专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08149695B2 Dynamic queue instantiation 有权
标题翻译：动态队列实例化
公开(公告)号：US08149695B2
公开(公告)日：2012-04-03
申请号：US11315893
申请日：2005-12-22
申请人： Bakul Khanna , Leigh McLellan , Robert Lee , Dale Nash
发明人： Bakul Khanna , Leigh McLellan , Robert Lee , Dale Nash
IPC分类号： G01R31/08 , G06F11/00 , G08C15/00 , H04J1/16 , H04J3/14 , H04L12/26 , H04L12/28
CPC分类号： H04L49/90 , H04L47/70 , H04L47/722 , H04L47/748 , H04L47/805
摘要： A Point to Point Protocol (“PPP”) link running PPP Multilink Protocol with multi-class extensions (“Multilink-Extension”) having both peers on the PPP link support a number of egress priority queues negotiated during the Multilink-Extension negotiation. Each peer also establishes a number of classes equal to the negotiated number of egress priority queues. Thus, communication devices that have a different default number, or different maximum number, of egress priority queues can interoperate in a manner that ensures packets have the same per-hop behavior (“PHB”). The present invention is both memory efficient and processing time efficient because only the minimum number of egress priority queues necessary are instantiated.
摘要翻译：在PPP链路上具有两个对等体的具有多类扩展（“多链路扩展”）的运行PPP多链路协议的点对点协议（“PPP”）链路支持在多链路扩展协商期间协商的多个出口优先级队列。每个对等体还建立等于协商的出口优先级队列数量的类数。因此，具有不同的出口优先级队列的默认号码或不同最大数量的通信设备可以以确保分组具有相同的每跳行为（“PHB”）的方式进行互操作。本发明既具有存储器有效性又具有处理时间有效性，因为仅需要最小数量的出口优先级队列被实例化。

2. 发明授权

US08104081B2 IP security with seamless roaming and load balancing 有权
标题翻译： IP安全，无缝漫游和负载平衡
公开(公告)号：US08104081B2
公开(公告)日：2012-01-24
申请号：US11273945
申请日：2005-11-15
申请人： Bakul Khanna , Ron Pon , Ramin Taraz
发明人： Bakul Khanna , Ron Pon , Ramin Taraz
IPC分类号： G06F9/00 , G06F15/16 , G06F17/00
CPC分类号： H04L63/0272 , H04L12/4641 , H04L63/164 , H04L67/1002 , H04L67/1008 , H04L67/1034 , H04L67/1038 , H04W80/04
摘要： Described are a method and system for seamless roaming of a mobile node during a VPN session. A VPN session between the mobile node and a current VPN server in a network is established and synchronized with at least one fail-over VPN server in the network. An address change message is sent to the current VPN server and the fail-over VPN servers upon roaming of the mobile node. A fail-over VPN server responds with a reply message and is registered as a current VPN server for continuation of the VPN session. To load balance, a load query message is sent to the current VPN server and the fail-over VPN servers. Reply messages include server performance characteristics of the VPN servers. The VPN session can be transferred from the current VPN server to a fail-over VPN server in response to the server performance characteristics.
摘要翻译：描述了在VPN会话期间移动节点的无缝漫游的方法和系统。移动节点与网络中的当前VPN服务器之间的VPN会话与网络中的至少一个故障切换VPN服务器建立并同步。当移动节点漫游时，地址更改消息将发送到当前VPN服务器和故障切换VPN服务器。故障转移VPN服务器以回复消息进行响应，并注册为用于继续VPN会话的当前VPN服务器。为了平衡负载，负载查询消息被发送到当前的VPN服务器和故障切换VPN服务器。回复消息包括VPN服务器的服务器性能特征。 VPN会话可以从当前的VPN服务器传输到故障切换VPN服务器，以响应服务器的性能特征。

