专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07948986B1 Applying services within MPLS networks 有权
标题翻译：在MPLS网络中应用业务
公开(公告)号：US07948986B1
公开(公告)日：2011-05-24
申请号：US12392740
申请日：2009-02-25
申请人： Kaushik Ghosh , Kireeti Kompella , Kannan Varadhan
发明人： Kaushik Ghosh , Kireeti Kompella , Kannan Varadhan
IPC分类号： H04L12/56
CPC分类号： H04L45/50
摘要： In general, techniques are described that facilitate application of service within MPLS networks. More specifically, a router comprises a forwarding plane, a service plane and a routing engine. The routing engine maintains data defining an association between a handle identifying a property common to a plurality of packets of a particular context and one or more MPLS labels associated with these packets. The routing engine automatically generates and installs a filter to identify these packets within both the forwarding and service planes. The forwarding plane applies the filter to incoming packets to determine whether each of the incoming packets includes a label matching any of the labels of the filter and forwards the incoming packets to the service plane upon a match. The service card selects one or more services identified by the filter and applies the selected one or more services to the incoming packet.
摘要翻译：一般来说，描述了有助于在MPLS网络中应用服务的技术。更具体地，路由器包括转发平面，服务平面和路由引擎。路由引擎维护定义标识特定上下文的多个分组的公共属性的句柄与与这些分组相关联的一个或多个MPLS标签之间的关联的数据。路由引擎自动生成并安装过滤器，以便在转发和服务平面内识别这些数据包。转发平面将过滤器应用于传入的数据包，以确定每个传入数据包是否包含与过滤器的任何标签相匹配的标签，并在匹配时将传入数据包转发到服务平面。服务卡选择由过滤器识别的一个或多个服务，并将所选择的一个或多个服务应用于传入分组。

2. 发明授权

US08949444B1 Flow control scheme for parallel flows 有权
标题翻译：并行流量流控制方案
公开(公告)号：US08949444B1
公开(公告)日：2015-02-03
申请号：US12502808
申请日：2009-07-14
申请人： Qingming Ma , Kannan Varadhan , Rohini Kasturi
发明人： Qingming Ma , Kannan Varadhan , Rohini Kasturi
IPC分类号： G06F15/16
CPC分类号： H04L65/105 , H04L12/2858 , H04L47/10 , H04L47/22 , H04L47/27 , H04L47/283
摘要： A method includes a proxy device receiving from a source device a request to establish a flow to a destination device; generating, based on the request, a meta-packet that indicates that the flow to the destination device is to be proxied; determining whether a pre-established flow connecting the proxy device to another proxy device that leads toward the destination device exists; sending the meta-packet on the pre-established flow, when it is determined that the pre-established flow exists; receiving by the other proxy device, the meta-packet, and establishing the flow to the destination device based on the meta-packet, where the proxy devices assign one or more of a source address, a source port, a destination address, or a destination port, associated with the source device and the destination device, to the pre-established flow.
摘要翻译：一种方法包括代理设备从源设备接收建立到目的地设备的流的请求; 基于所述请求生成表示到目的地设备的流的代理的元数据包; 确定是否存在将代理设备连接到通向目的地设备的另一个代理设备的预先建立的流程; 当确定预先建立的流程存在时，在预先建立的流程上发送元数据包; 由所述其他代理设备接收所述元数据包，以及基于所述元数据包建立到所述目的地设备的流，其中所述代理设备分配源地址，源端口，目的地地址或者源地址中的一个或多个与源设备和目标设备相关联的目标端口连接到预先建立的流。

