-
公开(公告)号:US07251215B1
公开(公告)日:2007-07-31
申请号:US10228132
申请日:2002-08-26
申请人: Stephen W Turner , Hsien-Chung Woo , Sanjay Kalra , Truman Joe , Wendy R Cartee
发明人: Stephen W Turner , Hsien-Chung Woo , Sanjay Kalra , Truman Joe , Wendy R Cartee
CPC分类号: H04L12/4633 , H04L45/00 , H04L45/38 , H04L63/1416 , H04L63/1458
摘要: A network router includes a set of interface cards to receive packets from a network, and a set of accounting modules to calculate flow statistics for the packets. The router further includes a control unit to adaptively update routing information in response to the calculated flow statistics, and to route the packets in accordance with the routing information. The control unit identifies potentially malicious packet flows for the received packets based on the flow statistics, and applies an intercept filter to intercept the packets of the identified packet flows. The control unit analyzes the intercepted packets in real-time to determine the presence of a network event, and updates the routing information based on the determination, e.g., by terminating routing for packets associated with malicious packet flows. In this manner, the router may adaptively respond to network events, such as network security violations.
摘要翻译: 网络路由器包括一组用于从网络接收分组的接口卡,以及一组用于计算分组的流统计的计费模块。 路由器还包括控制单元,用于响应于所计算的流量统计自适应地更新路由信息,并且根据路由信息来路由分组。 控制单元基于流统计识别接收到的分组的潜在恶意分组流,并应用截取过滤器来截取所识别的分组流的分组。 控制单元实时地分析所拦截的分组以确定网络事件的存在,并且例如通过终止与恶意分组流相关联的分组的路由,基于确定来更新路由信息。 以这种方式,路由器可以自适应地响应诸如网络安全违规的网络事件。
-
公开(公告)号:US07313100B1
公开(公告)日:2007-12-25
申请号:US10228150
申请日:2002-08-26
申请人: Stephen W Turner , Hsien-Chung Woo , Sanjay Kalra , Truman Joe , Wendy R Cartee
发明人: Stephen W Turner , Hsien-Chung Woo , Sanjay Kalra , Truman Joe , Wendy R Cartee
IPC分类号: H04L12/26
CPC分类号: H04L63/1458 , H04L43/026 , H04L43/08 , H04L63/164
摘要: A network device integrates accounting functionality for generation of flow statistics with packet intercept functionality to provide a comprehensive traffic analysis environment. The device comprises a set of network interface cards to receive packets from a network, and a set of accounting service cards to calculate flow statistics for the packets. The device further comprises a control unit to receive the network packets from the interface cards and distribute the packets to the set of accounting service cards. The accounting service card comprises an interface for insertion within a slot of a network device. Accounting service cards may be added to easily scale the network device to support higher bandwidth communication links, such as OC-3, OC-12, OC048 and higher rate links. Additional accounting service cards may be used for purposes of redundancy to support continuous, uninterrupted packet processing and accounting in the event of a card failure.
摘要翻译: 网络设备集成了用于生成流统计的计费功能和分组拦截功能,以提供全面的流量分析环境。 该设备包括一组网络接口卡,用于从网络接收分组,以及一组计费服务卡,用于计算分组的流统计。 该设备还包括控制单元,用于从接口卡接收网络分组,并将分组分发到一组会计服务卡。 计费服务卡包括用于插入网络设备的时隙内的接口。 可以添加会计服务卡以容易地扩展网络设备,以支持更高带宽的通信链路,例如OC-3,OC-12,OC048和更高的速率链路。 额外的会计服务卡可用于冗余的目的,以便在发生卡故障的情况下支持连续的,不间断的数据包处理和计费。
-
公开(公告)号:US07869352B1
公开(公告)日:2011-01-11
申请号:US12364912
申请日:2009-02-03
CPC分类号: H04L12/4633 , H04L45/00 , H04L45/38 , H04L63/1416 , H04L63/1458
摘要: A network router includes a set of interface cards to receive packets from a network, and a set of accounting modules to calculate flow statistics for the packets. The router further includes a control unit to adaptively update routing information in response to the calculated flow statistics, and to route the packets in accordance with the routing information. The control unit identifies potentially malicious packet flows for the received packets based on the flow statistics, and applies an intercept filter to intercept the packets of the identified packet flows. The control unit analyzes the intercepted packets in real-time to determine the presence of a network event, and updates the routing information based on the determination, e.g., by terminating routing for packets associated with malicious packet flows. In this manner, the router may adaptively respond to network events, such as network security violations.
