利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

11 条记录 (耗时 0.029 秒)

    Cooperative MAC learning/aging in highly distributed forwarding system
    1.
    发明授权
    Cooperative MAC learning/aging in highly distributed forwarding system 有权
    高度分布式转发系统中的MAC学习/老化

    公开(公告)号:US08155150B1

    公开(公告)日:2012-04-10

    申请号:US12401911

    申请日:2009-03-11

    申请人: Sammy Chung Dongyi Jiang Tsai-Zong Lin Jin Shang Anthony Ng

    发明人: Sammy Chung Dongyi Jiang Tsai-Zong Lin Jin Shang Anthony Ng

    IPC分类号: H04J3/24

    CPC分类号: H04L12/433 H04L12/462

    摘要: A method may be performed by a device in a network, the device including multiple security process units (SPUs). The method includes receiving a packet over the network, the packet including a media access control (MAC) address, and assigning one SPU as the MAC address owner. The method also includes sending information about the MAC address to other SPUs within the device, storing the MAC address in a MAC table within each SPU, and initiating a MAC age query to confirm the MAC address has timed out among all SPUs. The MAC age query is passed via a logical ring of the SPUs beginning with the MAC address owner. If the MAC address is aged out at each SPU, the MAC address is deleted from each MAC table. If the MAC entry is still active, a different SPU is assigned as the MAC address owner.

    摘要翻译: 一种方法可以由网络中的设备执行,该设备包括多个安全处理单元(SPU)。 该方法包括通过网络接收分组,所述分组包括媒体访问控制(MAC)地址,并且分配一个SPU作为MAC地址所有者。 该方法还包括向设备内的其他SPU发送关于MAC地址的信息,将MAC地址存储在每个SPU内的MAC表中,以及启动MAC时间查询,以确认所有SPU中的MAC地址已经超时。 通过从MAC地址所有者开始的SPU的逻辑环来传递MAC时长查询。 如果MAC地址在每个SPU老化,则MAC地址从每个MAC表中删除。 如果MAC表项仍然处于活动状态,则会分配不同的SPU作为MAC地址所有者。

    Providing non-interrupt failover using a link aggregation mechanism
    2.
    发明授权
    Providing non-interrupt failover using a link aggregation mechanism 有权
    使用链路聚合机制提供非中断故障转移

    公开(公告)号:US09100329B1

    公开(公告)日:2015-08-04

    申请号:US13536419

    申请日:2012-06-28

    申请人: Dongyi Jiang Jin Shang David Yu Tsai-Zong Lin Chih-Wei Chao

    发明人: Dongyi Jiang Jin Shang David Yu Tsai-Zong Lin Chih-Wei Chao

    IPC分类号: H04L12/26 H04L12/707 H04L12/703

    CPC分类号: H04L45/28 H04L41/0654 H04L41/0663 H04L45/22 H04L45/74 H04L49/557

    摘要: A device receives traffic; identifies an address associated with the traffic; determines whether the address is associated with an aggregate interface, the aggregate interface being associated with a first port and a second port. The first port corresponds to a first node in a first state, that indicates that the first node is available to forward the traffic, and the second port corresponds to a second node in a second state, that indicates that that the second node is not available to forward the traffic. The device transmits the traffic to the first node via the first port and to the second node, via the second port, when the address is associated with the aggregate interface. Transmitting the traffic enables the second node to forward the traffic when the first node changes from the first state to the second state.

    摘要翻译: 设备接收流量; 识别与流量相关联的地址; 确定地址是否与聚合接口相关联,聚合接口与第一端口和第二端口相关联。 第一端口对应于处于第一状态的第一节点,其指示第一节点可用于转发业务,并且第二端口对应于处于第二状态的第二节点,其指示第二节点不可用 转发流量。 当地址与聚合接口相关联时,设备经由第一端口向第一节点传送流量,并经由第二端口将流量发送到第二节点。 当第一节点从第一状态改变到第二状态时,发送流量使得第二节点能够转发流量。

    Fully integrated switching and routing in a security device
    3.
    发明授权
    Fully integrated switching and routing in a security device 有权
    在安全设备中完全集成的交换和路由

    公开(公告)号:US09021547B1

    公开(公告)日:2015-04-28

    申请号:US13333439

    申请日:2011-12-21

    申请人: Tsai-Zong Lin Chih-Wei Chao Jin Shang Dongyi Jiang Anchung Chung

    发明人: Tsai-Zong Lin Chih-Wei Chao Jin Shang Dongyi Jiang Anchung Chung

    IPC分类号: G06F17/00 G06F7/04 H04L29/06

    CPC分类号: H04L63/20 H04L63/0227 H04L63/164 H04L63/166

    摘要: This disclosure is directed toward an integrated switching and routing security device that provides zone-based security directly between layer two (L2) interfaces of L2 bridge domains and/or layer three (L3) interfaces of L3 routing instances within the security device. The integrated switching and routing security device supports both switching and routing functionalities for packets on L2 and L3 interfaces, and supports security within and between L2 bridge domains and L3 routing instances. The integrated switching and routing security device configures L2 security zones for one or more L2 interfaces and configures L3 security zones for one or more L3 interfaces. The integrated switching and routing security device then applies security policies to incoming packets according to the L2 security zones and/or the L3 security zones associated with the incoming interface and an outgoing interface for the packets to provide end-to-end security within the security device.

