公开(公告)号：US06639899B1

公开(公告)日：2003-10-28

申请号：US09417834

申请日：1999-10-14

申请人： Randall Allan Law ,  Steven Douglas Margerm ,  Andre Poulin ,  Robert Morton ,  Steve Driediger ,  Jason Sterne ,  Pual Nadj

发明人： Randall Allan Law ,  Steven Douglas Margerm ,  Andre Poulin ,  Robert Morton ,  Steve Driediger ,  Jason Sterne ,  Pual Nadj

IPC分类号： G01R3108

CPC分类号： H04L49/3081 ,  H04L49/30 ,  H04L49/3009 ,  H04L49/555 ,  H04L2012/5625 ,  H04L2012/5628 ,  H04L2012/5652 ,  H04Q11/0478

摘要： A method for verifying the integrity of data payloads of ATM cells passing through a switching device involves computing a payload integrity verification code for the payload portion of an ATM cell. The payload integrity verification code may be generated according to any error detection or error correction scheme. Preferably, the payload integrity verification code is stored in a portion of the standard ATM cell header which is not used while the cell is passing through the switching device. Preferably the payload integrity verification code is stored in all, or a portion of, the virtual path identifier or virtual connection identifier fields. The invention allows for the immediate identification of cells having corrupted payload data. Different actions may be taken on the detection of errors in the ATM cell header and ATM cell payloads respectively.

摘要翻译： 用于验证通过交换设备的ATM信元的数据有效载荷的完整性的方法包括计算ATM信元的有效载荷部分的净荷完整性验证码。 有效载荷完整性验证码可以根据任何错误检测或纠错方案生成。 优选地，有效载荷完整性验证码存储在标准ATM信元报头的一部分中，该小区在小区通过交换设备时未被使用。 优选地，净荷完整性验证码存储在虚拟路径标识符或虚拟连接标识符字段的全部或部分中。 本发明允许立即识别具有损坏的有效载荷数据的小区。 可以分别对ATM信元报头和ATM信元有效载荷中的错误的检测采取不同的动作。

公开(公告)号：US06771605B1

公开(公告)日：2004-08-03

申请号：US09476374

申请日：2000-01-03

申请人： Randall Allan Law ,  Steven Douglas Margerm ,  Andre Poulin ,  Robert Morton ,  Steve Driediger ,  Jason Sterne ,  Paul Nadj

发明人： Randall Allan Law ,  Steven Douglas Margerm ,  Andre Poulin ,  Robert Morton ,  Steve Driediger ,  Jason Sterne ,  Paul Nadj

IPC分类号： H04L100

CPC分类号： H04L49/3081 ,  H04L49/30 ,  H04L49/3009 ,  H04L49/555 ,  H04L2012/5625 ,  H04L2012/5628 ,  H04L2012/5652 ,  H04Q11/0478

摘要： A method for identifying faulty modules within telecommunication devices, such as ATM switches, involves generating and attaching verification codes, such as CRC or checksum codes, to data packets, such as ATM cells, at an upstream location, determining the integrity of the verification codes at each of multiple downstream location within a telecommunication device; and signaling an error condition where a corrupted data packet has been detected. A verification code may be written to a filed of a data packet which is not used while the ATM cell is in transit through the telecommunication device, thereby identifying a faulty module device without adversely affecting throughput.

摘要翻译： 用于识别诸如ATM交换机之类的电信设备内的故障模块的方法涉及在诸如ATM或ATM校验码之类的诸如CRC或校验和码之类的校验码生成和附加，确定验证码的完整性 在电信设备内的多个下游位置的每个处; 并发出已经检测到损坏的数据分组的错误状况。 当ATM信元通过电信设备进行传输时，验证码可以被写入到不使用的数据包的字段中，从而识别错误的模块设备而不会不利地影响吞吐量。

公开(公告)号：US07420926B2

公开(公告)日：2008-09-02

申请号：US10865870

申请日：2004-06-14

申请人： Allan Randall Law ,  Steven Douglas Margerm ,  Andre Poulin ,  Robert Morton ,  Steve Driediger ,  Jason Sterne ,  Paul Nadj

发明人： Allan Randall Law ,  Steven Douglas Margerm ,  Andre Poulin ,  Robert Morton ,  Steve Driediger ,  Jason Sterne ,  Paul Nadj

IPC分类号： G01R31/08 ,  G06F11/00

CPC分类号： H04L49/3081 ,  H04L49/30 ,  H04L49/3009 ,  H04L49/555 ,  H04L2012/5625 ,  H04L2012/5628 ,  H04L2012/5652 ,  H04Q11/0478

摘要： A method for identifying faulty modules within telecommunication devices, such as ATM switches, involves generating and attaching verification codes, such as a CRC or checksum codes, to data packets at an upstream location determining the integrity of the verification codes at each of multiple downstream location within a telecommunication device; and signaling an error condition where a corrupted data packet has been detected. A verification code may be written to a field of a data packet which is not used while the packet is in transit through the telecommunication device.

