公开(公告)号：US08644159B2

公开(公告)日：2014-02-04

申请号：US13557909

申请日：2012-07-25

申请人： Thusitha Jayawardena ,  Gustavo de los Reyes

发明人： Thusitha Jayawardena ,  Gustavo de los Reyes

IPC分类号： G06F11/00 ,  G06F15/173 ,  H04L12/66

CPC分类号： H04L43/028 ,  H04L63/0227 ,  H04L63/1416 ,  H04L63/1458

摘要： A priority server for a provider network includes a traffic volume detection module, a traffic analyzer module, and a rules module. The traffic volume detection module receives operational information from the provider network and determines that a host is experiencing a flash event based upon the operational information. The traffic analyzer module determines that the flash event is not a distributed denial of service attack on the host. When it is determined that the flash event is not a distributed denial of service attack, the rules module provides a priority rule to an access router that is coupled to the host.

摘要翻译： 提供商网络的优先服务器包括流量检测模块，流量分析器模块和规则模块。 流量检测模块从提供商网络接收操作信息，并且基于操作信息确定主机正在经历闪存事件。 流量分析器模块确定闪存事件不是主机上的分布式拒绝服务攻击。 当确定闪存事件不是分布式拒绝服务攻击时，规则模块向耦合到主机的接入路由器提供优先级规则。

公开(公告)号：US20120291128A1

公开(公告)日：2012-11-15

申请号：US13557909

申请日：2012-07-25

申请人： Thusitha Jayawardena ,  Gustavo de los Reyes

发明人： Thusitha Jayawardena ,  Gustavo de los Reyes

IPC分类号： G06F21/00

CPC分类号： H04L43/028 ,  H04L63/0227 ,  H04L63/1416 ,  H04L63/1458

摘要： A priority server for a provider network includes a traffic volume detection module, a traffic analyzer module, and a rules module. The traffic volume detection module receives operational information from the provider network and determines that a host is experiencing a flash event based upon the operational information. The traffic analyzer module determines that the flash event is not a distributed denial of service attack on the host. When it is determined that the flash event is not a distributed denial of service attack, the rules module provides a priority rule to an access router that is coupled to the host.

摘要翻译： 提供商网络的优先服务器包括流量检测模块，流量分析器模块和规则模块。 流量检测模块从提供商网络接收操作信息，并且基于操作信息确定主机正在经历闪存事件。 流量分析器模块确定闪存事件不是主机上的分布式拒绝服务攻击。 当确定闪存事件不是分布式拒绝服务攻击时，规则模块向耦合到主机的接入路由器提供优先级规则。

公开(公告)号：US08566465B2

公开(公告)日：2013-10-22

申请号：US12884976

申请日：2010-09-17

申请人： Gang Xu ,  Gustavo de los Reyes ,  Thusitha Jayawardena ,  Xiao Pan

发明人： Gang Xu ,  Gustavo de los Reyes ,  Thusitha Jayawardena ,  Xiao Pan

IPC分类号： G06F15/173

CPC分类号： H04L63/0281 ,  H04L63/1458 ,  H04L63/1466 ,  H04L67/141 ,  H04L67/2814

摘要： A method includes sending a first redirect instruction to a first client in response to a first session request received at a service address, and establishing a first session with the first client in response to a second session request received at the first redirect address indicated by the first redirect instruction. Additionally, the method includes determining a first service interval has passed, and sending a second redirect instruction to a second client in response to a third session request received at the service address after the first service interval has passed. The method still further includes establishing a second session with the second client in response to the fourth session request received at the second redirect address indicated by the second redirect instruction after the first service interval has passed, and rejecting the fifth session request received from a third client at the first redirect address after the first service interval has passed.

