公开(公告)号：US07367046B1

公开(公告)日：2008-04-29

申请号：US10310372

申请日：2002-12-04

申请人： Indrajanti Sukiman ,  Gautam Aggarwal ,  William C. Melohn ,  Siva S. Jayasenan

发明人： Indrajanti Sukiman ,  Gautam Aggarwal ,  William C. Melohn ,  Siva S. Jayasenan

IPC分类号： G06F21/00

CPC分类号： H04L63/06 ,  G06F2221/2129 ,  H04L29/12216 ,  H04L61/2007 ,  H04L63/08

摘要： According to an approach for assigning network addresses to network devices, an authentication request that requests authentication of identification data that uniquely identifies a network device is generated and sent to an authentication mechanism. An authentication response is received from the authentication mechanism that indicates whether the network device is authorized to access a first network. If the authentication response indicates that the network device is authorized to access the first network, then a first network address on a first network is assigned to the network device. If the authentication response indicates that the network device is not authorized to access the first network, then a second network address on a second network to the network device is assigned. If no authentication response is received from the authentication mechanism, then the second network address on the second network is assigned to the network device.

摘要翻译： 根据用于向网络设备分配网络地址的方法，生成请求对唯一地标识网络设备的标识数据的认证的认证请求，并将其发送到认证机制。 从认证机制接收到指示网络设备是否被授权访问第一网络的认证响应。 如果认证响应指示网络设备被授权访问第一网络，则将第一网络上的第一网络地址分配给网络设备。 如果认证响应指示网络设备未被授权访问第一网络，则分配到网络设备的第二网络上的第二网络地址。 如果从认证机制没有接收到认证响应，则将第二网络上的第二网络地址分配给网络设备。

公开(公告)号：US07280557B1

公开(公告)日：2007-10-09

申请号：US10187168

申请日：2002-06-28

申请人： Kaushik P. Biswas ,  Siva S. Jayasenan ,  Mahadev Somasundaram ,  Mark A. Denny

发明人： Kaushik P. Biswas ,  Siva S. Jayasenan ,  Mahadev Somasundaram ,  Mark A. Denny

IPC分类号： H04J3/16

CPC分类号： H04L29/12367 ,  H04L29/12415 ,  H04L29/12481 ,  H04L45/22 ,  H04L45/58 ,  H04L47/125 ,  H04L61/2514 ,  H04L61/2532 ,  H04L61/2557 ,  H04L67/1002 ,  H04L69/40

摘要： Various techniques are described which may be used for improving traffic flows between private networks and public networks. According to one aspect of the present invention, a technique is described for implementing asymmetric routing in a NAT routing environment. Another aspect of the present invention provides a technique for implementing load balancing and resource allocation assignments among peers in a redundant, multiple NAT router environment.

摘要翻译： 描述了可以用于改善专用网络和公共网络之间的业务流的各种技术。 根据本发明的一个方面，描述了在NAT路由环境中实现非对称路由的技术。 本发明的另一方面提供了一种用于在冗余的多个NAT路由器环境中的对等体之间实现负载平衡和资源分配分配的技术。

公开(公告)号：US08078739B1

公开(公告)日：2011-12-13

申请号：US10750513

申请日：2003-12-29

申请人： Mahadev Somasundaram ,  Senthil Sivakumar ,  Siva S. Jayasenan ,  Yongming Zhang ,  Todd M. Short

发明人： Mahadev Somasundaram ,  Senthil Sivakumar ,  Siva S. Jayasenan ,  Yongming Zhang ,  Todd M. Short

IPC分类号： G06F15/16

CPC分类号： H04L63/0209 ,  H04L63/10

摘要： Disclosed are methods and apparatus for handling requests for data from a private network. In general terms, a client who wishes access to secure data, such as a secure web page, from a private network establishes a secure connection with a secure server, such as a secure socket layer (SSL) server, of the private network. The secure server then downloads a software program for handling data requests (made by the client for data located within the private network) to the client. This software program is downloaded automatically by the secure server to the client when the client initiates a secure connection with such secure server. The downloaded software program is generally configured to modify data requests (e.g., by performing a URL substitution) sent from the client to an internal server of the private network such that the data requests are redirected to the secure server. The secure server then processes the data request (e.g., by retrieving the data from the appropriate internal server).

