model and deep packet inspection is described. A suspect set of peer packets is detected using a heuristic model. From the suspect set of peer packet, a set of verified peer packets is detected using deep packet inspection. The set of verified peer packets is processed according to the peer processing policy, while the non-verified peer packets is processed according a non-peer policy. Furthermore, the statistics are generated from the set of suspect peer packet. These statistics are used to update the heuristic model.
摘要翻译: 描述了一种基于启发式模型和深度分组检测来检测对等流量的方法和装置。 使用启发式模型检测到可疑的一组对等包。 从可疑的对等分组集合中,使用深度分组检测来检测一组验证的对等体分组。 根据对等体处理策略对已验证的对等体报文进行处理,同时根据非对等体策略对未经验证的对等体报文进行处理。 此外,从可疑对等体组的集合生成统计信息。 这些统计信息用于更新启发式模型。
-
公开(公告)号:US20120131215A1
公开(公告)日:2012-05-24
申请号:US13359960
申请日:2012-01-27
申请人: Rajesh I. Balay , Chandramouli Sargor , Sachin S. Desai , Francois Lemarchand , Amit K. Khetawat
发明人: Rajesh I. Balay , Chandramouli Sargor , Sachin S. Desai , Francois Lemarchand , Amit K. Khetawat
IPC分类号: G06F15/16
CPC分类号: H04L47/2425 , H04L63/10 , H04L63/102 , H04L67/306 , H04L67/322 , H04L67/327
摘要: Methods are provided for managing hierarchically organized subscriber profiles. According to one embodiment, a connection for a subscriber is created based on a service context of the subscriber. A connection request is received from a subscriber of a network service delivery environment. The subscriber is associated with a first-level profile identifier indicative of a service context for the subscriber. One or more other subscribers can be associated with the first-level profile identifier. Lower-level profile identifiers are determined using the first-level profile identifier. The lower-level profile identifiers indicate a set of services that is available to the subscriber during the connection. Creating a connection for the subscriber that enables forwarding of packets based on the lower-level profile identifiers.
摘要翻译: 提供了用于管理分层组织的用户简档的方法。 根据一个实施例,基于用户的服务上下文创建用户的连接。 从网络服务传送环境的订户接收连接请求。 订户与指示用户的服务上下文的第一级配置文件标识相关联。 一个或多个其他用户可以与第一级配置文件标识符相关联。 使用第一级配置文件标识符确定较低级配置文件标识符。 较低级别的配置文件标识符指示在连接期间可用于订户的一组服务。 为订户创建一个连接,使连接能够基于较低级别的配置文件标识符转发数据包。
-
公开(公告)号:US08122289B2
公开(公告)日:2012-02-21
申请号:US12421609
申请日:2009-04-09
IPC分类号: G06F11/00
CPC分类号: G06F9/5083 , G06F11/1482 , G06F11/2025 , G06F11/2028 , G06F11/2041 , G06F2209/5011
摘要: Compute resources of multiple resource cards are assigned to compute resource pools. Each compute resource pool is typically associated with a specific service (e.g., VoIP, video service, deep packet inspection, etc). Compute resource groups are created in each compute resource pool and are allocated one or more compute resources of that compute resource pool. Those compute resources in a given resource pool that are not allocated to a compute resource group are set as backup compute resources. Upon a failure of a compute resource in a compute resource pool that includes backup compute resources, a backup compute resource is selected and takes over the function of the failed compute resource. Upon a failure of a compute resource in a compute resource group of a compute resource pool that does not include a backup compute resource, the traffic is load balanced across the remaining compute resources of that compute resource group.
摘要翻译: 计算多个资源卡的资源被分配给计算资源池。 每个计算资源池通常与特定服务(例如,VoIP,视频服务,深度包检查等)相关联。 在每个计算资源池中创建计算资源组,并为该计算资源池分配一个或多个计算资源。 给定资源池中未分配给计算资源组的计算资源设置为备份计算资源。 在包含备份计算资源的计算资源池中的计算资源发生故障时,将选择备份计算资源,并接管故障计算资源的功能。 在不包括备份计算资源的计算资源池的计算资源组中计算资源失败时,流量将在该计算资源组的剩余计算资源之间进行负载平衡。
-
公开(公告)号:US20070064704A1
公开(公告)日:2007-03-22
申请号:US11537609
申请日:2006-09-30
申请人: Rajesh Balay , Vijay Srinivasan , Sanjeev Tyagi , Pasula Reddy , Chandramouli Sargor , John Crawbuck
发明人: Rajesh Balay , Vijay Srinivasan , Sanjeev Tyagi , Pasula Reddy , Chandramouli Sargor , John Crawbuck
IPC分类号: H04L12/56
摘要: Methods and Systems are provided for a distributed Provider Edge (PE). A single Virtual Routing and Forwarding device (VRF) is associated with a single customer site. The VRF includes a single routing table (RIB) and a single forwarding table (FIB). The VRF also includes a plurality of Virtual Private Network (VPN) Protocol Instance Modules (VRP), where each VRP is associated with a different VPN from the customer site. Each VRP accesses the RIB directly and the FIB indirectly to acquiring addressing/routing information for a received data packet. Moreover, each VRP uses a data plane of the VRP to communicate the data packets to a PE backbone device. In turn, the PE backbone device uses the data plane to communicate with each of the VRPs, and the PE backbone device communicates with one or more tunnels.
