公开(公告)号：US5936940A

公开(公告)日：1999-08-10

申请号：US701624

申请日：1996-08-22

申请人： Gerald Arnold Marin ,  Lap T. Huynh ,  Ken Van Vu ,  Raif O. Onvural ,  Levent Gun ,  Bouchung Lin

发明人： Gerald Arnold Marin ,  Lap T. Huynh ,  Ken Van Vu ,  Raif O. Onvural ,  Levent Gun ,  Bouchung Lin

IPC分类号： H04L12/56 ,  H04L12/26

CPC分类号： H04L12/5602 ,  H04L2012/5619 ,  H04L2012/5636

摘要： An enhanced adaptive rate-based congestion control system for packet transmission networks uses the absolute rather than the relative network queuing delay measure of congestion in the network. Other features of the congestion control system include test transmissions only after a predetermined minimum time, after the receipt of an acknowledgment from the previous test, or transmission of a minimum data burst, whichever takes longest. The congestion control system also provides a small reduction in rate at low rates and a large reduction in rates at high rates. A logarithmic rate control function provides this capability. Rate damping is provided by changing all of the values in a rate look-up tables in response to excessive rate variations. Finally, the fair share of the available bandwidth is used as the starting point for rates at start-up or when a predefined rate damping region is exited.

摘要翻译： 用于分组传输网络的增强的基于自适应速率的拥塞控制系统使用网络中的拥塞的绝对而不是相对网络排队延迟测量。 拥塞控制系统的其他特征仅在预定的最小时间之后，在从先前的测试接收到确认之后，或传输最小数据脉冲串（以较长者为准）为止包括测试传输。 拥挤控制系统还以低速率提供了较小的速率降低，并且高速率的速率大幅度降低。 对数速率控制功能提供此功能。 速率阻尼通过响应于过大的速率变化改变速率查找表中的所有值来提供。 最后，将可用带宽的公平份额用作启动速率或退出预定义速率阻尼区域的起始点。

公开(公告)号：US5367523A

公开(公告)日：1994-11-22

申请号：US112737

申请日：1993-08-26

申请人： Rong-Feng Chang ,  John E. Drake, Jr. ,  Levent Gun ,  Lap T. Huynh

发明人： Rong-Feng Chang ,  John E. Drake, Jr. ,  Levent Gun ,  Lap T. Huynh

IPC分类号： H04L12/56 ,  H04Q11/04 ,  H04J3/22

CPC分类号： H04L47/10 ,  H04Q11/0478 ,  H04L2012/5616 ,  H04L2012/5632

摘要： An end-to-end, closed loop flow and congestion control system for packet communications networks exchanges rate request and rate response messages between data senders and receivers to allow the sender to adjust the data rate to avoid congestion and to control the data flow. Requests and responses are piggy-backed on data packets and result in changes in the input data rate in a direction to optimize data throughput. GREEN, YELLOW and RED operating modes are defined to increase data input, reduce data input and reduce data input drastically, respectively. Incremental changes in data input are altered non-linearly to change more quickly when further away from the optimum operating point than when closer to the optimum operating point.

摘要翻译： 分组通信网络的端到端闭环流和拥塞控制系统在数据发送者和接收者之间交换速率请求和速率响应消息，以允许发送者调整数据速率以避免拥塞并控制数据流。 请求和响应对数据包进行捎带，并导致输入数据速率的变化，以便优化数据吞吐量。 绿色，黄色和红色操作模式被定义为分别增加数据输入，减少数据输入和减少数据输入。 数据输入的增量变化被非线性地改变，以便在距离最佳工作点更远时比在更接近最佳工作点时更快地改变。

公开(公告)号：US20080259790A1

公开(公告)日：2008-10-23

申请号：US11738499

申请日：2007-04-22

申请人： Dinakaran Joseph ,  Jon K. Franks ,  Christopher N. Freeman ,  Sivaram Gottimukkala ,  Jason P. Hawrysz ,  Lap T. Huynh ,  Barry Mosakowski

发明人： Dinakaran Joseph ,  Jon K. Franks ,  Christopher N. Freeman ,  Sivaram Gottimukkala ,  Jason P. Hawrysz ,  Lap T. Huynh ,  Barry Mosakowski