3. 发明授权

US06654359B1 Wireless access to packet-based networks 失效
标题翻译：无线接入基于分组的网络
公开(公告)号：US06654359B1
公开(公告)日：2003-11-25
申请号：US09210072
申请日：1998-12-11
申请人： Thomas F. La Porta , Kazutaka Murakami , Ramachandran Ramjee , Sandra R. Thuel , Kannan Varadhan
发明人： Thomas F. La Porta , Kazutaka Murakami , Ramachandran Ramjee , Sandra R. Thuel , Kannan Varadhan
IPC分类号： H04J1228
CPC分类号： H04L61/2015 , H04L29/12216 , H04L29/12301 , H04L29/12311 , H04L29/12801 , H04L61/2076 , H04L61/2084 , H04L61/6004 , H04W40/248 , H04W40/28 , H04W40/36 , H04W80/04 , H04W88/005
摘要： Domains are defined to incorporate a subnet including a plurality of base stations and routers. Base stations are used by mobile devices to attach to the wired portion of a packet-based network, such as the Internet, and exchange packets thereover with a correspondent node. Local mobility between domain base stations is provided by including and updating routing table entries at domain routers and base stations for forwarding packets having a mobile device's address as a destination address to the mobile device. Packets are delivered to the mobile device regardless of the domain base station to which the mobile device is attached. When a mobile device is attached to a base station included within a foreign domain, a care-of address is assigned, and packets are tunneled for delivery of packets to the mobile device. Only one care-of address is required per mobile device per foreign domain. Routing table entries used for packet delivery are updated on a purely local subnet basis within domains, whether home domain or foreign domain, making handoffs between base stations substantially transparent to the home agent and the correspondent node.
摘要翻译：域被定义为并入包括多个基站和路由器的子网。移动设备使用基站来附加到诸如因特网的基于分组的网络的有线部分，并且与对应节点交换分组。通过在域路由器和基站处包括和更新路由表条目来提供域基站之间的本地移动，用于将具有移动设备地址的分组转发到移动设备。无论移动设备连接到的域基站如何，都将数据包传送到移动设备。当移动设备附接到包含在外部域中的基站时，分配转交地址，并且分组被隧道传送到移动设备的分组。每个移动设备每个外国域只需要一个转交地址。用于分组传递的路由表条目在域内纯属于本地子网进行更新，无论是归属域还是外部域，使基站之间的切换对归属代理和通信节点基本上是透明的。

4. 发明授权

US08307422B2 Routing device having integrated MPLS-aware firewall 有权
标题翻译：集成MPLS感知防火墙的路由设备
公开(公告)号：US08307422B2
公开(公告)日：2012-11-06
申请号：US12271605
申请日：2008-11-14
申请人： Kannan Varadhan , Joao Campelo F. N. Gomes
发明人： Kannan Varadhan , Joao Campelo F. N. Gomes
IPC分类号： G06F15/16
CPC分类号： H04L63/0272 , H04L12/4633 , H04L12/4641 , H04L45/04 , H04L45/50 , H04L45/60 , H04L63/0227
摘要： An MPLS-aware firewall allows firewall security policies to be applied to MPLS traffic. The firewall, which may be integrated within a routing device, can be configured into multiple virtual security systems. The routing device provides a user interface by which a user specifies one or more zones to be recognized by the integrated firewall when applying stateful firewall services to the packets. The user interface allows the user to define different zones and policies for different ones of the virtual security systems. In addition, the user interface supports a syntax that allows the user to define the zones for the firewall by specifying the customer VPNs as interfaces associated with the zones. The routing device generates mapping information for the integrated firewall to map the customer VPNs to specific MPLS labels for the MPLS tunnels carrying the customer's traffic.
摘要翻译：支持MPLS的防火墙允许将防火墙安全策略应用于MPLS流量。可以集成在路由设备中的防火墙可以被配置成多个虚拟安全系统。路由设备提供用户界面，当用户界面向应用状态的防火墙服务应用时，用户指定一个或多个被集成防火墙识别的区域。用户界面允许用户为不同的虚拟安全系统定义不同的区域和策略。此外，用户界面支持语法，允许用户通过将客户VPN指定为与区域相关联的接口来定义防火墙的区域。路由设备生成集成防火墙的映射信息，将客户VPN映射到承载客户流量的MPLS隧道的特定MPLS标签。

5. 发明申请

US20100043068A1 ROUTING DEVICE HAVING INTEGRATED MPLS-AWARE FIREWALL 有权
标题翻译：具有集成的MPLS-AWARE防火墙的路由设备
公开(公告)号：US20100043068A1
公开(公告)日：2010-02-18
申请号：US12271605
申请日：2008-11-14
申请人： Kannan Varadhan , Joao Campelo F.N. Gomes
发明人： Kannan Varadhan , Joao Campelo F.N. Gomes
IPC分类号： G06F21/00 , H04L9/32
CPC分类号： H04L63/0272 , H04L12/4633 , H04L12/4641 , H04L45/04 , H04L45/50 , H04L45/60 , H04L63/0227
摘要： An MPLS-aware firewall allows firewall security policies to be applied to MPLS traffic. The firewall, which may be integrated within a routing device, can be configured into multiple virtual security systems. The routing device provides a user interface by which a user specifies one or more zones to be recognized by the integrated firewall when applying stateful firewall services to the packets. The user interface allows the user to define different zones and policies for different ones of the virtual security systems. In addition, the user interface supports a syntax that allows the user to define the zones for the firewall by specifying the customer VPNs as interfaces associated with the zones. The routing device generates mapping information for the integrated firewall to map the customer VPNs to specific MPLS labels for the MPLS tunnels carrying the customer's traffic.
摘要翻译：支持MPLS的防火墙允许将防火墙安全策略应用于MPLS流量。可以集成在路由设备中的防火墙可以被配置成多个虚拟安全系统。路由设备提供用户界面，当用户界面向应用状态的防火墙服务应用时，用户指定一个或多个被集成防火墙识别的区域。用户界面允许用户为不同的虚拟安全系统定义不同的区域和策略。此外，用户界面支持语法，允许用户通过将客户VPN指定为与区域相关联的接口来定义防火墙的区域。路由设备生成集成防火墙的映射信息，将客户VPN映射到承载客户流量的MPLS隧道的特定MPLS标签。

