-
公开(公告)号:US06678248B1
公开(公告)日:2004-01-13
申请号:US09597878
申请日:2000-06-20
IPC分类号: H04L1256
CPC分类号: H04L47/10 , H04L47/20 , H04L47/2441 , H04L47/50 , H04L49/101 , H04L49/205 , H04L49/254 , H04L49/3018 , H04L49/351
摘要: A flexible, policy-based, mechanism for managing, monitoring, and prioritizing traffic within a network and allocating bandwidth to achieve true quality of service (QoS) is provided. According to one aspect of the present invention, a method is provided for managing bandwidth allocation in a network that employs a non-deterministic access protocol, such as an Ethernet network. A packet forwarding device receives information indicative of a set of traffic groups, such as: a MAC address, or IEEE 802.1p priority indicator or 802.1Q frame tag, if the QoS policy is based upon individual station applications; or a physical port if the QoS policy is based purely upon topology. The packet forwarding device additionally receives bandwidth parameters corresponding to the traffic groups. After receiving a packet associated with one of the traffic groups on a first port, the packet forwarding device schedules the packet for transmission from a second port based upon bandwidth parameters corresponding to the traffic group with which the packet is associated. According to another aspect of the present invention, a method is provided for managing bandwidth allocation in a packet forwarding device. The packet forwarding device receives information indicative of a set of traffic groups. The packet forwarding device additionally receives information defining a QoS policy for the traffic groups. After a packet is received by the packet forwarding device, a traffic group with which the packet is associated is identified. Subsequently, rather than relying on an end-to-end signaling protocol for scheduling, the packet is scheduled for transmission based upon the QoS policy for the identified traffic group.
-
公开(公告)号:US6104700A
公开(公告)日:2000-08-15
申请号:US018103
申请日:1998-02-03
IPC分类号: H04L12/56
CPC分类号: H04L47/10 , H04L12/5693 , H04L47/20 , H04L47/2441 , H04L49/205 , H04L49/101 , H04L49/254 , H04L49/3018 , H04L49/351
摘要: A flexible, policy-based, mechanism for managing, monitoring, and prioritizing traffic within a network and allocating bandwidth to achieve true quality of service (QoS) is provided. According to one aspect of the present invention, a method is provided for managing bandwidth allocation in a network that employs a non-deterministic access protocol, such as an Ethernet network. A packet forwarding device receives information indicative of a set of traffic groups, such as: a MAC address, or IEEE 802.1p priority indicator or 802.1Q frame tag, if the QoS policy is based upon individual station applications; or a physical port if the QoS policy is based purely upon topology. The packet forwarding device additionally receives bandwidth parameters corresponding to the traffic groups. After receiving a packet associated with one of the traffic groups on a first port, the packet forwarding device schedules the packet for transmission from a second port based upon bandwidth parameters corresponding to the traffic group with which the packet is associated. According to another aspect of the present invention, a method is provided for managing bandwidth allocation in a packet forwarding device. The packet forwarding device receives information indicative of a set of traffic groups. The packet forwarding device additionally receives information defining a QoS policy for the traffic groups. After a packet is received by the packet forwarding device, a traffic group with which the packet is associated is identified. Subsequently, rather than relying on an end-to-end signaling protocol for scheduling, the packet is scheduled for transmission based upon the QoS policy for the identified traffic group.
摘要翻译: 提供了一种灵活的基于策略的机制,用于管理,监控和优先化网络中的流量,并分配带宽以实现真正的服务质量(QoS)。 根据本发明的一个方面,提供一种用于管理采用诸如以太网之类的非确定性接入协议的网络中的带宽分配的方法。 如果QoS策略基于个别站应用,则分组转发设备接收指示一组业务组的信息,诸如:MAC地址或IEEE 802.1p优先级指示符或802.1Q帧标签; 或物理端口,如果QoS策略完全基于拓扑。 分组转发设备另外接收对应于业务组的带宽参数。 在接收到与第一端口上的一个流量组相关联的分组后,分组转发设备基于与分组所关联的业务组相对应的带宽参数,从第二端口调度分组以进行传输。 根据本发明的另一方面,提供一种用于管理分组转发设备中的带宽分配的方法。 分组转发设备接收指示一组业务组的信息。 分组转发设备另外接收定义业务组的QoS策略的信息。 在分组转发设备接收到分组后,识别与该分组相关联的业务组。 随后,不是依靠用于调度的端到端信令协议,而是基于所识别的业务组的QoS策略来调度分组以进行传输。
-
公开(公告)号:US06859438B2
公开(公告)日:2005-02-22
申请号:US10728638
申请日:2003-12-05
IPC分类号: H04L12/56
CPC分类号: H04L47/10
摘要: A flexible, policy-based, mechanism for managing, monitoring, and prioritizing traffic within a network and allocating bandwidth to achieve true quality of service (QoS) is provided. According to one aspect of the present invention, a method is provided for managing bandwidth allocation in a network that employs a non-deterministic access protocol, such as an Ethernet network. A packet forwarding device receives information indicative of a set of traffic groups, such as: a MAC address, or IEEE 802.1p priority indicator or 802.1Q frame tag, if the QoS policy is based upon individual station applications; or a physical port if the QoS policy is based purely upon topology. The packet forwarding device additionally receives bandwidth parameters corresponding to the traffic groups. After receiving a packet associated with one of the traffic groups on a first port, the packet forwarding device schedules the packet for transmission from a second port based upon bandwidth parameters corresponding to the traffic group with which the packet is associated. According to another aspect of the present invention, a method is provided for managing bandwidth allocation in a packet forwarding device. The packet forwarding device receives information indicative of a set of traffic groups. The packet forwarding device additionally receives information defining a QoS policy for the traffic groups. After a packet is received by the packet forwarding device, a traffic group with which the packet is associated is identified. Subsequently, rather than relying on an end-to-end signaling protocol for scheduling, the packet is scheduled for transmission based upon the QoS policy for the identified traffic group.
