公开(公告)号：US20050185581A1

公开(公告)日：2005-08-25

申请号：US10782617

申请日：2004-02-19

申请人： Jeffrey Bradford ,  Gordon Davis ,  Dongming Hwang ,  Clark Jeffries ,  Srinivasan Ramani ,  Kartik Sudeep ,  Ken Vu

发明人： Jeffrey Bradford ,  Gordon Davis ,  Dongming Hwang ,  Clark Jeffries ,  Srinivasan Ramani ,  Kartik Sudeep ,  Ken Vu

IPC分类号： H04L12/56 ,  H04J3/16

CPC分类号： H04L47/10 ,  H04L47/29 ,  H04L47/323

摘要： The present invention provides for a computer network method and system that applies “hysteresis” to an active queue management algorithm. If a queue is at a level below a certain low threshold and a burst of packets arrives at a network node, then the probability of dropping the initial packets in the burst is recalculated, but the packets are not dropped. However, if the queue level crosses beyond a hysteresis threshold, then packets are discarded pursuant to a drop probability. Also, according to the present invention, queue level may be decreased until it becomes less than the hysteresis threshold, with packets dropped per the drop probability until the queue level decreases to at least a low threshold. In one embodiment, an adaptive algorithm is also provided to adjust the transmit probability for each flow together with hysteresis to increase the packet transmit rates to absorb bursty traffic.

摘要翻译： 本发明提供一种向活动队列管理算法应用“迟滞”的计算机网络方法和系统。 如果队列处于低于某个低阈值的水平，并且一​​群数据包到达网络节点，则重新计算突发中丢弃初始数据包的概率，但不会丢弃数据包。 然而，如果队列级别超过滞后阈值，则根据丢弃概率丢弃数据包。 此外，根据本发明，可以减少队列级别，直到其变得小于滞后阈值，其中每个丢弃概率的分组丢弃，直到队列级别降低到至少低阈值。 在一个实施例中，还提供自适应算法来调整每个流的发送概率以及迟滞以增加分组传输速率以吸收突发业务。

公开(公告)号：US20060209898A1

公开(公告)日：2006-09-21

申请号：US11348417

申请日：2006-02-07

申请人： Youssef Abdelilah ,  Gordon Davis ,  Jeffrey Derby ,  Dongming Hwang ,  Clark Jeffries ,  Malcolm Ware ,  Hua Ye

发明人： Youssef Abdelilah ,  Gordon Davis ,  Jeffrey Derby ,  Dongming Hwang ,  Clark Jeffries ,  Malcolm Ware ,  Hua Ye

IPC分类号： H04J3/18

CPC分类号： H04L47/10 ,  H04L12/6418 ,  H04L29/06027 ,  H04L47/12 ,  H04L47/2425 ,  H04L47/263 ,  H04L47/70 ,  H04L47/745 ,  H04L47/748 ,  H04L47/762 ,  H04L65/1009 ,  H04L65/607 ,  H04L65/80 ,  H04L2012/6481 ,  H04L2012/6497

摘要： A codec detects congestion in a packet network and responds via a session control protocol to re-negotiate codec-type and/or parameters with the receiving codec to reduce bit rate for supporting a session. Once the connection and session are established, encoded packets start flowing between the two codecs. A control entity sends and receives network congestion control packets periodically in the session. The congestion control packets provide a “heartbeat” signal to the receiving codec. When the network is not congested, all “heartbeat” packets will be passed through the network. As network congestion increases, routers within the network discard excess packets to prevent network failure. The codecs respond to the missing packets by slowing down the bit rate or proceeding to renegotiate a lower bit rate via the session control protocol. If there are no missing packets, the codecs detect if the session is operating at the highest bit rate, and if not, re-negotiate a higher bit rate.

