-
公开(公告)号:US20110064085A1
公开(公告)日:2011-03-17
申请号:US12993674
申请日:2008-05-22
申请人: Lars Westberg , Andras Csaszar , Mats Naslund
发明人: Lars Westberg , Andras Csaszar , Mats Naslund
IPC分类号: H04L12/56
CPC分类号: H04L45/00 , H04L47/20 , H04L61/1511 , H04L63/0227 , H04L63/0428 , H04L63/104
摘要: Method and apparatus for controlling the routing of data packets in an IP network (200). A DNS system (202) stores a packet admission policy configured for a first end-host (B) that dictates conditions for allowing other end-hosts to get across data packets to the first end-host or not. A routing voucher is defined which is required for routing data packets to the first end-host. The routing voucher is distributed to routers (R) in the IP network. When an address query is received at the DNS system (202) from a second end-host, the voucher is supplied to the second end-host if the configured policy allows the second end-host to convey data packets. Otherwise, the voucher is not supplied. If allowed, the second end-host will add the routing voucher to any data packets directed to the first end-host. When a valid routing voucher is present in a packet at a router (204) in the network, the packet will be forwarded to the next router in the IP network. The router will otherwise discard the packet.
摘要翻译: 控制IP网络中数据分组路由的方法和装置(200)。 DNS系统(202)存储为第一终端主机(B)配置的分组准入策略,其指示允许其他终端主机跨数据分组到达第一终端主机的条件。 定义了路由凭证,用于将数据包路由到第一个终端主机。 路由凭证分配给IP网络中的路由器(R)。 当从第二终端主机在DNS系统(202)处接收到地址查询时,如果所配置的策略允许第二终端主机传送数据分组,则将凭证提供给第二终端主机。 否则,不提供凭证。 如果允许,则第二个终端主机会将路由凭证添加到指向第一个终端主机的任何数据包。 当在网络中的路由器(204)的分组中存在有效的路由凭证时,分组将被转发到IP网络中的下一个路由器。 否则路由器将丢弃该数据包。
-
公开(公告)号:US08649378B2
公开(公告)日:2014-02-11
申请号:US12993674
申请日:2008-05-22
申请人: Lars Westberg , Andras Csaszar , Mats Naslund
发明人: Lars Westberg , Andras Csaszar , Mats Naslund
CPC分类号: H04L45/00 , H04L47/20 , H04L61/1511 , H04L63/0227 , H04L63/0428 , H04L63/104
摘要: Method and apparatus for controlling the routing of data packets in an IP network (200). A DNS system (202) stores a packet admission policy configured for a first end-host (B) that dictates conditions for allowing other end-hosts to get across data packets to the first end-host or not. A routing voucher is defined which is required for routing data packets to the first end-host. The routing voucher is distributed to routers (R) in the IP network. When an address query is received at the DNS system (202) from a second end-host, the voucher is supplied to the second end-host if the configured policy allows the second end-host to convey data packets. Otherwise, the voucher is not supplied. If allowed, the second end-host will add the routing voucher to any data packets directed to the first end-host. When a valid routing voucher is present in a packet at a router (204) in the network, the packet will be forwarded to the next router in the IP network. The router will otherwise discard the packet.
摘要翻译: 控制IP网络中数据分组路由的方法和装置(200)。 DNS系统(202)存储为第一终端主机(B)配置的分组准入策略,其指示允许其他终端主机跨数据分组到达第一终端主机的条件。 定义了路由凭证,用于将数据包路由到第一个终端主机。 路由凭证分配给IP网络中的路由器(R)。 当从第二终端主机在DNS系统(202)处接收到地址查询时,如果所配置的策略允许第二终端主机传送数据分组,则将凭证提供给第二终端主机。 否则,不提供凭证。 如果允许,则第二个终端主机会将路由凭证添加到指向第一个终端主机的任何数据包。 当在网络中的路由器(204)的分组中存在有效的路由凭证时,分组将被转发到IP网络中的下一个路由器。 否则路由器将丢弃该数据包。
-
公开(公告)号:US08181014B2
公开(公告)日:2012-05-15
申请号:US12599472
申请日:2008-05-09
申请人: Andras Csaszar , Lars Westberg , Mats Naslund
发明人: Andras Csaszar , Lars Westberg , Mats Naslund
IPC分类号: H04L29/06
CPC分类号: H04L45/00 , H04L29/12066 , H04L61/1511 , H04L63/0428 , H04L63/08 , H04L69/22
摘要: A method and apparatus for protecting the routing of data packets in a packet data network. When a first end-host sends an address query to a DNS server system regarding a second end-host, the DNS server system responds by providing a destination parameter containing an encrypted destination address associated with the second end-host. Thereby, the first end-host is able to get across data packets to the second end-host by attaching the destination parameter to each transmitted data packet. A router in the packet data network admits a received packet if a destination parameter is attached to the packet including a valid destination address encrypted by a key dependent on a distributed master encryption key. Otherwise, the router discards the packet if no such valid destination address can be derived from the packet by applying decryption to the destination parameter.
