BGP security update intercepts
    1.
    发明授权
    BGP security update intercepts 有权
    BGP安全更新拦截

    公开(公告)号:US08879392B2

    公开(公告)日:2014-11-04

    申请号:US13456715

    申请日:2012-04-26

    摘要: Network devices, systems, and methods, including executable instructions and/or logic thereon, are provided to perform BGP intercepts. A network device includes a processing resource coupled to a memory. The memory includes program instructions executed by the processing resource to intercept BGP updates and process associated cryptographic signatures before receipt by a BGP router.

    摘要翻译: 提供网络设备,系统和方法,包括其上的可执行指令和/或逻辑,以执行BGP拦截。 网络设备包括耦合到存储器的处理资源。 存储器包括由处理资源执行的程序指令,以在BGP路由器接收之前拦截BGP更新并处理相关的加密签名。

    BGP INTERCEPTS
    2.
    发明申请

    公开(公告)号:US20130286831A1

    公开(公告)日:2013-10-31

    申请号:US13456715

    申请日:2012-04-26

    IPC分类号: H04L12/24 H04L12/26 H04L12/56

    摘要: Network devices, systems, and methods, including executable instructions and/or logic thereon, are provided to perform BGP intercepts. A network device includes a processing resource coupled to a memory. The memory includes program instructions executed by the processing resource to intercept BGP updates and process associated cryptographic signatures before receipt by a BGP router.

    摘要翻译: 提供网络设备,系统和方法,包括其上的可执行指令和/或逻辑,以执行BGP拦截。 网络设备包括耦合到存储器的处理资源。 存储器包括由处理资源执行的程序指令,以在BGP路由器接收之前拦截BGP更新并处理相关的加密签名。

    Dynamically configuring and verifying routing information of broadcast networks using link state protocols in a computer network
    3.
    发明授权
    Dynamically configuring and verifying routing information of broadcast networks using link state protocols in a computer network 有权
    在计算机网络中使用链路状态协议动态配置和验证广播网络的路由信息

    公开(公告)号:US09043487B2

    公开(公告)日:2015-05-26

    申请号:US11406222

    申请日:2006-04-18

    摘要: A technique dynamically configures and verifies routing information of broadcast networks using link state protocols in a computer network. According to the novel technique, a router within the broadcast network receives a link state protocol routing information advertisement from an advertising router, e.g., a designated router or other adjacent neighbor. The router learns of a next-hop router (“next-hop”) to reach a particular destination from the advertisement, and determines whether the next-hop is located within the same broadcast network (e.g., subnet) as the designated router. If so, the router further determines whether the next-hop is directly addressable (i.e., reachable), such as, e.g., by checking for link adjacencies to the next-hop or by sending request/reply messages (e.g., echo messages or “ping” messages) to the next-hop. In the event the next-hop for the destination is not directly addressable by the router (e.g., no adjacency or reply), the router installs a route to the destination via the designated router. Otherwise, the router installs a route to the destination via the next-hop.

    摘要翻译: 技术使用计算机网络中的链路状态协议来动态地配置和验证广播网络的路由信息​​。 根据该技术,广播网络内的路由器从广告路由器(例如,指定路由器或其他相邻邻居)接收链路状态协议路由信息广告。 路由器学习下一跳路由器(“下一跳”)从广告到达特定目的地,并且确定下一跳是否位于与指定路由器相同的广播网络(例如,子网)内。 如果是这样,则路由器进一步确定下一跳是否可直接寻址(即可达到),例如通过检查下一跳的链路邻接或通过发送请求/应答消息(例如,回波消息或“ ping“消息)到下一跳。 在目的地的下一跳不能由路由器直接寻址的情况下(例如,没有邻接或回复),路由器经由指定的路由器安装到目的地的路由。 否则,路由器将通过下一跳安装到目的地的路由。

    System and method for exchanging awareness information in a network environment
    4.
    发明授权
    System and method for exchanging awareness information in a network environment 有权
    在网络环境中交换意识信息的系统和方法

    公开(公告)号:US08098589B2

    公开(公告)日:2012-01-17

    申请号:US11963003

    申请日:2007-12-21

    IPC分类号: H04L12/28

    摘要: A method for communicating packets in a network environment is provided that includes receiving a packet at a network element and identifying a sequence number included in the packet that correlates to awareness information associated with one or more adjacent network elements. A table included in the network element may be updated in order to account for the awareness information included within the packet that has not been accounted for by the network element. In cases where the awareness information included in the packet has already been accounted for, the packet may be ignored.

    摘要翻译: 提供了一种用于在网络环境中传送分组的方法,包括在网络元件处接收分组,并且识别与包含在与一个或多个相邻网络元素相关联的识别信息相关联的分组中的序列号。 可以更新包括在网络元件中的表,以便考虑包含在网络元件尚未被考虑的分组内的识别信息。 在分组中包含的识别信息已经被考虑的情况下,分组可以被忽略。

    System and method for verifying the validity of a path in a network environment
    5.
    发明授权
    System and method for verifying the validity of a path in a network environment 有权
    用于验证网络环境中路径的有效性的系统和方法

    公开(公告)号:US07626948B1

    公开(公告)日:2009-12-01

    申请号:US10661326

    申请日:2003-09-12

    IPC分类号: H04L12/28

    CPC分类号: H04L45/48 H04L45/04

    摘要: A method for verifying a validity of a path is provided that includes receiving an advertisement communication at a first autonomous system from a second autonomous system, the advertisement communication including a list of one or more connected autonomous systems. The method also includes identifying whether the first autonomous system claims a connection to the second autonomous system and whether the second autonomous system claims a connection to the first autonomous system such that two-way connectivity is established between the autonomous systems. In response to the establishment of the two-way connectivity, a directed graph is constructed that includes two nodes representing the first and second autonomous systems respectively. An edge may be formed that connects the two nodes.

