-
公开(公告)号:US07480258B1
公开(公告)日:2009-01-20
申请号:US10614257
申请日:2003-07-03
申请人: Pauline Shuen , Chinying Chaou , Mallikarjuna R. Padavala , Moni Pande , Shyamasundar S. Kaluve
发明人: Pauline Shuen , Chinying Chaou , Mallikarjuna R. Padavala , Moni Pande , Shyamasundar S. Kaluve
IPC分类号: H04L12/28
摘要: A cross stack rapid transition protocol is provided for permitting multiple network devices organized as a stack to rapidly transition their ports in response to network changes so as to minimize traffic flow disruptions while avoiding loops. Each switch in the stack has a stack port that connects the switch to another switch in the stack, and a plurality of ports for connecting the switch to other entities of the computer network. Each switch includes a Spanning Tree Protocol (STP) entity that transitions the ports of the switch among a plurality of states including a forwarding state and a blocking state. Each switch also tracks which other switches are members of the switch stack. The stack port of each switch is transitioned to the forwarding state, and a single switch having connectivity to a root is elected to be a Stack Root. One or more other switches may have Alternate Stack Root Ports, that provide alternate paths to the root. If the current Stack Root loses connectivity to the root, the switch whose Alternate Stack Root Port represents the next best path to the root issues one or more proposal messages to the other members of the switch stack. These other members respond with an Acknowledgement, and the former Stack Root transitions its port to the blocking state. Once the proposing switch receives an Acknowledgment from all other active members of the switch stack, it transitions its Alternate Stack Root Port to the forwarding state so that network messages can be forwarded to and from switch stack.
摘要翻译: 提供了一种交叉堆栈快速转换协议,用于允许组织为堆栈的多个网络设备响应于网络变化快速转换其端口,以便最大限度地减少流量中断,同时避免环路。 堆叠中的每个交换机都具有将交换机连接到堆叠中的另一个交换机的堆叠端口,以及用于将交换机连接到计算机网络的其他实体的多个端口。 每个交换机包括生成树协议(STP)实体,其在包括转发状态和阻塞状态的多个状态之间转换交换机的端口。 每个开关还跟踪哪些其他交换机是交换机堆栈的成员。 每个交换机的堆叠端口转换到转发状态,并且具有到根的连接的单个交换机被选为堆栈根。 一个或多个其他交换机可以具有备用堆叠根端口,其提供到根的备用路径。 如果当前的堆叠根路径与根的连接失败,交换机的备用堆叠根端口表示到根的下一个最佳路径会向交换机堆栈的其他成员发出一个或多个提议消息。 这些其他成员响应一个确认,并且前一个堆栈根转换其端口到阻塞状态。 一旦提议交换机从交换机堆叠的所有其他活动成员收到确认,它将其备用堆叠根端口转换为转发状态,以便网络消息可以转发到交换机堆栈。
-
公开(公告)号:US07219195B2
公开(公告)日:2007-05-15
申请号:US11018993
申请日:2004-12-21
IPC分类号: G06F13/00
CPC分类号: G11C15/00
摘要: An associative memory with an invert result capability to allow the identification of an entry as being matched when an entry or portion thereof is specifically not matched is disclosed (or alternatively viewed as an entry or portion thereof indicated as matched when it actually was not matched). One such associative memory typically includes multiple associative memory entries, each of which typically includes storage for one or more subsets of bits to be used in matching a lookup value and for one or more invert result indications to identify whether or not corresponding particular subsets of the one or more subsets of bits are to be inverted in producing an entry match result. Result generation logic is used to identifying the entry match result based on a comparison of the one or more subsets of bits with the lookup value and responsive to the one or more invert result indications to invert an intermediate comparison result for the one or more subsets of bits as indicated by the one or more invert result indications.
