公开(公告)号：US20050050171A1

公开(公告)日：2005-03-03

申请号：US10652265

申请日：2003-08-29

申请人： James Deerman ,  Ramanamurthy Dantu ,  Aswinkumar Rana ,  Keung Yue

发明人： James Deerman ,  Ramanamurthy Dantu ,  Aswinkumar Rana ,  Keung Yue

IPC分类号： G06F11/20 ,  H04L12/24 ,  H04L29/08 ,  H04L29/14 ,  G06F15/16

CPC分类号： G06F11/2048 ,  G06F11/2007 ,  G06F11/2023 ,  G06F11/2038 ,  G06F11/2097 ,  H04L41/0668 ,  H04L41/5003 ,  H04L43/0811 ,  H04L67/14 ,  H04L69/40

摘要： A redundancy architecture is described for network processing systems which allows the network to recover from failure of a network processing system without interruption in service. The redundancy architecture allows network processing systems that use state information to associate network traffic into discrete flows, to provide system level redundancy to prevent service outages, or loss of network traffic resulting from a failure in any single network processing system. The redundancy architecture includes an out-of-band network link between the redundant network processing systems. The out-of-band network link allows the network processing systems to exchange state and other data as necessary. By maintaining the state data not only for the network traffic being processed by the network processing system, but also the state data for the network traffic being processed by its mate network processing system, either network processing system can assume the network traffic of its redundant mate in the event of a failure.

摘要翻译： 描述了用于网络处理系统的冗余架构，其允许网络从网络处理系统的故障中恢复而不会中断服务。 冗余架构允许使用状态信息的网络处理系统将网络流量与离散流相关联，以提供系统级冗余以防止服务中断或由任何单个网络处理系统中的故障导致的网络流量的丢失。 冗余架构包括冗余网络处理系统之间的带外网络链路。 带外网络链路允许网络处理系统根据需要交换状态和其他数据。 通过不仅为网络处理系统正在处理的网络流量而维护状态数据，而且还通过其配对网络处理系统处理的网络流量的状态数据，网络处理系统可以承担其冗余配对的网络流量 如果发生故障。

公开(公告)号：US20060085548A1

公开(公告)日：2006-04-20

申请号：US10967470

申请日：2004-10-18

申请人： Robert Maher ,  Aswinkumar Rana ,  Milton Lie ,  James Deerman

发明人： Robert Maher ,  Aswinkumar Rana ,  Milton Lie ,  James Deerman

IPC分类号： G06F15/16

CPC分类号： H04L63/029 ,  H04L29/06027 ,  H04L65/1006

摘要： An apparatus and method for traversing a network address translation/firewall device to maintain a registration between first and second devices separated by the firewall device are provided. In one example, the method includes intercepting a registration message from the first device to the second device. A determination is made based on a first timeout period defined by the second device as to whether it is time to renew the first device's registration. If it is time to renew the first device's registration, the registration message is forwarded to the second device. A response message that includes the first timeout period is intercepted, and the first timeout period is replaced with a second timeout period based on a binding lifetime of the firewall device before forwarding the response message to the first device.

摘要翻译： 提供了一种用于遍历网络地址转换/防火墙设备以维护由防火墙设备分离的第一和第二设备之间的注册的装置和方法。 在一个示例中，该方法包括从第一设备截取注册消息到第二设备。 基于由第二设备定义的关于是否需要续订第一设备的注册的第一超时时段进行确定。 如果是更新第一个设备的注册的时间，则注册消息被转发到第二个设备。 拦截包含第一超时期间的响应消息，并且在将响应消息转发给第一设备之前，基于防火墙设备的绑定寿命，第一超时时段被替换为第二超时时段。

公开(公告)号：US20060013211A1

公开(公告)日：2006-01-19

申请号：US10890888

申请日：2004-07-14

申请人： James Deerman ,  Milton Lie ,  Aswinkumar Rana ,  Robert Maher

发明人： James Deerman ,  Milton Lie ,  Aswinkumar Rana ,  Robert Maher

IPC分类号： H04L12/56

CPC分类号： H04L61/2514 ,  H04L29/12009 ,  H04L29/12367

摘要： A method and system are described for resolving problems created by implementing multiple networks using private IP addresses and layer two tunneling protocols is described. A network processing system is operable to map flows from private IP addresses and ports on layer two tunneling protocol networks to public IP addresses and ports using the private IP addresses and ports and identifiers for the layer two tunneling protocol network. The network processing system uses its own public IP addresses and ports to anchor the traffic from the private network and performs the required mapping to pass traffic between the public and private networks.

摘要翻译： 描述了解决通过使用专用IP地址实现多个网络而创建的问题的方法和系统，并且描述了第二层隧道协议。 网络处理系统可操作以使用专用IP地址和第二层隧道协议网络的标识符将来自第二层隧道协议网络上的私有IP地址和端口的流映射到公共IP地址和端口。 网络处理系统使用其自己的公共IP地址和端口来锚定来自专用网络的流量，并执行所需的映射以在公共和专用网络之间传递流量。

公开(公告)号：US20060056391A1

公开(公告)日：2006-03-16

申请号：US10940908

申请日：2004-09-14

申请人： Aswinkumar Rana ,  Darren Bensley

发明人： Aswinkumar Rana ,  Darren Bensley

IPC分类号： H04L12/66

CPC分类号： H04L65/608 ,  H04L29/06027 ,  H04L29/12471 ,  H04L61/2553 ,  H04L63/029 ,  H04L63/1416 ,  H04L69/40

摘要： A method is described for detecting rogue packets in real-time protocol (“RTP”) data streams. Rogue packets occur due to a malfunctioning device continuing to send RTP packets after the termination of the media session, or by third party devices due to malfunction or malicious activity. The method recognizes rogue RTP packets by examining identifying fields in each packet associated with the RTP stream. The fields can be in the header of the packet or in the payload, and can include information such as destination address, destination port, protocol, sequence number, SSRC number, and others. Once rogue activity is detected the method can quarantine the associated pinhole information and/or alert a network operator.

摘要翻译： 描述了一种用于在实时协议（“RTP”）数据流中检测流氓包的方法。 由于故障设备在媒体会话终止之后继续发送RTP分组，或由于故障或恶意活动而由第三方设备发生盗贼分组。 该方法通过检查与RTP流相关联的每个分组中的识别字段来识别流氓RTP分组。 这些字段可以在分组的头部或有效载荷中，并且可以包括目的地址，目的地端口，协议，序列号，SSRC号等信息。 一旦检测到流氓活动，该方法可以隔离相关的针孔信息和/或提醒网络运营商。