3. 发明授权

US07907595B2 Method and apparatus for learning endpoint addresses of IPSec VPN tunnels 有权
标题翻译：用于学习IPSec VPN隧道端点地址的方法和装置
公开(公告)号：US07907595B2
公开(公告)日：2011-03-15
申请号：US11540104
申请日：2006-09-29
申请人： Bakul Khanna , John Chao , Ramasamy Jesuraj , Robert Lee
发明人： Bakul Khanna , John Chao , Ramasamy Jesuraj , Robert Lee
IPC分类号： H04L12/28 , H04L12/56
CPC分类号： H04L45/04 , H04L12/4641 , H04L45/00 , H04L45/02 , H04L45/50 , H04L63/0272 , H04L63/164
摘要： Customer Edge (CE) network elements can automatically learn IPSec tunnel endpoints for other CEs connected to sites in a Virtual Private Network (VPN) so that manual configuration of IPSec tunnel endpoints is not required and so that a centralized database of IPSec tunnel endpoints is not required to be separately maintained. According to an embodiment of the invention, a BGP export route policy is set on all CEs, so that when they announce their VPN routes in the standard format, the application of this export route policy changes the announcement to replace the BGP peering point address that would ordinarily be advertised with the IPSec tunnel endpoint address. When any given site receives a VPN route update formatted in this manner, it processes the VPN route update and learns from the update the IPSec tunnel endpoint as well as the associated VPN routes.
摘要翻译：客户边缘（CE）网元可以自动学习连接到虚拟专用网络（VPN）中的站点的其他CE的IPSec隧道端点，以便不需要手动配置IPSec隧道端点，从而IPSec隧道端点的集中式数据库不是需要单独维护。根据本发明的实施例，在所有CE上设置BGP出口路由策略，使得当以标准格式发布其VPN路由时，该出口路由策略的应用更改通告，以替换BGP对等点地址，通常将使用IPSec隧道端点地址进行通告。当任何给定的站点接收到以这种方式格式化的VPN路由更新时，它处理VPN路由更新，并从更新IPSec隧道端点以及关联的VPN路由中学习。

4. 发明申请

US20070113275A1 IP security with seamless roaming and load balancing 有权
标题翻译： IP安全，无缝漫游和负载平衡
公开(公告)号：US20070113275A1
公开(公告)日：2007-05-17
申请号：US11273945
申请日：2005-11-15
申请人： Bakul Khanna , Ron Pon , Ramin Taraz
发明人： Bakul Khanna , Ron Pon , Ramin Taraz
IPC分类号： G06F15/16 , G06F17/00 , G06F9/00 , H04L9/00
CPC分类号： H04L63/0272 , H04L12/4641 , H04L63/164 , H04L67/1002 , H04L67/1008 , H04L67/1034 , H04L67/1038 , H04W80/04
摘要： Described are a method and system for seamless roaming of a mobile node during a VPN session. A VPN session between the mobile node and a current VPN server in a network is established and synchronized with at least one fail-over VPN server in the network. An address change message is sent to the current VPN server and the fail-over VPN servers upon roaming of the mobile node. A fail-over VPN server responds with a reply message and is registered as a current VPN server for continuation of the VPN session. To load balance, a load query message is sent to the current VPN server and the fail-over VPN servers. Reply messages include server performance characteristics of the VPN servers. The VPN session can be transferred from the current VPN server to a fail-over VPN server in response to the server performance characteristics.
摘要翻译：描述了在VPN会话期间移动节点的无缝漫游的方法和系统。移动节点与网络中的当前VPN服务器之间的VPN会话与网络中的至少一个故障切换VPN服务器建立并同步。当移动节点漫游时，地址更改消息将发送到当前VPN服务器和故障切换VPN服务器。故障转移VPN服务器以回复消息进行响应，并注册为用于继续VPN会话的当前VPN服务器。为了平衡负载，负载查询消息被发送到当前的VPN服务器和故障切换VPN服务器。回复消息包括VPN服务器的服务器性能特征。 VPN会话可以从当前的VPN服务器传输到故障切换VPN服务器，以响应服务器的性能特征。

5. 发明申请

US20090158417A1 Anti-replay protection with quality of services (QoS) queues 有权
标题翻译：具有服务质量（QoS）队列的反重放保护
公开(公告)号：US20090158417A1
公开(公告)日：2009-06-18
申请号：US12002729
申请日：2007-12-17
申请人： Bakul Khanna , William A. Miller, III , Jozef Babiarz
发明人： Bakul Khanna , William A. Miller, III , Jozef Babiarz
IPC分类号： G06F17/00 , G06F11/30 , G06F15/16
CPC分类号： H04L63/1466
摘要： An embodiment of the present invention includes a technique to provide anti-replay protection with QoS queues. A single global anti-replay window is maintained to have global lowest and highest sequence numbers for an Internet protocol security (IPSec) security association (SA). The single global anti-replay window is associated with individual differentiated services code point (DSCP) or DSCP group, the individual DSCP or DSCP group corresponding to individual per-DSCP anti-replay windows. A received packet having a sequence number is pre-processed before packet processing using the single global anti-replay window. The received packet is post-processed after packet processing using the individual per-DSCP anti-replay windows.
摘要翻译：本发明的实施例包括提供具有QoS队列的反重放保护的技术。维护单个全局反重放窗口以具有用于因特网协议安全（IPSec）安全关联（SA））的全局最低和最高序列号。单个全局反重播窗口与个体差异化服务代码点（DSCP）或DSCP组相关联，每个DSCP或DSCP组对应于每个DSCP反重播窗口。具有序列号的接收分组在使用单个全局反重放窗口的分组处理之前被预处理。接收到的数据包在使用单个DSCP反重放窗口的数据包处理后进行后处理。