摘要翻译: 具有反转结果能力的关联存储器被公开(当视为条目或其部分实际上不匹配时被视为表示为匹配的条目或其部分时,允许将条目标识为匹配) 。 一个这样的关联存储器通常包括多个关联存储器条目,每个存储器条目通常包括用于匹配查找值的一个或多个位子集的存储,以及用于一个或多个反转结果指示以识别是否相应的特定子集 在产生条目匹配结果时,将反转一个或多个比特子集。 结果生成逻辑用于基于比特的一个或多个比特与查找值的比较来识别条目匹配结果,并且响应于一个或多个反转结果指示来反转一个或多个子集的中间比较结果 由一个或多个反转结果指示指示的位。
-
公开(公告)号:US07558878B2
公开(公告)日:2009-07-07
申请号:US11653009
申请日:2007-01-12
IPC分类号: G06F15/173 , H04L12/28
摘要: In one embodiment, a rapid spanning tree protocol (RSTP) is executed on an intermediate network device. The RSTP may designate a first port of the device to a Root Port Role and designate one or more second ports of the device to Designated Port Roles, and place the one or more second ports in a forwarding state. Subsequently, the intermediate network device may reassign the Root Port Role from the first port to a third port of the device and blocking the first port. If the intermediate network device receives a proposal bridge protocol data unit (BPDU) message on the third port, rather than transition the one or more second ports to a blocking state, the intermediate device is adapted to maintain the one or more second ports in the forwarding state.
摘要翻译: 在一个实施例中,在中间网络设备上执行快速生成树协议(RSTP)。 RSTP可以将设备的第一端口指定到根端口角色,并将设备的一个或多个第二端口指定为指定端口角色,并将一个或多个第二端口置于转发状态。 随后,中间网络设备可以将根端口角色从第一端口重新分配到设备的第三端口并阻塞第一端口。 如果中间网络设备在第三端口上接收提议桥协议数据单元(BPDU)消息,而不是将一个或多个第二端口转换到阻塞状态,则中间设备适于将一个或多个第二端口维持在 转发状态
-
公开(公告)号:US07606229B1
公开(公告)日:2009-10-20
申请号:US10290906
申请日:2002-11-08
申请人: Marco E. Foschiano , Sacidhar C. Nambakkam , Sushilkumar K. Goyal , Alagu Annaamalai , Shyamasundar S. Kaluve , Prabhu Seshachellam
发明人: Marco E. Foschiano , Sacidhar C. Nambakkam , Sushilkumar K. Goyal , Alagu Annaamalai , Shyamasundar S. Kaluve , Prabhu Seshachellam
IPC分类号: H04L12/56
CPC分类号: H04L12/4695 , H04L12/4641 , H04L45/66 , H04L47/2483 , H04L49/90 , H04L2212/00
摘要: A method and system for processing a packet is disclosed. The method includes identifying the packet as a generic bridge packet tunneling (GBPT) packet, and performing GBPT processing on the packet at a network node, if the packet is a GBPT packet.
摘要翻译: 公开了一种用于处理分组的方法和系统。 该方法包括将分组标识为通用桥分组隧道(GBPT)分组,并且如果分组是GBPT分组,则在网络节点处对分组执行GBPT处理。
-
公开(公告)号:US07562389B1
公开(公告)日:2009-07-14
申请号:US10903391
申请日:2004-07-30
申请人: Rajan Goyal , Virgil N. Mihailovici , Rahul Gupta , Pere Monclus , Ahsan Habib , Kirtikumar L. Prabhu , Christophe J. Paggen , Shyamasundar S. Kaluve
发明人: Rajan Goyal , Virgil N. Mihailovici , Rahul Gupta , Pere Monclus , Ahsan Habib , Kirtikumar L. Prabhu , Christophe J. Paggen , Shyamasundar S. Kaluve
CPC分类号: H04L63/0227 , H04L63/1408
摘要: In accordance with one embodiment of the present invention, a method includes receiving a packet at a physical interface of a network security gateway. The packet is tagged with a first VLAN identifier associated with an external network. The method also includes communicating a copy of the packet to a first processor, analyzing the copy of the packet at the first processor to determine whether the packet violates a security condition, and communicating a reply message from the first processor to the interface. The reply message indicates whether the packet violates a security condition. If the packet does not violate a security condition, the method includes re-tagging the packet with a second VLAN identifier associated with a protected network by using a second processor at the physical interface. The method further includes communicating the re-tagged packet to the protected network if the packet does not violate a security condition.
