公开(公告)号：WO2004090663A3

公开(公告)日：2005-03-24

申请号：PCT/US2004010061

申请日：2004-04-01

Applicant: CISCO TECH IND ,  THUBERT PASCAL ,  MOLTENI MARCO ,  WETTERWALD PATRICK ,  LEVY-ABEGNOLI ERIC M

Inventor： THUBERT PASCAL ,  MOLTENI MARCO ,  WETTERWALD PATRICK ,  LEVY-ABEGNOLI ERIC M

IPC: H04L12/56 ,  H04L12/28

CPC classification number: H04L45/54 ,  H04L45/00 ,  H04L45/245 ,  H04W40/02

Abstract: A router (e.g., a home agent for an IPv6 mobile router) is configured for determining a destination router (e.g., the IPv6 mobile router) for a received packet based on accessing a routing table having multiple routing entries, each routing entry including a routing key and a routing field that specifies one of a prescribed address specifying the destination router and a computation tag. The computation tag specifies a prescribed function to be executed to calculate a determined address for the destination router (e.g., the home address for the lPv6 mobile router). The router identifies, for each received packet, the matching routing entry based on the corresponding routing key, and in response to detecting the computation tag in the routing field, selectively executes the corresponding function to calculate the determined address for the destination router.

Abstract translation: 路由器（例如，IPv6移动路由器的归属代理）被配置为基于访问具有多个路由条目的路由表来确定接收到的分组的目的地路由器（例如，IPv6移动路由器），每个路由条目包括路由 密钥和指定指定目的地路由器的规定地址之一和计算标签的路由字段。 计算标签指定要执行的规定功能以计算目的地路由器的确定的地址（例如，lPv6移动路由器的归属地址）。 路由器根据相应的路由密钥，为每个收到的报文识别匹配的路由条目，并且响应于检测到路由字段中的计算标签，选择性地执行相应的功能以计算目的路由器的确定的地址。

公开(公告)号：WO2008154154A2

公开(公告)日：2008-12-18

申请号：PCT/US2008/064832

申请日：2008-05-27

Applicant: CISCO TECHNOLOGY, INC. ,  THUBERT, Pascal ,  LEVY-ABEGNOLI, Eric, Michel ,  PATEL, Alpesh, S.

Inventor： LEVY-ABEGNOLI, Eric, Michel ,  PATEL, Alpesh, S.

IPC: H04W12/04 ,  H04W12/10

CPC classification number: H04L63/062 ,  H04L29/12216 ,  H04L29/12915 ,  H04L61/2007 ,  H04L61/6059 ,  H04L63/12 ,  H04W12/04 ,  H04W12/10

Abstract: In one embodiment, a method comprises receiving by an agent a request from a network node for generation of a secure IPv6 address for use by the network node, the request including a selected subset of parameters selected by the network node and required for generation of the secure IPv6 address according to a prescribed secure address generation procedure, the selected subset including at least a public key owned by the network node; dynamically generating by the agent at least a second of the parameters required for generation of the secure IPv6 address; generating by the agent the secure IPv6 address based on the selected subset and the second of the parameters required for generation of the secure IPv6 address; and outputting, to the network node, an acknowledgement to the request and that includes the secure IPv6 address, and the parameters required for generation of the secure IPv6 address.

Abstract translation: 在一个实施例中，一种方法包括由代理接收来自网络节点的用于生成由网络节点使用的安全IPv6地址的请求，所述请求包括由网络节点选择的所选择的参数子集，并且需要用于生成 安全的IPv6地址根据规定的安全地址生成过程，所选择的子集至少包括由网络节点拥有的公钥; 由所述代理动态产生生成所述安全IPv6地址所需的至少二分之一的参数; 由代理生成基于选择的子集的安全IPv6地址和产生安全IPv6地址所需的第二参数; 以及向所述网络节点输出对所述请求的确认，并且包括所述安全IPv6地址以及所述安全IPv6地址的生成所需的参数。

公开(公告)号：WO2006050243B1

公开(公告)日：2006-06-22

申请号：PCT/US2005039221

申请日：2005-11-01

Applicant: CISCO TECH INC ,  THUBERT PASCAL ,  LEVY-ABEGNOLI ERIC M

Inventor： THUBERT PASCAL ,  LEVY-ABEGNOLI ERIC M

IPC: H04L12/54

CPC classification number: H04L61/1511 ,  H04L29/12066 ,  H04L29/12405 ,  H04L29/12433 ,  H04L29/12452 ,  H04L29/12915 ,  H04L61/2528 ,  H04L61/2539 ,  H04L61/2546 ,  H04L61/6059 ,  H04L63/0272 ,  H04L63/0407 ,  H04L69/16 ,  H04L69/169

Abstract: A network includes network nodes (12a and 12b) and a gateway (20). Each network node (12a) has a corresponding unique in-site Ipv6 address (16a) for communication with the site (14), each in-site address having a first Ipv6 address prefix that is not advertised outside the site. Network nodes can obtain from within the site a unique extra-site Ipv6 address for mobile or extra-site communications (26a). The extra-site Ipv6 address has a second Ipv6 address prefix, distinct from the first Ipv6 address prefix, advertised by the gateway (20) to the prescribed site (14) and the wide area network (22). The gateway establishes a tunnel (24) to each in-site node (12a) using extra-site and in-site Ipv6 addresses a binding cache entry specifying the addresses.