6. 发明申请

US20080080509A1 Method and apparatus for learning endpoint addresses of IPSec VPN tunnels 有权
标题翻译：用于学习IPSec VPN隧道端点地址的方法和装置
公开(公告)号：US20080080509A1
公开(公告)日：2008-04-03
申请号：US11540104
申请日：2006-09-29
申请人： Bakul Khanna , John Chao , Ramasamy Jesuraj , Robert Lee
发明人： Bakul Khanna , John Chao , Ramasamy Jesuraj , Robert Lee
IPC分类号： H04L12/56
CPC分类号： H04L45/04 , H04L12/4641 , H04L45/00 , H04L45/02 , H04L45/50 , H04L63/0272 , H04L63/164
摘要： Customer Edge (CE) network elements can automatically learn IPSec tunnel endpoints for other CEs connected to sites in a Virtual Private Network (VPN) so that manual configuration of IPSec tunnel endpoints is not required and so that a centralized database of IPSec tunnel endpoints is not required to be separately maintained. According to an embodiment of the invention, a BGP export route policy is set on all CEs, so that when they announce their VPN routes in the standard format, the application of this export route policy changes the announcement to replace the BGP peering point address that would ordinarily be advertised with the IPSec tunnel endpoint address. When any given site receives a VPN route update formatted in this manner, it processes the VPN route update and learns from the update the IPSec tunnel endpoint as well as the associated VPN routes.
摘要翻译：客户边缘（CE）网元可以自动学习连接到虚拟专用网络（VPN）中的站点的其他CE的IPSec隧道端点，以便不需要手动配置IPSec隧道端点，从而IPSec隧道端点的集中式数据库不是需要单独维护。根据本发明的实施例，在所有CE上设置BGP出口路由策略，使得当以标准格式发布其VPN路由时，该出口路由策略的应用更改通告，以替换BGP对等点地址，通常将使用IPSec隧道端点地址进行通告。当任何给定的站点接收到以这种方式格式化的VPN路由更新时，它处理VPN路由更新，并从更新IPSec隧道端点以及关联的VPN路由中学习。

7. 发明申请

US20100329252A1 Method and Apparatus for Enabling Multicast Route Leaking Between VRFs in Different VPNs 审中-公开
标题翻译：在不同VPN中的VRF之间启用组播路由泄漏的方法和装置
公开(公告)号：US20100329252A1
公开(公告)日：2010-12-30
申请号：US12492577
申请日：2009-06-26
申请人： Vijay Mulamalla , Ganesh Nakhawa , Bakul Khanna
发明人： Vijay Mulamalla , Ganesh Nakhawa , Bakul Khanna
IPC分类号： H04L12/56
CPC分类号： H04L45/00 , H04L12/18 , H04L12/1886 , H04L12/4641 , H04L45/16
摘要： Multicast route leaking between VRFs in different VPNs enables receivers in different VPNs to subscribe to the same IP multicast so that an efficient IP multicast distribution tree can be built to include subscribers in multiple VPNs. VRFs are administratively configured to implement multicast route leaking and each such configured VRF brings up an internal connectionless IP interface. The VRFs then enable the multicast routing protocol (e.g. PIM) on the internal IP interface to establish PIM neighborships with each other. When a VRF receives an IGMP join from a receiver, it uses PIM to join the receiver to the multicast over the internal IP interface. This enables receivers outside of a VPN but associated with VRFs that are co-located on the same PE to join multicasts established within the VPN so that separate multicast distribution trees are not required for each VPN.
摘要翻译：在不同VPN中的VRF之间的组播路由泄漏使得不同VPN中的接收者可以订阅相同的IP组播，从而可以构建有效的IP组播分发树，以将用户包括在多个VPN中。 VRF管理配置为实现组播路由泄漏，每个这样配置的VRF都会产生一个内部无连接IP接口。然后，VRF使得内部IP接口上的组播路由协议（例如PIM）能够建立彼此的PIM邻居。当VRF从接收者接收IGMP加入时，使用PIM通过内部IP接口将接收者加入组播。这使得接收机不在VPN之外但与位于同一PE上的VRF相关联，以加入在VPN内建立的组播，以便每个VPN不需要单独的组播分发树。