摘要翻译: 为分布式提供商边缘(PE)提供方法和系统。 单个虚拟路由和转发设备(VRF)与单个客户站点相关联。 VRF包括单个路由表(RIB)和单个转发表(FIB)。 VRF还包括多个虚拟专用网(VPN)协议实例模块(Virtual Private Network,VPN)协议实例模块(VRP),其中每个VRP与客户站点的不同的VPN相关联。 每个VRP直接访问RIB和FIB间接地获取接收的数据分组的寻址/路由信息。 此外,每个VRP使用VRP的数据平面将数据包传送到PE骨干设备。 PE骨干设备依次使用数据平面与每个VRP通信,PE骨干设备与一个或多个隧道进行通信。
-
6.发明授权Flexible, cost-effective solution for peer-to-peer, gaming, and application traffic detection and treatment 有权灵活,具有成本效益的解决方案,用于对等,游戏和应用程序流量检测和处理公开(公告)号:US08284662B2
公开(公告)日:2012-10-09
申请号:US12043788
申请日:2008-03-06
IPC分类号: G01R31/08
CPC分类号: H04L47/245 , H04L43/026
摘要: A method and apparatus for detecting peer traffic based on a heuristic model and deep packet inspection is described. A suspect set of peer packets is detected using a heuristic model. From the suspect set of peer packet, a set of verified peer packets is detected using deep packet inspection. The set of verified peer packets is processed according to the peer processing policy, while the non-verified peer packets is processed according a non-peer policy. Furthermore, the statistics are generated from the set of suspect peer packet. These statistics are used to update the heuristic model.
摘要翻译: 描述了一种基于启发式模型和深度分组检测来检测对等流量的方法和装置。 使用启发式模型检测到可疑的一组对等包。 从可疑的对等分组集合中,使用深度分组检测来检测一组验证的对等体分组。 根据对等体处理策略对已验证的对等体报文进行处理,同时根据非对等体策略对未经验证的对等体报文进行处理。 此外,从可疑对等体组的集合生成统计信息。 这些统计信息用于更新启发式模型。
-
公开(公告)号:US20110235649A1
公开(公告)日:2011-09-29
申请号:US13154330
申请日:2011-06-06
申请人: Sachin Desai , Rajesh Balay , Chandramouli Sargor
发明人: Sachin Desai , Rajesh Balay , Chandramouli Sargor
IPC分类号: H04L12/56
CPC分类号: H04L49/25 , H04L12/46 , H04L12/4625 , H04L49/354
摘要: Methods and systems for bridging network packets transmitted over heterogeneous media channels are provided. According to one embodiment, a network-computing device comprises multiple network interfaces (netmods) and a shared processing resource. The shared processing resource executes a virtual bridging application representing a single bridging domain for all network packets received by the network-computing device. A translation data structure defines translations between a first framing media format and an intermediate format and between the intermediate format and a second framing media format. If the virtual bridging application determines a network packet is to be relayed between a netmod operable to receive network packets encapsulated within the first framing media format and a netmod operable to transmit network packets encapsulated within the second framing media format, then it uses the translation data structures to translate the network packet before relaying the network packet.
摘要翻译: 提供了用于桥接在异构媒体通道上传输的网络数据包的方法和系统。 根据一个实施例,网络计算设备包括多个网络接口(netmod)和共享处理资源。 共享处理资源执行代表由网络计算设备接收的所有网络分组的单个桥接域的虚拟桥接应用。 翻译数据结构定义第一成帧媒体格式和中间格式之间以及中间格式和第二成帧媒体格式之间的转换。 如果虚拟桥接应用确定网络分组将在可操作以接收封装在第一成帧媒体格式内的网络分组的netmod和可操作以传送封装在第二成帧媒体格式内的网络分组的netmod之间进行中继,则其使用转换数据 在中继网络分组之前翻译网络分组的结构。
-
公开(公告)号:US07843813B2
公开(公告)日:2010-11-30
申请号:US12202224
申请日:2008-08-30
申请人: Rajesh I. Balay , Chandramouli Sargor , Sachin S. Desai , Francois Lemarchand , Amit K. Khetawat
发明人: Rajesh I. Balay , Chandramouli Sargor , Sachin S. Desai , Francois Lemarchand , Amit K. Khetawat
IPC分类号: G01R31/08 , G06F11/00 , G08C15/00 , H04J1/16 , H04J3/14 , H04L1/00 , H04L12/26 , H04L12/28 , H04L12/56
CPC分类号: H04L47/2425 , H04L63/10 , H04L63/102 , H04L67/306 , H04L67/322 , H04L67/327
摘要: Apparatus are provided for managing hierarchically organized subscriber profiles. According to one embodiment, a router includes multiple virtual interfaces and a policy engine. The virtual interfaces define connections between the router and corresponding subscribers of a service provider. A first virtual interface is operable to receive packets from a first subscriber and to process the packets in accordance with a first-level profile identifier. The policy engine is coupled with the virtual interfaces and operable to de-reference subscriber profiles of the subscribers on behalf of the virtual interfaces based on a database of hierarchically organized profile identifiers. The database includes multiple lower-level profile identifiers, which explicitly define subscriber services, and multiple first-level profile identifiers, which define service contexts representing combinations of services available to subscribers when connected to the service provider by (i) explicitly defining the subscriber services or (ii) referring to one or more of the lower-level profile identifiers.
