METHOD AND SYSTEM OF MITIGATING NETWORK ATTACKS

    公开(公告)号:US20170353490A1

    公开(公告)日:2017-12-07

    申请号:US15173434

    申请日:2016-06-03

    IPC分类号: H04L29/06

    摘要: A method for mitigating network attacks includes receiving traffic status information from sentries distributed in a network, and analyzing the traffic status information to detect an attack on the network. In response to the attack, an isolated network slice is created. For the isolated network slice, a deceptive network resource is created in isolated network slice. The method further includes transmitting instructions to route malicious traffic to the deceptive network resource.

    Directionless optical architecture and highly available network and photonic resilience methods
    2.
    发明授权
    Directionless optical architecture and highly available network and photonic resilience methods 有权
    无方向光学架构和高可用性网络和光子弹性方法

    公开(公告)号:US08849115B2

    公开(公告)日:2014-09-30

    申请号:US12045933

    申请日:2008-03-11

    IPC分类号: H04J14/02 H04Q11/00

    摘要: The present invention provides a directionless optical architecture for reconfigurable optical add/drop multiplexers (ROADMs) and wavelength selective switches (WSSs). The directionless architecture utilizes a directionless wavelength switch coupled between client devices and ROADMs/WSSs to eliminate the need to hard-wire client devices to a wavelength division multiplexed (WDM) network. Accordingly, client device connections can be automatically routed without manual intervention to provide a highly resilient network design which can recover route diversity during failure scenarios. Additionally, the present invention minimizes deployments of costly optical transceivers while providing superior resiliency. Further, the present invention couples the directionless optical architecture and associated optical protection mechanisms with existing mesh restoration schemes to provide additional resiliency.

    摘要翻译: 本发明提供了一种用于可重新配置的光分插复用器(ROADM)和波长选择开关(WSS)的无向光学架构。 无方向结构使用耦合在客户端设备和ROADM / WSS之间的无方向波长切换,以消除将硬线客户端设备连接到波分复用(WDM)网络的需要。 因此,可以自动路由客户端设备连接,而无需手动干预,以提供高度弹性的网络设计,可在故障情况下恢复路由分集。 另外,本发明使昂贵的光收发器的部署最小化,同时提供优异的弹性。 此外,本发明将无方向光学架构和相关联的光学保护机制与现有的网格恢复方案相结合,以提供额外的弹性。

    HYBRID PACKET-OPTICAL PRIVATE NETWORK SYSTEMS AND METHODS
    4.
    发明申请
    HYBRID PACKET-OPTICAL PRIVATE NETWORK SYSTEMS AND METHODS 有权
    混合分组 - 光学私有网络系统和方法

    公开(公告)号:US20130011132A1

    公开(公告)日:2013-01-10

    申请号:US13178028

    申请日:2011-07-07

    申请人: Loudon Blair

    发明人: Loudon Blair

    IPC分类号: H04J14/08 H04B10/20 H04B10/08

    CPC分类号: H04L12/4641 H04L49/351

    摘要: The present disclosure provides hybrid packet-optical private network systems and methods for a private and dedicated multi-point Ethernet Private Local Area Network (EPLAN). The network systems and methods include a Layer 1 infrastructure service with the inclusion of reserved, dedicated packet switch capacity upon which clients can build their personal, private packet networks. In the systems and methods described herein, packet networking methods are not used to partition the isolated LAN connectivity. Instead, dedicated Ethernet Private LANs (EPLs) are defined between dedicated virtual switching instances (VSIs) that are defined, as necessary, within larger packet-optical switches. Each VSI is partitioned from the remainder of its packet switch fabric as a dedicated, private resource for a specific EPLAN. A packet network is then built by the customer on top of the private EPLAN bandwidth and operated as an isolated, private network with no influence by other carrier's network resources.

    摘要翻译: 本公开提供用于专用和专用多点以太网专用局域网(EPLAN)的混合分组光专用网络系统和方法。 网络系统和方法包括第1层基础设施服务,其中包括预留的专用分组交换机容量,客户端可以在其上构建其私人分组网络。 在本文描述的系统和方法中,分组联网方法不用于分隔隔离的LAN连接。 而专用以太网专用局域网(EPL)是根据需要在更大的分组光交换机中定义的专用虚拟交换实例(VSI)之间定义的。 每个VSI从其分组交换结构的其余部分被划分为用于特定EPLAN的专用私有资源。 然后,客户在专用EPLAN带宽之上构建分组网络,并作为隔离的专用网络运行,不受其他运营商网络资源的影响。

    VIRTUALIZED SHARED PROTECTION CAPACITY
    5.
    发明申请
    VIRTUALIZED SHARED PROTECTION CAPACITY 有权
    虚拟共享保护能力

    公开(公告)号:US20120014284A1

    公开(公告)日:2012-01-19

    申请号:US12839200

    申请日:2010-07-19

    IPC分类号: H04L12/56 H04L12/28

    CPC分类号: H04L49/70 H04L49/354

    摘要: The present disclosure relates a network, a network element, a system, and a method providing an efficient allocation of protection capacity for network connections and/or services. These may be for services within a given Virtual Private Network (VPN) or Virtual Machine (VM) instance flow. Network ingress/egress ports are designed to be VM instance aware while transit ports may or may not be depending on network element capability or configuration. A centralized policy management and a distributed control plane are used to discover and allocate resources to and among the VPNs or VM instances. Algorithms for efficient allocation and release of protection capacity may be coordinated between the centralized policy management and the distributed control plane. Additional coupling of attributes such as latency may provide more sophisticated path selection algorithms including efficient sharing of protection capacity.