摘要翻译: 一种用于保护分组数据网络中的数据分组的路由的方法和装置。 当第一终端主机向DNS服务器系统发送关于第二终端主机的地址查询时,DNS服务器系统通过提供包含与第二终端主机相关联的加密目的地地址的目的地参数进行响应。 因此,通过将目的参数附加到每个发送的数据分组,第一终端主机能够跨数据分组到达第二终端主机。 分组数据网络中的路由器如果目的地参数附加到包括由依赖于分布式主加密密钥的密钥加密的有效目的地地址的分组,则承认接收到的分组。 否则,如果通过向目的参数应用解密,则不能从分组导出这样有效的目的地址,则路由器丢弃该分组。
-
公开(公告)号:US20110142044A1
公开(公告)日:2011-06-16
申请号:US13059515
申请日:2008-08-22
申请人: Andras Csaszar , Lars Westberg , Mats Naslund , Lars G. Magnusson
发明人: Andras Csaszar , Lars Westberg , Mats Naslund , Lars G. Magnusson
IPC分类号: H04L12/56
CPC分类号: H04L45/00 , H04L9/083 , H04L29/12066 , H04L29/12207 , H04L45/50 , H04L61/1511 , H04L61/20 , H04L63/08 , H04L63/14
摘要: Method and apparatus for controlling transmission of data packets in a packet-switched network. When a first end-host (A) sends an address query to a DNS system (300) for a second end-host, the DNS system responds by providing a sender key created from a destination key registered for the second end-host, if the first end-host is authorised to send packets to the second end-host. Thereby, the first end-host, if authorised, is able to get across data packets to the second end-host by attaching a sender tag (TAG) generated from the sender key, as ingress tag to each transmitted data packet. A router (302) in the network matches an ingress tag in a received packet with entries in a forwarding table and sends out the packet on an output port (X) according to a matching entry. Otherwise, the router discards the packet if no matching entry is found in the table.
摘要翻译: 用于控制分组交换网络中数据分组传输的方法和装置。 当第一终端主机(A)向第二终端主机的DNS系统(300)发送地址查询时,DNS系统通过提供从为第二终端主机注册的目的地密钥创建的发送者密钥进行响应,如果 第一个终端主机被授权将数据包发送到第二个终端主机。 因此,如果授权,第一终端主机能够通过将从发送方密钥生成的发送者标签(TAG)作为入口标签附加到每个发送的数据分组,来跨越数据分组到达第二终端主机。 网络中的路由器(302)将接收到的分组中的入口标签与转发表中的条目匹配,并根据匹配条目在输出端口(X)上发送分组。 否则,如果表中没有匹配的条目,路由器将丢弃该数据包。
-
公开(公告)号:US20100250930A1
公开(公告)日:2010-09-30
申请号:US12599472
申请日:2008-05-09
申请人: Andras Csaszar , Lars Westberg , Mats Naslund
发明人: Andras Csaszar , Lars Westberg , Mats Naslund
IPC分类号: H04L9/32
CPC分类号: H04L45/00 , H04L29/12066 , H04L61/1511 , H04L63/0428 , H04L63/08 , H04L69/22
摘要: A method and apparatus for protecting the routing of data packets in a packet data network. When a first end-host sends an address query to a DNS server system regarding a second end-host, the DNS server system responds by providing a destination parameter containing an encrypted destination address associated with the second end-host. Thereby, the first end-host is able to get across data packets to the second end-host by attaching the destination parameter to each transmitted data packet. A router in the packet data network admits a received packet if a destination parameter is attached to the pocket including a valid destination address encrypted by a key dependent on a distributed master encryption key. Otherwise, the router discards the packet if no such valid destination address can be derived from the packet by applying decryption to the destination parameter.
