公开(公告)号：US20140108781A1

公开(公告)日：2014-04-17

申请号：US14052470

申请日：2013-10-11

Applicant: Huawei Technologies Co., Ltd.

Inventor： Wei Zhang ,  Ruirui Liu ,  Wenhui Xie ,  Guolu Gao

IPC: H04L29/06

CPC classification number: H04L63/04 ,  H04L63/061 ,  H04L63/164

Abstract: The present invention provides a method and a system for negotiation based on IKE messages. A standby device updates a value of a stored third identity according to an update notification of an active device. The update notification of the active device is sent by the active device after updating a value of a stored second identity. When the standby device switches to a new active device, the new active device sends a second message for negotiating IPSec information to a peer device according to the updated third identity. The third identity is an identity that is stored in the standby device and used to acquire state information of the active device.

Abstract translation: 本发明提供一种基于IKE消息的协商方法和系统。 备用设备根据活动设备的更新通知更新存储的第三身份的值。 活动设备的更新通知在更新所存储的第二身份的值之后由活动设备发送。 当备用设备切换到新的活动设备时，新的活动设备根据更新的第三标识向对等设备发送用于协商IPSec信息的第二消息。 第三身份是存储在备用设备中并用于获取活动设备的状态信息的身份。

公开(公告)号：US20130297671A1

公开(公告)日：2013-11-07

申请号：US13935929

申请日：2013-07-05

Applicant: Huawei Technologies Co., Ltd.

Inventor： Zhiqiang Zhu ,  Rihua Zhang ,  Guibin Hou ,  Yong Xu ,  Wenhui Xie ,  Bo Ma ,  Guolu Gao ,  Xiaoping Lu ,  Cuihua Fu

IPC: H04L29/08

CPC classification number: H04L67/10 ,  H04L47/10 ,  H04L49/354 ,  H04L49/552 ,  H04L63/0272 ,  H04L63/101 ,  H04L69/12

Abstract: A system for processing packets in a distributed architecture system includes a main control board, at least one service board, and at least one interface board. The system determines a specified CPU corresponding to a received packet; and, by the service board corresponding to the CPU, processes the received packet. The received packets are processed in the service board corresponding to the specified CPU. Therefore, the packets are evenly distributed to all service boards for being processed, the workload of the main control board is relieved, the service throughput is increased significantly, and the packet processing efficiency of the whole architecture is improved.

Abstract translation: 一种用于在分布式架构系统中处理分组的系统包括主控板，至少一个业务板和至少一个接口板。 系统确定对应于接收到的分组的指定CPU; 并且由对应于CPU的业务板处理接收到的分组。 接收到的报文在与指定CPU对应的业务板上进行处理。 因此，数据包均匀分布到所有业务板进行处理，主控板的工作负载减轻，业务吞吐量显着增加，整体架构的数据包处理效率提高。

公开(公告)号：US20200014707A1

公开(公告)日：2020-01-09

申请号：US16559080

申请日：2019-09-03

Applicant: Huawei Technologies Co., Ltd.

Inventor： Wenhui Xie

IPC: H04L29/06 ,  H04L12/26

Abstract: A threat detection method includes: obtaining packets in a Transmission Control Protocol (TCP) session between a first device and a second device; obtaining a first data flow transmitted from the first device and a second data flow transmitted from the second device in the TCP session; obtaining time information of each of a plurality of first packets in the first data flow and time information of each of a plurality of second packets in the second data flow; calculating an activation rate, a response rate, and a quantity of interactions based on the time information; and if the activation rate is greater than or equal to a first threshold, the response rate is greater than or equal to a second threshold, and the quantity of interactions is greater than or equal to a third threshold, determining that the first device is threatened.

公开(公告)号：US09438566B2

公开(公告)日：2016-09-06

申请号：US14052470

申请日：2013-10-11

Applicant: Huawei Technologies Co., Ltd.

Inventor： Wei Zhang ,  Ruirui Liu ,  Wenhui Xie ,  Guolu Gao

IPC: H04L29/06

CPC classification number: H04L63/04 ,  H04L63/061 ,  H04L63/164

Abstract: The present invention provides a method and a system for negotiation based on IKE messages. A standby device updates a value of a stored third identity according to an update notification of an active device. The update notification of the active device is sent by the active device after updating a value of a stored second identity. When the standby device switches to a new active device, the new active device sends a second message for negotiating IPSec information to a peer device according to the updated third identity. The third identity is an identity that is stored in the standby device and used to acquire state information of the active device.

Abstract translation: 本发明提供一种基于IKE消息的协商方法和系统。 备用设备根据活动设备的更新通知更新存储的第三身份的值。 活动设备的更新通知在更新所存储的第二身份的值之后由活动设备发送。 当备用设备切换到新的活动设备时，新的活动设备根据更新的第三标识向对等设备发送用于协商IPSec信息的第二消息。 第三身份是存储在备用设备中并用于获取活动设备的状态信息的身份。

公开(公告)号：US11665179B2

公开(公告)日：2023-05-30

申请号：US16559080

申请日：2019-09-03

Applicant: Huawei Technologies Co., Ltd.

Inventor： Wenhui Xie

IPC: H04L29/06 ,  H04L9/40 ,  H04L43/10 ,  H04L69/16

CPC classification number: H04L63/1416 ,  H04L43/10 ,  H04L63/1425 ,  H04L69/16

Abstract: A threat detection method includes: obtaining packets in a Transmission Control Protocol (TCP) session between a first device and a second device; obtaining a first data flow transmitted from the first device and a second data flow transmitted from the second device in the TCP session; obtaining time information of each of a plurality of first packets in the first data flow and time information of each of a plurality of second packets in the second data flow; calculating an activation rate, a response rate, and a quantity of interactions based on the time information; and if the activation rate is greater than or equal to a first threshold, the response rate is greater than or equal to a second threshold, and the quantity of interactions is greater than or equal to a third threshold, determining that the first device is threatened.

公开(公告)号：US08737388B2

公开(公告)日：2014-05-27

申请号：US13935929

申请日：2013-07-05

Applicant: Huawei Technologies Co., Ltd.

Inventor： Zhiqiang Zhu ,  Rihua Zhang ,  Guibin Hou ,  Yong Xu ,  Wenhui Xie ,  Bo Ma ,  Guolu Gao ,  Xiaoping Lu ,  Cuihua Fu

IPC: H04L12/56

CPC classification number: H04L67/10 ,  H04L47/10 ,  H04L49/354 ,  H04L49/552 ,  H04L63/0272 ,  H04L63/101 ,  H04L69/12

Abstract: A system for processing packets in a distributed architecture system includes a main control board, at least one service board, and at least one interface board. The system determines a specified CPU corresponding to a received packet; and, by the service board corresponding to the CPU, processes the received packet. The received packets are processed in the service board corresponding to the specified CPU. Therefore, the packets are evenly distributed to all service boards for being processed, the workload of the main control board is relieved, the service throughput is increased significantly, and the packet processing efficiency of the whole architecture is improved.

Abstract translation: 一种用于在分布式架构系统中处理分组的系统包括主控板，至少一个业务板和至少一个接口板。 系统确定对应于接收到的分组的指定CPU; 并且由对应于CPU的业务板处理接收到的分组。 接收到的报文在与指定CPU对应的业务板上进行处理。 因此，数据包均匀分布到所有业务板进行处理，主控板的工作负载减轻，业务吞吐量显着增加，整体架构的数据包处理效率提高。