    摘要翻译: 本公开涉及集成的交换和路由安全设备,其直接在L2网桥域的第二层(L2)接口和/或L3路由实例的第三层(L3)接口之间提供基于区域的安全性。 集成交换和路由安全设备支持L2和L3接口上的数据包的交换和路由功能,并支持L2桥接域和L3路由实例之间的安全性。 集成交换路由安全设备为一个或多个L2接口配置L2安全区域,并为一个或多个L3接口配置L3安全区域。 集成交换和路由安全设备然后根据与入局接口相关联的L2安全区域和/或L3安全区域对传入的分组应用安全策略,以及用于分组的输出接口,以提供安全性内的端到端安全性 设备。

    Packet forwarding using feedback controlled weighted queues dynamically adjusted based on processor utilization
    4.
    发明授权
    Packet forwarding using feedback controlled weighted queues dynamically adjusted based on processor utilization 有权
    使用基于处理器利用率动态调整的反馈控制加权队列的分组转发

    公开(公告)号:US08208406B1

    公开(公告)日:2012-06-26

    申请号:US12111996

    申请日:2008-04-30

    申请人: Dongyi Jiang Chih-Wei Chao David Yu Jin Shang

    发明人: Dongyi Jiang Chih-Wei Chao David Yu Jin Shang

    IPC分类号: H04L12/28

    CPC分类号: H04L47/623

    摘要: In general, techniques are described for dynamically managing weighted queues. In accordance with the techniques, a network security device comprises a queue management module that assigns, for each queue of a plurality of queues, a quota desirable to a user that a processor of the network security device consumes to service each queue. The queue management module determines, based on the desirable quotas, a queue weight for each queue and computes. Based on the computation, the queue management module dynamically adjusts one or more of the weights such that subsequent amounts of processing time actually required to process the number of packets defined by each of the queue weights more accurately reflects the desirable quotas assigned to each of the queues. The network device outputs the number of packets in accordance with the adjusted weights.

    摘要翻译: 一般来说,描述了用于动态管理加权队列的技术。 根据这些技术,网络安全设备包括队列管理模块,其为多个队列的每个队列分配对网络安全设备的处理器消耗对每个队列服务的用户所需的配额。 队列管理模块基于所需的配额来确定每个队列的队列权重并进行计算。 基于该计算,队列管理模块动态地调整一个或多个权重,使得实际需要处理由每个队列权重定义的分组数量的后续处理时间量更准确地反映分配给每个队列权重的所需配额 队列 网络设备根据调整的权重输出数据包数。

    INTEGRATED SECURITY SWITCH
    6.
    发明申请
    INTEGRATED SECURITY SWITCH 有权
    集成安全开关

    公开(公告)号:US20090303994A1

    公开(公告)日:2009-12-10

    申请号:US12539801

    申请日:2009-08-12

    申请人: Michael Xie Jin Shang Anthony James Shaohong Wei

    发明人: Michael Xie Jin Shang Anthony James Shaohong Wei

    IPC分类号: H04L12/56 G06F21/00

    CPC分类号: H04L63/0281 H04L47/20 H04L63/02 H04L63/0209

    摘要: An integrated security switch and related method for managing connectivity and security among networks. The integrated security switch includes a security function connectable with a first network and at least one switching function connectable with a second network. A common management interface driven by both command line interface and graphic user interface protocols manages the switching function via a management path dedicated between the security function and the switching function. The common management interface enables secure switching of traffic to flow via a traffic path dedicated between the switching function and the security function. Typically, the traffic is a flow of data between the Internet and a group of networked users such as a wide area network.

