公开(公告)号：US20190014009A1

公开(公告)日：2019-01-10

申请号：US16112828

申请日：2018-08-27

申请人： International Business Machines Corporation

发明人： Henry Chuang ,  Ho Ming Da ,  Chia Chen Ho ,  Ming-Pin Hsueh ,  Ting-Jui Hu ,  Ping-Hung Lee

IPC分类号： H04L12/24 ,  H04L12/26

摘要： Computing a protocol complexity indicator (PCI) for a communication protocol of interest in a networked computer system that processes network traffic of multiple protocols. The PCI provides an indication of predicted bandwidth usage by traffic of the protocol of interest. The PCI is used together with a throughput limit to establish a threshold amount for traffic of the protocol of interest. The PCI may then be used, for instance, to determine when to spawn a new instance of a network traffic-processing component for that protocol to maintain processing throughput at an acceptable level.

公开(公告)号：US20160269426A1

公开(公告)日：2016-09-15

申请号：US14721084

申请日：2015-05-26

申请人： International Business Machines Corporation

发明人： Ming Da Ho ,  Ming-Pin Hsueh ,  Ting-Jui Hu ,  Ping-Hung Lee ,  Ming-Hsun Wu

IPC分类号： H04L29/06 ,  H04L12/801 ,  H04L12/851

CPC分类号： H04L63/1441 ,  H04L47/2441 ,  H04L47/2483 ,  H04L47/33 ,  H04L63/0254 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/145

摘要： A security appliance system routing strings of data packets in a high availability environment. The security appliance system contains a plurality of intrusion prevention systems connected to a load balancer and a computing device. Each intrusion prevention system contains stored session state information in a local session state data store, the load balancer contains a shared hash algorithm, and the computing device contains a connection state manager containing a network session state data store. The computing device includes a topology manager recording connectivity changes of the intrusion prevention systems and accordingly adjusting the shared hash algorithm for the recorded connectivity changes. Using the shared hash algorithm and routing information, a hash value is assigned to received strings. Strings are forwarded an intrusion prevention system based on assigned hash value and processed using stored session state information within the local session state data store and the network session state data store.

公开(公告)号：US09628505B2

公开(公告)日：2017-04-18

申请号：US14721084

申请日：2015-05-26

申请人： International Business Machines Corporation

发明人： Ming Da Ho ,  Ming-Pin Hsueh ,  Ting-Jui Hu ,  Ping-Hung Lee ,  Ming-Hsun Wu

IPC分类号： G06F15/16 ,  H04L29/08 ,  G06F21/62 ,  H04L29/06 ,  H04L12/851 ,  H04L12/801

CPC分类号： H04L63/1441 ,  H04L47/2441 ,  H04L47/2483 ,  H04L47/33 ,  H04L63/0254 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/145

摘要： A security appliance system routing strings of data packets in a high availability environment. The security appliance system contains a plurality of intrusion prevention systems connected to a load balancer and a computing device. Each intrusion prevention system contains stored session state information in a local session state data store, the load balancer contains a shared hash algorithm, and the computing device contains a connection state manager containing a network session state data store. The computing device includes a topology manager recording connectivity changes of the intrusion prevention systems and accordingly adjusting the shared hash algorithm for the recorded connectivity changes. Using the shared hash algorithm and routing information, a hash value is assigned to received strings. Strings are forwarded an intrusion prevention system based on assigned hash value and processed using stored session state information within the local session state data store and the network session state data store.

公开(公告)号：US10313194B2

公开(公告)日：2019-06-04

申请号：US14867149

申请日：2015-09-28

申请人： International Business Machines Corporation

发明人： Henry Chuang ,  Ho Ming Da ,  Chia Chen Ho ,  Ming-Pin Hsueh ,  Ting-Jui Hu ,  Ping-Hung Lee

IPC分类号： H04L12/24 ,  H04L12/26

摘要： Computing a protocol complexity indicator (PCI) for a communication protocol of interest in a networked computer system that processes network traffic of multiple protocols. The PCI provides an indication of predicted bandwidth usage by traffic of the protocol of interest. The PCI is used together with a throughput limit to establish a threshold amount for traffic of the protocol of interest. The PCI may then be used, for instance, to determine when to spawn a new instance of a network traffic-processing component for that protocol to maintain processing throughput at an acceptable level.

