公开(公告)号：US06807171B1

公开(公告)日：2004-10-19

申请号：US09342912

申请日：1999-06-30

申请人： Joey Chow ,  Jason Sterne ,  Denny Lee

发明人： Joey Chow ,  Jason Sterne ,  Denny Lee

IPC分类号： H04L1228

CPC分类号： H04L49/3081 ,  H04L12/5601 ,  H04L2012/5624 ,  H04L2012/5672 ,  H04L2012/5679

摘要： Apparatus and method for implementing virtual path aggregation (VPA) of underlying virtual connections at a switching node of a connection based communications network. A multi-service traffic shaping module (MTSM) at the switch implements algorithms to aggregate the VC and VP connections onto the aggregate VP by representing an aggregate VP as a plurality of circular linked lists or loops and assigning each VC connection to a link or element in the circular linked lists according to traffic descriptors. Weighting factors are used as between loops to dynamically select the next loop to service. Once this loop is chosen, the next VC to be serviced is identified by examining the circular linked list structure.

摘要翻译： 用于在基于连接的通信网络的交换节点处实现虚拟连接的虚拟路径聚合（VPA）的装置和方法。 交换机上的多业务流量整形模块（MTSM）实现了将VC和VP连接聚合到聚合VP上的算法，通过将聚合VP表示为多个循环链表或循环并将每个VC连接分配给链路或元素 在循环链表中根据流量描述符。 加权因子用于循环之间以动态地选择下一个服务循环。 选择此循环后，通过检查循环链表结构来识别要维护的下一个VC。

公开(公告)号：US20050163139A1

公开(公告)日：2005-07-28

申请号：US10915250

申请日：2004-08-10

申请人： Robert Robotham ,  Denny Lee ,  Brent Duckering ,  Jason Sterne

发明人： Robert Robotham ,  Denny Lee ,  Brent Duckering ,  Jason Sterne

IPC分类号： H04L12/26 ,  H04L12/56 ,  H04Q11/00

CPC分类号： H04L12/5601 ,  H04L43/00 ,  H04L43/0817 ,  H04L43/0847 ,  H04L43/16 ,  H04L47/11 ,  H04L47/30 ,  H04L49/90 ,  H04L2012/5636 ,  H04L2012/5682

摘要： A method and apparatus for buffering data units in a communication switch that allows for configurable monitoring of the buffer contents is presented. Such an apparatus includes a context table that stores a plurality of independent group identifiers for each connection. Although the group identifiers may include a partition group identifier and a loss group identifier that is dependent on the partition group identifier, additional group identifiers are included in the context table for each connection that are independent of other group identifiers in the context table. Such a context table may be dynamically reconfigured in order to group connections for buffer monitoring operations related to congestion detection, traffic shaping, and data admission with respect to buffering. When a data unit is received corresponding to a particular connection, the context table is referenced to retrieve the set of group identifiers corresponding to that connection. As a cell is stored in the buffer, count values corresponding to at least some of the group identifiers included in the set of group identifiers for that connection are incremented. Similarly, when data is dequeued from the buffer for forwarding, the set of group identifiers for that particular data unit is determined and the counters corresponding to at least some of those groups are decremented. As such, the count value corresponding to each of the groups can be referenced to determine the number of data units corresponding to that group that are currently stored within the buffer.

摘要翻译： 提出一种用于缓冲通信交换机中的数据单元的方法和装置，其允许缓冲器内容的可配置监视。 这种装置包括存储用于每个连接的多个独立组标识符的上下文表。 虽然组标识符可以包括取决于分区组标识符的分区组标识符和丢失组标识符，但是对于与上下文表中的其他组标识符无关的每个连接，附加组标识符被包括在上下文表中。 这样的上下文表可以被动态地重新配置，以便分组与针对缓冲的拥塞检测，流量整形和数据准入相关的缓冲器监视操作的连接。 当接收到对应于特定连接的数据单元时，引用上下文表以检索对应于该连接的组标识符集。 当单元被存储在缓冲器中时，对应于包括在该连接的组标识符集合中的至少一些组标识符的计数值递增。 类似地，当数据从用于转发的缓冲器中出来时，确定该特定数据单元的组标识符集，并且减少对应于那些组中的至​​少一些的计数器。 因此，可以引用与每个组对应的计数值来确定当前存储在缓冲器中的与该组对应的数据单元的数量。