IPC分类号： H04J1/16

CPC分类号： H04L41/022

摘要： Embodiments of the present invention address deficiencies of the art in respect to connectivity management in a heterogeneous network and provide a method, system and computer program product for resilient and reliable end-to-end connectivity in a heterogeneous network. In one embodiment of the invention, a method for resilient and reliable end-to-end connectivity in a heterogeneous network environment can be provided. The method can include creating an instance of an abstracted network resource model (NRM) for a heterogeneous network environment of different network resource nodes. The method further can include binding an application endpoint in the instance of the abstracted NRM with a connectivity endpoint for a first of the different network resource nodes. The method yet further can include detecting an outage in the first of the different network resource nodes. Finally, the method can include re-binding the application endpoint to a second of the different network resource nodes in response to detecting the outage.

摘要翻译： 本发明的实施例解决了异构网络中的连接性管理方面的技术缺陷，并提供了用于异构网络中的弹性和可靠的端到端连接的方法，系统和计算机程序产品。 在本发明的一个实施例中，可以提供一种用于异构网络环境中的弹性且可靠的端到端连接的方法。 该方法可以包括为不同网络资源节点的异构网络环境创建抽象网络资源模型（NRM）的实例。 该方法还可以包括将抽象NRM的实例中的应用端点与第一个不同网络资源节点的连接性端点绑定。 该方法还可以包括检测第一不同网络资源节点中的中断。 最后，该方法可以包括响应于检测到中断而将应用端点重新绑定到不同网络资源节点中的第二个。

公开(公告)号：US09715401B2

公开(公告)日：2017-07-25

申请号：US12210249

申请日：2008-09-15

申请人： Wesley M. Devine ,  Sivaram Gottimukkala ,  Lap T. Huynh ,  Dinakaran Joseph ,  Michael S. Law ,  Linwood H. Overby, Jr.

发明人： Wesley M. Devine ,  Sivaram Gottimukkala ,  Lap T. Huynh ,  Dinakaran Joseph ,  Michael S. Law ,  Linwood H. Overby, Jr.

IPC分类号： G06F9/455

CPC分类号： G06F9/45558 ,  G06F9/4856 ,  G06F2009/4557

摘要： In an embodiment of the invention, a method for secure live migration of a virtual machine (VM) in a virtualized computing environment can include selecting a VM in a secure virtualized computing environment for live migration to a different virtualized computing environment and blocking data communications with the selected VM and other VMs in the secure virtualized computing environment. The selected VM can be live migrated to the different virtualized computing environment and the VM can be restarted in the different virtualized computing environment. Notably, a secure communicative link can be established between the restarted VM and at least one other of the VMs in the secure virtualized computing environment. Finally, data communications between the restarted VM and the at least one other of the VMs can be enabled over the secure communicative link.

公开(公告)号：US08925081B2

公开(公告)日：2014-12-30

申请号：US13469357

申请日：2012-05-11

申请人： Lap T. Huynh ,  Linwood H. Overby, Jr.

发明人： Lap T. Huynh ,  Linwood H. Overby, Jr.

IPC分类号： H04L29/06 ,  G06F21/55

CPC分类号： G06F21/554

摘要： Intrusion detection is performed by communicating an initialization request from an intrusion detection system enabled application to an intrusion module to begin intrusion detection. Also, a request is communicated to a policy transfer agent to provide an intrusion detection system policy specifically configured for the application. The application identifies where in the application code the intrusion detection system policy is to be checked against an incoming or outgoing communication. Information obtained by the application program is selectively evaluated against information in the intrusion detection system policy. A conditional response is made based upon information in the intrusion detection system policy if an intrusion associated with the application program is detected.

摘要翻译： 通过将初始化请求从入侵检测系统启用的应用程序传送到入侵模块以开始入侵检测来执行入侵检测。 而且，请求被传送给策略传输代理，以提供专门为应用配置的入侵检测系统策略。 该应用程序在应用程序代码中识别入侵检测系统策略要根据传入或传出通信进行检查。 根据入侵检测系统策略中的信息选择性地评估由应用程序获得的信息。 如果检测到与应用程序相关联的入侵，则基于入侵检测系统策略中的信息进行条件响应。