    摘要翻译: 提供了一种用于验证路径的有效性的方法,其包括在第一自治系统中从第二自治系统接收广告通信,所述广告通信包括一个或多个连接的自主系统的列表。 该方法还包括识别第一自治系统是否要求与第二自治系统的连接,以及第二自治系统是否要求与第一自治系统的连接,使得在自主系统之间建立双向连接。 响应于双向连接的建立,构建了包括分别代表第一和第二自治系统的两个节点的有向图。 可以形成连接两个节点的边缘。

    Performing A Defensive Procedure In Response To Certain Path Advertisements
    8.
    发明申请
    Performing A Defensive Procedure In Response To Certain Path Advertisements 有权
    对某些路径广告作出反应的防御性程序

    公开(公告)号:US20120331555A1

    公开(公告)日:2012-12-27

    申请号:US13169121

    申请日:2011-06-27

    IPC分类号: G06F21/20

    CPC分类号: G06Q30/0241

    摘要: In certain embodiments, performing a defensive procedure involves receiving at a first speaker of a first autonomous system a path advertisement from a second speaker of a second autonomous system. The path advertisement advertises a path from the second speaker of the second autonomous system. It is determined whether the second autonomous system is a stub autonomous system and whether a path length of the path is greater than one. If the second autonomous system is a stub and the path length is greater than one, a defensive measure is performed for the path. Otherwise, a default procedure is performed for the path.

    摘要翻译: 在某些实施例中,执行防御性过程包括在第一自治系统的第一说话者处接收来自第二自治系统的第二说话者的路径通告。 路径广告从第二自主系统的第二说话者通告路径。 确定第二自治系统是否是存根自主系统,以及路径的路径长度是否大于1。 如果第二个自治系统是存根,并且路径长度大于1,则对该路径执行防御措施。 否则,将为路径执行默认过程。

    Border router with selective filtering of link state advertisements
    9.
    发明授权
    Border router with selective filtering of link state advertisements 有权
    边界路由器选择性过滤链路状态广告

    公开(公告)号:US07672253B2

    公开(公告)日:2010-03-02

    申请号:US11834445

    申请日:2007-08-06

    IPC分类号: H04L12/16 H04L12/28

    CPC分类号: H04L45/02

    摘要: An example embodiment of the present invention provides a process relating to the selective filtering of an LSA at a not-so-stubby-sub-area (NSSSA) border router. In one embodiment, the border router receives an LSA from another router inside the NSSSA, which might be in the access layer of the hierarchical network design model and which might use OSPF as its IGP. If the LSA is Type 1 and includes a subnet route or forwarder address, the border router floods it to its neighboring routers, regardless of whether they are inside the NSSSA. If the LSA is Type 7 and includes a host address, the border router floods it to a neighboring router if the neighboring router is inside the NSSSA, but filters the LSA if the neighboring router is outside the NSSSA, for example, in an OSPF area in the distribution layer of the hierarchical network design model.

    摘要翻译: 本发明的一个示例性实施例提供了一种涉及在不那样的子区域(NSSSA)边界路由器上的LSA的选择性过滤的过程。 在一个实施例中,边界路由器从NSSSA内部的另一个路由器接收LSA,该LSA可能位于分层网络设计模型的接入层中,并且可能使用OSPF作为其IGP。 如果LSA为Type 1,并且包含子网路由或转发地址,则边界路由器会将其泛洪到邻近路由器,而不管它们是否位于NSSSA内。 如果LSA为Type 7并且包含主机地址,则如果相邻路由器位于NSSSA内,则边界路由器会将其洪泛到邻近路由器,如果相邻路由器在NSSSA之外,则过滤LSA,例如OSPF区域 在分层层次的网络设计模型中。

    System and method for controlling the flooding of information in a network environment
    10.
    发明授权
    System and method for controlling the flooding of information in a network environment 有权
    控制网络环境中信息泛滥的系统和方法

    公开(公告)号:US07298707B2

    公开(公告)日:2007-11-20

    申请号:US10762856

    申请日:2004-01-21

    IPC分类号: G01R31/08

    摘要: An apparatus for communicating packets in a network environment is provided that includes a first network element that includes a first neighbor list, the first network element being coupled to a second network element and a third network element. The first network element is operable to receive a second neighbor list from the second network element and a third neighbor list from the third network element. The first network element is further operable to determine one or more overlaps provided by the second and third neighbor lists when compared to the first neighbor list, the first network element relaying an update that it receives based on the one or more overlaps.

    摘要翻译: 提供了一种用于在网络环境中传送分组的装置,其包括包括第一邻居列表的第一网络元件,所述第一网络元件耦合到第二网络元件和第三网络元件。 第一网络元件可操作以从第二网络元件接收第二邻居列表,并从第三网络元件接收第三邻居列表。 当与第一邻居列表相比较时,第一网络元件还可操作以确定由第二和第三邻居列表提供的一个或多个重叠,第一网络元件基于一个或多个重叠中继其接收的更新。