摘要翻译： 公开了用于处理来自专用网络的数据请求的方法和装置。 一般来说，希望从专用网络访问安全数据（例如安全网页）的客户端建立与专用网络的安全服务器（例如安全套接字层（SSL））服务器的安全连接。 然后，安全服务器下载用于处理对客户端的数据请求（由客户端针对专用网络内的数据进行）的软件程序。 当客户端启动与这种安全服务器的安全连接时，该软件程序由安全服务器自动下载到客户端。 下载的软件程序通常被配置为修改从客户端发送到私有网络的内部服务器的数据请求（例如，通过执行URL替换），使得数据请求被重定向到安全服务器。 然后，安全服务器处理数据请求（例如，通过从适当的内部服务器检索数据）。

公开(公告)号：US07624195B1

公开(公告)日：2009-11-24

申请号：US10434581

申请日：2003-05-08

申请人： Kaushik P. Biswas ,  Siva S. Jayasenan ,  Michael J. Sullenberger ,  Mark A. Denny ,  Senthil Sivakumar ,  Suresh Satapati

发明人： Kaushik P. Biswas ,  Siva S. Jayasenan ,  Michael J. Sullenberger ,  Mark A. Denny ,  Senthil Sivakumar ,  Suresh Satapati

IPC分类号： G06F15/16 ,  H04L12/56

CPC分类号： H04L45/04 ,  H04L29/12283 ,  H04L29/12386 ,  H04L61/2015 ,  H04L61/2061 ,  H04L61/2521

摘要： Methods and apparatuses for distributing network address translation. By having a gateway inform inside devices of global addresses, the gateway can avoid performing many functions of a traditional NAT box. Specifically, an inside device is informed of a global address shared by all devices on the inside device's network segment. Each device on that segment would be assigned a range of ports to distinguish messages from separate devices that use the same global address.

摘要翻译： 分配网络地址转换的方法和装置。 通过在全球地址的设备内部通知网关，网关可以避免执行传统NAT框的许多功能。 具体地说，向内部装置通知内部设备网络上所有设备共享的全局地址。 该分段上的每个设备将被分配一系列端口，以区分消息与使用相同全局地址的单独设备。

公开(公告)号：US07042876B1

公开(公告)日：2006-05-09

申请号：US09735199

申请日：2000-12-11

申请人： Siva S. Jayasenan ,  Mike Sullenberger ,  Mark Denny ,  Murali Venkateshaiah

发明人： Siva S. Jayasenan ,  Mike Sullenberger ,  Mark Denny ,  Murali Venkateshaiah

IPC分类号： H04L12/28

CPC分类号： H04L61/2503 ,  H04L29/12009 ,  H04L29/12415 ,  H04L61/2532

摘要： A technique is disclosed for synchronizing NAT information stored on different network devices that have been configured to implement a network address translation protocol. Each of the network devices includes a respective NAT data structure configured to store NAT information. The NAT information includes at least one NAT entry relating to a network node engaged in a communication session with at least one other network node. At least one NAT entry in a first NAT data structure is modified. The first NAT data structure is associated with a first NAT network device. A first NAT transaction message is generated which includes information relating to the modifications performed on the first NAT data structure. The first NAT transaction message is transmitted to at least one other NAT network device to thereby cause that device to modify its respective NAT data structure using information from the first NAT transaction message. In this way, synchronization of NAT information stored on each of the network devices may be achieved.

摘要翻译： 公开了一种用于同步存储在已被配置为实现网络地址转换协议的不同网络设备上的NAT信息的技术。 每个网络设备包括被配置为存储NAT信息的相应NAT数据结构。 NAT信息包括与与至少一个其他网络节点进行通信会话的网络节点有关的至少一个NAT条目。 第一个NAT数据结构中的至少一个NAT条目被修改。 第一NAT数据结构与第一NAT网络设备相关联。 产生第一NAT事务消息，其包括与在第一NAT数据结构上执行的修改有关的信息。 第一NAT事务消息被发送到至少一个其他NAT网络设备，从而使得该设备使用来自第一NAT交易消息的信息来修改其各自的NAT数据结构。 以这种方式，可以实现存储在每个网络设备上的NAT信息的同步。