    摘要翻译: 一种用于管理网络之间的连接和安全性的集成安全交换机和相关方法。 集成安全交换机包括可与第一网络连接的安全功能以及可与第二网络连接的至少一个交换功能。 由命令行界面和图形用户界面协议驱动的通用管理界面通过安全功能和切换功能之间专用的管理路径管理交换功能。 通用管理接口能够通过交换功能和安全功能之间专用的流量路径安全切换流量。 通常,流量是因特网和一组网络用户(诸如广域网)之间的数据流。

    Integrated security switch
    7.
    发明授权
    Integrated security switch 有权
    集成安全开关

    公开(公告)号:US07606225B2

    公开(公告)日:2009-10-20

    申请号:US11347279

    申请日:2006-02-06

    申请人: Michael Xie Jin Shang Anthony James Shaohong Wei

    发明人: Michael Xie Jin Shang Anthony James Shaohong Wei

    IPC分类号: H04L12/28 H04L12/66 G06F15/16

    CPC分类号: H04L63/0281 H04L47/20 H04L63/02 H04L63/0209

    摘要: An integrated security switch and related method for managing connectivity and security among networks. The integrated security switch includes a security function connectable with a first network and at least one switching function connectable with a second network. A common management interface driven by both command line interface and graphic user interface protocols manages the switching function via a management path dedicated between the security function and the switching function. The common management interface enables secure switching of traffic to flow via a traffic path dedicated between the switching function and the security function. Typically, the traffic is a flow of data between the Internet and a group of networked users such as a wide area network.

    摘要翻译: 一种用于管理网络之间的连接和安全性的集成安全交换机和相关方法。 集成安全交换机包括可与第一网络连接的安全功能以及可与第二网络连接的至少一个交换功能。 由命令行界面和图形用户界面协议驱动的通用管理界面通过安全功能和切换功能之间专用的管理路径管理交换功能。 通用管理接口能够通过交换功能和安全功能之间专用的流量路径安全切换流量。 通常,流量是因特网和一组网络用户(诸如广域网)之间的数据流。

    Integrated security switch
    8.
    发明申请
    Integrated security switch 有权
    集成安全开关

    公开(公告)号:US20070183433A1

    公开(公告)日:2007-08-09

    申请号:US11347279

    申请日:2006-02-06

    申请人: Michael Xie Jin Shang Anthony James Shaohong Wei

    发明人: Michael Xie Jin Shang Anthony James Shaohong Wei

    IPC分类号: H04L12/56 H04L12/66

    CPC分类号: H04L63/0281 H04L47/20 H04L63/02 H04L63/0209

    摘要: An integrated security switch and related method for managing connectivity and security among networks. The integrated security switch includes a security function connectable with a first network and at least one switching function connectable with a second network. A common management interface driven by both command line interface and graphic user interface protocols manages the switching function via a management path dedicated between the security function and the switching function. The common management interface enables secure switching of traffic to flow via a traffic path dedicated between the switching function and the security function. Typically, the traffic is a flow of data between the Internet and a group of networked users such as a wide area network.

    摘要翻译: 一种用于管理网络之间的连接和安全性的集成安全交换机和相关方法。 集成安全交换机包括可与第一网络连接的安全功能以及可与第二网络连接的至少一个交换功能。 由命令行界面和图形用户界面协议驱动的通用管理界面通过安全功能和切换功能之间专用的管理路径管理交换功能。 通用管理接口能够通过交换功能和安全功能之间专用的流量路径安全切换流量。 通常,流量是因特网和一组网络用户(诸如广域网)之间的数据流。

    MAC address modification of otherwise locally bridged client devices to provide security
    9.
    发明授权
    MAC address modification of otherwise locally bridged client devices to provide security 有权
    MAC地址修改本地桥接的客户端设备提供安全性

    公开(公告)号:US07996894B1

    公开(公告)日:2011-08-09

    申请号:US11058828

    申请日:2005-02-15

    申请人: Zhong Chen Joseph H. Levy David M. Telehowski Jin Shang

    发明人: Zhong Chen Joseph H. Levy David M. Telehowski Jin Shang

    IPC分类号: G06F11/00 G06F15/16

    CPC分类号: H04W12/06 H04L63/02 H04L63/08 H04W88/08

    摘要: A method is disclosed for providing security to a client-to-client communication. The method includes authenticating a first client and a second client with an access point device, transmitting the packet to the security device and modifying a destination media access control (MAC) address of a packet from the first client to a MAC address of a security device for a first network. The packet contains a destination internet protocol (IP) address of the second client. The access point device and the first and second clients belong to the first network. The security device is located between the first network and a second network.

    摘要翻译: 公开了一种用于向客户端到客户端通信提供安全性的方法。 该方法包括用接入点设备认证第一客户端和第二客户端,将分组发送到安全设备,并将分组的目的地媒体访问控制(MAC)地址从第一客户端修改为安全设备的MAC地址 为第一个网络 该分组包含第二客户端的目标网际协议(IP)地址。 接入点设备和第一和第二客户端属于第一网络。 安全设备位于第一网络和第二网络之间。