摘要翻译： 一种用于识别诸如ATM交换机之类的电信设备内的有缺陷的模块的方法涉及生成和附加诸如CRC或校验和码的验证码到上游位置处的数据分组，从而确定多个下游位置的每一个处的验证码的完整性 在电信设备内; 并发出已经检测到损坏的数据分组的错误状况。 可以在通过电信设备传输分组时将验证码写入到未使用的数据分组的字段。

公开(公告)号：US20070217336A1

公开(公告)日：2007-09-20

申请号：US11377578

申请日：2006-03-17

申请人： Jason Sterne ,  Robert Johnson ,  Aaron MacDonald ,  Richard Grieve ,  James Schriel

发明人： Jason Sterne ,  Robert Johnson ,  Aaron MacDonald ,  Richard Grieve ,  James Schriel

IPC分类号： H04J1/16 ,  H04L12/56

CPC分类号： H04L47/10 ,  H04L47/266 ,  H04L47/30 ,  H04L47/32 ,  H04L49/90 ,  Y02D50/10

摘要： A method for incorporating a queuing device as a lossless processing stage in a network device in a communications network, comprising: monitoring a depth of a queue in the queuing device, the queue for receiving packets from an upstream device within the network device, the queuing device acting as a discard point by discarding packets when the queue is full; and, if the depth passes a predetermined threshold, sending a message to the upstream device to reduce a rate at which packets are sent to the queuing device to prevent the queue from filling and thereby preventing packet discarding and loss by the queuing device.

摘要翻译： 一种在通信网络中的网络设备中将排队设备作为无损处理级并入的方法，包括：监视队列设备中的队列的深度，用于从网络设备内的上游设备接收分组的队列，排队 设备在队列满时通过丢弃报文作为丢弃点; 并且如果深度通过预定阈值，则向上游设备发送消息以降低分组被发送到排队设备的速率，以防止队列填满，从而防止排队设备丢包和丢失。

公开(公告)号：US20050157647A1

公开(公告)日：2005-07-21

申请号：US10760277

申请日：2004-01-21

申请人： Jason Sterne ,  Adrian Grah ,  Shay Nahum ,  Predrag Kostic ,  Herman Liu

发明人： Jason Sterne ,  Adrian Grah ,  Shay Nahum ,  Predrag Kostic ,  Herman Liu

IPC分类号： H04L1/00 ,  H04L29/06

CPC分类号： H04L63/0227 ,  H04L63/101 ,  H04L63/1458

摘要： The packet rate limiting method and system is used for detecting and blocking the effects of DoS attacks on IP networks. The method uses an ACL counter that stores an action parameter in the first 3 most significant bits and uses 13 bits as a packet counter. A rate limit is enforced by setting the packet counter to an initial value, and resetting this value at given intervals of time. The action parameter enables the ACL to accept or deny packets based on this rate limit. If the number of packets in the incoming flow saturates the packet counter before the reset time, the packets are denied access to the network until the counter is next reset. The denied packets may be just discarded or may be extracted for further examination.

摘要翻译： 分组速率限制方法和系统用于检测和阻止DoS攻击对IP网络的影响。 该方法使用ACL计数器，其存储动作参数在前3个最高有效位中，并使用13位作为数据包计数器。 通过将分组计数器设置为初始值来实现速率限制，并在给定的时间间隔重置该值。 该操作参数使ACL能够根据此速率限制接受或拒绝数据包。 如果传入流中的数据包数量在复位时间之前使数据包计数器饱和，则数据包将被拒绝访问网络，直到下一次重置计数器为止。 被拒绝的数据包可能被丢弃或可能被提取用于进一步检查。

公开(公告)号：US20050163139A1

公开(公告)日：2005-07-28

申请号：US10915250

申请日：2004-08-10

申请人： Robert Robotham ,  Denny Lee ,  Brent Duckering ,  Jason Sterne

发明人： Robert Robotham ,  Denny Lee ,  Brent Duckering ,  Jason Sterne

IPC分类号： H04L12/26 ,  H04L12/56 ,  H04Q11/00

CPC分类号： H04L12/5601 ,  H04L43/00 ,  H04L43/0817 ,  H04L43/0847 ,  H04L43/16 ,  H04L47/11 ,  H04L47/30 ,  H04L49/90 ,  H04L2012/5636 ,  H04L2012/5682