公开(公告)号：US08891550B2

公开(公告)日：2014-11-18

申请号：US11355023

申请日：2006-02-15

申请人： Lap T. Huynh ,  Dinakaran Joseph ,  Linwood H. Overby, Jr. ,  Mark T. Wright

发明人： Lap T. Huynh ,  Dinakaran Joseph ,  Linwood H. Overby, Jr. ,  Mark T. Wright

IPC分类号： H04J3/16 ,  H04J3/22 ,  H04L29/06

CPC分类号： H04L63/105 ,  H04L63/166

摘要： Embodiments of the present invention address deficiencies of the art in respect to network services protocol implementation configuration and provide a method, system and computer program product for platform independent configuration of multiple network services protocol implementations. In one embodiment of the invention, a method for configuring a network services protocol implementation can include configuring a platform independent configuration for a network services protocol implementation. Thereafter, a target node can be selected to receive a deployment of the network services protocol implementation and the configured platform independent configuration can be transformed into a platform specific configuration for the target node. Finally, the transformed platform specific configuration can be deployed onto the target node.

摘要翻译： 本发明的实施例解决了关于网络服务协议实现配置的本领域的缺陷，并提供了用于多个网络服务协议实现的用于独立于平台的配置的方法，系统和计算机程序产品。 在本发明的一个实施例中，用于配置网络服务协议实现的方法可以包括为网络服务协议实现配置与平台无关的配置。 此后，可以选择目标节点以接收网络服务协议实现的部署，并且将配置的平台无关配置转换为目标节点的平台特定配置。 最后，转换的平台特定配置可以部署到目标节点上。

公开(公告)号：US20120222087A1

公开(公告)日：2012-08-30

申请号：US13469357

申请日：2012-05-11

申请人： Lap T. Huynh ,  Linwood H. Overby, JR.

发明人： Lap T. Huynh ,  Linwood H. Overby, JR.

IPC分类号： G06F21/00 ,  G06F11/00 ,  G06F17/00

CPC分类号： G06F21/554

摘要： Intrusion detection is performed by communicating an initialization request from an intrusion detection system enabled application to an intrusion module to begin intrusion detection. Also, a request is communicated to a policy transfer agent to provide an intrusion detection system policy specifically configured for the application. The application identifies where in the application code the intrusion detection system policy is to be checked against an incoming or outgoing communication. Information obtained by the application program is selectively evaluated against information in the intrusion detection system policy. A conditional response is made based upon information in the intrusion detection system policy if an intrusion associated with the application program is detected.

摘要翻译： 通过将初始化请求从入侵检测系统启用的应用程序传送到入侵模块以开始入侵检测来执行入侵检测。 而且，请求被传送给策略传输代理，以提供专门为应用配置的入侵检测系统策略。 该应用程序在应用程序代码中识别入侵检测系统策略要根据传入或传出通信进行检查。 根据入侵检测系统策略中的信息选择性地评估由应用程序获得的信息。 如果检测到与应用程序相关联的入侵，则基于入侵检测系统策略中的信息进行条件响应。

公开(公告)号：US5563875A

公开(公告)日：1996-10-08

申请号：US500674

申请日：1995-07-10

申请人： Timothy R. Hefel ,  Lap T. Huynh ,  Thomas P. McSweeney

发明人： Timothy R. Hefel ,  Lap T. Huynh ,  Thomas P. McSweeney

IPC分类号： H04L12/26 ,  H04L12/56 ,  H04J3/14

CPC分类号： H04L43/50 ,  H04L12/2697 ,  H04L45/123 ,  H04L45/00

摘要： A packet communications network includes a route testing system which launches a plurality of route testing messages from the source node to each of the nodes along the route, including the destination node, and returning to the source node. Time stamps in each of theses testing messages are compared to reception times to determine round trip delays which can be halved and compared to determine link transit times. These link transit times can, in turn, be analyzed to localize congestion or identify failed resources. The source resource is where the data is accumulated for the entire path and then analyzed to determine the location of failed links, if any, the response time from the source to the destination, the response time of each resource in the path, and the location of congested links. Packet switched resources identify the path test command themselves and carry out the testing procedure. Circuit switched resources utilize the control point controlling that resource to carry out the testing procedure.