Abstract translation: 网络包括网络节点（12a和12b）和网关（20）。 每个网络节点（12a）具有用于与站点（14）通信的对应的唯一站内IP地址（16a），每个站点内地址具有不在站点外通告的第一IP地址前缀。 网络节点可以从站点内获得用于移动或站外通信的独特的站外Ipv6地址（26a）。 该外部Ipv6地址具有第二Ipv6地址前缀，其不同于第一Ipv6地址前缀，由网关（20）向指定地点（14）和广域网（22）通告。 网关使用站外和站内Ipv6地址建立到每个站内节点（12a）的隧道（24）指定地址的绑定缓存条目。

公开(公告)号：WO2006050243A1

公开(公告)日：2006-05-11

申请号：PCT/US2005/039221

申请日：2005-11-01

Applicant: CISCO TECHNOLOGY, INC. ,  THUBERT, Pascal ,  LEVY-ABEGNOLI, Eric, M.

Inventor： THUBERT, Pascal ,  LEVY-ABEGNOLI, Eric, M.

IPC: H04L12/54

CPC classification number: H04L61/1511 ,  H04L29/12066 ,  H04L29/12405 ,  H04L29/12433 ,  H04L29/12452 ,  H04L29/12915 ,  H04L61/2528 ,  H04L61/2539 ,  H04L61/2546 ,  H04L61/6059 ,  H04L63/0272 ,  H04L63/0407 ,  H04L69/16 ,  H04L69/169

Abstract: A network includes network nodes (12a and 12b) and a gateway (20). Each network node (12a) has a corresponding unique in-site Ipv6 address (16a) for communication with the site (14), each in-site address having a first Ipv6 address prefix that is not advertised outside the site. Network nodes can obtain from within the site a unique extra-site Ipv6 address for mobile or extra-site communications (26a). The extra-site Ipv6 address has a second Ipv6 address prefix, distinct from the first Ipv6 address prefix, advertised by the gateway (20) to the prescribed site (14) and the wide area network (22). The gateway establishes a tunnel (24) to each in-site node (12a) using extra-site and in-site Ipv6 addresses a binding cache entry specifying the addresses.

Abstract translation: 网络包括网络节点（12a和12b）和网关（20）。 每个网络节点（12a）具有用于与站点（14）进行通信的对应唯一的现场Ipv6地址（16a），每个站点地址具有不在站点外部通告的第一Ipv6地址前缀。 网络节点可以从站点内获得用于移动或异地通信的独特的超现场Ipv6地址（26a）。 外部Ipv6地址具有第二Ipv6地址前缀，不同于由网关（20）发布到规定站点（14）和广域网（22）的第一Ipv6地址前缀。 网关使用场外和站点内Ipv6地址为每个现场节点（12a）建立隧道（24），指定地址的绑定缓存条目。

公开(公告)号：WO2012162336A1

公开(公告)日：2012-11-29

申请号：PCT/US2012/039039

申请日：2012-05-23

Applicant: CISCO TECHNOLOGY, INC. ,  THUBERT, Pascal ,  BELLAGAMBA, Patrice ,  ANTEUNIS, Dirk ,  LEVY-ABEGNOLI, Eric, Michel

Inventor： THUBERT, Pascal ,  BELLAGAMBA, Patrice ,  ANTEUNIS, Dirk ,  LEVY-ABEGNOLI, Eric, Michel

IPC: H04L12/56 ,  H04L12/40

CPC classification number: H04L45/18 ,  H04L41/0803 ,  H04L45/02 ,  H04L45/14

Abstract: In one embodiment, a method comprises creating, in a computing network, a loop-free routing topology comprising a plurality of routing arcs for reaching a destination device, each routing arc comprising a first network device as a first end of the routing arc, a second network device as a second end of the routing arc, and at least a third network device configured for routing any network traffic along the routing arc toward the destination device via any one of the first or second ends of the routing arc; and causing the network traffic to be forwarded along at least one of the routing arcs to the destination device.

