-
公开(公告)号:US08018845B2
公开(公告)日:2011-09-13
申请号:US11339597
申请日:2006-01-25
CPC分类号: H04L43/022 , H04L43/16
摘要: Out-of-profile rate-limited traffic is sampled to provide data for analysis, such as for, but not limited to, identifying a threat condition such as a denial-of-service or other malicious attack, or a non-malicious attack such as an error in configuration. A rate limiter including at least three states is typically used, with one of these states being an out-of-profile sampling state wherein the packet traffic is sampled to identify one or more sampled packets on which analysis can be performed, with defensive action possibly taken in response to the analysis.
摘要翻译: 采样失速率限制流量以提供用于分析的数据,例如用于但不限于识别威胁状况,例如拒绝服务或其他恶意攻击,或非恶意攻击,例如非恶意攻击 作为配置错误。 通常使用包括至少三个状态的速率限制器,其中这些状态之一是失真采样状态,其中对分组业务进行采样以识别可以在其上进行分析的一个或多个采样分组,具有可能的防御动作 作为回应分析。
-
公开(公告)号:US20070171824A1
公开(公告)日:2007-07-26
申请号:US11339597
申请日:2006-01-25
IPC分类号: H04L12/26
CPC分类号: H04L43/022 , H04L43/16
摘要: Out-of-profile rate-limited traffic is sampled to provide data for analysis, such as for, but not limited to, identifying a threat condition such as a denial-of-service or other malicious attack, or a non-malicious attack such as an error in configuration. A rate limiter including at least three states is typically used, with one of these states being an out-of-profile sampling state wherein the packet traffic is sampled to identify one or more sampled packets on which analysis can be performed, with defensive action possibly taken in response to the analysis.
摘要翻译: 采样失速率限制流量以提供用于分析的数据,例如用于但不限于识别威胁状况,例如拒绝服务或其他恶意攻击,或非恶意攻击,例如非恶意攻击 作为配置错误。 通常使用包括至少三个状态的速率限制器,其中这些状态之一是失真采样状态,其中对分组业务进行采样以识别可以在其上进行分析的一个或多个采样分组,具有可能的防御动作 作为回应分析。
-
公开(公告)号:US08902908B2
公开(公告)日:2014-12-02
申请号:US11416988
申请日:2006-05-02
IPC分类号: H04L12/28 , H04L12/56 , H04L12/723 , H04L12/46
CPC分类号: H04L12/4641 , H04L45/50
摘要: Disclosed are, inter alia, methods, apparatus, data structures, computer-readable media, mechanisms, and means for supporting a large number of virtual local area networks (VLANS) in a bridged network. Packets are received that include 802.1Q Virtual Local Area Network (VLAN) identifiers (VIDs). However, rather than accessing the VLAN forwarding information directly based on the VID as conventionally performed, the VLAN forwarding information to use for a particular packet is determined based on an interface (e.g., virtual or physical interface, port, MPLS label, GRE tunnel or other abstraction of the interface). In other words, the interface associated with the packet identifies a context for determining the VLAN forwarding information based on the VID included in the packet. Therefore, network bridging devices can support more VLANs than that imposed by the 4096 possible values of a VID.
摘要翻译: 公开了尤其是用于支持桥接网络中的大量虚拟局域网(VLAN)的方法,装置,数据结构,计算机可读介质,机制和装置。 收到包含802.1Q虚拟局域网(VLAN)标识符(VID)的数据包。 但是,根据传统的VID直接访问VLAN转发信息,而不是根据接口(例如,虚拟或物理接口,端口,MPLS标签,GRE隧道或者接口)来确定用于特定数据包的VLAN转发信息, 接口的其他抽象)。 换句话说,与分组相关联的接口基于分组中包括的VID来标识用于确定VLAN转发信息的上下文。 因此,网络桥接设备可以支持比VID的4096个可能值所施加的更多的VLAN。
-
公开(公告)号:US20070091890A1
公开(公告)日:2007-04-26
申请号:US11257696
申请日:2005-10-25
IPC分类号: H04L12/56
CPC分类号: H04L12/18 , H04L45/16 , H04L45/32 , H04L49/201 , H04L49/354
摘要: A mechanism for a network device to constrain multicast flooding of out-of-profile multicast frames is provided by defining a multicast flood domain that includes a subset of ports that are members of the broadcast domain. Such a multicast flood domain can be user configured or dynamically configured to include device ports that are coupled to network elements that should receive such out-of-profile multicast transmissions and exclude network elements that should not receive such multicast transmissions. In one embodiment of the present invention, such capability is provided by incorporating into a network device a mechanism for performing a multicast flood domain lookup of an address table in the event that an out-of-profile multicast frame is received.
