公开(公告)号：US10187353B2

公开(公告)日：2019-01-22

申请号：US13151141

申请日：2011-06-01

Applicant: Suresh Babu Muppala ,  Guy Riddle ,  Scott Andrew Hankins

Inventor： Suresh Babu Muppala ,  Guy Riddle ,  Scott Andrew Hankins

IPC: H04L12/26 ,  H04L29/06 ,  H04L12/851

Abstract: Methods, apparatuses and systems facilitating enhanced classification of network traffic based on observed flow-based and/or host-based behaviors.

公开(公告)号：US09391921B1

公开(公告)日：2016-07-12

申请号：US12050316

申请日：2008-03-18

Applicant: Guy Riddle

Inventor： Guy Riddle

IPC: H04L12/911 ,  H04L12/24

CPC classification number: H04L41/0896 ,  H04J2203/0067 ,  H04L41/0893 ,  H04L43/0894 ,  H04L47/78 ,  H04L47/783 ,  H04L47/821 ,  H04W84/12

Abstract: Control and management of bandwidth at networks remote from the physical bandwidth management infrastructure. Particular implementations allow network equipment at a plurality of data centers, for example, to manage network traffic at remote branch office networks without deployment of network devices at the remote branch office networks.

Abstract translation: 控制和管理远离物理带宽管理基础设施的网络带宽。 具体实现允许多个数据中心的网络设备，例如，在远程分支机构网络上管理网络流量，而不在远程分支机构网络部署网络设备。

公开(公告)号：US08793361B1

公开(公告)日：2014-07-29

申请号：US11479371

申请日：2006-06-30

Applicant: Guy Riddle

Inventor： Guy Riddle

IPC: G06F15/173

CPC classification number: H04L47/2441 ,  H04L47/193 ,  H04L47/22 ,  H04L47/2408 ,  H04L47/27

Abstract: An exemplary embodiment provides for a method for use in a network device operative to facilitate classification of data flows in a multipath network topology by intelligently mirroring one or more packets of the data flows to a set of cooperating network devices. The method, in one implementation, can involve tracking asymmetric data flows and synchronizing at least portions of the asymmetric data flows between a plurality of network devices to facilitate classification and other operations in multipath network topologies. In one implementation, the present invention allows a plurality of network devices, each disposed on the boundaries of an autonomous system (such as an ISP network) to communicate enough information about data flows encountered at each of the network devices to enable more accurate data flow classification. Since mirrored traffic may affect available bandwidth for regular network traffic, certain implementations of the invention include optimization directed to reducing the amount of mirrored traffic between network devices.

Abstract translation: 示例性实施例提供了一种在网络设备中使用的方法，其可操作以便于通过智能地将数据流的一个或多个分组镜像到一组协作网络设备来促进多路径网络拓扑中的数据流的分类。 在一个实现中，该方法可以涉及跟踪非对称数据流并使多个网络设备之间的非对称数据流的至少部分同步，以便于多径网络拓扑中的分类和其他操作。 在一个实施方式中，本发明允许多个网络设备（每个设置在自治系统（例如ISP网络）的边界上）传送关于在每个网络设备处遇到的数据流的足够信息，以实现更准确的数据流 分类。 由于镜像的流量可能影响常规网络流量的可用带宽，本发明的某些实施方案包括针对减少网络设备之间的镜像流量的量的优化。

公开(公告)号：US20110103407A1

公开(公告)日：2011-05-05

申请号：US12854153

申请日：2010-08-10

Applicant: Roopesh R. Varier ,  David Jacobson ,  Guy Riddle

Inventor： Roopesh R. Varier ,  David Jacobson ,  Guy Riddle

IPC: H04J3/06

CPC classification number: H04L45/00 ,  H04L41/0893 ,  H04L41/0896 ,  H04L45/586

Abstract: Methods, apparatuses and systems directed to a network traffic synchronization mechanism facilitating the deployment of network devices in redundant network topologies. In certain embodiments, when a first network device directly receives network traffic, it copies the network traffic and transmits it to at least one partner network device. The partner network device processes the copied network traffic, just as if it had received it directly, but, in one embodiment, discards the traffic before forwarding it on to its destination. In one embodiment, the partner network devices are operative to exchange directly received network traffic. As a result, the present invention provides enhanced reliability and seamless failover. Each unit, for example, is ready at any time to take over for the other unit should a failure occur. As discussed below, the network traffic synchronization mechanism can be applied to a variety of network devices, such as firewalls, gateways, network routers, and bandwidth management devices.