摘要翻译: 根据本发明的一个实施例,一种方法包括在网络安全网关的物理接口处接收分组。 该分组被标记有与外部网络相关联的第一VLAN标识符。 该方法还包括将分组的副本传送到第一处理器,在第一处理器处分析分组的副本以确定分组是否违反安全条件,以及将来自第一处理器的应答消息传送到接口。 回复消息表示该数据包是否违反安全条件。 如果分组没有违反安全条件,则该方法包括通过在物理接口处使用第二处理器来重新标记具有与受保护网络相关联的第二VLAN标识的分组。 该方法还包括如果分组不违反安全条件,则将重新标记的分组传送到受保护的网络。
-
公开(公告)号:US07061875B1
公开(公告)日:2006-06-13
申请号:US10020667
申请日:2001-12-07
CPC分类号: H04L45/48 , H04L12/462 , H04L45/00 , H04L45/18
摘要: A system and method prevents the formation of loops that are not detected by the Spanning Tree Protocol (STP). An intermediate network device preferably includes a plurality of ports for receiving and forwarding network messages and a STP engine in communicating relationship with the ports. The STP engine transitions the ports among a plurality of spanning tree port states, including a discarding state, a learning state and a forwarding state. The device further includes a loop guard engine that is in communicating relationship with the STP engine and the ports. The loop guard engine monitors the receipt of configuration bridge protocol data unit (BPDU) messages by the ports. If a given port stops receiving BPDU messages, the loop guard engine prevents the STP engine from transitioning the given port to the forwarding state. Instead, the loop guard engine preferably causes the port to transition to a new state in which networks messages are explicitly blocked from being forwarded or received. If the given port subsequently receives a BPDU message, the loop guard engine releases the port from the new state, thereby allowing it to transition to some other spanning tree port state.
摘要翻译: 系统和方法防止生成树协议(STP)未检测到的环路的形成。 中间网络设备优选地包括用于接收和转发网络消息的多个端口和与端口通信关系的STP引擎。 STP引擎在多个生成树端口状态之间转换端口,包括丢弃状态,学习状态和转发状态。 该装置还包括与STP引擎和端口处于通信关系的环路保护引擎。 环路保护引擎监控端口接收到配置桥协议数据单元(BPDU)消息。 如果给定端口停止接收BPDU消息,则环路保护引擎可以防止STP引擎将给定端口转换到转发状态。 相反,环路保护引擎优选地使端口转变到其中网络消息被明确阻止被转发或接收的新状态。 如果给定端口随后接收到一个BPDU消息,则环路保护引擎将该端口从新状态释放,从而允许其转换到某个其他生成树端口状态。
-
公开(公告)号:US07940765B2
公开(公告)日:2011-05-10
申请号:US10988746
申请日:2004-11-14
申请人: Sandeep Hebbani Raghavendra Rao , Shyamasundar S. Kaluve , Senthilkumar Krishnamurthy , Venkateshwar Rao Pullela , Ashwin Sampath
发明人: Sandeep Hebbani Raghavendra Rao , Shyamasundar S. Kaluve , Senthilkumar Krishnamurthy , Venkateshwar Rao Pullela , Ashwin Sampath
IPC分类号: H04L12/28
CPC分类号: H04L63/101 , H04L12/185 , H04L63/104
摘要: Disclosed are, inter alia, methods, apparatus, data structures, computer-readable media, and mechanisms for limiting unauthorized multicast sources. One or more access control lists are typically configured in a switching device to a state that denies forwarding of multicast packets with a particular host as its source. In response to a received multicast application admission-control message identifying the particular host, the one or more access control lists in the switching device are updated to allow multicast messages sent from the particular host to be forwarded. In one system, the received multicast application admission-control message is an Internet Group Management Protocol (IGMP) message. In response to the received multicast application admission-control message identifying the particular host, one system automatically adds one or more entries to the one or more access control lists to allow multicast traffic to be sent to and received from a next switching device leading to a corresponding multicast Rendezvous Point.
摘要翻译: 公开的方法,装置,数据结构,计算机可读介质和用于限制未经授权的组播源的机制。 一个或多个访问控制列表通常在交换设备中配置为拒绝以特定主机作为其源的多播分组的转发的状态。 响应于接收到的识别特定主机的多播应用准入控制消息,更新交换设备中的一个或多个访问控制列表以允许从特定主机发送的多播消息被转发。 在一个系统中,所接收的组播应用准入控制消息是因特网组管理协议(IGMP)消息。 响应于接收到的组播应用准入控制消息标识特定主机,一个系统自动将一个或多个条目添加到一个或多个访问控制列表中,以允许将多播业务发送到下一个交换设备并从其接收,从而导致 相应的组播集合点。
-
公开(公告)号:US07460492B2
公开(公告)日:2008-12-02
申请号:US11451888
申请日:2006-06-12
CPC分类号: H04L45/48 , H04L12/462 , H04L45/00 , H04L45/18
摘要: A system and method are provided to prevent the formation of loops in a network. The network device includes a plurality of ports for receiving and forwarding network messages and a spanning tree protocol engine. The spanning tree protocol engine, in one embodiment, implements the Rapid Spanning Tree Protocol (RSTP) to transitions the ports among a plurality port states, including a discarding state, a learning state and a forwarding state. The network device further includes a loop guard engine that is in a communicating relationship with the spanning tree protocol engine and the ports. The loop guard engine monitors the receipt of bridge protocol data units (BPDUs) by the ports. If a given port stops receiving BPDUs, the loop guard engine prevents the spanning tree protocol engine from transitioning the given port to the forwarding state. Instead, the loop guard engine causes the port to transition to loop inconsistent state.
