-
公开(公告)号:US20070160063A1
公开(公告)日:2007-07-12
申请号:US11329509
申请日:2006-01-10
IPC分类号: H04L12/56
CPC分类号: H04L63/068 , H04L69/16 , H04L69/163
摘要: Approaches are disclosed for switching transport protocol connection keys. A first node sends a keychange request message to a second node, causing the second node to accept subsequent messages digitally signed with a first or second key. The second node sends an acknowledgment message to the first node, causing the first node to accept subsequent messages digitally signed with the first or second key. The first node receives a new message digitally signed with the second key from the second node and determines that there are no remaining messages to be received digitally signed with the first key. In response thereto, the first node only accepts messages digitally signed with the second key and sends a message signed with the second key to the second node, causing the second node to only accept messages digitally signed with the second key.
摘要翻译: 公开了用于切换传输协议连接密钥的方法。 第一节点向第二节点发送密钥交换请求消息,导致第二节点接受用第一或第二密钥数字签名的后续消息。 第二节点向第一节点发送确认消息,使得第一节点接受用第一或第二密钥数字签名的后续消息。 第一节点从第二节点接收用第二密钥数字签名的新消息,并确定不存在要用第一密钥数字签名的剩余消息。 响应于此,第一节点仅接受用第二密钥数字签名的消息,并将具有第二密钥签名的消息发送到第二节点,使得第二节点仅接受用第二密钥数字签名的消息。
-
公开(公告)号:US20070005973A1
公开(公告)日:2007-01-04
申请号:US11173690
申请日:2005-07-01
IPC分类号: H04L9/00
CPC分类号: H04L63/123 , H04L9/0891 , H04L9/3239 , H04L9/3247 , H04L2209/38 , H04L2209/80
摘要: Approaches are disclosed for switching transport protocol connection keys. In a transport protocol module configured to use a first key for signing messages associated with a transport protocol connection, a second key is configured for the transport protocol connection. A first message that is associated with the transport protocol connection is received. The first message includes a first signature. A first and a second message digests are computed for the first message, where the first message digest is based on the first key and the second message digest is based on the second key. The first message is validated if the first signature in the first message matches any one of the first message digest and the second message digest.
摘要翻译: 公开了用于切换传输协议连接密钥的方法。 在被配置为使用第一密钥来签署与传输协议连接相关联的消息的传输协议模块中,为传输协议连接配置第二密钥。 接收与传输协议连接相关联的第一消息。 第一个消息包括第一个签名。 针对第一消息计算第一和第二消息摘要,其中第一消息摘要基于第一密钥,第二消息摘要基于第二密钥。 如果第一消息中的第一个签名与第一个消息摘要和第二个消息摘要中的任何一个匹配,则验证第一个消息。
-
公开(公告)号:US07801135B2
公开(公告)日:2010-09-21
申请号:US11134686
申请日:2005-05-19
IPC分类号: H04L12/56
CPC分类号: H04L69/16 , H04L45/121 , H04L69/14 , H04L69/161 , H04L69/163 , H04L69/326
摘要: A system and method supporting synchronization of replicated transport layer connections in a redundant processor telecommunications network element. One method involves receiving, at a network element comprising an active transport protocol process coupled to a standby transport protocol process, information identifying a newly created transport layer connection maintained at the active transport protocol process; assigning a unique connection identifier to the transport layer connection; sending the unique connection identifier, in association with other, protocol-specific connection identifying information, to the standby protocol process; and sending, to the standby transport protocol process, one or more messages comprising one or more properties or statistics associated with the transport layer connection, wherein the messages identify the transport layer connection using the unique connection identifier.
摘要翻译: 支持冗余处理器电信网络元件中复制传输层连接同步的系统和方法。 一种方法包括在包括与备用传输协议过程相关联的活动传输协议进程的网络元件处接收标识在活动传输协议过程中维护的新创建的传输层连接的信息; 向传输层连接分配唯一的连接标识符; 将与所述协议特定连接识别信息相关联的唯一连接标识符发送到所述备用协议进程; 以及向所述备用传输协议进程发送包括与所述传输层连接相关联的一个或多个属性或统计信息的一个或多个消息,其中所述消息使用所述唯一连接标识符标识所述传输层连接。
-
公开(公告)号:US07623464B2
公开(公告)日:2009-11-24
申请号:US10888122
申请日:2004-07-09
IPC分类号: G01R31/08
CPC分类号: H04L41/06 , H04L43/0811 , H04L45/00 , H04L45/04 , H04L45/22 , H04L45/28 , H04L67/14 , H04L69/16 , H04L69/163 , H04L69/40
摘要: A method is disclosed for rapidly detecting a protocol failure. In one embodiment, the method includes receiving an indication that a first process has failed. The first process having been engaged in communications over one or more network connections with a second process. A packet is formed, such that the packet appears to have been formed by the first process. The packet includes one or more data values, which, when received and processed by the second process, will cause the second process to close the network connection. The packet is sent to the second process. When the second process receives the packet, the second process to closes the network connection.