8. 发明授权

US07643488B2 Method and apparatus for supporting multiple customer provisioned IPSec VPNs 有权
标题翻译：支持多个客户提供的IPSec VPN的方法和设备
公开(公告)号：US07643488B2
公开(公告)日：2010-01-05
申请号：US11540198
申请日：2006-09-29
申请人： Bakul Khanna , Ramasamy Jesuraj
发明人： Bakul Khanna , Ramasamy Jesuraj
IPC分类号： H04L12/28
CPC分类号： H04L63/0272 , H04L63/164
摘要： Customer Traffic may be segregated using customer provisioned IPSec VPNs implemented using group security association for IPSec tunnels, by causing the CE network element to implement multiple VRFs for the several VPNs, each of which may be used for a different segment of the customer's traffic. The CE network element may implement a single MPBGP peering session with the GCKS/RR for all VPNs, and may establish secure data channels for each of the VPNs based on the group security associations for each of the VPNs. Although a common MPBGP peering session may be used, routing information for the several VRFs may be separated by applying per-VRF import policies at the CE, so that each VPN only has access to routes intended to be advertised to that VPN.
摘要翻译：客户流量可以使用由IPSec隧道组群安全关联实现的客户提供的IPSec VPN进行隔离，方法是使CE网络单元为多个VPN实施多个VRF，每个VPN可用于客户流量的不同部分。 CE网元可以实现与所有VPN的GCKS / RR的单个MPBGP对等会话，并且可以基于每个VPN的组安全关联来为每个VPN建立安全数据信道。虽然可以使用通用的MPBGP对等体会话，但可以通过在CE处应用每个VRF导入策略来分离多个VRF的路由信息，使得每个VPN只能访问旨在通告给该VPN的路由。

9. 发明申请

US20070147403A1 Interface scheduling and traffic-shaping 有权
标题翻译：接口调度和流量整形
公开(公告)号：US20070147403A1
公开(公告)日：2007-06-28
申请号：US11315894
申请日：2005-12-22
申请人： Bakul Khanna , Leigh McLellan , Robert Lee , Dale Nash
发明人： Bakul Khanna , Leigh McLellan , Robert Lee , Dale Nash
IPC分类号： H04L12/56
CPC分类号： H04L47/22 , H04L47/20 , H04L47/21 , H04L47/50 , H04L49/9063
摘要： Efficient interface scheduling that maintains fairness among the scheduled interfaces and remains efficient even when scheduling large numbers of interfaces and even when implemented in software. Systems for scheduling interfaces through a physical port are provided that utilize a bit-mask. Each bit-mask has a bit-mask-level-1 having a plurality of bits, each bit in the bit-mask-level-1 represents a unit of bandwidth with the total number of bits in the bit-mask-level-1 representing the port's line speed, each bit in a bit-mask-level-1 is associated with an interface, and the number of bits associated with each interface determines the bandwidth for that interface. Methods of scheduling interfaces are provided that utilize one or more bit-masks to determine an order in which interfaces are scheduled. The present invention can efficiently implement versions of the dual-token-bucket algorithm.
摘要翻译：高效的接口调度在调度接口之间保持公平性，即使在调度大量接口时甚至在软件中实现时仍保持高效。提供了通过物理端口调度接口的系统，利用位掩码。每个比特掩码具有多个比特的比特掩码级-1，比特掩码级-1中的每一比特代表带宽的单位，其中比特掩码级1中的总比特数表示端口线路速度，位掩码级别-1中的每个位与接口相关联，并且与每个接口相关联的位数决定该接口的带宽。提供调度接口的方法，其利用一个或多个位掩码来确定调度接口的顺序。本发明可以有效地实现双令牌桶算法的版本。

10. 发明申请

US20070147402A1 Dynamic queue instantiation 有权
标题翻译：动态队列实例化
公开(公告)号：US20070147402A1
公开(公告)日：2007-06-28
申请号：US11315893
申请日：2005-12-22
申请人： Bakul Khanna , Leigh McLellan , Robert Lee , Dale Nash
发明人： Bakul Khanna , Leigh McLellan , Robert Lee , Dale Nash
IPC分类号： H04L12/56
CPC分类号： H04L49/90 , H04L47/70 , H04L47/722 , H04L47/748 , H04L47/805
摘要： A Point to Point Protocol (“PPP”) link running PPP Multilink Protocol with multi-class extensions (“Multilink-Extension”) having both peers on the PPP link support a number of egress priority queues negotiated during the Multilink-Extension negotiation. Each peer also establishes a number of classes equal to the negotiated number of egress priority queues. Thus, communication devices that have a different default number, or different maximum number, of egress priority queues can interoperate in a manner that ensures packets have the same per-hop behavior (“PHB”). The present invention is both memory efficient and processing time efficient because only the minimum number of egress priority queues necessary are instantiated.
摘要翻译：在PPP链路上具有两个对等体的具有多类扩展（“多链路扩展”）的运行PPP多链路协议的点对点协议（“PPP”）链路支持在多链路扩展协商期间协商的多个出口优先级队列。每个对等体还建立等于协商的出口优先级队列数量的类数。因此，具有不同的出口优先级队列的默认号码或不同最大数量的通信设备可以以确保分组具有相同的每跳行为（“PHB”）的方式进行互操作。本发明既具有存储器有效性又具有处理时间有效性，因为仅需要最小数量的出口优先级队列被实例化。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式