Abstract translation: 针对网络流量同步机制的方法，装置和系统，便于在冗余网络拓扑中部署网络设备。 在某些实施例中，当第一网络设备直接接收网络业务时，它复制网络流量并将其发送到至少一个伙伴网络设备。 合作伙伴网络设备处理复制的网络流量，就像它直接接收到的，但是在一个实施例中，在将流量转发到其目的地之前丢弃该流量。 在一个实施例中，伙伴网络设备可操作以交换直接接收的网络业务。 因此，本发明提供增强的可靠性和无缝故障切换。 例如，如果发生故障，每个单元随时准备接管另一个单元。 如下所述，网络流量同步机制可以应用于各种网络设备，如防火墙，网关，网络路由器和带宽管理设备。

公开(公告)号：US20090019162A1

公开(公告)日：2009-01-15

申请号：US12180661

申请日：2008-07-28

Applicant: Guy Riddle

Inventor： Guy Riddle

IPC: G06F15/173 ,  G06F17/30

CPC classification number: H04L67/306 ,  H04L29/06 ,  H04L47/15 ,  H04L47/70 ,  H04L47/808 ,  H04L47/828

Abstract: Methods and apparatuses allowing for dynamic partitioning of a network resource among a plurality of users. In one embodiment, the invention involves recognizing new users of a network resource; creating user partitions on demand for new users, wherein the user partition is operable to allocate a portion of a network resource; and, reclaiming inactive user partitions for subsequent new users.

Abstract translation: 允许在多个用户之间动态划分网络资源的方法和装置。 在一个实施例中，本发明涉及识别网络资源的新用户; 根据需要为新用户创建用户分区，其中所述用户分区可操作以分配网络资源的一部分; 并为后续新用户回收不活动的用户分区。

公开(公告)号：US20090003204A1

公开(公告)日：2009-01-01

申请号：US11771822

申请日：2007-06-29

Applicant: Jon Eric Okholm ,  Guy Riddle

Inventor： Jon Eric Okholm ,  Guy Riddle

IPC: G01R31/08

CPC classification number: H04L47/10 ,  H04L41/0213 ,  H04L47/20 ,  H04L47/215 ,  H04L49/9063 ,  H04L69/12 ,  H04L69/32

Abstract: An example embodiment of the invention provides a process for lockless processing of hierarchical bandwidth partitions configurations in multiple processor architectures. In one embodiment, the process runs in an NPU's data plane and receives a packet for a partition from a child partition through a work queue. The process determines a suggested target bandwidth rate for the receiving partition's child partitions, based in part on a count of active child partitions, if a predefined time interval has passed. The process adopts a target bandwidth rate for the receiving partition suggested by the receiving partition's parent partition, if the receiving partition is not a root partition and the predefined time interval has passed. The process then transmits the packet to the receiving partition's parent partition through the work queue, if the receiving partition is not a root partition. Otherwise, the process transmits the packet to a port.

Abstract translation: 本发明的示例实施例提供了一种用于在多处理器架构中的分层带宽分区配置的无锁处理的过程。 在一个实施例中，该过程在NPU的数据平面中运行，并通过工作队列从子分区接收分区的分组。 如果预定义的时间间隔已经过去，则该过程部分地基于活动子分区的计数来确定接收分区的子分区的建议的目标带宽速率。 该过程采用接收分区的父分区建议的接收分区的目标带宽率，如果接收分区不是根分区，并且预定义的时间间隔已过。 然后，如果接收分区不是根分区，则进程通过工作队列将数据包发送到接收分区的父分区。 否则，该过程将数据包发送到端口。

公开(公告)号：US07376080B1

公开(公告)日：2008-05-20

申请号：US10843185

申请日：2004-05-11

Applicant: Guy Riddle ,  Curtis Vance Bradford ,  Maddie Cheng

Inventor： Guy Riddle ,  Curtis Vance Bradford ,  Maddie Cheng

IPC: G01R31/08

CPC classification number: H04L63/1458 ,  H04L43/0882

Abstract: Methods, apparatuses and systems directed to enhanced packet load shedding mechanisms implemented in various network devices. In one implementation, the present invention enables a selective load shedding mechanism that intelligently discards packets to allow or facilitate management access during DoS attacks or other high traffic events. In one implementation, the present invention is directed to a selective load shedding mechanism that, while shedding load necessary to allow a network device to operate appropriately, does not attempt to control traffic flows, which allows for other processes to process, classify, diagnose and/or monitor network traffic during high traffic volume periods. In another implementation, the present invention provides a packet load shedding mechanism that reduces the consumption of system resources during periods of high network traffic volume.

Abstract translation: 针对在各种网络设备中实现的增强的分组负载脱落机制的方法，装置和系统。 在一个实施方式中，本发明实现了智能地丢弃分组以允许或便于在DoS攻击或其他高交通事件期间的管理访问的选择性卸载机制。 在一个实施方案中，本发明涉及一种选择性负载脱落机制，其在为允许网络设备适当地操作所需的负载时不试图控制业务流，这允许其他过程处理，分类，诊断和 /或在高流量时段期间监控网络流量。 在另一个实施方式中，本发明提供了一种在高网络业务量期间减少系统资源消耗的分组负载分担机制。

公开(公告)号：US07296288B1

公开(公告)日：2007-11-13

申请号：US10295391

申请日：2002-11-15

Applicant: Mark Hill ,  Guy Riddle ,  Robert E. Purvy

Inventor： Mark Hill ,  Guy Riddle ,  Robert E. Purvy

IPC: G06F21/00

CPC classification number: H04L41/0896 ,  H04L41/0213 ,  H04L43/0882 ,  H04L43/16 ,  H04L63/1408