公开(公告)号：US08675650B2

公开(公告)日：2014-03-18

申请号：US12987916

申请日：2011-01-10

申请人： Siva S. Jayasenan ,  Mike Sullenberger ,  Mark Denny ,  Murali Venkateshaiah

发明人： Siva S. Jayasenan ,  Mike Sullenberger ,  Mark Denny ,  Murali Venkateshaiah

IPC分类号： H04L12/28

CPC分类号： H04L61/2503 ,  H04L29/12009 ,  H04L29/12415 ,  H04L61/2532

摘要： A technique is disclosed for synchronizing NAT information stored on different network devices that have been configured to implement a network address translation protocol. Each of the network devices includes a respective NAT data structure configured to store NAT information. The NAT information includes at least one NAT entry relating to a network node engaged in a communication session with at least one other network node. At least one NAT entry in a first NAT data structure is modified. The first NAT data structure is associated with a first NAT network device. A first NAT transaction message is generated which includes information relating to the modifications performed on the first NAT data structure. The first NAT transaction message is transmitted to at least one other NAT network device to thereby cause that device to modify its respective NAT data structure using information from the first NAT transaction message. In this way, synchronization of NAT information stored on each of the network devices may be achieved.

摘要翻译： 公开了一种用于同步存储在已被配置为实现网络地址转换协议的不同网络设备上的NAT信息的技术。 每个网络设备包括被配置为存储NAT信息的相应NAT数据结构。 NAT信息包括与与至少一个其他网络节点进行通信会话的网络节点有关的至少一个NAT条目。 第一个NAT数据结构中的至少一个NAT条目被修改。 第一NAT数据结构与第一NAT网络设备相关联。 产生第一NAT事务消息，其包括与在第一NAT数据结构上执行的修改有关的信息。 第一NAT交易消息被发送到至少一个其他NAT网络设备，从而使得该设备使用来自第一NAT交易消息的信息来修改其各自的NAT数据结构。 以这种方式，可以实现存储在每个网络设备上的NAT信息的同步。

公开(公告)号：US08019889B1

公开(公告)日：2011-09-13

申请号：US10160321

申请日：2002-05-31

申请人： Kaushik P. Biswas ,  Siva S. Jayasenan ,  Michael L. Sullenberger ,  Mark A. Denny

发明人： Kaushik P. Biswas ,  Siva S. Jayasenan ,  Michael L. Sullenberger ,  Mark A. Denny

IPC分类号： G06F15/16

CPC分类号： H04L61/2575 ,  H04L29/12226 ,  H04L29/12528 ,  H04L61/2015

摘要： Disclosed are methods and apparatus for handling data having an embedded address (and port). In general terms, a host of a private network is operable to obtain from its corresponding edge router a global address (GA) and optionally an additional global port range (GPR). When the host then wishes to transmit data out of the private network, the obtained GA (and GPR) may then be used for an embedded address (and port) within data sent by the host to a public network. The obtained GA (and GPR) may also be used by the host to translate its own source address and port in its IP and/or TCP/UDP header if needed.

摘要翻译： 公开了用于处理具有嵌入地址（和端口）的数据的方法和装置。 一般来说，专用网络的主机可操作以从其对应的边缘路由器获得全局地址（GA）和可选的附加全局端口范围（GPR）。 当主机希望从私有网络发送数据时，获得的GA（和GPR）然后可以用于由主机发送到公共网络的数据内的嵌入式地址（和端口）。 如果需要，所获得的GA（和GPR）也可以被主机用于在其IP和/或TCP / UDP报头中翻译其自己的源地址和端口。