公开(公告)号：US07418002B2

公开(公告)日：2008-08-26

申请号：US10915250

申请日：2004-08-10

申请人： Robert E. Robotham ,  Denny Lee ,  Brent Gene Duckering ,  Jason Sterne

发明人： Robert E. Robotham ,  Denny Lee ,  Brent Gene Duckering ,  Jason Sterne

IPC分类号： H04L12/28 ,  H04L12/56

CPC分类号： H04L12/5601 ,  H04L43/00 ,  H04L43/0817 ,  H04L43/0847 ,  H04L43/16 ,  H04L47/11 ,  H04L47/30 ,  H04L49/90 ,  H04L2012/5636 ,  H04L2012/5682

摘要： A method and apparatus for buffering data units in a communication switch that allows for configurable monitoring of the buffer contents is presented. Such an apparatus includes a context table that stores a plurality of independent group identifiers for each connection. Although the group identifiers may include a partition group identifier and a loss group identifier that is dependent on the partition group identifier, additional group identifiers are included in the context table for each connection that are independent of other group identifiers in the context table. Such a context table may be dynamically reconfigured in order to group connections for buffer monitoring operations related to congestion detection, traffic shaping, and data admission with respect to buffering. When a data unit is received corresponding to a particular connection, the context table is referenced to retrieve the set of group identifiers corresponding to that connection. As a cell is stored in the buffer, count values corresponding to at least some of the group identifiers included in the set of group identifiers for that connection are incremented. Similarly, when data is dequeued from the buffer for forwarding, the set of group identifiers for that particular data unit is determined and the counters corresponding to at least some of those groups are decremented. As such, the count value corresponding to each of the groups can be referenced to determine the number of data units corresponding to that group that are currently stored within the buffer.

摘要翻译： 提出一种用于缓冲通信交换机中的数据单元的方法和装置，其允许缓冲器内容的可配置监视。 这种装置包括存储用于每个连接的多个独立组标识符的上下文表。 虽然组标识符可以包括取决于分区组标识符的分区组标识符和丢失组标识符，但是对于与上下文表中的其他组标识符无关的每个连接，附加组标识符被包括在上下文表中。 这样的上下文表可以被动态地重新配置，以便分组与针对缓冲的拥塞检测，流量整形和数据准入相关的缓冲器监视操作的连接。 当接收到对应于特定连接的数据单元时，引用上下文表以检索对应于该连接的组标识符集。 当单元被存储在缓冲器中时，对应于包括在该连接的组标识符集合中的至少一些组标识符的计数值递增。 类似地，当数据从用于转发的缓冲器中出来时，确定该特定数据单元的组标识符集，并且减少对应于那些组中的至​​少一些的计数器。 因此，可以引用与每个组对应的计数值来确定当前存储在缓冲器中的与该组对应的数据单元的数量。

公开(公告)号：US06775293B1

公开(公告)日：2004-08-10

申请号：US09609134

申请日：2000-06-30

申请人： Robert E. Robotham ,  Denny Lee ,  Brent Gene Duckering ,  Jason Sterne

发明人： Robert E. Robotham ,  Denny Lee ,  Brent Gene Duckering ,  Jason Sterne

IPC分类号： H04L1228

CPC分类号： H04L12/5601 ,  H04L43/00 ,  H04L43/0817 ,  H04L43/0847 ,  H04L43/16 ,  H04L47/11 ,  H04L47/30 ,  H04L49/90 ,  H04L2012/5636 ,  H04L2012/5682