摘要翻译： 一种方法包括响应于在服务地址处接收到的第一会话请求向第一客户端发送第一重定向指令，以及响应于在由所述第一重定向地址指示的第一重定向地址接收到的第二会话请求，建立与第一客户端的第一会话 第一个重定向指令。 此外，该方法包括确定已经过去的第一服务间隔，并且响应于在经过第一服务间隔之后在服务地址处接收的第三会话请求，向第二客户端发送第二重定向指令。 该方法还包括响应于在第一服务间隔已经过去之后由第二重定向指令指示的第二重定向地址处接收到的第四会话请求，建立与第二客户端的第二会话，并且拒绝从第三客户端接收到的第五会话请求 客户端在第一个服务间隔之后的第一个重定向地址。

公开(公告)号：US20120072605A1

公开(公告)日：2012-03-22

申请号：US12884976

申请日：2010-09-17

申请人： Gang Xu ,  Gustavo de los Reyes ,  Thusitha Jayawardena ,  Xiao Pan

发明人： Gang Xu ,  Gustavo de los Reyes ,  Thusitha Jayawardena ,  Xiao Pan

IPC分类号： G06F21/20

CPC分类号： H04L63/0281 ,  H04L63/1458 ,  H04L63/1466 ,  H04L67/141 ,  H04L67/2814

摘要： A method includes sending a first redirect instruction to a first client in response to a first session request received at a service address, and establishing a first session with the first client in response to a second session request received at the first redirect address indicated by the first redirect instruction. Additionally, the method includes determining a first service interval has passed, and sending a second redirect instruction to a second client in response to a third session request received at the service address after the first service interval has passed. The method still further includes establishing a second session with the second client in response to the fourth session request received at the second redirect address indicated by the second redirect instruction after the first service interval has passed, and rejecting the fifth session request received from a third client at the first redirect address after the first service interval has passed.

摘要翻译： 一种方法包括响应于在服务地址处接收到的第一会话请求向第一客户端发送第一重定向指令，以及响应于在由所述第一重定向地址指示的第一重定向地址接收到的第二会话请求，建立与第一客户端的第一会话 第一个重定向指令。 此外，该方法包括确定已经过去的第一服务间隔，并且响应于在经过第一服务间隔之后在服务地址处接收的第三会话请求，向第二客户端发送第二重定向指令。 该方法还包括响应于在第一服务间隔已经过去之后由第二重定向指令指示的第二重定向地址处接收到的第四会话请求，建立与第二客户端的第二会话，并且拒绝从第三客户端接收到的第五会话请求 客户端在第一个服务间隔之后的第一个重定向地址。

公开(公告)号：US20110141900A1

公开(公告)日：2011-06-16

申请号：US12636198

申请日：2009-12-11

申请人： Thusitha Jayawardena ,  Gustavo de los Reyes

发明人： Thusitha Jayawardena ,  Gustavo de los Reyes

IPC分类号： H04L12/26

CPC分类号： H04L43/028 ,  H04L63/0227 ,  H04L63/1416 ,  H04L63/1458

摘要： A priority server for a provider network includes a traffic volume detection module, a traffic analyzer module, and a rules module. The traffic volume detection module receives operational information from the provider network and determines that a host is experiencing a flash event based upon the operational information. The traffic analyzer module determines that the flash event is not a distributed denial of service attack on the host. When it is determined that the flash event is not a distributed denial of service attack, the rules module provides a priority rule to an access router that is coupled to the host. The priority rule is based upon a characteristic of packets routed in the provider network that are associated with the flash event, and the characteristic is determined not solely by information included in the packets.

摘要翻译： 提供商网络的优先服务器包括流量检测模块，流量分析器模块和规则模块。 流量检测模块从提供商网络接收操作信息，并且基于操作信息确定主机正在经历闪存事件。 流量分析器模块确定闪存事件不是主机上的分布式拒绝服务攻击。 当确定闪存事件不是分布式拒绝服务攻击时，规则模块向耦合到主机的接入路由器提供优先级规则。 优先权规则基于在提供商网络中路由在与闪存事件相关联的分组的特征，并且该特性不仅由包括在分组中的信息来确定。