Abstract: Methods, apparatuses and systems allowing for bandwidth management schemes responsive to utilization characteristics associated with individual users. In one embodiment, the present invention allows network administrators to penalize users who carry out specific questionable or suspicious activities, such as the use of proxy tunnels to disguise the true nature of the data flows in order to evade classification and control by bandwidth management devices. In one embodiment, each individual user may be accorded an initial suspicion score. Each time the user is associated with a questionable or suspicious activity (for example, detecting the set up of a connection to an outside HTTP tunnel, or peer-to-peer application flow), his or her suspicion score is downgraded. Data flows corresponding to users with sufficiently low suspicion scores, in one embodiment, can be treated in a different manner from data flows associated with other users. For example, different or more rigorous classification rules and policies can be applied to the data flows associated with suspicious users.

Abstract translation: 方法，装置和系统，允许响应于与各个用户相关联的利用特性的带宽管理方案。 在一个实施例中，本发明允许网络管理员惩罚执行特定可疑或可疑活动的用户，例如使用代理隧道伪装数据流的真实性质，以避免带宽管理设备的分类和控制。 在一个实施例中，每个单独的用户可以被赋予初始怀疑得分。 每当用户与可疑或可疑活动相关联（例如，检测到与外部HTTP隧道的连接或对等应用流程的建立）时，他或她的怀疑得分被降级。 在一个实施例中，与具有足够低的怀疑评分的用户相对应的数据流可以以与其他用户相关联的数据流不同的方式来对待。 例如，不同或更严格的分类规则和策略可以应用于与可疑用户相关联的数据流。

公开(公告)号：US06745228B2

公开(公告)日：2004-06-01

申请号：US10315966

申请日：2002-12-09

Applicant: Guy Riddle

Inventor： Guy Riddle

IPC: G06F1516

CPC classification number: H04L12/1813 ,  H04L12/1822 ,  H04L29/06027 ,  H04L65/1096 ,  H04L65/4038 ,  H04L67/34

Abstract: In a computer system having a memory, a processor, and a network interface, a method for listening on multiple conferencing interfaces having the steps of loading a set of transport components into the memory; initializing each transport components of the set of transport components to listen on a particular conferencing interface using the network interface, each transport component of the set of transport components listening to a different conferencing interface; receiving an incoming call signal on the network interface having an incoming conferencing interface; processing the incoming call signal to detect the incoming conferencing interface; and launching an application based on the incoming conferencing interface. An apparatus for listening on multiple conferencing interfaces having a set of transport components coupled to the network interface, each transport component of the set of transport components having the capability of receiving a signal on a different conferencing interface; a conference component coupled to each component in the set of transport components; a call processing module coupled to the conference component; and, a process manager coupled to the call processing module; the conference component containing a circuit for causing the call processing module to cause process manager to activate a conferencing application upon detecting a call from one transport component of the set of transport components.

Abstract translation: 在具有存储器，处理器和网络接口的计算机系统中，用于监听多个会议接口的方法，所述方法具有将一组传输组件加载到存储器中的步骤; 初始化该组传输组件的每个传输组件以使用网络接口在特定的会议接口上收听，该组传输组件的每个传输组件监听不同的会议接口; 在具有传入会议接口的网络接口上接收呼入信号; 处理来电信号以检测传入的会议接口; 并且基于传入的会议接口启动应用。一种用于监听具有耦合到所述网络接口的一组传输组件的多个会议接口的设备，所述一组传输组件的每个传输组件具有在不同的接收信号上接收信号的能力 会议接口; 耦合到该组传输组件中的每个组件的会议组件; 耦合到会议组件的呼叫处理模块; 以及耦合到所述呼叫处理模块的进程管理器; 所述会议组件包含用于使得所述呼叫处理模块在检测到来自所述一组传输组件的一个传输组件的呼叫时使所述处理管理器激活会议应用的电路。

公开(公告)号：US06412000B1

公开(公告)日：2002-06-25

申请号：US09198090

申请日：1998-11-23

Applicant: Guy Riddle ,  Robert L. Packer

Inventor： Guy Riddle ,  Robert L. Packer

IPC: G06F15173

CPC classification number: H04L41/0896 ,  H04L29/06 ,  H04L41/5022 ,  H04L43/026 ,  H04L47/10 ,  H04L47/2441 ,  H04L65/4092 ,  H04L69/14 ,  H04L69/18

Abstract: In a packet communication environment, a method is provided for automatically classifying packet flows for use in allocating bandwidth resources by a rule of assignment of a service level. The method comprises applying individual instances of traffic classification paradigms to packet network flows based on selectable information obtained from a plurality of layers of a multi-layered communication protocol in order to define a characteristic class, then mapping the flow to the defined traffic class. It is useful to note that the automatic classification is sufficiently robust to classify a complete enumeration of the possible traffic.