摘要翻译: 网络路由器包括一组用于从网络接收分组的接口卡,以及一组用于计算分组的流统计的计费模块。 路由器还包括控制单元,用于响应于所计算的流量统计自适应地更新路由信息,并且根据路由信息来路由分组。 控制单元基于流统计识别接收到的分组的潜在恶意分组流,并应用截取过滤器来截取所识别的分组流的分组。 控制单元实时地分析所拦截的分组以确定网络事件的存在,并且例如通过终止与恶意分组流相关联的分组的路由,基于确定来更新路由信息。 以这种方式,路由器可以自适应地响应诸如网络安全违规的网络事件。
-
公开(公告)号:US07492713B1
公开(公告)日:2009-02-17
申请号:US11744982
申请日:2007-05-07
CPC分类号: H04L12/4633 , H04L45/00 , H04L45/38 , H04L63/1416 , H04L63/1458
摘要: A network router includes a set of interface cards to receive packets from a network, and a set of accounting modules to calculate flow statistics for the packets. The router further includes a control unit to adaptively update routing information in response to the calculated flow statistics, and to route the packets in accordance with the routing information. The control unit identifies potentially malicious packet flows for the received packets based on the flow statistics, and applies an intercept filter to intercept the packets of the identified packet flows. The control unit analyzes the intercepted packets in real-time to determine the presence of a network event, and updates the routing information based on the determination, e.g., by terminating routing for packets associated with malicious packet flows. In this manner, the router may adaptively respond to network events, such as network security violations.
摘要翻译: 网络路由器包括一组用于从网络接收分组的接口卡,以及一组用于计算分组的流统计的计费模块。 路由器还包括控制单元,用于响应于所计算的流量统计自适应地更新路由信息,并且根据路由信息来路由分组。 控制单元基于流统计识别接收到的分组的潜在恶意分组流,并应用截取过滤器来截取所识别的分组流的分组。 控制单元实时地分析所拦截的分组以确定网络事件的存在,并且例如通过终止与恶意分组流相关联的分组的路由,基于确定来更新路由信息。 以这种方式,路由器可以自适应地响应诸如网络安全违规的网络事件。
-
公开(公告)号:US07738396B1
公开(公告)日:2010-06-15
申请号:US11951530
申请日:2007-12-06
IPC分类号: H04L12/26
CPC分类号: H04L63/1458 , H04L43/026 , H04L43/08 , H04L63/164
摘要: A network device integrates accounting functionality for generation of flow statistics with packet intercept functionality to provide a comprehensive traffic analysis environment. The device comprises a set of network interface cards to receive packets from a network, and a set of accounting service cards to calculate flow statistics for the packets. The device further comprises a control unit to receive the network packets from the interface cards and distribute the packets to the set of accounting service cards. The accounting service card comprises an interface for insertion within a slot of a network device. Accounting service cards may be added to easily scale the network device to support higher bandwidth communication links, such as OC-3, OC-12, OC048 and higher rate links. Additional accounting service cards may be used for purposes of redundancy to support continuous, uninterrupted packet processing and accounting in the event of a card failure.