6. 发明授权

US07239618B1 Single phase local mobility scheme for wireless access to packet-based networks 失效
标题翻译：用于无线接入基于分组的网络的单相本地移动性方案
公开(公告)号：US07239618B1
公开(公告)日：2007-07-03
申请号：US09210213
申请日：1998-12-11
申请人： Thomas F. La Porta , Kazutaka Murakami , Ramachandran Ramjee , Sandra R. Thuel , Kannan Varadhan
发明人： Thomas F. La Porta , Kazutaka Murakami , Ramachandran Ramjee , Sandra R. Thuel , Kannan Varadhan
IPC分类号： H04Q7/00
CPC分类号： H04L61/2015 , H04L29/06 , H04L29/12018 , H04L29/12216 , H04L29/12301 , H04L29/12311 , H04L29/12801 , H04L61/10 , H04L61/2076 , H04L61/2084 , H04L61/6004 , H04W8/087 , H04W36/04 , H04W80/04
摘要： Local mobility within a subnet is supported by classifying wireless base stations, and the routers used to forward packets to those base stations, within defined domains. Domains are defined to incorporate a subnet having a plurality of base stations. Base stations are used by mobile devices to attach to the wired portion of a packet-based network, such as the Internet, and exchange packets thereover with a correspondent node. Packets sent from the correspondent node to the mobile device have a packet destination address corresponding to the mobile device. The mobile device retains this address for the duration of time it is powered up and attached to the Internet via any base station within a given domain. Host-based routing is utilized to update routing table entries corresponding to the mobile device at routers incorporated within a single domain. The routing table entries are established and updated via path setup schemes to convey packets destined for the mobile device along the proper established path through the domain routers and base stations, regardless of the domain base station through which the mobile device is attached. Path setup schemes utilize power up, refresh, and handoff path setup messages to maintain the proper relationship between router interfaces and packet addresses for routing table entries.
摘要翻译：通过对无线基站进行分类来支持子网内的本地移动性，并且用于将数据包转发到定义域内的那些基站的路由器。域定义为包含具有多个基站的子网。移动设备使用基站来附加到诸如因特网的基于分组的网络的有线部分，并且与对应节点交换分组。从通信节点发送到移动设备的分组具有对应于移动设备的分组目的地地址。移动设备在其被加电并且经由给定域内的任何基站连接到因特网的时间内保留该地址。基于主机的路由用于在单个域内的路由器上更新与移动设备相对应的路由表条目。通过路径设置方案建立和更新路由表条目，以便通过域路由器和基站传送去往移动设备的分组沿着适当的建立路径，而不管移动设备通过哪个域基站。路径设置方案利用上电，刷新和切换路径建立消息来维护路由器接口和路由表条目的包地址之间的适当关系。

7. 发明授权

US08619614B2 Dynamic monitoring of network traffic 有权
标题翻译：动态监控网络流量
公开(公告)号：US08619614B2
公开(公告)日：2013-12-31
申请号：US13352790
申请日：2012-01-18
申请人： Krishna Narayanaswamy , Kannan Varadhan
发明人： Krishna Narayanaswamy , Kannan Varadhan
IPC分类号： H04L12/26 , H04L12/28 , H04L12/54 , G06F15/173
CPC分类号： H04L43/18
摘要： A device, connected to a monitoring appliance, may include a traffic analyzer to receive a data unit and identify a traffic flow associated with the data unit. The device may also include a traffic processor to receive the data unit and information regarding the identified traffic flow from the traffic analyzer, determine that the identified traffic flow is to be monitored by the monitoring appliance, change a port number, associated with the data unit, to a particular port number to create a modified data unit when the identified traffic flow is to be monitored by the monitoring appliance, and send the modified data unit to the monitoring appliance.
摘要翻译：连接到监视设备的设备可以包括用于接收数据单元并识别与数据单元相关联的业务流的流量分析器。该设备还可以包括业务处理器以接收数据单元和关于来自业务分析器的所标识的业务流的信息，确定所监视的设备将监视所识别的业务流，改变与数据单元相关联的端口号到特定端口号，以在所监视设备监视所识别的流量时创建修改的数据单元，并将修改的数据单元发送到监视设备。