摘要翻译: 公开了一种用于快速检测协议故障的方法。 在一个实施例中,该方法包括接收第一进程失败的指示。 第一进程已经通过一个或多个网络连接进行了第二进程的通信。 形成分组,使得分组似乎是由第一进程形成的。 该分组包括一个或多个数据值,当由第二进程接收和处理时将使第二进程关闭网络连接。 数据包被发送到第二个进程。 当第二个进程收到数据包时,第二个进程关闭网络连接。
-
公开(公告)号:US20060268710A1
公开(公告)日:2006-11-30
申请号:US11133622
申请日:2005-05-19
IPC分类号: H04J1/16
CPC分类号: H04L69/16 , H04L69/163 , Y10S707/99953 , Y10S707/99955
摘要: A method detects a change in TCP receive window size while preventing fragmentation of data. A TCP stack receives a segment that advertises a receive window size of zero. If data needs to be sent, and only if so, a timer is started. When the timer expires, a TCP segment that contains a first sequence number value equal to second sequence number representing sent but unacknowledged data minus one, and a segment length value of zero, is sent. Without sending a fragment of data, this triggers a peer TCP process to send an updated window size. A TCP ACK segment is received and contains an updated receive window size. If the updated receive window size is greater than a specified value, then the data is sent. Otherwise, a counter is incremented, and the steps are re-performed if the counter is less than a specified value.
-
公开(公告)号:US20060262716A1
公开(公告)日:2006-11-23
申请号:US11134678
申请日:2005-05-19
CPC分类号: H04L41/0668 , H04L69/16 , H04L69/40
摘要: A system and method supporting efficient, scalable stateful switchover of transport layer connections in a telecommunications network element. One method involves receiving, at a network element comprising an active transport protocol process coupled to a standby protocol process, a request to configure a first transport layer connection maintained at the active transport protocol process for stateful switchover; receiving an event associated with the first transport layer connection; creating a message containing replicated event information based on the received event; sending the message to the standby transport protocol process; and processing the message at the standby transport protocol process, wherein the standby transport protocol process replicates state information for the first connection.
-
公开(公告)号:US20060159011A1
公开(公告)日:2006-07-20
申请号:US11036191
申请日:2005-01-14
CPC分类号: H04L67/1048 , H04J3/14 , H04L1/187 , H04L45/02 , H04L45/22 , H04L45/28 , H04L45/586 , H04L67/104 , H04L67/1095 , H04L67/14 , H04L69/14 , H04L69/16 , H04L69/40
摘要: A method for detecting unavailable network connections comprises, at a first data processing node that is hosting a transport protocol connection that uses a plurality of sequence values to identify messages sent to a peer node, wherein the first node is communicatively coupled to a second data processing node serving as a redundant backup, periodically sending a checkpoint sequence value to the second node; detecting that either the transport protocol connection or a process using the transport protocol connection is unavailable, without use of a timeout; and in response thereto, sending a notification to the peer node, wherein the notification includes the checkpoint sequence value. One embodiment provides for rapidly detecting and responding to failure of a TCP process without using long timeouts as conventionally provided in long-lived applications that run on top of TCP.