摘要翻译: 网络设备集成了用于生成流统计的计费功能和分组拦截功能,以提供全面的流量分析环境。 该设备包括一组网络接口卡,用于从网络接收分组,以及一组计费服务卡,用于计算分组的流统计。 该设备还包括控制单元,用于从接口卡接收网络分组,并将分组分发到一组会计服务卡。 计费服务卡包括用于插入网络设备的时隙内的接口。 可以添加会计服务卡以容易地扩展网络设备,以支持更高带宽的通信链路,例如OC-3,OC-12,OC048和更高的速率链路。 额外的会计服务卡可用于冗余的目的,以便在发生卡故障的情况下支持连续的,不间断的数据包处理和计费。
-
6.发明授权公开(公告)号:US07254114B1
公开(公告)日:2007-08-07
申请号:US10228114
申请日:2002-08-26
申请人: Stephen W Turner , Hsien-Chung Woo , Sanjay Kalra , Truman Joe , Wendy R Cartee
发明人: Stephen W Turner , Hsien-Chung Woo , Sanjay Kalra , Truman Joe , Wendy R Cartee
CPC分类号: H04L41/142 , H04L43/026 , H04L43/18 , H04L45/60
摘要: A network router integrates routing functionality with accounting functionality for generation of flow statistics, and provides packet intercept functionality to provide a comprehensive traffic analysis environment. The router includes a set of interface cards to receive packets from a network, and a control unit to generate a first and second duplicate stream of the packets. The control unit provides the packets of the first stream to accounting modules for calculation of flow statistics, and applies an intercept filter to intercept at least a subset of the packets of the second stream for selected packet flows.
摘要翻译: 网络路由器将路由功能与会计功能集成在一起,以生成流统计信息,并提供数据包拦截功能,以提供全面的流量分析环境。 路由器包括一组用于从网络接收分组的接口卡,以及控制单元,用于生成分组的第一和第二重复流。 控制单元将第一流的分组提供给计费模块以计算流统计,并且应用截取滤波器来截取用于所选分组流的第二流的分组的至少一个子集。
-
公开(公告)号:US07382724B1
公开(公告)日:2008-06-03
申请号:US09990077
申请日:2001-11-21
申请人: Hsien-Chung Woo
发明人: Hsien-Chung Woo
摘要: A system comprises a plurality of processing modules, one of which is designated to be the primary processing module and the others are designated to be secondary processing modules. During operation, state is maintained in the primary processing module and at least one of the secondary processing modules. A switchover controller causes outputs from the secondary modules to be discarded. When the switchover controller receives an indication that the primary processing module has failed, it designates one of the secondary processing modules to be the primary processing module. Because the newly designated primary processing module already has current state information at switchover, the module is able to operate with minimal delay.
摘要翻译: 系统包括多个处理模块,其中一个处理模块被指定为主处理模块,其他处理模块被指定为二次处理模块。 在操作期间,状态保持在主处理模块和至少一个辅助处理模块中。 切换控制器使得二次模块的输出被丢弃。 当切换控制器接收到主处理模块出现故障的指示时,将其中一个辅助处理模块指定为主处理模块。 因为新指定的主处理模块在切换时已经具有当前状态信息,所以该模块能够以最小的延迟进行操作。
-
公开(公告)号:US07764609B1
公开(公告)日:2010-07-27
申请号:US12107145
申请日:2008-04-22
申请人: Hsien-Chung Woo
发明人: Hsien-Chung Woo
摘要: A system comprises a plurality of processing modules, one of which is designated to be the primary processing module and the others are designated to be secondary processing modules. During operation, state is maintained in the primary processing module and at least one of the secondary processing modules. A switchover controller causes outputs from the secondary modules to be discarded. When the switchover controller receives an indication that the primary processing module has failed, it designates one of the secondary processing modules to be the primary processing module. Because the newly designated primary processing module already has current state information at switchover, the module is able to operate with minimal delay.