摘要翻译: 通过定义包括作为广播域的成员的端口的子集的组播泛洪域来提供网络设备限制外部组播帧的组播泛洪的机制。 这样的组播泛洪域可以被用户配置或动态地配置为包括耦合到应该接收到这种不合格的多播传输的网络元件的设备端口,并且排除不应该接收这种多播传输的网络元件。 在本发明的一个实施例中,通过在网络设备中并入接收到异常外组播帧的情况下用于执行地址表的组播泛洪域查找的机制来提供这种能力。
-
公开(公告)号:US20060221960A1
公开(公告)日:2006-10-05
申请号:US11096738
申请日:2005-04-01
申请人: Gaetano Borgione
发明人: Gaetano Borgione
CPC分类号: H04L29/12292 , H04L12/18 , H04L12/465 , H04L29/12028 , H04L29/12801 , H04L45/742 , H04L49/35 , H04L61/103 , H04L61/2069 , H04L61/6004
摘要: A method, system, and computer program product are presented to optimize OSI Level 2 switch forwarding of frames comprising IP addresses, 802.1 QinQ VLAN identifiers, multi-protocol label switching labels, and any other usable information meaningful to derive an L2 forwarding result on frames. In one embodiment, a 16-bit key is included as a prefix to a 48-bit OSI Level 2 address entry, thereby allowing the inclusion of a 32-bit OSI Level 3 address in the lookup table (e.g., a complete IP version 4 address). Implementations of such a solution are presented to resolve address aliasing issues experienced with multicast group destination addresses, including single source multicast. Solutions to optimizing forwarding of frames in an IEEE 802.1 QinQ environment are also presented. A result of these implementations can be reduction of the amount of unnecessary network traffic generated by a network switch incorporating such an OSI Level 2 address lookup table.
摘要翻译: 提出了一种方法,系统和计算机程序产品,以优化包括IP地址,802.1QinQ VLAN标识符,多协议标签交换标签和任何其他可用信息的帧的OSI 2级交换机转发,以有助于在帧上导出L2转发结果 。 在一个实施例中,将16位密钥作为前缀包括在48位OSI 2级地址条目中,从而允许在查找表中包括32位OSI 3级地址(例如,完整的IP版本4 地址)。 提出了这样的解决方案的实现,以解决组播目的地地址(包括单源组播)所遇到的地址混叠问题。 还介绍了在IEEE 802.1 QinQ环境中优化帧转发的解决方案。 这些实现的结果可以是减少由包含这样的OSI 2级地址查找表的网络交换机生成的不必要的网络流量的量。
-
6.发明申请公开(公告)号:US20150295750A1
公开(公告)日:2015-10-15
申请号:US14253775
申请日:2014-04-15
CPC分类号: G06F9/5077 , G06F9/455 , G06F9/50 , G06F11/181 , H04L41/0803 , H04L41/0816 , H04L41/50 , H04L49/354
摘要: A method and apparatus is disclosed herein for use of a connectivity manager and a network infrastructure including the same. In one embodiment, the network infrastructure comprises one or more physical devices communicably coupled into a physical network infrastructure or via the overlay provided by the physical servers; and a virtual network domain containing a virtual network infrastructure executing on the physical network infrastructure. In one embodiment, the virtual network domain comprises one or more virtual network functions connected together through one or more links and executing on the one or more physical devices, and one or more interfaces coupled to one or more network functions via one or more links to communicate data between the virtual network domain and at least one of the one or more physical devices of the physical network infrastructure while the virtual network domain is isolated from other virtual infrastructures executing on the physical network infrastructure.
摘要翻译: 本文公开了一种使用连接管理器和包括其的网络基础设施的方法和装置。 在一个实施例中,网络基础设施包括可通信地耦合到物理网络基础设施中或经由物理服务器提供的覆盖物的一个或多个物理设备; 以及包含在物理网络基础设施上执行的虚拟网络基础设施的虚拟网络域。 在一个实施例中,虚拟网络域包括通过一个或多个链路连接在一起并在一个或多个物理设备上执行的一个或多个虚拟网络功能,以及经由一个或多个链路耦合到一个或多个网络功能的一个或多个接口 在虚拟网络域与物理网络基础设施上执行的其他虚拟基础设施隔离的同时,在虚拟网络域与物理网络基础设施的一个或多个物理设备中的至少一个之间传送数据。
-
7.发明授权Apparatus and method for utilizing aggregate network links for multicast switching 有权利用聚合网络链路进行组播切换的装置和方法公开(公告)号:US08155125B1
公开(公告)日:2012-04-10
申请号:US10944307
申请日:2004-09-17
IPC分类号: H04L12/28
CPC分类号: H04L12/4641 , H04L12/1863
摘要: A method, system, and apparatus to transmit replicated multicast packets over a plurality of physical network links that are combined into one logical channel or link so that the replicated multicast packets are distributed over more than one network link is disclosed. It is further disclosed that distribution over the network links is accomplished, in part, through analyzing the multicast packet for information other than ethernet addresses. Such information can include a tag header including destination interface information.