摘要翻译： 编解码器检测分组网络中的拥塞，并通过会话控制协议进行响应，以使用接收编解码器重新协商编解码器类型和/或参数，以减少支持会话的比特率。 一旦建立了连接和会话，编码的数据包将在两个编解码器之间开始流动。 控制实体在会话中定期发送和接收网络拥塞控制报文。 拥塞控制分组向接收编解码器提供“心跳”信号。 当网络不拥塞时，所有“心跳”数据包将通过网络传递。 随着网络拥塞的增加，网络内的路由器丢弃多余的数据包，防止网络故障。 编解码器通过减慢比特率或通过会话控制协议进行重新协商较低的比特率来响应丢失的分组。 如果没有丢失数据包，则编解码器检测会话是否以最高比特率运行，如果不是，则重新协商更高的比特率。

公开(公告)号：US20060265372A1

公开(公告)日：2006-11-23

申请号：US11462071

申请日：2006-08-03

申请人： Gordon Davis ,  Andreas Herkersdorf ,  Clark Jeffries ,  Mark Rinaldi

发明人： Gordon Davis ,  Andreas Herkersdorf ,  Clark Jeffries ,  Mark Rinaldi

IPC分类号： G06F7/00

CPC分类号： H04L49/3009 ,  H04L45/745 ,  H04L45/7453 ,  H04L49/351

摘要： A structure and technique for preventing collisions using a hash table in conjunction with a CAM to identify and prevent a collisions of binary keys. A portion of the hash value of a binary key, which does not collide with a portion of the hash value of any other reference binary key, is used as an entry in the hash table. If two or more binary keys have identical values of the portions of the hash values, each of these binary keys are stored in their entirety, in the CAM. The key in the CAM provides a pointer to a data structure where the action associated with that binary key is stored. If the binary key is not found in the CAM, the binary key is hashed, and a specific entry in the hash table is selected using a portion of this hash value.

摘要翻译： 一种用于使用散列表与CAM结合来防止冲突的结构和技术，以识别和防止二进制键的冲突。 不与任何其他参考二进制密钥的散列值的一部分相冲突的二进制密钥的散列值的一部分被用作散列表中的条目。 如果两个或更多个二进制密钥具有相同的哈希值部分的值，则这些二进制密钥中的每一个都将全部存储在CAM中。 CAM中的关键字提供了指向数据结构的指针，其中存储与该二进制密钥相关联的动作。 如果在CAM中没有找到二进制密钥，则二进制密钥被散列，并且使用该哈希值的一部分来选择散列表中的特定条目。

公开(公告)号：US20050060428A1

公开(公告)日：2005-03-17

申请号：US10662007

申请日：2003-09-11

申请人： Everett Corl ,  Gordon Davis ,  Clark Jeffries ,  Natarajan Vaidhyanathan ,  Colin Verrilli

发明人： Everett Corl ,  Gordon Davis ,  Clark Jeffries ,  Natarajan Vaidhyanathan ,  Colin Verrilli

IPC分类号： G06F15/173 ,  H04L12/56 ,  H04L29/06

CPC分类号： H04L45/00 ,  H04L69/22

摘要： The classification system of a network device includes a cache in which a mapping between predefined characteristics of TCP/IP packets and associated actions are stored in response to the first “Frequent Flyer” packet in of a session. Selected characteristics from subsequent received packets of that session are correlated with the predefined characteristics and the stored actions are applied to the received packets if the selected characteristics and the predefined characteristics match, thus reducing the processing required for subsequent packets. The packets selected for caching may be data packets. For mismatched characteristics, the full packet search of the classification system is used to determine the action to apply to the received packet.

摘要翻译： 网络设备的分类系统包括缓存，其中响应于会话中的第一“频繁传单”分组而存储TCP / IP分组的预定义特性与相关动作之间的映射。 如果所选择的特征和预定义的特征匹配，则从该会话的后续接收到的分组中选出的特征与预定义的特征相关联，并且将存储的动作应用于所接收的分组，从而减少后续分组所需的处理。 选择用于缓存的数据包可能是数据包。 对于不匹配的特征，分类系统的全分组搜索用于确定应用于接收到的分组的动作。

公开(公告)号：US20060190613A1

公开(公告)日：2006-08-24

申请号：US11063950

申请日：2005-02-23

申请人： Everett Corl ,  Gordon Davis ,  Clark Jeffries ,  Steven Perrin ,  Hiroshi Takada ,  Victoria Thio

发明人： Everett Corl ,  Gordon Davis ,  Clark Jeffries ,  Steven Perrin ,  Hiroshi Takada ,  Victoria Thio

IPC分类号： G06F15/16

CPC分类号： H04L29/12009 ,  H04L29/12462 ,  H04L29/12481 ,  H04L45/745 ,  H04L61/255 ,  H04L61/2557

摘要： A method for increasing the capacity of a connection table in a firewall accelerator by means of mapping packets in one session with some common security actions into one table entry. For each of five Network Address Translation (NAT) configurations, a hash function is specified. The hash function takes into account which of four possible arrival types a packet at a firewall accelerator may have. When different arrival types of packets in the same session are processed, two or more arrival types may have the same hash value.