公开(公告)号：US10608883B2

公开(公告)日：2020-03-31

申请号：US16112828

申请日：2018-08-27

申请人： International Business Machines Corporation

发明人： Henry Chuang ,  Ho Ming Da ,  Chia Chen Ho ,  Ming-Pin Hsueh ,  Ting-Jui Hu ,  Ping-Hung Lee

IPC分类号： H04L12/24 ,  H04L12/26

摘要： Computing a protocol complexity indicator (PCI) for a communication protocol of interest in a networked computer system that processes network traffic of multiple protocols. The PCI provides an indication of predicted bandwidth usage by traffic of the protocol of interest. The PCI is used together with a throughput limit to establish a threshold amount for traffic of the protocol of interest. The PCI may then be used, for instance, to determine when to spawn a new instance of a network traffic-processing component for that protocol to maintain processing throughput at an acceptable level.

公开(公告)号：US09628504B2

公开(公告)日：2017-04-18

申请号：US14641461

申请日：2015-03-09

申请人： International Business Machines Corporation

发明人： Ming Da Ho ,  Ming-Pin Hsueh ,  Ting-Jui Hu ,  Ping-Hung Lee ,  Ming-Hsun Wu

IPC分类号： H04L29/06 ,  H04L12/851 ,  H04L12/801

CPC分类号： H04L63/1441 ,  H04L47/2441 ,  H04L47/2483 ,  H04L47/33 ,  H04L63/0254 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/145

摘要： A security appliance system routing strings of data packets in a high availability environment. The security appliance system contains a plurality of intrusion prevention systems connected to a load balancer and a computing device. Each intrusion prevention system contains stored session state information in a local session state data store, the load balancer contains a shared hash algorithm, and the computing device contains a connection state manager containing a network session state data store. The computing device includes a topology manager recording connectivity changes of the intrusion prevention systems and accordingly adjusting the shared hash algorithm for the recorded connectivity changes. Using the shared hash algorithm and routing information, a hash value is assigned to received strings. Strings are forwarded an intrusion prevention system based on assigned hash value and processed using stored session state information within the local session state data store and the network session state data store.

公开(公告)号：US20170093675A1

公开(公告)日：2017-03-30

申请号：US14867149

申请日：2015-09-28

申请人： International Business Machines Corporation

发明人： Henry Chuang ,  Ho Ming Da ,  Chia Chen Ho ,  Ming-Pin Hsueh ,  Ting-Jui Hu ,  Ping-Hung Lee

IPC分类号： H04L12/26 ,  H04L12/24

CPC分类号： H04L41/0896 ,  H04L41/14 ,  H04L41/5003 ,  H04L43/0888 ,  H04L43/16 ,  H04L43/18

摘要： Computing a protocol complexity indicator (PCI) for a communication protocol of interest in a networked computer system that processes network traffic of multiple protocols. The PCI provides an indication of predicted bandwidth usage by traffic of the protocol of interest. The PCI is used together with a throughput limit to establish a threshold amount for traffic of the protocol of interest. The PCI may then be used, for instance, to determine when to spawn a new instance of a network traffic-processing component for that protocol to maintain processing throughput at an acceptable level.

公开(公告)号：US20160269439A1

公开(公告)日：2016-09-15

申请号：US14641461

申请日：2015-03-09

申请人： International Business Machines Corporation

发明人： Ming Da Ho ,  Ming-Pin Hsueh ,  Ting-Jui Hu ,  Ping-Hung Lee ,  Ming-Hsun Wu

IPC分类号： H04L29/06

CPC分类号： H04L63/1441 ,  H04L47/2441 ,  H04L47/2483 ,  H04L47/33 ,  H04L63/0254 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/145

摘要： A security appliance system routing strings of data packets in a high availability environment. The security appliance system contains a plurality of intrusion prevention systems connected to a load balancer and a computing device. Each intrusion prevention system contains stored session state information in a local session state data store, the load balancer contains a shared hash algorithm, and the computing device contains a connection state manager containing a network session state data store. The computing device includes a topology manager recording connectivity changes of the intrusion prevention systems and accordingly adjusting the shared hash algorithm for the recorded connectivity changes. Using the shared hash algorithm and routing information, a hash value is assigned to received strings. Strings are forwarded an intrusion prevention system based on assigned hash value and processed using stored session state information within the local session state data store and the network session state data store.

摘要翻译： 安全设备系统在高可用性环境中路由数据包的字符串。 安全设备系统包含连接到负载平衡器和计算设备的多个入侵防御系统。 每个入侵防御系统在本地会话状态数据存储中包含存储的会话状态信息，负载平衡器包含共享散列算法，并且计算设备包含包含网络会话状态数据存储的连接状态管理器。 计算设备包括记录入侵防御系统的连接变化的拓扑管理器，并因此调整用于记录的连接变化的共享散列算法。 使用共享散列算法和路由信息，将哈希值分配给接收的字符串。 字符串基于分配的散列值转发入侵防御系统，并使用本地会话状态数据存储和网络会话状态数据存储中的存储的会话状态信息进行处理。