摘要翻译: 提供了一种灵活的基于策略的机制,用于管理,监控和优先化网络中的流量,并分配带宽以实现真正的服务质量(QoS)。 根据本发明的一个方面,提供一种用于管理采用诸如以太网之类的非确定性接入协议的网络中的带宽分配的方法。 如果QoS策略基于个别站应用,则分组转发设备接收指示一组业务组的信息,诸如:MAC地址或IEEE 802.1p优先级指示符或802.1Q帧标签; 或物理端口,如果QoS策略完全基于拓扑。 分组转发设备另外接收对应于业务组的带宽参数。 在接收到与第一端口上的一个流量组相关联的分组后,分组转发设备基于与分组所关联的业务组相对应的带宽参数,从第二端口调度分组以进行传输。 根据本发明的另一方面,提供一种用于管理分组转发设备中的带宽分配的方法。 分组转发设备接收指示一组业务组的信息。 分组转发设备另外接收定义业务组的QoS策略的信息。 在分组转发设备接收到分组后,识别与该分组相关联的业务组。 随后,不是依靠用于调度的端到端信令协议,而是基于所识别的业务组的QoS策略来调度分组以进行传输。
-
公开(公告)号:US07792058B1
公开(公告)日:2010-09-07
申请号:US11050165
申请日:2005-02-02
CPC分类号: H04L45/00 , H04L12/4641 , H04L29/12009 , H04L29/12783 , H04L29/12801 , H04L45/586 , H04L61/35 , H04L61/6004
摘要: A method and system for an aggregated virtual local area network (VLAN) architecture in which several VLANs in a network share the same default router address and subnet mask, but remain isolated from one another's network traffic. Instead of the traditional method of assigning one subnet to a VLAN, each VLAN is assigned only a portion of a subnet's IP address space, and is further grouped into a super-VLAN uniquely associated with that subnet. Intra-VLAN traffic is forwarded only to host IP addresses assigned to that same VLAN according to a VLAN identifier carried in the data packet. Inter-VLAN traffic is processed by a virtual router interface which routes the data packet by applying the routing configuration for the subnet uniquely associated with the super-VLAN, according to a super-VLAN identifier carried in the data packet.
摘要翻译: 用于聚合虚拟局域网(VLAN)架构的方法和系统,其中网络中的多个VLAN共享相同的默认路由器地址和子网掩码,但是彼此之间的网络流量保持隔离。 代替将一个子网分配给VLAN的传统方法,每个VLAN只分配一部分子网的IP地址空间,并进一步分组成与该子网唯一相关联的超级VLAN。 根据数据包中携带的VLAN标识,VLAN内流量仅转发到分配给同一VLAN的主机IP地址。 VLAN间流量由虚拟路由器接口进行处理,虚拟路由器接口根据数据包携带的超VLAN标识,对与Super-VLAN唯一相关的子网应用路由配置路由数据包。
-
公开(公告)号:US06914905B1
公开(公告)日:2005-07-05
申请号:US09595608
申请日:2000-06-16
申请人: Michael Yip , Shehzad T. Merchant , Kenneth T. Yin
发明人: Michael Yip , Shehzad T. Merchant , Kenneth T. Yin
CPC分类号: H04L45/00 , H04L12/4641 , H04L29/12009 , H04L29/12783 , H04L29/12801 , H04L45/586 , H04L61/35 , H04L61/6004
摘要: A method and system for an aggregated virtual local area network (VLAN) architecture in which several VLANs in a network share the same default router address and subnet mask, but remain isolated from one another's network traffic. Instead of the traditional method of assigning one subnet to a VLAN, each VLAN is assigned only a portion of a subnet's IP address space, and is further grouped into a super-VLAN uniquely associated with that subnet. Intra-VLAN traffic is forwarded only to host IP addresses assigned to that same VLAN according to a VLAN identifier carried in the data packet. Inter-VLAN traffic is processed by a virtual router interface which routes the data packet by applying the routing configuration for the subnet uniquely associated with the super-VLAN, according to a super-VLAN identifier carried in the data packet. The routing configuration used by the virtual router interface includes routing protocols, static routes, redundant router protocols and access-lists. Since each VLAN shares the same virtual router interlace, the traditional address overhead of a subnet is minimized, requiring only one default router and subnet mask, as well as only one pair of subnet broadcast addresses for all hosts on the subnet and the subnet itself. The aggregated VLAN architecture provides for the efficient use and management of a network's IP address space.