摘要翻译： 分组通信网络包括：路由测试系统，其从源节点向包括目的地节点的路由的每个节点启动多个路由测试消息，并返回到源节点。 将每个测试消息中的时间戳与接收时间进行比较，以确定往返延迟，其可以减半并进行比较以确定链路传输时间。 反过来，可以分析这些链路传输时间以本地化拥塞或识别出现故障的资源。 源资源是整个路径数据的累积位置，然后进行分析，以确定故障链路的位置（如果有的话），从源到目标的响应时间，路径中每个资源的响应时间以及位置 拥挤的环节。 分组交换资源本身标识路径测试命令并执行测试过程。 电路交换资源利用控制该资源的控制点来执行测试程序。

公开(公告)号：US20120110155A1

公开(公告)日：2012-05-03

申请号：US12938341

申请日：2010-11-02

申请人： Ingo Adlung ,  Kimberly T. Bailey ,  Friedemann Baitinger ,  Patricia G. Driever ,  Jeffrey A. Frey ,  Lap T. Huynh ,  Constantinos Kassimis ,  Angelo Macchiano ,  Bruce Ratcliff ,  Jerry W. Stevens ,  Stephen R. Valley

发明人： Ingo Adlung ,  Kimberly T. Bailey ,  Friedemann Baitinger ,  Patricia G. Driever ,  Jeffrey A. Frey ,  Lap T. Huynh ,  Constantinos Kassimis ,  Angelo Macchiano ,  Bruce Ratcliff ,  Jerry W. Stevens ,  Stephen R. Valley

IPC分类号： G06F15/173

CPC分类号： H04L29/08315 ,  G06F9/5077 ,  G06Q10/06 ,  H04L67/1042

摘要： An integrated hybrid system is provided. The hybrid system includes compute components of different types and architectures that are integrated and managed by a single point of control to provide federation and the presentation of the compute components as a single logical computing platform.

摘要翻译： 提供集成的混合系统。 混合系统包括由单一控制点集成和管理的不同类型和架构的计算组件，以提供联合和计算组件作为单个逻辑计算平台的呈现。

公开(公告)号：US07912968B2

公开(公告)日：2011-03-22

申请号：US11847294

申请日：2007-08-29

申请人： Michael E. Baskey ,  Mandis S. Beigi ,  Sivaram Gottimukkala ,  Lap T. Huynh ,  Dinakaran Joseph ,  Einar Lueck ,  Debanjan Saha ,  Sambit Sahu ,  Dinesh C. Verma

发明人： Michael E. Baskey ,  Mandis S. Beigi ,  Sivaram Gottimukkala ,  Lap T. Huynh ,  Dinakaran Joseph ,  Einar Lueck ,  Debanjan Saha ,  Sambit Sahu ,  Dinesh C. Verma

IPC分类号： G06F15/16

CPC分类号： H04L43/0852 ,  H04L41/5003 ,  H04L41/5009 ,  H04L41/5019 ,  H04L47/10 ,  H04L47/18 ,  H04L47/20 ,  H04L47/2425 ,  H04L47/283

摘要： Embodiments of the present invention address deficiencies of the art in respect to e2e SLA support in a network of both manageable and unmanageable portions and provide a method, system and computer program product for e2e SLA compliance across both managed and unmanaged network segments. In one embodiment of the invention, a method for e2e SLA compliance across both managed and unmanaged network segments can be provided. The method can include identifying both a managed segment and an unmanaged segment of an e2e network for a communications path implicated by an SLA, determining an observed delay for the unmanaged segment of the e2e network, computing from a desired delay for the communications path and the observed delay a differential delay, and constraining the managed segment to meet the differential delay in order to assure meeting the desired delay for the communications path implicated by the SLA.

摘要翻译： 本发明的实施例解决了在可管理和不可管理部分的网络中关于e2e SLA支持的本领域的缺点，并且提供了用于在被管理网络段和非管理网段之间实现e2e SLA兼容的方法，系统和计算机程序产品。 在本发明的一个实施例中，可以提供一种用于在被管理网络段和非管理网段之间执行e2e SLA兼容的方法。 该方法可以包括识别由SLA所涉及的通信路径的e2e网络的管理段和非托管段，确定e2e网络的非管理段的观察到的延迟，从通信路径的期望延迟和 观察延迟差分延迟，并限制被管理段以满足差分延迟，以便确保满足SLA所涉及的通信路径的期望延迟。