摘要翻译: 一种用于检测不可用网络连接的方法包括:在承载使用多个序列值以识别发送到对等节点的消息的传输协议连接的第一数据处理节点处,其中所述第一节点通信地耦合到第二数据处理 节点用作冗余备份,周期性地向第二节点发送检查点序列值; 检测传输协议连接或使用传输协议连接的进程不可用,而不使用超时; 并且响应于此,向所述对等节点发送通知,其中所述通知包括所述检查点序列值。 一个实施例提供了快速检测和响应TCP过程的故障,而不需要在TCP上运行的长寿命应用程序中常规提供的长时间超时。
-
公开(公告)号:US20060062142A1
公开(公告)日:2006-03-23
申请号:US10948732
申请日:2004-09-22
IPC分类号: H04L1/00
CPC分类号: H04L47/27 , H04L45/04 , H04L45/586 , H04L69/40
摘要: A system and method for performing stateful switchover with reduced data, such as only metadata about a TCP window state. The metadata comprises a size of TCP packets used to send BGP messages, and which of those have been acknowledged by a neighbor networking device. The networking device comprises a BGP module to establish a BGP session between the networking device and a neighbor networking device. An active transport module within the networking device synchronizes with a standby transport module within the networking device by sending the metadata. A fault detector within the networking device initiates a stateful switchover from the active transport module to the standby transport module responsive to detecting a failure of a process and/or processor. The standby transport module uses the metadata to determine stateful metadata for preserving current BGP and TCP sessions of the networking device with dummy TCP packets having the same size ad sent TCP packets and containing safe BGP message data.
-
9.发明授权Detecting change in a transport protocol window size without data transmission 有权检测传输协议窗口大小的变化,无需数据传输公开(公告)号:US07613118B2
公开(公告)日:2009-11-03
申请号:US11133622
申请日:2005-05-19
CPC分类号: H04L69/16 , H04L69/163 , Y10S707/99953 , Y10S707/99955
摘要: A method detects a change in TCP receive window size while preventing fragmentation of data. A TCP stack receives a segment that advertises a receive window size of zero. If data needs to be sent, and only if so, a timer is started. When the timer expires, a TCP segment that contains a first sequence number value equal to second sequence number representing sent but unacknowledged data minus one, and a segment length value of zero, is sent. Without sending a fragment of data, this triggers a peer TCP process to send an updated window size. A TCP ACK segment is received and contains an updated receive window size. If the updated receive window size is greater than a specified value, then the data is sent. Otherwise, a counter is incremented, and the steps are re-performed if the counter is less than a specified value.
摘要翻译: 一种方法检测TCP接收窗口大小的变化,同时防止数据碎片化。 TCP堆栈接收一个通告接收窗口大小为零的段。 如果需要发送数据,并且只有这样,才能启动定时器。 当定时器到期时,发送包含表示发送但未确认的数据减去1的第二序列号的第一序列号值和段长度值为零的TCP段。 不发送数据片段,这将触发对等TCP进程发送更新的窗口大小。 TCP ACK段被接收并且包含更新的接收窗口大小。 如果更新的接收窗口大小大于指定值,则发送数据。 否则,计数器递增,如果计数器小于指定值,则重新执行步骤。
-
公开(公告)号:US07565694B2
公开(公告)日:2009-07-21
申请号:US10959225
申请日:2004-10-05
CPC分类号: H04L63/1458 , H04L69/16 , H04L69/163
摘要: A method for improving resistance of network protocols running on transmission control protocol (TCP), such as BGP. For example, a method comprises receiving, from a TCP application, a request to ignore all TCP segments with an RST bit set, except for solicited RST segments; establishing a filter that blocks all but solicited TCP RST segments; receiving a TCP segment with a SYN bit set and a sequence number value within an allowed window for a TCP connection matching the received segment, and for a session of the TCP application; re-configuring the filter to allow TCP RST segments for the connection associated with the received segment; requesting the TCP application to initiate an event that will induce a legitimate sender of the received segment to send a valid TCP RST segment in response; and closing the connection only when a TCP RST segment is received in response.
摘要翻译: 一种提高在传输控制协议(TCP)(如BGP)上运行的网络协议的阻力的方法。 例如,一种方法包括从TCP应用程序接收除了被请求的RST段之外忽略具有RST位的所有TCP段的请求; 建立一个阻塞所有但被请求的TCP RST段的过滤器; 接收具有SYN位集合的TCP段和在允许的窗口内的序列号值,用于匹配所接收的段的TCP连接以及TCP应用的会话; 重新配置过滤器以允许TCP RST段用于与接收段相关联的连接; 请求TCP应用程序发起一个将导致接收段的合法发送方发送有效的TCP RST段作为响应的事件; 并且只有当接收到TCP RST段作为响应时才关闭连接。
-
-
-
-
-
-
-
-
-
搜索结果
59 条记录 (耗时 0.024 秒)