摘要翻译: 公开了一种通过组合成一个逻辑信道或链路的多个物理网络链路来传输复制的多播分组的方法,系统和装置,以便复制的多播分组分布在多于一个的网络链路上。 还公开了通过网络链路的分发部分地通过分析除了以太网地址之外的信息的多播分组来实现。 这样的信息可以包括包括目的地接口信息的标签报头。
-
公开(公告)号:US07599367B2
公开(公告)日:2009-10-06
申请号:US11257696
申请日:2005-10-25
CPC分类号: H04L12/18 , H04L45/16 , H04L45/32 , H04L49/201 , H04L49/354
摘要: A mechanism for a network device to constrain multicast flooding of out-of-profile multicast frames is provided by defining a multicast flood domain that includes a subset of ports that are members of the broadcast domain. Such a multicast flood domain can be user configured or dynamically configured to include device ports that are coupled to network elements that should receive such out-of-profile multicast transmissions and exclude network elements that should not receive such multicast transmissions. In one embodiment of the present invention, such capability is provided by incorporating into a network device a mechanism for performing a multicast flood domain lookup of an address table in the event that an out-of-profile multicast frame is received.
摘要翻译: 通过定义包括作为广播域的成员的端口的子集的组播泛洪域来提供网络设备限制外部组播帧的组播泛洪的机制。 这样的组播泛洪域可以被用户配置或动态地配置为包括耦合到应该接收到这种不合格的多播传输的网络元件的设备端口,并且排除不应该接收这种多播传输的网络元件。 在本发明的一个实施例中,通过在网络设备中并入接收到异常外组播帧的情况下用于执行地址表的组播泛洪域查找的机制来提供这种能力。
-
9.发明授权Performing extended lookups on MAC-based tables including level 3 multicast group destination addresses 有权对基于MAC的表执行扩展查找,包括3级组播组目标地址公开(公告)号:US07586895B2
公开(公告)日:2009-09-08
申请号:US11096738
申请日:2005-04-01
申请人: Gaetano Borgione
发明人: Gaetano Borgione
CPC分类号: H04L29/12292 , H04L12/18 , H04L12/465 , H04L29/12028 , H04L29/12801 , H04L45/742 , H04L49/35 , H04L61/103 , H04L61/2069 , H04L61/6004
摘要: A method, system, and computer program product are presented to optimize OSI Level 2 switch forwarding of frames comprising IP addresses, 802.1 QinQ VLAN identifiers, multi-protocol label switching labels, and any other usable information meaningful to derive an L2 forwarding result on frames. In one embodiment, a 16-bit key is included as a prefix to a 48-bit OSI Level 2 address entry, thereby allowing the inclusion of a 32-bit OSI Level 3 address in the lookup table (e.g., a complete IP version 4 address). Implementations of such a solution are presented to resolve address aliasing issues experienced with multicast group destination addresses, including single source multicast. Solutions to optimizing forwarding of frames in an IEEE 802.1 QinQ environment are also presented. A result of these implementations can be reduction of the amount of unnecessary network traffic generated by a network switch incorporating such an OSI Level 2 address lookup table.
摘要翻译: 提出了一种方法,系统和计算机程序产品,以优化包括IP地址,802.1QinQ VLAN标识符,多协议标签交换标签以及任何其他可用信息的帧的OSI 2级交换机转发,以有助于在帧上导出L2转发结果 。 在一个实施例中,将16位密钥作为前缀包括在48位OSI 2级地址条目中,从而允许在查找表中包括32位OSI 3级地址(例如,完整的IP版本4 地址)。 提出了这样的解决方案的实现,以解决组播目的地地址(包括单源组播)所遇到的地址混叠问题。 还介绍了在IEEE 802.1 QinQ环境中优化帧转发的解决方案。 这些实现的结果可以是减少由包含这样的OSI 2级地址查找表的网络交换机生成的不必要的网络流量的量。
-
公开(公告)号:US20070258446A1
公开(公告)日:2007-11-08
申请号:US11416988
申请日:2006-05-02
IPC分类号: H04L12/56
CPC分类号: H04L12/4641 , H04L45/50
摘要: Disclosed are, inter alia, methods, apparatus, data structures, computer-readable media, mechanisms, and means for supporting a large number of virtual local area networks (VLANS) in a bridged network. Packets are received that include 802.1Q Virtual Local Area Network (VLAN) identifiers (VIDs). However, rather than accessing the VLAN forwarding information directly based on the VID as conventionally performed, the VLAN forwarding information to use for a particular packet is determined based on an interface (e.g., virtual or physical interface, port, MPLS label, GRE tunnel or other abstraction of the interface). In other words, the interface associated with the packet identifies a context for determining the VLAN forwarding information based on the VID included in the packet. Therefore, network bridging devices can support more VLANs than that imposed by the 4096 possible values of a VID.
摘要翻译: 公开了尤其是用于支持桥接网络中的大量虚拟局域网(VLAN)的方法,装置,数据结构,计算机可读介质,机制和装置。 收到包含802.1Q虚拟局域网(VLAN)标识符(VID)的数据包。 但是,根据传统的VID直接访问VLAN转发信息,而不是根据接口(例如,虚拟或物理接口,端口,MPLS标签,GRE隧道或者接口)来确定用于特定数据包的VLAN转发信息, 接口的其他抽象)。 换句话说,与分组相关联的接口基于分组中包括的VID来标识用于确定VLAN转发信息的上下文。 因此,网络桥接设备可以支持比VID的4096个可能值所施加的更多的VLAN。
-
-
-
-
-
-
-
-
-
搜索结果
10 条记录 (耗时 0.022 秒)