摘要： A method and apparatus for buffering data units in a communication switch that allows for configurable monitoring of the buffer contents is presented. Such an apparatus includes a context table that stores a plurality of independent group identifiers for each connection. Although the group identifiers may include a partition group identifier and a loss group identifier that is dependent on the partition group identifier, additional group identifiers are included in the context table for each connection that are independent of other group identifiers in the context table. Such a context table may be dynamically reconfigured in order to group connections for buffer monitoring operations related to congestion detection, traffic shaping, and data admission with respect to buffering. When a data unit is received corresponding to a particular connection, the context table is referenced to retrieve the set of group identifiers corresponding to that connection. As a cell is stored in the buffer, count values corresponding to at least some of the group identifiers included in the set of group identifiers for that connection are incremented. Similarly, when data is dequeued from the buffer for forwarding, the set of group identifiers for that particular data unit is determined and the counters corresponding to at least some of those groups are decremented. As such, the count value corresponding to each of the groups can be referenced to determine the number of data units corresponding to that group that are currently stored within the buffer.

摘要翻译： 提出一种用于缓冲通信交换机中的数据单元的方法和装置，其允许缓冲器内容的可配置监视。 这种装置包括存储用于每个连接的多个独立组标识符的上下文表。 虽然组标识符可以包括取决于分区组标识符的分区组标识符和丢失组标识符，但是对于与上下文表中的其他组标识符无关的每个连接，附加组标识符被包括在上下文表中。 这样的上下文表可以被动态地重新配置，以便分组与针对缓冲的拥塞检测，流量整形和数据准入相关的缓冲器监视操作的连接。 当接收到对应于特定连接的数据单元时，引用上下文表以检索对应于该连接的组标识符集。 当单元被存储在缓冲器中时，对应于包括在该连接的组标识符集合中的至少一些组标识符的计数值递增。 类似地，当数据从用于转发的缓冲器中出来时，确定该特定数据单元的组标识符集，并且减少对应于那些组中的至​​少一些的计数器。 因此，可以引用与每个组对应的计数值来确定当前存储在缓冲器中的与该组对应的数据单元的数量。

公开(公告)号：US20070217336A1

公开(公告)日：2007-09-20

申请号：US11377578

申请日：2006-03-17

申请人： Jason Sterne ,  Robert Johnson ,  Aaron MacDonald ,  Richard Grieve ,  James Schriel

发明人： Jason Sterne ,  Robert Johnson ,  Aaron MacDonald ,  Richard Grieve ,  James Schriel

IPC分类号： H04J1/16 ,  H04L12/56

CPC分类号： H04L47/10 ,  H04L47/266 ,  H04L47/30 ,  H04L47/32 ,  H04L49/90 ,  Y02D50/10

摘要： A method for incorporating a queuing device as a lossless processing stage in a network device in a communications network, comprising: monitoring a depth of a queue in the queuing device, the queue for receiving packets from an upstream device within the network device, the queuing device acting as a discard point by discarding packets when the queue is full; and, if the depth passes a predetermined threshold, sending a message to the upstream device to reduce a rate at which packets are sent to the queuing device to prevent the queue from filling and thereby preventing packet discarding and loss by the queuing device.

摘要翻译： 一种在通信网络中的网络设备中将排队设备作为无损处理级并入的方法，包括：监视队列设备中的队列的深度，用于从网络设备内的上游设备接收分组的队列，排队 设备在队列满时通过丢弃报文作为丢弃点; 并且如果深度通过预定阈值，则向上游设备发送消息以降低分组被发送到排队设备的速率，以防止队列填满，从而防止排队设备丢包和丢失。

公开(公告)号：US20050157647A1

公开(公告)日：2005-07-21

申请号：US10760277

申请日：2004-01-21

申请人： Jason Sterne ,  Adrian Grah ,  Shay Nahum ,  Predrag Kostic ,  Herman Liu

发明人： Jason Sterne ,  Adrian Grah ,  Shay Nahum ,  Predrag Kostic ,  Herman Liu

IPC分类号： H04L1/00 ,  H04L29/06

CPC分类号： H04L63/0227 ,  H04L63/101 ,  H04L63/1458

摘要： The packet rate limiting method and system is used for detecting and blocking the effects of DoS attacks on IP networks. The method uses an ACL counter that stores an action parameter in the first 3 most significant bits and uses 13 bits as a packet counter. A rate limit is enforced by setting the packet counter to an initial value, and resetting this value at given intervals of time. The action parameter enables the ACL to accept or deny packets based on this rate limit. If the number of packets in the incoming flow saturates the packet counter before the reset time, the packets are denied access to the network until the counter is next reset. The denied packets may be just discarded or may be extracted for further examination.

