公开(公告)号：US20170063682A1

公开(公告)日：2017-03-02

申请号：US14835109

申请日：2015-08-25

Applicant: Google Inc.

Inventor： Mark Lentczner ,  Josh Bailey ,  Zhiwei Cen ,  James Michael Bennett

IPC: H04L12/741 ,  H04L29/12

CPC classification number: H04L45/74 ,  H04L12/46 ,  H04L12/4625 ,  H04L61/2592

Abstract: The methods and systems described herein provide a mechanism to externalize network functions through a direct link between a network switch and an external packet processor. The network switch is configured to receive a packet directed to a destination node via a first network interface. The network switch is also configured to forward the received packet to a packet processor, via a second network interface, over a direct physical link between the network switch and the packet processor. The packet is forwarded with an identifier for a virtualized network function executing on the packet processor and a destination MAC address of the packet is different from a MAC address of the packet processor.

Abstract translation: 本文描述的方法和系统提供了通过网络交换机和外部分组处理器之间的直接链路来外部化网络功能的机制。 网络交换机被配置为经由第一网络接口接收指向目的地节点的分组。 网络交换机还被配置为经由第二网络接口经由网络交换机和分组处理器之间的直接物理链路将接收到的分组转发到分组处理器。 分组被转发用于在分组处理器上执行的虚拟网络功能的标识符，并且分组的目的地MAC地址与分组处理器的MAC地址不同。

公开(公告)号：US10187218B2

公开(公告)日：2019-01-22

申请号：US14854939

申请日：2015-09-15

Applicant: Google Inc.

Inventor： Mark Lentczner ,  Zhiwei Cen ,  James Michael Bennett

IPC: H04L12/18 ,  H04L29/06 ,  H04L29/12 ,  H04L12/721 ,  H04L12/935 ,  H04L12/947

Abstract: This disclosure provides systems and methods for processing packets. A system can include first computing device, a second computing device, and a first packet forwarding device. Each of the first computing device and the second computing device can be communicatively coupled to a respective port of the first packet forwarding device. Each port of the first packet forwarding device can be assigned a unique MAC address. For a first packet received from the first computing device, the first packet forwarding device can be configured to determine that a destination MAC address of the first packet matches the MAC address assigned to the port on which the first packet was received, and to forward the first packet to the second computing device, responsive to the determination. For a second packet received from the second computing device, the first packet forwarding device can be configured to forward the second packet via the port whose MAC address matches a source MAC address of the second packet.

公开(公告)号：US09397990B1

公开(公告)日：2016-07-19

申请号：US14074941

申请日：2013-11-08

Applicant: Google Inc.

Inventor： Ankur Taly ,  Ulfar Erlingsson ,  Arnar Birgisson ,  Joseph Gibbs Politz ,  Mark Lentczner

IPC: G06F21/00 ,  H04L29/06

CPC classification number: H04L63/08 ,  H04L63/0807 ,  H04L63/10

Abstract: A method of controlling the sharing of data between entities that are in electronic communication with each other may include generating an authentication credential comprising an identifier for the target service and a unique signature, attenuating the authentication credential, and determining whether a client device is authorized to access the target service, and, only if so, providing the authentication credential to the client device. In an embodiment, the method may include receiving an access request from the client device, identifying that the authentication credential includes the unique signature and a third party caveat that is associated with a third party authentication service, in response to the identifying, determining whether the request also comprises a discharge credential for the third party caveat, and if the request includes the discharge credential, providing the client device with the requested service, otherwise denying the request.

Abstract translation: 控制彼此进行电子通信的实体之间的数据共享的方法可以包括生成包括目标服务的标识符和唯一签名的认证证书，衰减认证证书，以及确定客户端设备是否被授权 访问目标服务，并且只有在此情况下，向客户端设备提供验证凭据。 在一个实施例中，该方法可以包括从客户端设备接收访问请求，识别认证证书包括唯一签名和与第三方验证服务相关联的第三方注意事项，以响应于识别，确定是否 请求还包括用于第三方警告的排出凭证，并且如果请求包括排出凭证，则向客户端设备提供所请求的服务，否则拒绝该请求。

公开(公告)号：US20180198634A1

公开(公告)日：2018-07-12

申请号：US14854939

申请日：2015-09-15

Applicant: Google Inc.

Inventor： Mark Lentczner ,  Zhiwei Cen ,  James Michael Bennett

IPC: H04L12/18 ,  H04L29/06 ,  H04L29/12 ,  H04L12/935 ,  H04L12/947

CPC classification number: H04L12/18 ,  H04L45/66 ,  H04L49/25 ,  H04L49/30 ,  H04L61/2007 ,  H04L61/6022 ,  H04L69/22

Abstract: This disclosure provides systems and methods for processing packets. A system can include first computing device, a second computing device, and a first packet forwarding device. Each of the first computing device and the second computing device can be communicatively coupled to a respective port of the first packet forwarding device. Each port of the first packet forwarding device can be assigned a unique MAC address. For a first packet received from the first computing device, the first packet forwarding device can be configured to determine that a destination MAC address of the first packet matches the MAC address assigned to the port on which the first packet was received, and to forward the first packet to the second computing device, responsive to the determination. For a second packet received from the second computing device, the first packet forwarding device can be configured to forward the second packet via the port whose MAC address matches a source MAC address of the second packet.

公开(公告)号：US09948556B2

公开(公告)日：2018-04-17

申请号：US14835109

申请日：2015-08-25

Applicant: Google Inc.

Inventor： Mark Lentczner ,  Josh James Joshua Bailey ,  Zhiwei Cen ,  James Michael Bennett

IPC: H04L12/28 ,  H04L12/741 ,  H04L12/46 ,  H04L29/12

CPC classification number: H04L45/74 ,  H04L12/46 ,  H04L12/4625 ,  H04L61/2592

Abstract: The methods and systems described herein provide a mechanism to externalize network functions through a direct link between a network switch and an external packet processor. The network switch is configured to receive a packet directed to a destination node via a first network interface. The network switch is also configured to forward the received packet to a packet processor, via a second network interface, over a direct physical link between the network switch and the packet processor. The packet is forwarded with an identifier for a virtualized network function executing on the packet processor and a destination MAC address of the packet is different from a MAC address of the packet processor.