Abstract translation: 在一个实施例中，一种方法包括在计算网络中创建包括用于到达目的地设备的多个路由弧的无环路由拓扑，每个路由弧包括作为路由电弧的第一端的第一网络设备， 第二网络设备作为路由电弧的第二端，以及至少第三网络设备，被配置为经由所述路由电弧的所述第一或第二端中的任一个沿着所述路由电弧将任何网络业务路由到目的地设备; 并且使得网络业务沿着至少一个路由弧被转发到目的地设备。

公开(公告)号：WO2006110370A2

公开(公告)日：2006-10-19

申请号：PCT/US2006/012279

申请日：2006-04-04

Applicant: CISCO TECHNOLOGY, INC. ,  THUBERT, Pascal ,  WETTERWALD, Patrick ,  RIBIERE, Vincent, Jean ,  LEVY-ABEGNOLI, Eric M.

Inventor： THUBERT, Pascal ,  WETTERWALD, Patrick ,  RIBIERE, Vincent, Jean ,  LEVY-ABEGNOLI, Eric M.

IPC: H04L12/28 ,  H04L12/56

CPC classification number: H04W40/24 ,  H04L45/48 ,  H04W8/082 ,  H04W48/16 ,  H04W80/04 ,  H04W84/18

Abstract: Mobile routers in a tree-based network topology with a single clusterhead in an ad hoc network establish connectivity based on each attached mobile router sending a neighbor advertisement message to an attachment mobile router via a corresponding egress interface. Any neighbor advertisement message received by a mobile router is used to identify specified network prefixes that are reachable via the source of the neighbor advertisement message. Each attached mobile router outputs to its attachment router another neighbor advertisement message that specifies the network prefix used by the mobile router, and the specified network prefixes from its attached mobile routers. The mobile router also identifies peer mobile routers having the same depth, and selectively shares limited routing information with the peer routers, enabling the mobile router to bypass the clusterhead and reach remote prefixes via the peer routers without burdening the tree.

Abstract translation: 基于树状网络拓扑中的移动路由器，在自组织网络中具有单个簇头，基于每个附接的移动路由器，通过相应的出口接口向附属移动路由器发送邻居通告消息建立连接。 由移动路由器接收到的任何邻居通告消息用于识别经由邻居广播消息的源可达的指定网络前缀。 每个连接的移动路由器向其附接路由器输出另一个邻居通告消息，其指定移动路由器使用的网络前缀，以及来自其附接的移动路由器的指定的网络前缀。 移动路由器还识别具有相同深度的对等移动路由器，并且选择性地与对等路由器共享有限的路由信息​​，使得移动路由器能够绕过群集头并且经由对等路由器到达远程前缀，而不加重树。

公开(公告)号：WO2004102849A2

公开(公告)日：2004-11-25

申请号：PCT/US2004013757

申请日：2004-05-05

Applicant: CISCO TECH IND ,  LEVY-ABEGNOLI ERIC ,  THUBERT PASCAL ,  MOLTENI MARCO ,  WETTERWALD PATRICK ,  VILLARI MASSIMO

Inventor： LEVY-ABEGNOLI ERIC ,  THUBERT PASCAL ,  MOLTENI MARCO ,  WETTERWALD PATRICK ,  VILLARI MASSIMO

IPC: H04L12/56 ,  H04L29/06 ,  H04L29/12 ,  H04L

CPC classification number: H04L29/12783 ,  H04L29/12009 ,  H04L45/02 ,  H04L45/025 ,  H04L45/54 ,  H04L45/566 ,  H04L45/7457 ,  H04L61/35 ,  H04W8/087

Abstract: A router is configured for sharing routing rules with other routers, the routing rules defining aggregated routes according to a prescribed topology. Each routing rule, used by the router for routing a packet having a corresponding matching destination address prefix, specifies a corresponding address prefix pattern rule for extracting an identified pattern from a portion of the destination address, and a gateway address pattern rule for generating a gateway address, for a gateway providing reachability to the destination address, based on applying the identified pattern to a specified portion of the gateway address. The router generates a routing update message that describes the address prefix pattern rule and the gateway address pattern rule, and outputs the routing update message to a second router according to a prescribed distance vector routing protocol (e.g., Multiprotocol Extension for Border Gateway Protocol).