摘要翻译： 分组速率限制方法和系统用于检测和阻止DoS攻击对IP网络的影响。 该方法使用ACL计数器，其存储动作参数在前3个最高有效位中，并使用13位作为数据包计数器。 通过将分组计数器设置为初始值来实现速率限制，并在给定的时间间隔重置该值。 该操作参数使ACL能够根据此速率限制接受或拒绝数据包。 如果传入流中的数据包数量在复位时间之前使数据包计数器饱和，则数据包将被拒绝访问网络，直到下一次重置计数器为止。 被拒绝的数据包可能被丢弃或可能被提取用于进一步检查。

公开(公告)号：US06639899B1

公开(公告)日：2003-10-28

申请号：US09417834

申请日：1999-10-14

申请人： Randall Allan Law ,  Steven Douglas Margerm ,  Andre Poulin ,  Robert Morton ,  Steve Driediger ,  Jason Sterne ,  Pual Nadj

发明人： Randall Allan Law ,  Steven Douglas Margerm ,  Andre Poulin ,  Robert Morton ,  Steve Driediger ,  Jason Sterne ,  Pual Nadj

IPC分类号： G01R3108

CPC分类号： H04L49/3081 ,  H04L49/30 ,  H04L49/3009 ,  H04L49/555 ,  H04L2012/5625 ,  H04L2012/5628 ,  H04L2012/5652 ,  H04Q11/0478

摘要： A method for verifying the integrity of data payloads of ATM cells passing through a switching device involves computing a payload integrity verification code for the payload portion of an ATM cell. The payload integrity verification code may be generated according to any error detection or error correction scheme. Preferably, the payload integrity verification code is stored in a portion of the standard ATM cell header which is not used while the cell is passing through the switching device. Preferably the payload integrity verification code is stored in all, or a portion of, the virtual path identifier or virtual connection identifier fields. The invention allows for the immediate identification of cells having corrupted payload data. Different actions may be taken on the detection of errors in the ATM cell header and ATM cell payloads respectively.

摘要翻译： 用于验证通过交换设备的ATM信元的数据有效载荷的完整性的方法包括计算ATM信元的有效载荷部分的净荷完整性验证码。 有效载荷完整性验证码可以根据任何错误检测或纠错方案生成。 优选地，有效载荷完整性验证码存储在标准ATM信元报头的一部分中，该小区在小区通过交换设备时未被使用。 优选地，净荷完整性验证码存储在虚拟路径标识符或虚拟连接标识符字段的全部或部分中。 本发明允许立即识别具有损坏的有效载荷数据的小区。 可以分别对ATM信元报头和ATM信元有效载荷中的错误的检测采取不同的动作。

公开(公告)号：US07872973B2

公开(公告)日：2011-01-18

申请号：US11377578

申请日：2006-03-17

申请人： Jason Sterne ,  Robert John Johnson ,  Aaron Maxwell MacDonald ,  Richard Grieve ,  James Michael Schriel

发明人： Jason Sterne ,  Robert John Johnson ,  Aaron Maxwell MacDonald ,  Richard Grieve ,  James Michael Schriel

IPC分类号： H04J1/16 ,  H04L12/56

CPC分类号： H04L47/10 ,  H04L47/266 ,  H04L47/30 ,  H04L47/32 ,  H04L49/90 ,  Y02D50/10

摘要： A method for incorporating a queuing device as a lossless processing stage in a network device in a communications network, comprising: monitoring a depth of a queue in the queuing device, the queue for receiving packets from an upstream device within the network device, the queuing device acting as a discard point by discarding packets when the queue is full; and, if the depth passes a predetermined threshold, sending a message to the upstream device to reduce a rate at which packets are sent to the queuing device to prevent the queue from filling and thereby preventing packet discarding and loss by the queuing device.