    摘要翻译: 本公开涉及网络,网络元件,系统和为网络连接和/或服务提供有效保护容量分配的方法。 这些可能是给定的虚拟专用网(VPN)或虚拟机(VM)实例流中的服务。 网络入口/出口端口设计为VM实例感知,而传输端口可能或可能不依赖于网元功能或配置。 集中式策略管理和分布式控制平面用于发现和分配VPN或VM实例之间的资源。 有效分配和释放保护能力的算法可以在集中式策略管理和分布式控制平面之间进行协调。 诸如等待时间等属性的额外耦合可以提供更复杂的路径选择算法,包括保护容量的有效共享。

    Distributed network planning systems and methods
    6.
    发明授权
    Distributed network planning systems and methods 有权
    分布式网络规划系统和方法

    公开(公告)号:US09491086B2

    公开(公告)日:2016-11-08

    申请号:US13242112

    申请日:2011-09-23

    摘要: The present disclosure provides distributed domain network planning systems and methods. The network planning systems and methods include a distributed domain network planning system that adapts planning concepts to networks operated by modern distributed control planes, such as ASON/ASTN, GMPLS, etc. The network planning systems and methods operate on a multi-domain network utilizing a control plane and local planning systems associated with each individual domain in the multi-domain network. The network planning systems and methods also operate on a single domain network utilizing a control plane and local planning systems associated with the single domain network. The network planning systems and methods build on a distributed control plane philosophy that the network is the database of record. There is significant operational value to distributing the planning function of a large network using the systems and methods disclosed herein.

    摘要翻译: 本公开提供分布式域网络规划系统和方法。 网络规划系统和方法包括将规划概念适应于由现代分布式控制平面(如ASON / ASTN,GMPLS等)运行的网络的分布式域网规划系统。网络规划系统和方法在多域网络上运行 与多域网络中的每个域相关联的控制平面和本地规划系统。 网络规划系统和方法也使用与单域网相关联的控制平面和本地规划系统在单个域网上进行操作。 网络规划系统和方法建立在分布式控制平面的基础上,网络是记录数据库。 使用本文公开的系统和方法来分发大型网络的规划功能具有重要的操作价值。

    Hybrid packet-optical private network systems and methods
    7.
    发明授权
    Hybrid packet-optical private network systems and methods 有权
    混合分组光专用网络系统和方法

    公开(公告)号:US08467375B2

    公开(公告)日:2013-06-18

    申请号:US13178028

    申请日:2011-07-07

    申请人: Loudon Blair

    发明人: Loudon Blair

    IPC分类号: H04L12/28

    CPC分类号: H04L12/4641 H04L49/351

    摘要: The present disclosure provides hybrid packet-optical private network systems and methods for a private and dedicated multi-point Ethernet Private Local Area Network (EPLAN). The network systems and methods include a Layer 1 infrastructure service with the inclusion of reserved, dedicated packet switch capacity upon which clients can build their personal, private packet networks. In the systems and methods described herein, packet networking methods are not used to partition the isolated LAN connectivity. Instead, dedicated Ethernet Private LANs (EPLs) are defined between dedicated virtual switching instances (VSIs) that are defined, as necessary, within larger packet-optical switches. Each VSI is partitioned from the remainder of its packet switch fabric as a dedicated, private resource for a specific EPLAN. A packet network is then built by the customer on top of the private EPLAN bandwidth and operated as an isolated, private network with no influence by other carrier's network resources.

    摘要翻译: 本公开提供用于专用和专用多点以太网专用局域网(EPLAN)的混合分组光专用网络系统和方法。 网络系统和方法包括第1层基础设施服务,其中包括预留的专用分组交换机容量,客户端可以在其上构建其私人分组网络。 在本文描述的系统和方法中,分组联网方法不用于分隔隔离的LAN连接。 而专用以太网专用局域网(EPL)是根据需要在更大的分组光交换机中定义的专用虚拟交换实例(VSI)之间定义的。 每个VSI从其分组交换结构的其余部分被划分为用于特定EPLAN的专用私有资源。 然后,客户在专用EPLAN带宽之上构建分组网络,并作为隔离的专用网络运行,不受其他运营商网络资源的影响。

    Virtualized shared protection capacity
    8.
    发明授权
    Virtualized shared protection capacity 有权
    虚拟化共享保护能力

    公开(公告)号:US08456984B2

    公开(公告)日:2013-06-04

    申请号:US12839200

    申请日:2010-07-19

    IPC分类号: G01R31/08

    CPC分类号: H04L49/70 H04L49/354

    摘要: The present disclosure relates a network, a network element, a system, and a method providing an efficient allocation of protection capacity for network connections and/or services. These may be for services within a given Virtual Private Network (VPN) or Virtual Machine (VM) instance flow. Network ingress/egress ports are designed to be VM instance aware while transit ports may or may not be depending on network element capability or configuration. A centralized policy management and a distributed control plane are used to discover and allocate resources to and among the VPNs or VM instances. Algorithms for efficient allocation and release of protection capacity may be coordinated between the centralized policy management and the distributed control plane. Additional coupling of attributes such as latency may provide more sophisticated path selection algorithms including efficient sharing of protection capacity.

    摘要翻译: 本公开涉及网络,网络元件,系统和为网络连接和/或服务提供有效保护容量分配的方法。 这些可能是给定的虚拟专用网(VPN)或虚拟机(VM)实例流中的服务。 网络入口/出口端口设计为VM实例感知,而传输端口可能或可能不依赖于网元功能或配置。 集中式策略管理和分布式控制平面用于发现和分配VPN或VM实例之间的资源。 有效分配和释放保护能力的算法可以在集中式策略管理和分布式控制平面之间进行协调。 诸如等待时间等属性的额外耦合可以提供更复杂的路径选择算法,包括保护容量的有效共享。