摘要翻译: 提供了一种系统和方法来防止在网络中形成环路。 网络设备包括用于接收和转发网络消息的多个端口和生成树协议引擎。 在一个实施例中,生成树协议引擎实现快速生成树协议(RSTP),以在多个端口状态之间转换端口,包括丢弃状态,学习状态和转发状态。 网络设备还包括与生成树协议引擎和端口处于通信关系的环路保护引擎。 环路保护引擎监控端口接收桥协议数据单元(BPDU)。 如果给定端口停止接收BPDU,则环路保护引擎可以防止生成树协议引擎将给定端口转换为转发状态。 相反,环路保护引擎使端口转换到环路不一致的状态。
-
9.发明授权Method to distribute IEEE 802.1X authenticated users among multiple broadcast domains 有权在多个广播域中分发IEEE 802.1X认证用户的方法公开(公告)号:US07447166B1
公开(公告)日:2008-11-04
申请号:US10979536
申请日:2004-11-02
IPC分类号: H04L12/26
CPC分类号: H04L12/66
摘要: A technique optimizes the distribution of authenticated users among a plurality of broadcast domains, such as virtual local area networks (VLAN). Users are dynamically assigned to different broadcast domains based on various factors, including but not limited to the number of authenticated users already participating in each broadcast domain, the available bandwidth in each broadcast domain, user classes associated with users participating in each broadcast domain, etc. Based on one or more of these factors, authenticated users are optimally distributed (“load balanced”) among the plurality of broadcast domains, thereby reducing the amount of broadcast traffic and configuration within each domain.
摘要翻译: 一种技术优化了多个广播域(如虚拟局域网(VLAN))中的已认证用户的分布。 用户根据各种因素动态分配到不同的广播域,包括但不限于已经参与每个广播域的已认证用户的数量,每个广播域中的可用带宽,与参与每个广播域的用户相关联的用户类等 基于这些因素中的一个或多个,多个广播域中的经过认证的用户被最优地分布(“负载平衡”),从而减少每个域内的广播流量和配置的数量。
-
公开(公告)号:US07177946B1
公开(公告)日:2007-02-13
申请号:US10012006
申请日:2001-12-06
IPC分类号: G06F15/173 , H04L12/28
摘要: An optimization to the rapid spanning tree protocol (RSTP) is presented. An intermediate network device configured in accordance with the present invention preferably includes a plurality of ports for receiving and forwarding messages and a spanning tree protocol (STP) engine which is coupled to the ports. If the device receives a bridge protocol data unit (BPDU) message from a designated port of a neighboring intermediate network device and the BPDU represents a proposal by the neighboring device to rapidly transition its port to the forwarding state, the device first determines whether or not it is the root the bridged network. If the device is not the root, and the BPDU message was received on the device's existing root port or on its newly selected root port, the device preferably invokes an “optimal sync” mechanism. Specifically, the device transitions only its alternate root port(s) and the previous root port, if any, to the blocking state, while leaving all of its designated ports, if any, in the forwarding state. The device then returns an agreement BPDU message to the neighboring device.
摘要翻译: 提出了对快速生成树协议(RSTP)的优化。 根据本发明配置的中间网络设备优选地包括用于接收和转发消息的多个端口和耦合到端口的生成树协议(STP)引擎。 如果设备从相邻中间网络设备的指定端口接收到桥接协议数据单元(BPDU)消息,并且BPDU表示相邻设备将其端口快速转发到转发状态的提议,则设备首先确定是否 它是桥接网络的根源。 如果设备不是根,并且在设备的现有根端口或其新选择的根端口上接收到BPDU消息,则设备优选地调用“最佳同步”机制。 具体来说,设备只将其备用根端口和前一个根端口(如果有的话)转换为阻塞状态,同时保留转发状态下的所有指定端口(如果有)。 然后,设备向相邻设备返回一个协议BPDU消息。
-
-
-
-
-
-
-
-
-
搜索结果
10 条记录 (耗时 0.026 秒)