公开(公告)号：US09148376B2

公开(公告)日：2015-09-29

申请号：US12963227

申请日：2010-12-08

申请人： Thusitha Jayawardena ,  Gustavo de los Reyes ,  Xiao Pan ,  Gang Xu

发明人： Thusitha Jayawardena ,  Gustavo de los Reyes ,  Xiao Pan ,  Gang Xu

IPC分类号： H04L12/28 ,  H04L12/803 ,  H04L12/24 ,  H04L12/26 ,  H04L12/801 ,  H04L12/851 ,  H04L29/06

CPC分类号： H04L47/122 ,  H04L41/5022 ,  H04L43/0882 ,  H04L43/16 ,  H04L47/10 ,  H04L47/24 ,  H04L63/08 ,  H04L63/1458 ,  H04L65/00 ,  H04L65/80

摘要： A method provides for the dynamic traffic prioritization in a communication network. The method electronically monitors traffic in a communication network and determines when traffic exceeds configured thresholds on the links of the communication network. Thus, the method determines a link which is potentially about to be congested in the communication network. The method categorizes the traffic on this link by an end system attached to one end of the potentially congested link into a plurality of priority categories using application layer parameters. Using a re-direct capability of the end system, the method re-directs at least one of the pluralities of priority categories of traffic to an alternate Internet Protocol address. The method uses preconfigured Quality of Service mechanisms on the provider edge router attached to the other end of the potentially congested link to guarantee a predetermined amount of bandwidth capacity of the link to traffic destined to the alternate Internet Protocol address.

摘要翻译： 一种方法提供通信网络中的动态流量优先级。 该方法电子监控通信网络中的流量，并确定流量何时超过通信网络链路上的配置阈值。 因此，该方法确定通信网络中潜在地将拥塞的链路。 该方法通过使用应用层参数将附接到潜在拥塞链路的一端的终端系统在该链路上分类为多个优先级类别。 使用终端系统的直接能力，该方法将多个优先级别的业务中的至少一个重定向到备用因特网协议地址。 该方法在连接到可能拥塞链路的另一端的提供商边缘路由器上使用预配置的服务质量机制，以保证到达备用因特网协议地址的流量的链路的预定量的带宽容量。

公开(公告)号：US08302189B2

公开(公告)日：2012-10-30

申请号：US12627733

申请日：2009-11-30

申请人： Gustavo de los Reyes ,  Thusitha Jayawardena ,  Gang Xu

发明人： Gustavo de los Reyes ,  Thusitha Jayawardena ,  Gang Xu

IPC分类号： G06F21/00

CPC分类号： H04L63/0209 ,  H04L63/1416

摘要： An edge monitoring approach can be utilized to detect an attack which includes a plurality of relatively low bandwidth attacks, which are aggregated at a victim sub-network. The aggregated low bandwidth attacks can generate a relatively high bandwidth attack including un-solicited data traffic directed to the victim' so that the aggregated attack becomes more detectable at an edge monitor circuit located proximate to the victim. Related systems, devices, and computer program products are also disclosed.

摘要翻译： 可以利用边缘监控方法来检测包括多个相对低带宽的攻击的攻击，这些攻击在受害子网络处被聚合。 聚合的低带宽攻击可以产生相对较高的带宽攻击，包括针对受害者的非请求数据流量，使得聚合攻击在位于受害者附近的边缘监视器电路更可检测。 还公开了相关系统，设备和计算机程序产品。

公开(公告)号：US08254257B2

公开(公告)日：2012-08-28

申请号：US12636198

申请日：2009-12-11

申请人： Thusitha Jayawardena ,  Gustavo de los Reyes

发明人： Thusitha Jayawardena ,  Gustavo de los Reyes

IPC分类号： G06F11/00 ,  G06F15/173 ,  H04L12/66 ,  H04L12/56

CPC分类号： H04L43/028 ,  H04L63/0227 ,  H04L63/1416 ,  H04L63/1458

摘要： A priority server for a provider network includes a traffic volume detection module, a traffic analyzer module, and a rules module. The traffic volume detection module receives operational information from the provider network and determines that a host is experiencing a flash event based upon the operational information. The traffic analyzer module determines that the flash event is not a distributed denial of service attack on the host. When it is determined that the flash event is not a distributed denial of service attack, the rules module provides a priority rule to an access router that is coupled to the host. The priority rule is based upon a characteristic of packets routed in the provider network that are associated with the flash event, and the characteristic is determined not solely by information included in the packets.