摘要翻译: 系统包括多个处理模块,其中一个处理模块被指定为主处理模块,其他处理模块被指定为二次处理模块。 在操作期间,状态保持在主处理模块和至少一个辅助处理模块中。 切换控制器使得二次模块的输出被丢弃。 当切换控制器接收到主处理模块出现故障的指示时,将其中一个辅助处理模块指定为主处理模块。 因为新指定的主处理模块在切换时已经具有当前状态信息,所以该模块能够以最小的延迟进行操作。
-
公开(公告)号:US07420972B1
公开(公告)日:2008-09-02
申请号:US11833602
申请日:2007-08-03
IPC分类号: H04L12/28
CPC分类号: H04L12/1854 , H04L45/00
摘要: Techniques are described to replicate multicast packets in accordance with a hierarchical data structure. For example, upon receiving a multicast packet, a packet-forwarding engine may communicate the packet to packet-forwarding engines corresponding to starting nodes of the hierarchical data structure. The packet-forwarding engines corresponding to starting nodes of the hierarchical data structure may replicate the multicast packet for local interface cards, and forward the replicated packets to the network. Furthermore, the packet-forwarding engines may replicate the packet for packet-forwarding engines corresponding to downstream nodes. In this manner, the packet replication process is distributed throughout the router decreasing the complexity of necessary replication hardware. Furthermore, the packet replication process is highly scalable resulting in a latency of one fabric hop when the number of packet-forwarding engines doubles. Also, when the hierarchical data structure has more than one starting node, the packet replication process is less susceptible to a single point failure.
摘要翻译: 描述了根据分层数据结构复制多播分组的技术。 例如,在接收到组播分组时,分组转发引擎可以将分组传送到与分层数据结构的起始节点相对应的分组转发引擎。 与分级数据结构的起始节点相对应的分组转发引擎可以复制本地接口卡的组播数据包,并将复制的分组转发到网络。 此外,分组转发引擎可以对与下游节点相对应的分组转发引擎复制分组。 以这种方式,分组复制过程分布在整个路由器中,从而降低必要复制硬件的复杂度。 此外,分组复制过程是高度可扩展的,导致当分组转发引擎的数量加倍时,一个结构跳跃的延迟。 此外,当分层数据结构具有多个起始节点时,分组复制过程对单点故障较不敏感。
-
公开(公告)号:US07864769B1
公开(公告)日:2011-01-04
申请号:US12193508
申请日:2008-08-18
IPC分类号: H04L12/28
CPC分类号: H04L12/1854 , H04L45/00
摘要: Techniques are described to replicate multicast packets in accordance with a hierarchical data structure. For example, upon receiving a multicast packet, a packet-forwarding engine may communicate the packet to packet-forwarding engines corresponding to starting nodes of the hierarchical data structure. The packet-forwarding engines corresponding to starting nodes of the hierarchical data structure may replicate the multicast packet for local interface cards, and forward the replicated packets to the network. Furthermore, the packet-forwarding engines may replicate the packet for packet-forwarding engines corresponding to downstream nodes. In this manner, the packet replication process is distributed throughout the router decreasing the complexity of necessary replication hardware. Furthermore, the packet replication process is highly scalable resulting in a latency of one fabric hop when the number of packet-forwarding engines doubles. Also, when the hierarchical data structure has more than one starting node, the packet replication process is less susceptible to a single point failure.
摘要翻译: 描述了根据分层数据结构复制多播分组的技术。 例如,在接收到组播分组时,分组转发引擎可以将分组传送到与分层数据结构的起始节点相对应的分组转发引擎。 与分级数据结构的起始节点相对应的分组转发引擎可以复制本地接口卡的组播数据包,并将复制的分组转发到网络。 此外,分组转发引擎可以对与下游节点相对应的分组转发引擎复制分组。 以这种方式,分组复制过程分布在整个路由器中,从而降低必要复制硬件的复杂度。 此外,分组复制过程是高度可扩展的,导致当分组转发引擎的数量加倍时,一个结构跳跃的延迟。 此外,当分层数据结构具有多个起始节点时,分组复制过程对单点故障较不敏感。
-
-
-
-
-
-
-
-
-
搜索结果
13 条记录 (耗时 0.026 秒)