摘要翻译： 一种通过将一个会话中的分组映射到一个表条目中的一些常见安全措施来增加防火墙加速器中连接表的容量的方法。 对于五种网络地址转换（NAT）配置中的每一种，都指定了一个散列函数。 散列函数考虑了防火墙加速器可能具有的四个可能的到达类型中的哪一个。 当处理相同会话中的不同到达类型的分组时，两个或多个到达类型可以具有相同的哈希值。

公开(公告)号：US20080098015A1

公开(公告)日：2008-04-24

申请号：US11962558

申请日：2007-12-21

申请人： Gordon Davis ,  Andreas Herkersdorf ,  Clark Jeffries ,  Mark Rinaldi

发明人： Gordon Davis ,  Andreas Herkersdorf ,  Clark Jeffries ,  Mark Rinaldi

IPC分类号： G06F17/30

CPC分类号： H04L49/3009 ,  H04L45/745 ,  H04L45/7453 ,  H04L49/351

摘要： A structure and technique for preventing collisions using a hash table in conjunction with a CAM to identify and prevent collisions of binary keys. A portion of the hash value of a binary key, which does not collide with a portion of the hash value of any other reference binary key, is used as an entry in the hash table. If two or more binary keys have identical values of the portions of the hash values, each of these binary keys are stored in their entirety, in the CAM. The key in the CAM provides a pointer to a data structure where the action associated with that binary key is stored. If the binary key is not found in the CAM, the binary key is hashed, and a specific entry in the hash table is selected using a portion of this hash value.

摘要翻译： 一种用于使用散列表与CAM结合来防止冲突的结构和技术，以识别和防止二进制键的冲突。 不与任何其他参考二进制密钥的散列值的一部分相冲突的二进制密钥的散列值的一部分被用作散列表中的条目。 如果两个或更多个二进制密钥具有相同的哈希值部分的值，则这些二进制密钥中的每一个都将全部存储在CAM中。 CAM中的关键字提供了指向数据结构的指针，其中存储与该二进制密钥相关联的动作。 如果在CAM中没有找到二进制密钥，则二进制密钥被散列，并且使用该哈希值的一部分来选择散列表中的特定条目。

公开(公告)号：US20080028140A1

公开(公告)日：2008-01-31

申请号：US11867963

申请日：2007-10-05

申请人： Gordon Davis ,  Andreas Herkersdorf ,  Clark Jeffries ,  Mark Rinaldi

发明人： Gordon Davis ,  Andreas Herkersdorf ,  Clark Jeffries ,  Mark Rinaldi

IPC分类号： G06F12/00

CPC分类号： H04L49/3009 ,  H04L45/745 ,  H04L45/7453 ,  H04L49/351

摘要： A structure and technique for preventing collisions using a hash table in conjunction with a CAM to identify and prevent collision of binary keys. A portion of the hash value of a binary key, which does not collide with a portion of the hash value of any other reference binary key, is used as an entry in the hash table. If two or more binary keys have identical values of the portions of the hash values, each of these binary keys are stored in their entirety, in the CAM. The key in the CAM provides a pointer to a data structure where the action associated with that binary key is stored. If the binary key is not found in the CAM, the binary key is hashed, and a specific entry in the hash table is selected using a portion of this hash value.

摘要翻译： 一种用于使用散列表与CAM结合来防止冲突的结构和技术，以识别和防止二进制密钥的冲突。 不与任何其他参考二进制密钥的散列值的一部分相冲突的二进制密钥的散列值的一部分被用作散列表中的条目。 如果两个或更多个二进制密钥具有相同的哈希值部分的值，则这些二进制密钥中的每一个都将全部存储在CAM中。 CAM中的关键字提供了指向数据结构的指针，其中存储与该二进制密钥相关联的动作。 如果在CAM中没有找到二进制密钥，则二进制密钥被散列，并且使用该哈希值的一部分来选择散列表中的特定条目。