摘要翻译： 提供商网络的优先服务器包括流量检测模块，流量分析器模块和规则模块。 流量检测模块从提供商网络接收操作信息，并且基于操作信息确定主机正在经历闪存事件。 流量分析器模块确定闪存事件不是主机上的分布式拒绝服务攻击。 当确定闪存事件不是分布式拒绝服务攻击时，规则模块向耦合到主机的接入路由器提供优先级规则。 优先权规则基于在提供商网络中路由在与闪存事件相关联的分组的特征，并且该特性不仅由包括在分组中的信息确定。

公开(公告)号：US20110131650A1

公开(公告)日：2011-06-02

申请号：US12627733

申请日：2009-11-30

申请人： Gustavo de los Reyes ,  Thusitha Jayawardena ,  Gang Xu

发明人： Gustavo de los Reyes ,  Thusitha Jayawardena ,  Gang Xu

IPC分类号： G06F21/00

CPC分类号： H04L63/0209 ,  H04L63/1416

摘要： An edge monitoring approach can be utilized to detect an attack which includes a plurality of relatively low bandwidth attacks, which are aggregated at a victim sub-network. The aggregated low bandwidth attacks can generate a relatively high bandwidth attack including un-solicited data traffic directed to the victim' so that the aggregated attack becomes more detectable at an edge monitor circuit located proximate to the victim. Related systems, devices, and computer program products are also disclosed.

摘要翻译： 可以利用边缘监控方法来检测包括多个相对低带宽的攻击的攻击，这些攻击在受害子网络处被聚合。 聚合的低带宽攻击可以产生相对较高的带宽攻击，包括针对受害者的非请求数据流量，使得聚合攻击在位于受害者附近的边缘监视器电路更可检测。 还公开了相关系统，设备和计算机程序产品。

公开(公告)号：US09432258B2

公开(公告)日：2016-08-30

申请号：US13154121

申请日：2011-06-06

申请人： Jacobus Van der Merwe ,  Xu Chen ,  Baris Coskun ,  Gustavo de los Reyes ,  Seungjoon Lee ,  Suhas Mathur ,  Arati Baliga ,  Gang Xu

发明人： Jacobus Van der Merwe ,  Xu Chen ,  Baris Coskun ,  Gustavo de los Reyes ,  Seungjoon Lee ,  Suhas Mathur ,  Arati Baliga ,  Gang Xu

IPC分类号： G06F15/177 ,  H04L12/24 ,  H04L12/801 ,  H04L29/08 ,  H04L12/26 ,  H04L12/927 ,  H04L29/06 ,  H04L12/46

CPC分类号： H04W36/14 ,  H04L12/4633 ,  H04L12/4641 ,  H04L41/083 ,  H04L43/0858 ,  H04L43/087 ,  H04L43/16 ,  H04L47/14 ,  H04L47/805 ,  H04L65/80 ,  H04L67/322 ,  H04W36/30 ,  H04W88/02

摘要： Methods and apparatus to configure virtual private mobile networks for latency are disclosed. A disclosed example method includes provisioning logically a virtual private mobile network within a wireless network to reduce latency of a communication associated with a latency sensitive application, determining a mobile device is communicatively coupling to the wireless network via the latency sensitive application, and coupling the mobile device to the virtual private mobile network to reduce latency of the communication associated with the latency sensitive application.

摘要翻译： 公开了配置虚拟专用移动网络延迟的方法和装置。 所公开的示例方法包括在无线网络内逻辑地提供虚拟专用移动网络以减少与等待时间敏感应用相关联的通信的等待时间，确定移动设备经由等待时间敏感应用通信地耦合到无线网络，以及将移动 设备到虚拟专用移动网络，以减少与延迟敏感应用相关联的通信的延迟。