摘要翻译: 一种用于保护分组数据网络中的数据分组的路由的方法和装置。 当第一终端主机向DNS服务器系统发送关于第二终端主机的地址查询时,DNS服务器系统通过提供包含与第二终端主机相关联的加密目的地地址的目的地参数进行响应。 因此,通过将目的参数附加到每个发送的数据分组,第一终端主机能够跨数据分组到达第二终端主机。 分组数据网络中的路由器如果目的地参数附加到口袋,则允许接收到的分组包括由依赖于分布式主加密密钥的密钥加密的有效目的地地址。 否则,如果通过向目的参数应用解密,则不能从分组导出这样有效的目的地址,则路由器丢弃该分组。
-
公开(公告)号:US20070268827A1
公开(公告)日:2007-11-22
申请号:US11718854
申请日:2004-11-12
申请人: Andras Csaszar , Attila Takacs , Attila Bader , Robert Szabo , Lars Westberg
发明人: Andras Csaszar , Attila Takacs , Attila Bader , Robert Szabo , Lars Westberg
IPC分类号: H04L12/56
CPC分类号: H04L47/115 , H04L43/026 , H04L43/0882 , H04L47/10 , H04L47/11 , H04L47/31 , Y02D50/30
摘要: A system a core (104), an edge node (102, 103) and a method are provided for congestion handling in a packet switched network domain. In case of congestion overload is measured, the data packets in proportion to the overload are marked and the signaled overload is stored. At least one egress node (103) receives marked and not marked packets, decodes and counts the overload from the marked packets in a counting interval. Congestion report messages are sent to ingress nodes (102) where flows are terminated. A core node (104) comprises a storage means (314) taking into account the previously signaled overload, which are already being handled in a congestion handling control loop. An edge node (103) comprises means for adding new flows to the set of affected flows, means for identifying affected flows to be terminated so that the number of identified affected flows should generate together traffic equal to the overload, and means for removing flows to be terminated from set of affected flows. In an advantageous embodiment the market module (315) applies a hysteresis algorithm with a higher bound used to detect congestion and to trigger the marking of user data packets in proportion to the measured overload, and a lower bound used as the reference to measure the overload ratio.
摘要翻译: 提供了一种核心(104),边缘节点(102,103)和方法,用于分组交换网络域中的拥塞处理。 在测量拥塞过载的情况下,标记与过载成比例的数据包,并存储信号过载。 至少一个出口节点(103)接收标记和未标记的分组,在计数间隔中对标记的分组进行解码和计数过载。 拥塞报告消息被发送到流停止的入口节点(102)。 核心节点(104)包括存储装置(314),其考虑了已经在拥塞控制控制环路中处理的先前发信号的过载。 边缘节点(103)包括用于将新的流添加到受影响的流集合的装置,用于识别待终止的受影响的流的装置,使得所识别的受影响的流的数量应该一起生成等于过载的流量,以及用于去除流到 由一组受影响的流量终止。 在有利的实施例中,市场模块(315)应用具有用于检测拥塞的较高边界的滞后算法,并且与所测量的过载成比例地触发用户数据分组的标记,并且将下限用作测量过载的参考 比。
-
公开(公告)号:US08401028B2
公开(公告)日:2013-03-19
申请号:US12863872
申请日:2008-01-23
申请人: Attila Mihaly , Andras Csaszar , Oktavian Papp , Lars Westberg
发明人: Attila Mihaly , Andras Csaszar , Oktavian Papp , Lars Westberg
IPC分类号: H04L12/28
CPC分类号: H04L63/0272 , H04L12/5692 , H04L29/12066 , H04L29/12283 , H04L61/1511 , H04L61/2015 , H04L61/2061 , H04L63/08 , H04L67/101 , H04L67/303
摘要: A method and apparatus for selecting an edge node from a plurality of edge nodes in a fixed access communications network. A selection node receives from a host entity a request for a network service. The selection node then obtains, from at least one further network node, data relating to a plurality of edge nodes. On the basis of the retrieved data, the selection node selects an edge node from the plurality of edge nodes, wherein the selected edge node provides a path between the host entity and the requested network service. The selection node then sends a response to the host entity, the response including information identifying the selected edge node.
摘要翻译: 一种用于从固定接入通信网络中的多个边缘节点选择边缘节点的方法和装置。 选择节点从主机实体接收对网络服务的请求。 选择节点然后从至少一个另外的网络节点获得与多个边缘节点有关的数据。 基于检索到的数据,选择节点从多个边缘节点中选择边缘节点,其中所选择的边缘节点在主机实体和所请求的网络服务之间提供路径。 选择节点然后向主机实体发送响应,该响应包括标识所选边缘节点的信息。
-
8.发明申请Method and Apparatuses for Allowing a Nomadic Terminal to Access a Home Network on Layer 2 Level 有权允许游牧式终端访问二层级家庭网络的方法和设备公开(公告)号:US20100309894A1
公开(公告)日:2010-12-09
申请号:US12676663
申请日:2007-09-07
申请人: Andras Csaszar , Janos Harmatos , Attila Mihaly , Oktavian Papp , Lars Westberg
发明人: Andras Csaszar , Janos Harmatos , Attila Mihaly , Oktavian Papp , Lars Westberg
IPC分类号: H04W40/00
CPC分类号: H04L12/4641 , H04L12/4633
摘要: A method of allowing a nomadic terminal to access a home network on the Layer 2 level. The method comprises connecting said terminal to a remote access network via an access point, the remote access network being connected to an operator's backbone network via a remote access router. Signalling is exchanged between the access point and an authentication server within the backbone network in order to authenticate the terminal to the authentication server and, following successful authentication, a Layer 2 tunnel extending across the backbone network is established for the purpose of connecting said nomadic terminal to the home network.