摘要： A method and apparatus for buffering data units in a communication switch that allows for configurable monitoring of the buffer contents is presented. Such an apparatus includes a context table that stores a plurality of independent group identifiers for each connection. Although the group identifiers may include a partition group identifier and a loss group identifier that is dependent on the partition group identifier, additional group identifiers are included in the context table for each connection that are independent of other group identifiers in the context table. Such a context table may be dynamically reconfigured in order to group connections for buffer monitoring operations related to congestion detection, traffic shaping, and data admission with respect to buffering. When a data unit is received corresponding to a particular connection, the context table is referenced to retrieve the set of group identifiers corresponding to that connection. As a cell is stored in the buffer, count values corresponding to at least some of the group identifiers included in the set of group identifiers for that connection are incremented. Similarly, when data is dequeued from the buffer for forwarding, the set of group identifiers for that particular data unit is determined and the counters corresponding to at least some of those groups are decremented. As such, the count value corresponding to each of the groups can be referenced to determine the number of data units corresponding to that group that are currently stored within the buffer.

摘要翻译： 提出一种用于缓冲通信交换机中的数据单元的方法和装置，其允许缓冲器内容的可配置监视。 这种装置包括存储用于每个连接的多个独立组标识符的上下文表。 虽然组标识符可以包括取决于分区组标识符的分区组标识符和丢失组标识符，但是对于与上下文表中的其他组标识符无关的每个连接，附加组标识符被包括在上下文表中。 这样的上下文表可以被动态地重新配置，以便分组与针对缓冲的拥塞检测，流量整形和数据准入相关的缓冲器监视操作的连接。 当接收到对应于特定连接的数据单元时，引用上下文表以检索对应于该连接的组标识符集。 当单元被存储在缓冲器中时，对应于包括在该连接的组标识符集合中的至少一些组标识符的计数值递增。 类似地，当数据从用于转发的缓冲器中出来时，确定该特定数据单元的组标识符集，并且减少对应于那些组中的至​​少一些的计数器。 因此，可以引用与每个组对应的计数值来确定当前存储在缓冲器中的与该组对应的数据单元的数量。

公开(公告)号：US07872973B2

公开(公告)日：2011-01-18

申请号：US11377578

申请日：2006-03-17

申请人： Jason Sterne ,  Robert John Johnson ,  Aaron Maxwell MacDonald ,  Richard Grieve ,  James Michael Schriel

发明人： Jason Sterne ,  Robert John Johnson ,  Aaron Maxwell MacDonald ,  Richard Grieve ,  James Michael Schriel

IPC分类号： H04J1/16 ,  H04L12/56

CPC分类号： H04L47/10 ,  H04L47/266 ,  H04L47/30 ,  H04L47/32 ,  H04L49/90 ,  Y02D50/10

摘要： A method for incorporating a queuing device as a lossless processing stage in a network device in a communications network, comprising: monitoring a depth of a queue in the queuing device, the queue for receiving packets from an upstream device within the network device, the queuing device acting as a discard point by discarding packets when the queue is full; and, if the depth passes a predetermined threshold, sending a message to the upstream device to reduce a rate at which packets are sent to the queuing device to prevent the queue from filling and thereby preventing packet discarding and loss by the queuing device.

摘要翻译： 一种在通信网络中的网络设备中将排队设备作为无损处理级并入的方法，包括：监视队列设备中队列的深度，用于从网络设备内的上游设备接收分组的队列，排队 设备在队列满时通过丢弃报文作为丢弃点; 并且如果深度通过预定阈值，则向上游设备发送消息以降低分组被发送到排队设备的速率，以防止队列填满，从而防止排队设备丢包和丢失。

公开(公告)号：US07436770B2

公开(公告)日：2008-10-14

申请号：US10760277

申请日：2004-01-21

申请人： Jason Sterne ,  Adrian Grah ,  Shay Nahum ,  Predrag Kostic ,  Herman Ho Ming Liu

发明人： Jason Sterne ,  Adrian Grah ,  Shay Nahum ,  Predrag Kostic ,  Herman Ho Ming Liu

IPC分类号： H04J3/14

CPC分类号： H04L63/0227 ,  H04L63/101 ,  H04L63/1458

摘要： The packet rate limiting method and system is used for detecting and blocking the effects of DoS attacks on IP networks. The method uses an ACL counter that stores an action parameter in the first 3 most significant bits and uses 13 bits as a packet counter. A rate limit is enforced by setting the packet counter to an initial value, and resetting this value at given intervals of time. The action parameter enables the ACL to accept or deny packets based on this rate limit. If the number of packets in the incoming flow saturates the packet counter before the reset time, the packets are denied access to the network until the counter is next reset. The denied packets may be just discarded or may be extracted for further examination.