摘要翻译: 用于聚合虚拟局域网(VLAN)架构的方法和系统,其中网络中的多个VLAN共享相同的默认路由器地址和子网掩码,但是彼此之间的网络流量保持隔离。 代替将一个子网分配给VLAN的传统方法,每个VLAN只分配一部分子网的IP地址空间,并进一步分组成与该子网唯一相关联的超级VLAN。 根据数据包中携带的VLAN标识,VLAN内流量仅转发到分配给同一VLAN的主机IP地址。 VLAN间流量由虚拟路由器接口进行处理,虚拟路由器接口根据数据包携带的超VLAN标识,对与Super-VLAN唯一相关的子网应用路由配置路由数据包。 虚拟路由器接口使用的路由配置包括路由协议,静态路由,冗余路由器协议和访问列表。 由于每个VLAN共享相同的虚拟路由器交错,子网的传统地址开销最小化,只需要一个默认路由器和子网掩码,以及子网上所有主机和子网本身只有一对子网广播地址。 聚合VLAN架构提供了有效利用和管理网络的IP地址空间。
-
公开(公告)号:US07577996B1
公开(公告)日:2009-08-18
申请号:US10773394
申请日:2004-02-06
申请人: Shehzad T. Merchant , Derek H. Pitcher , Victor C. Lin , Manish M. Rathi , Jia-Ru Li , Matthew R. Peters , Balaji Srinivasan , Vipin K. Jain , Amit K. Maitra
发明人: Shehzad T. Merchant , Derek H. Pitcher , Victor C. Lin , Manish M. Rathi , Jia-Ru Li , Matthew R. Peters , Balaji Srinivasan , Vipin K. Jain , Amit K. Maitra
CPC分类号: H04L63/0853
摘要: Devices, systems and related methods are disclosed for improving operational security of a network and/or network devices, such as wireless access points (APs). In the disclosed systems, a network device is not fully operational until it is attached to a network and downloads sensitive information. The information is stored in the network device so that when the device is disconnected from the network, the sensitive information is erased from the device, making the device inoperative and removing sensitive information, such as passwords, network security keys, or the like. Disabling the network device in this manner not only prevents the theft of sensitive network access information, by also discourages theft of the device itself because it cannot be used on another network without the configuration information. In addition to downloading configuration information, the network device can also download an executable image that is likewise not permanently resident on the device.
摘要翻译: 公开了用于改善诸如无线接入点(AP)的网络和/或网络设备的操作安全性的设备,系统和相关方法。 在所公开的系统中,网络设备在连接到网络并且下载敏感信息之前不能完全运行。 该信息存储在网络设备中,使得当设备与网络断开连接时,敏感信息从设备中被擦除,使得设备不起作用,并且去除诸如密码,网络安全密钥等的敏感信息。 以这种方式禁用网络设备不仅防止了敏感网络访问信息的窃取,还阻止了设备本身的窃取,因为它不能在没有配置信息的情况下在另一个网络上使用。 除了下载配置信息之外,网络设备还可以下载同样不永久驻留在设备上的可执行映像。
-
7.发明授权Method and system for detecting and preventing access intrusion in a network 有权用于检测和防止网络中的访问入侵的方法和系统公开(公告)号:US08707432B1
公开(公告)日:2014-04-22
申请号:US11961677
申请日:2007-12-20
IPC分类号: G06F12/14
CPC分类号: H04L63/1408 , H04L63/1441
摘要: A wireless computer network includes components cooperating together to prevent access intrusions by detecting unauthorized devices connected to the network, disabling the network connections to the devices, and then physically locating the devices. The network can detect both unauthorized client stations and unauthorized edge devices such as wireless access points (APs). The network can detect intruders by monitoring information transferred over wireless channels, identifying protocol state machine violations, tracking roaming behavior of clients, and detecting network addresses being improperly used in multiple locations. Upon detecting an intruder, the network can automatically locate and shut off the physical/logical port to which the intruder is connected.