公开(公告)号：US20060020600A1

公开(公告)日：2006-01-26

申请号：US10894628

申请日：2004-07-20

申请人： Everett Corl ,  Gordon Davis ,  Clark Jeffries

发明人： Everett Corl ,  Gordon Davis ,  Clark Jeffries

IPC分类号： G06F17/30

CPC分类号： H04L43/16 ,  H04L43/18 ,  H04L49/25 ,  H04L63/0263

摘要： The present invention relates to a method and computer system device for applying a plurality of rules to data packets within a network computer system. A filter rule decision tree is updated by adding or deleting a rule. If deleting a filter rule then the decision tree is provided to a network data plane processor with an incremental delete of the filter rule. If adding a filter rule then either providing an incremental insertion of the filter rule to the decision tree or rebuilding the first decision tree into a second decision tree responsive to comparing a parameter to a threshold. In one embodiment the parameter and thresholds relate to depth values of the tree filter rule chained branches. In another the parameter and thresholds relate to a total count of rule additions since a building of the relevant tree.

公开(公告)号：US20080072326A1

公开(公告)日：2008-03-20

申请号：US11871188

申请日：2007-10-12

申请人： Robert Danford ,  Kenneth Farmer ,  Clark Jeffries ,  Robert Sisk ,  Michael Walter

发明人： Robert Danford ,  Kenneth Farmer ,  Clark Jeffries ,  Robert Sisk ,  Michael Walter

IPC分类号： G06F21/00

CPC分类号： H04L63/1458

摘要： A method of progressive response for invoking and suspending blocking measures that defend against network anomalies such as malicious network traffic so that false positives and false negatives are minimized. When an anomaly is detected, the detector notifies protective equipment such as a firewall or a router to invoke a blocking measure. The blocking measure is maintained for an initial duration, after which it is suspended while another test for the anomaly is made. If the anomaly is no longer evident, the method returns to the state of readiness. Otherwise, a loop is executed to re-applying the blocking measure for a specified duration, then suspend the blocking measure and test again for the anomaly. If the anomaly is detected, the blocking measure is re-applied, and its duration is adapted. If the anomaly is no longer detected, the method returns to the state of readiness.

摘要翻译： 一种逐步响应的方法，用于调用和中止阻止网络异常（如恶意网络流量）的阻塞措施，从而最大限度地减少误报和假阴性。 当检测到异常时，检测器通知防火墙或路由器等防护设备调用阻塞措施。 阻塞措施保持初始持续时间，之后暂停，并进行另一次异常测试。 如果异常不再明显，则返回到准备状态。 否则，执行一个循环以在特定持续时间内重新应用阻塞度量，然后暂停阻塞度量并再次测试异常。 如果检测到异常，则重新应用阻塞措施，并适应其持续时间。 如果不再检测到异常，则该方法返回到准备状态。

公开(公告)号：US20070076602A1

公开(公告)日：2007-04-05

申请号：US11560088

申请日：2006-11-15

申请人： Clark Jeffries ,  Jitesh Nair ,  Michael Siegel ,  Rama Yedavalli

发明人： Clark Jeffries ,  Jitesh Nair ,  Michael Siegel ,  Rama Yedavalli

IPC分类号： H04L12/26 ,  H04L12/56

CPC分类号： H04L47/30 ,  H04L47/10 ,  H04L47/29 ,  H04L47/32

摘要： The decision within a packet processing device to transmit a newly arriving packet into a queue to await processing or to discard the same packet is made by a flow control method and system. The flow control is updated with a constant period determined by storage and flow rate limits. The update includes comparing current queue occupancy to thresholds and also comparing present queue occupancy to previous queue occupancy. The outcome of the update is a new transmit probability value. The value is stored for the subsequent period of flow control and packets arriving during that period are subject to a transmit or discard decision that uses that value.

摘要翻译： 通过流控制方法和系统来进行分组处理装置中将新到达的分组发送到队列中等待处理或丢弃相同分组的决定。 流量控制以由存储和流量限制确定的恒定周期进行更新。 该更新包括将当前队列占用率与阈值进行比较，还将当前队列占用率与先前队列占用率进行比较。 更新的结果是新的传输概率值。 该值存储在随后的流量控制周期中，并且在该时间段期间到达的分组经受使用该值的发送或丢弃决定。