摘要翻译: 提供了用于管理分层组织的用户简档的装置。 根据一个实施例,路由器包括多个虚拟接口和策略引擎。 虚拟接口定义了路由器和服务提供商的相应订户之间的连接。 第一虚拟接口可操作以从第一订户接收分组并且根据第一级简档标识符来处理分组。 策略引擎与虚拟接口相结合,并可用于基于分级组织的简档标识符的数据库,代表虚拟接口对订户的订户简档进行解引用。 该数据库包括明确定义订户服务的多个下级配置文件标识符和多个第一级配置文件标识符,其定义当通过(i)明确地定义用户业务时,表示当订户连接到服务提供商时可用于服务的服务的组合的服务上下文 或(ii)参考一个或多个较低级别的简档标识符。
-
公开(公告)号:US20090007228A1
公开(公告)日:2009-01-01
申请号:US12202232
申请日:2008-08-30
申请人: Rajesh I. Balay , Chandramouli Sargor , Sachin S. Desai , Francois Lemarchand , Amit K. Khetawat
发明人: Rajesh I. Balay , Chandramouli Sargor , Sachin S. Desai , Francois Lemarchand , Amit K. Khetawat
CPC分类号: H04L47/2425 , H04L63/10 , H04L63/102 , H04L67/306 , H04L67/322 , H04L67/327
摘要: Apparatus are provided for managing hierarchically organized subscriber profiles. According to one embodiment, a router includes a subscriber manager, a database and a virtual interface. The subscriber manager is operable to receive a connection request from a subscriber of a service provider. The database has stored therein hierarchically organized profile identifiers, including multiple lower-level profile identifiers, which explicitly define subscriber services, and multiple first-level profile identifiers, which define service contexts representing combinations of services available to subscribers when connected to the service provider by (i) explicitly defining the subscriber services or (ii) referring to one or more of the plurality of lower-level profile identifiers. The virtual interface defines a subscriber connection between the router and the subscriber and is created and configured responsive to the connection request based on a first-level profile identifier that is associated with the subscriber.
摘要翻译: 提供了用于管理分层组织的用户简档的装置。 根据一个实施例,路由器包括订户管理器,数据库和虚拟接口。 订户管理器可操作以从服务提供商的订户接收连接请求。 数据库已经存储有层次组织的简档标识符,其包括明确定义订户服务的多个下级配置文件标识符,以及多个第一级配置文件标识符,其定义当连接到服务提供商时可以向订户提供可用服务的组合的服务上下文 (i)明确地定义用户服务,或(ii)引用多个较低级别简档标识符中的一个或多个。 虚拟接口定义路由器和订户之间的订户连接,并且响应于基于与用户相关联的第一级简档标识符的连接请求来创建和配置。
-
10.发明申请Flexible, Cost-Effective Solution For Peer-To-Peer, Gaming, And Application Traffic Detection & Treatment 有权灵活,成本效益高的解决方案,用于对等,游戏和应用程序流量检测与处理公开(公告)号:US20080219169A1
公开(公告)日:2008-09-11
申请号:US12043788
申请日:2008-03-06
IPC分类号: H04L12/26
CPC分类号: H04L47/245 , H04L43/026
摘要: A method and apparatus for detecting, peer traffic based on a heuristic model and deep packet inspection is described. A suspect set of peer packets is detected using a heuristic model. From the suspect set of peer packet, a set of verified peer packets is detected using deep packet inspection. The set of verified peer packets is processed according to the peer processing policy, while the non-verified peer packets is processed according a non-peer policy. Furthermore, the statistics are generated from the set of suspect peer packet. These statistics are used to update the heuristic model.
摘要翻译: 描述了一种基于启发式模型和深度分组检测来检测对等流量的方法和装置。 使用启发式模型检测到可疑的一组对等包。 从可疑的对等分组集合中,使用深度分组检测来检测一组验证的对等体分组。 根据对等体处理策略对已验证的对等体报文进行处理,同时根据非对等体策略对未经验证的对等体报文进行处理。 此外,从可疑对等体组的集合生成统计信息。 这些统计信息用于更新启发式模型。
-
-
-
-
-
-
-
-
-
搜索结果
36 条记录 (耗时 0.021 秒)