摘要翻译: 无线计算机网络包括通过检测连接到网络的未授权设备,禁止到设备的网络连接,然后物理地定位设备来协作在一起的组件来防止接入入侵。 网络可以检测未经授权的客户端站和未授权的边缘设备,如无线接入点(AP)。 该网络可以通过监视通过无线信道传输的信息,识别协议状态机违规,跟踪客户端的漫游行为以及检测多个位置中不正确使用的网络地址来检测入侵者。 检测到入侵者后,网络可以自动定位和关闭与入侵者连接的物理/逻辑端口。
-
公开(公告)号:US07310664B1
公开(公告)日:2007-12-18
申请号:US10773487
申请日:2004-02-06
申请人: Shehzad T. Merchant , Manish M. Rathi , Victor C. Lin , Vipin K. Jain , Jia-Ru Li , Amit K. Maitra , Matthew R. Peters , Derek H. Pitcher , Balaji Srinivasan
发明人: Shehzad T. Merchant , Manish M. Rathi , Victor C. Lin , Vipin K. Jain , Jia-Ru Li , Amit K. Maitra , Matthew R. Peters , Derek H. Pitcher , Balaji Srinivasan
IPC分类号: G06F15/173
CPC分类号: H04L41/0886 , H04L41/0213 , H04L41/046 , H04L41/082 , H04L63/101 , H04W12/06 , H04W24/02 , H04W88/14 , H04W92/045 , H04W92/24
摘要: A network switch having a unified, adaptive management paradigm for wireless network devices is disclosed. The switch includes configurable ports for connecting devices. A software application running on the switch allows a network administrator to selectively configure each port to support either a wired device or wireless device. Configuration information and software images that are needed for operation of the wireless device are associated with the port. When a wireless device is first plugged into the switch port, it downloads its configuration directly from the switch port. By storing the configuration information and images at the switch and automatically downloading them to the wireless devices, the task of configuring the devices is greatly simplified for the network administrator. This is particularly advantageous in heterogeneous network environments that support both wired and wireless devices, and where wireless device are readily moved to different ports.
摘要翻译: 公开了一种具有用于无线网络设备的统一的自适应管理范例的网络交换机。 交换机包括用于连接设备的可配置端口。 交换机上运行的软件应用程序允许网络管理员选择性地配置每个端口以支持有线设备或无线设备。 无线设备操作所需的配置信息和软件映像与端口相关联。 当无线设备首次插入交换机端口时,它直接从交换机端口下载其配置。 通过将配置信息和图像存储在交换机上并自动将其下载到无线设备,为网络管理员大大简化了配置设备的任务。 这在支持有线和无线设备以及无线设备容易地移动到不同端口的异构网络环境中特别有利。
-
9.发明授权Method and system for detecting and preventing access intrusion in a network 有权用于检测和防止网络中的访问入侵的方法和系统公开(公告)号:US07823199B1
公开(公告)日:2010-10-26
申请号:US10794203
申请日:2004-03-05
IPC分类号: G06F12/14 , G06F15/173 , G08B23/00 , H04W4/00
CPC分类号: H04L63/1408 , H04L63/1441
摘要: A wireless computer network includes components cooperating together to prevent access intrusions by detecting unauthorized devices connected to the network, disabling the network connections to the devices, and then physically locating the devices. The network can detect both unauthorized client stations and unauthorized edge devices such as wireless access points (APs). The network can detect intruders by monitoring information transferred over wireless channels, identifying protocol state machine violations, tracking roaming behavior of clients, and detecting network addresses being improperly used in multiple locations. Upon detecting an intruder, the network can automatically locate and shut off the physical/logical port to which the intruder is connected.
摘要翻译: 无线计算机网络包括通过检测连接到网络的未授权设备,禁止到设备的网络连接,然后物理地定位设备来协作在一起的组件来防止接入入侵。 网络可以检测未经授权的客户端站和未授权的边缘设备,如无线接入点(AP)。 该网络可以通过监视通过无线信道传输的信息,识别协议状态机违规,跟踪客户端的漫游行为以及检测多个位置中不正确使用的网络地址来检测入侵者。 检测到入侵者后,网络可以自动定位和关闭与入侵者连接的物理/逻辑端口。
-
-
-
-
-
-
-
-
搜索结果
9 条记录 (耗时 0.028 秒)