Abstract translation: 路由器配置为与其他路由器共享路由规则，路由规则根据规定的拓扑定义聚合路由。 路由器用于路由具有相应匹配目的地址前缀的分组的每个路由规则指定相应的地址前缀模式规则，用于从目的地地址的一部分中提取识别的模式，以及用于生成网关的网关地址模式规则 基于将所识别的模式应用于网关地址的指定部分的用于提供对目的地地址的可达性的网关的地址。 路由器生成描述地址前缀模式规则和网关地址模式规则的路由更新消息，并根据规定的距离向量路由协议（例如，用于边界网关协议的多协议扩展）将路由更新消息输出到第二路由器。

公开(公告)号：WO2008154152A1

公开(公告)日：2008-12-18

申请号：PCT/US2008/064830

申请日：2008-05-27

Applicant: CISCO TECHNOLOGY, INC. ,  LEVY-ABEGNOLI, Eric Michel ,  THUBERT, Pascal

Inventor： LEVY-ABEGNOLI, Eric Michel ,  THUBERT, Pascal

IPC: H04L29/06

CPC classification number: H04L45/00 ,  H04L45/02 ,  H04L63/0823 ,  H04L63/1416 ,  H04L63/1466

Abstract: In one embodiment, a method comprises receiving, by a router in a network, a router advertisement message on a network link of the network; detecting within the router advertisement message, by the router, an advertised address prefix and an identified router having transmitted the router advertisement message within the network; determining, by the router, whether the identified router is authorized to at least one of advertise itself as a router, or advertise the advertised address prefix on the network link; and selecitvely initiating, by the router, a defensive operation against the identified router based on the router determining the identified router is not authorized to advertise itself as a router, or advertise the advertised address prefix on the network link.

Abstract translation: 在一个实施例中，一种方法包括由网络中的路由器接收网络的网络链路上的路由器通告消息; 在路由器通告消息内检测由路由器发布的地址前缀和已经在网络内发送了路由器通告消息的已识别路由器; 由所述路由器确定所识别的路由器是否被授权至少一个将自身公告为路由器，或者在所述网络链路上通告所通告的地址前缀; 并且通过路由器选择地基于路由器对所识别的路由器进行防御性操作，所述路由器确定所识别的路由器不被授权作为路由器发布自身，或者在网络链路上通告所通告的地址前缀。

公开(公告)号：WO2008073349A3

公开(公告)日：2008-06-19

申请号：PCT/US2007/025176

申请日：2007-12-10

Applicant: CISCO TECHNOLOGY, INC. ,  LEVY-ABEGNOLI, Eric, Michel ,  GROSSETETE, Patrick

Inventor： LEVY-ABEGNOLI, Eric, Michel ,  GROSSETETE, Patrick

IPC: H04L9/00

Abstract: In one embodiment, a method includes receiving, by an access router, an Internet Protocol version 6 (IPv6) packet that specifies a request for executing a preemptive service for data packets specifying a prescribed flow label field value identified in the request. The method further includes attempting authentication of the request by the access router based on a prescribed secure authentication protocol. The method further includes implementing the preemptive service by the access router based on the authentication of the request, including passing any IPv6 data packet received from a host node and having an IPv6 header specifying the prescribed flow label field value and satisfying a prescribed security condition, and limiting transfer of any data packet that does not specify the prescribed flow label field value or satisfy the prescribed security condition.

公开(公告)号：WO2008073349A2

公开(公告)日：2008-06-19

申请号：PCT/US2007025176

申请日：2007-12-10

Applicant: CISCO TECH INC ,  LEVY-ABEGNOLI ERIC MICHEL ,  GROSSETETE PATRICK

Inventor： LEVY-ABEGNOLI ERIC MICHEL ,  GROSSETETE PATRICK

IPC: H04L12/56

CPC classification number: H04L47/10 ,  H04L45/00 ,  H04L47/2408 ,  H04L47/245 ,  H04L63/0823 ,  H04L63/12

Abstract: In one embodiment, a method includes receiving, by an access router, an Internet Protocol version 6 (IPv6) packet that specifies a request for executing a preemptive service for data packets specifying a prescribed flow label field value identified in the request. The method further includes attempting authentication of the request by the access router based on a prescribed secure authentication protocol. The method further includes implementing the preemptive service by the access router based on the authentication of the request, including passing any IPv6 data packet received from a host node and having an IPv6 header specifying the prescribed flow label field value and satisfying a prescribed security condition, and limiting transfer of any data packet that does not specify the prescribed flow label field value or satisfy the prescribed security condition.

Abstract translation: 在一个实施例中，一种方法包括由接入路由器接收因特网协议版本6（IPv6）分组，所述互联网协议版本6（IPv6）分组指定执行针对请求中标识的规定流标签字段值的数据分组的抢占服务的请求。 该方法还包括基于规定的安全认证协议来尝试对接入路由器的请求进行认证。 该方法还包括基于该请求的认证来实现接入路由器的抢占业务，包括通过从主机节点接收的任何IPv6数据分组，并具有指定规定流标签字段值的IPv6报头并满足规定的安全条件， 并且限制不指定规定流标签字段值或满足规定安全条件的任何数据分组的传送。