摘要翻译： 一种在通信网络中的网络设备中将排队设备作为无损处理级并入的方法，包括：监视队列设备中队列的深度，用于从网络设备内的上游设备接收分组的队列，排队 设备在队列满时通过丢弃报文作为丢弃点; 并且如果深度通过预定阈值，则向上游设备发送消息以降低分组被发送到排队设备的速率，以防止队列填满，从而防止排队设备丢包和丢失。

公开(公告)号：US07436770B2

公开(公告)日：2008-10-14

申请号：US10760277

申请日：2004-01-21

申请人： Jason Sterne ,  Adrian Grah ,  Shay Nahum ,  Predrag Kostic ,  Herman Ho Ming Liu

发明人： Jason Sterne ,  Adrian Grah ,  Shay Nahum ,  Predrag Kostic ,  Herman Ho Ming Liu

IPC分类号： H04J3/14

CPC分类号： H04L63/0227 ,  H04L63/101 ,  H04L63/1458

摘要： The packet rate limiting method and system is used for detecting and blocking the effects of DoS attacks on IP networks. The method uses an ACL counter that stores an action parameter in the first 3 most significant bits and uses 13 bits as a packet counter. A rate limit is enforced by setting the packet counter to an initial value, and resetting this value at given intervals of time. The action parameter enables the ACL to accept or deny packets based on this rate limit. If the number of packets in the incoming flow saturates the packet counter before the reset time, the packets are denied access to the network until the counter is next reset. The denied packets may be just discarded or may be extracted for further examination.

摘要翻译： 分组速率限制方法和系统用于检测和阻止DoS攻击对IP网络的影响。 该方法使用ACL计数器，其存储动作参数在前3个最高有效位中，并使用13位作为数据包计数器。 通过将分组计数器设置为初始值来实现速率限制，并在给定的时间间隔重置该值。 该操作参数使ACL能够根据此速率限制接受或拒绝数据包。 如果进入流中的数据包数量在复位时间之前使数据包计数器饱和，则数据包将被拒绝访问网络，直到下一次重置计数器为止。 被拒绝的数据包可能被丢弃或可能被提取用于进一步检查。

公开(公告)号：US07509674B2

公开(公告)日：2009-03-24

申请号：US10679288

申请日：2003-10-07

申请人： Jason Sterne

发明人： Jason Sterne

IPC分类号： G06F17/00

CPC分类号： H04L45/00 ,  H04L45/308 ,  H04L45/60 ,  H04L45/7453 ,  H04L47/20 ,  H04L47/2425 ,  H04L47/2441 ,  H04L63/06 ,  H04L63/101

摘要： A method and apparatus are provided for maintaining access control lists (ACLs) within TCAM on a line card in a data packet router, the rules being applied to incoming data packets. Each interface may be associated with multiple ACLs, and multiple interfaces may be associated with single shared ACLs. The shared ACLs include rules applicable to more than one interface. Other ACLs are specific to a particular interface. When searching for a rule to apply to an incoming data packet, the filter searches both the specific ACL and the shared ACLs associated with the interface over which the data packet arrived. Using the shared ACLs, duplication of common rules is reduced, thereby reducing the total number of rules stored on the line card and saving memory storage space. The invention is also applicable to sets of rules other than ACLs.

摘要翻译： 提供了一种方法和装置，用于在数据分组路由器的线路卡上维护TCAM内的访问控制列表（ACL），该规则被应用于输入的数据分组。 每个接口可以与多个ACL相关联，并且多个接口可以与单个共享ACL相关联。 共享ACL包括适用于多个接口的规则。 其他ACL特定于特定接口。 当搜索适用于传入数据包的规则时，过滤器将搜索与数据包到达的接口相关联的特定ACL和共享ACL。 使用共享ACL，减少了常规规则的重复，从而减少了存储在线卡上的规则总数，并节省了存储空间。 本发明也适用于除ACL之外的规则集。