公开(公告)号：US07334049B1

公开(公告)日：2008-02-19

申请号：US10026272

申请日：2001-12-21

申请人： Mahadev Somasundaram ,  Siva S. Jayasenan ,  Senthil M. Sivakumar

发明人： Mahadev Somasundaram ,  Siva S. Jayasenan ,  Senthil M. Sivakumar

IPC分类号： G06F15/16

CPC分类号： H04L69/22 ,  H04L69/16 ,  H04L69/161

摘要： Disclosed are methods and apparatus for performing network address translation (NAT) in a fully connected mesh with NAT virtual interface (NVI). In general terms, mechanisms (e.g., within a combination router/NAT device) are provided for translating network addresses of traffic going between two private domains or realms. These mechanisms may also be used to translate traffic going between a private and public domain. When a particular private address is translated into a public address, a binding is formed between the pre-translation address, the post-translation address, and the interface associated with the private or public address (e.g., an interface of the router/NAT device). Since bindings of different interfaces are tracked, a private address and its associated particular interface may be associated with a particular public address. Accordingly, the translation mechanisms of the present invention may be applied to two duplicate private addresses from two different private domains because the two identical private addresses are distinguished based on their different interfaces.

摘要翻译： 公开的是在与NAT虚拟接口（NVI）完全连接的网络中执行网络地址转换（NAT）的方法和装置。 一般来说，提供了机制（例如，在组合路由器/ NAT设备内）来翻译在两个私有域或领域之间的业务的网络地址。 这些机制也可用于翻译私有和公共领域之间的交通。 当特定私人地址被转换成公共地址时，在预翻译地址，翻译后地址和与专用或公共地址相关联的接口（例如，路由器/ NAT设备的接口）之间形成绑定 ）。 由于跟踪不同接口的绑定，所以私有地址及其相关联的特定接口可以与特定的公共地址相关联。 因此，本发明的翻译机制可以应用于来自两个不同私有域的两个重复私有地址，因为基于它们不同的接口区分两个相同的私有地址。

公开(公告)号：US07260649B1

公开(公告)日：2007-08-21

申请号：US10123950

申请日：2002-04-16

申请人： Mahadev Somasundaram ,  Siva S. Jayasenan ,  Mark A. Denny

发明人： Mahadev Somasundaram ,  Siva S. Jayasenan ,  Mark A. Denny

IPC分类号： G06F15/16

CPC分类号： H04L29/12415 ,  H04L29/12367 ,  H04L61/2514 ,  H04L61/2532

摘要： Disclosed are methods and apparatus for handling data sent from a first public network to a second or same public network via a private network. In general terms, network translation address mechanisms are provided within the edge routers of the private network. When a first processing node sends a request to an edge router to access another processing node which resides in a public network, the edge router forms a binding based on two addresses associated with the first processing node. A first private address is initially associated with the first processing node, and the first processing node uses this private address to communicate with the private network. A second public address is also allocated to the first processing node based on the first processing node's request to communicate with a public node. The first processing node uses the allocated second public address to communicate with the requested public node.

摘要翻译： 公开了用于处理经由私有网络从第一公共网络发送到第二或同一公共网络的数据的方法和装置。 一般而言，在专用网络的边缘路由器内提供网络转换地址机制。 当第一处理节点向边缘路由器发送请求以访问驻留在公共网络中的另一处理节点时，边缘路由器基于与第一处理节点相关联的两个地址来形成绑定。 第一私有地址最初与第一处理节点相关联，并且第一处理节点使用该私有地址与私有网络进行通信。 基于第一处理节点与公共节点进行通信的请求，第二公共地址也被分配给第一处理节点。 第一处理节点使用所分配的第二公共地址与请求的公共节点进行通信。

公开(公告)号：US07227872B1

公开(公告)日：2007-06-05

申请号：US10235523

申请日：2002-09-04

申请人： Kaushik P. Biswas ,  Siva S. Jayasenan ,  Mahadev Somasundaram ,  Mark A. Denny

发明人： Kaushik P. Biswas ,  Siva S. Jayasenan ,  Mahadev Somasundaram ,  Mark A. Denny

IPC分类号： H04J3/16

CPC分类号： H04L29/12367 ,  H04L29/12415 ,  H04L29/12481 ,  H04L45/22 ,  H04L45/58 ,  H04L47/125 ,  H04L61/2514 ,  H04L61/2532 ,  H04L61/2557 ,  H04L67/1002 ,  H04L69/40

摘要： Various techniques are described which may be used for improving traffic flows between private networks and public networks. According to one aspect of the present invention, a technique is described for implementing asymmetric routing in a NAT routing environment. Another aspect of the present invention provides a technique for implementing load balancing and resource allocation assignments among peers in a redundant, multiple NAT router environment.