摘要翻译： 分组速率限制方法和系统用于检测和阻止DoS攻击对IP网络的影响。 该方法使用ACL计数器，其存储动作参数在前3个最高有效位中，并使用13位作为数据包计数器。 通过将分组计数器设置为初始值来实现速率限制，并在给定的时间间隔重置该值。 该操作参数使ACL能够根据此速率限制接受或拒绝数据包。 如果进入流中的数据包数量在复位时间之前使数据包计数器饱和，则数据包将被拒绝访问网络，直到下一次重置计数器为止。 被拒绝的数据包可能被丢弃或可能被提取用于进一步检查。

公开(公告)号：US07509674B2

公开(公告)日：2009-03-24

申请号：US10679288

申请日：2003-10-07

申请人： Jason Sterne

发明人： Jason Sterne

IPC分类号： G06F17/00

CPC分类号： H04L45/00 ,  H04L45/308 ,  H04L45/60 ,  H04L45/7453 ,  H04L47/20 ,  H04L47/2425 ,  H04L47/2441 ,  H04L63/06 ,  H04L63/101

摘要： A method and apparatus are provided for maintaining access control lists (ACLs) within TCAM on a line card in a data packet router, the rules being applied to incoming data packets. Each interface may be associated with multiple ACLs, and multiple interfaces may be associated with single shared ACLs. The shared ACLs include rules applicable to more than one interface. Other ACLs are specific to a particular interface. When searching for a rule to apply to an incoming data packet, the filter searches both the specific ACL and the shared ACLs associated with the interface over which the data packet arrived. Using the shared ACLs, duplication of common rules is reduced, thereby reducing the total number of rules stored on the line card and saving memory storage space. The invention is also applicable to sets of rules other than ACLs.

摘要翻译： 提供了一种方法和装置，用于在数据分组路由器的线路卡上维护TCAM内的访问控制列表（ACL），该规则被应用于输入的数据分组。 每个接口可以与多个ACL相关联，并且多个接口可以与单个共享ACL相关联。 共享ACL包括适用于多个接口的规则。 其他ACL特定于特定接口。 当搜索适用于传入数据包的规则时，过滤器将搜索与数据包到达的接口相关联的特定ACL和共享ACL。 使用共享ACL，减少了常规规则的重复，从而减少了存储在线卡上的规则总数，并节省了存储空间。 本发明也适用于除ACL之外的规则集。

公开(公告)号：US07418002B2

公开(公告)日：2008-08-26

申请号：US10915250

申请日：2004-08-10

申请人： Robert E. Robotham ,  Denny Lee ,  Brent Gene Duckering ,  Jason Sterne

发明人： Robert E. Robotham ,  Denny Lee ,  Brent Gene Duckering ,  Jason Sterne

IPC分类号： H04L12/28 ,  H04L12/56

CPC分类号： H04L12/5601 ,  H04L43/00 ,  H04L43/0817 ,  H04L43/0847 ,  H04L43/16 ,  H04L47/11 ,  H04L47/30 ,  H04L49/90 ,  H04L2012/5636 ,  H04L2012/5682

摘要： A method and apparatus for buffering data units in a communication switch that allows for configurable monitoring of the buffer contents is presented. Such an apparatus includes a context table that stores a plurality of independent group identifiers for each connection. Although the group identifiers may include a partition group identifier and a loss group identifier that is dependent on the partition group identifier, additional group identifiers are included in the context table for each connection that are independent of other group identifiers in the context table. Such a context table may be dynamically reconfigured in order to group connections for buffer monitoring operations related to congestion detection, traffic shaping, and data admission with respect to buffering. When a data unit is received corresponding to a particular connection, the context table is referenced to retrieve the set of group identifiers corresponding to that connection. As a cell is stored in the buffer, count values corresponding to at least some of the group identifiers included in the set of group identifiers for that connection are incremented. Similarly, when data is dequeued from the buffer for forwarding, the set of group identifiers for that particular data unit is determined and the counters corresponding to at least some of those groups are decremented. As such, the count value corresponding to each of the groups can be referenced to determine the number of data units corresponding to that group that are currently stored within the buffer.

摘要翻译： 提出一种用于缓冲通信交换机中的数据单元的方法和装置，其允许缓冲器内容的可配置监视。 这种装置包括存储用于每个连接的多个独立组标识符的上下文表。 虽然组标识符可以包括取决于分区组标识符的分区组标识符和丢失组标识符，但是对于与上下文表中的其他组标识符无关的每个连接，附加组标识符被包括在上下文表中。 这样的上下文表可以被动态地重新配置，以便分组与针对缓冲的拥塞检测，流量整形和数据准入相关的缓冲器监视操作的连接。 当接收到对应于特定连接的数据单元时，引用上下文表以检索对应于该连接的组标识符集。 当单元被存储在缓冲器中时，对应于包括在该连接的组标识符集合中的至少一些组标识符的计数值递增。 类似地，当数据从用于转发的缓冲器中出来时，确定该特定数据单元的组标识符集，并且减少对应于那些组中的至​​少一些的计数器。 因此，可以引用与每个组对应的计数值来确定当前存储在缓冲器中的与该组对应的数据单元的数量。