摘要翻译: 允许游牧终端访问第2层级的家庭网络的方法。 该方法包括经由接入点将所述终端连接到远程接入网络,所述远程接入网络经由远程接入路由器连接到运营商的骨干网络。 在接入点和骨干网内的认证服务器之间交换信令,以便向认证服务器认证终端,并且在成功认证之后,建立跨越骨干网的两层隧道,用于连接所述游牧终端 到家庭网络。
-
公开(公告)号:US08553663B2
公开(公告)日:2013-10-08
申请号:US12933274
申请日:2008-12-17
申请人: Janos Harmatos , Andras Csaszar , Attila Mihaly , Oktavian Papp , Zoltan Toth , Lars Westberg
发明人: Janos Harmatos , Andras Csaszar , Attila Mihaly , Oktavian Papp , Zoltan Toth , Lars Westberg
摘要: A method is provided of enabling access for a terminal (12-1) to a remote network (60) via a mobile network (40). A first connectivity service function (30) is provided as part of the mobile network (40). A second connectivity service function (20) is provided as part of the remote network (60). A third connectivity service function (10) is provided associated with the terminal (12-1). The first connectivity service function (30) is adapted to cooperate in establishing a first layer 2 tunnel (25) between itself (30) and the second connectivity service function (20). The first connectivity service function (30) is also adapted to cooperate in establishing a second layer 2 tunnel (15) between itself (30) and the third connectivity service function (10). The terminal (12-1) thereby has layer 2 access into the remote network (60) through the first and second tunnels (25, 15) using the first, second and third connectivity service functions (30, 20, 10).
摘要翻译: 提供了一种通过移动网络(40)使终端(12-1)能够访问远程网络(60)的方法。 提供第一连接服务功能(30)作为移动网络(40)的一部分。 提供第二连接服务功能(20)作为远程网络(60)的一部分。 提供与终端(12-1)相关联的第三连接服务功能(10)。 第一连接服务功能(30)适于在其自身(30)和第二连接服务功能(20)之间建立第一层2隧道(25)。 第一连接服务功能(30)还适于在其自身(30)和第三连接服务功能(10)之间建立第二层2隧道(15)。 因此,使用第一,第二和第三连接服务功能(30,20,10),终端(12-1)通过第一和第二隧道(25,15)具有层2访问远程网络(60)。
-
公开(公告)号:US20100309784A1
公开(公告)日:2010-12-09
申请号:US12863872
申请日:2008-01-23
申请人: Attila Mihaly , Andras Csaszar , Oktavian Papp , Lars Westberg
发明人: Attila Mihaly , Andras Csaszar , Oktavian Papp , Lars Westberg
CPC分类号: H04L63/0272 , H04L12/5692 , H04L29/12066 , H04L29/12283 , H04L61/1511 , H04L61/2015 , H04L61/2061 , H04L63/08 , H04L67/101 , H04L67/303
摘要: A method and apparatus for selecting an edge node from a plurality of edge nodes in a fixed access communications network. A selection node receives from a host entity a request for a network service. The selection node then obtains, from at least one further network node, data relating to a plurality of edge nodes. On thebasis of the retrieved data, the selection node selects an edge node from the plurality of edge nodes, wherein the selected edge node provides a path between the host entity and the requested network service. The selection node then sends a response to the host entity, the response including information identifying the selected edge node.
摘要翻译: 一种用于从固定接入通信网络中的多个边缘节点选择边缘节点的方法和装置。 选择节点从主机实体接收对网络服务的请求。 选择节点然后从至少一个另外的网络节点获得与多个边缘节点有关的数据。 在检索到的数据的基础上,选择节点从多个边缘节点中选择边缘节点,其中所选择的边缘节点在主机实体和所请求的网络服务之间提供路径。 选择节点然后向主机实体发送响应,该响应包括标识所选边缘节点的信息。
-
-
-
-
-
-
-
-
-
搜索结果
32 条记录 (耗时 0.021 秒)