8. 发明申请

US20100043067A1 SCALABLE SECURITY SERVICES FOR MULTICAST IN A ROUTER HAVING INTEGRATED ZONE-BASED FIREWALL 有权
标题翻译：具有集成区域防火墙的路由器中的可扩展安全服务
公开(公告)号：US20100043067A1
公开(公告)日：2010-02-18
申请号：US12432366
申请日：2009-04-29
申请人： Kannan Varadhan , Jean-Marc Frailong , Anjan Venkatramani
发明人： Kannan Varadhan , Jean-Marc Frailong , Anjan Venkatramani
IPC分类号： G06F21/00 , H04L12/56
CPC分类号： H04L63/0227 , H04L12/18 , H04L45/00 , H04L45/16 , H04L45/30 , H04L63/0254 , H04L63/104
摘要： A multicast-capable firewall allows firewall security policies to be applied to multicast traffic. The multicast-capable firewall may be integrated within a routing device, thus allowing a single device to provide both routing functionality, including multicast support, as well as firewall services. The routing device provides a user interface by which a user specifies one or more zones to be recognized by the integrated firewall when applying stateful firewall services to multicast packets. The user interface supports a syntax that allows the user to define subsets of the plurality of interfaces associated with the zones, and define a single multicast policy to be applied to multicast sessions associated with a multicast group. The multicast policy identifies common services to be applied pre-replication, and exceptions specifying additional services to be applied post-replication to copies of the multicast packets for the one or more zones.
摘要翻译：具有组播功能的防火墙允许将防火墙安全策略应用于组播流量。可组播的防火墙可以集成在路由设备内，从而允许单个设备提供包括组播支持在内的路由功能以及防火墙服务。路由设备提供一个用户界面，用户通过该用户界面指定一个或多个区域，以便在向组播数据包应用状态防火墙服务时由集成防火墙识别。用户界面支持语法，允许用户定义与区域相关联的多个接口的子集，并且定义要应用于与多播组相关联的多播会话的单个组播策略。多播策略标识要应用预复制的常用服务，以及将要复制后应用的其他服务指定给一个或多个区域的多播数据包副本的异常。

9. 发明授权

US07554967B1 Transient tunneling for dynamic home addressing on mobile hosts 有权
标题翻译：在移动主机上进行动态家庭寻址的瞬态隧道
公开(公告)号：US07554967B1
公开(公告)日：2009-06-30
申请号：US09662531
申请日：2000-09-15
申请人： Kannan Varadhan , Thomas F La Porta , Ramachandran Ramjee , Luca Salgarelli , Sandra R Thuel
发明人： Kannan Varadhan , Thomas F La Porta , Ramachandran Ramjee , Luca Salgarelli , Sandra R Thuel
IPC分类号： H04L12/28
CPC分类号： H04W8/26 , H04W8/04 , H04W60/00 , H04W80/04
摘要： Portable and/or mobile IP hosts desiring to connect to the Internet can dynamically acquire a home address and other configuration information through DHCP when powering up in a foreign network. A two-stage configuration procedure is used. First, the mobile host uses the M-IP protocol to establish contact with an addressing element, referred to as a bootstrapping agent, that is usually co-located with a M-IP Home Agent, and that allocates a temporary home address for the mobile host. The temporary address is used to create a temporary tunnel. Second, this temporary tunnel is used as the communication vehicle over which standard DHCP transactions take place. The present invention is thus arranged to use a) M-IP as the signaling mechanism for reaching the home network and dynamically allocating a temporary home address for the mobile host; and b) DHCP to allocate a permanent home address and any other configuration state for the mobile host.
摘要翻译：希望连接到互联网的便携式和/或移动IP主机可以在外部网络中上电时通过DHCP动态获取家庭地址和其他配置信息。使用两阶段配置步骤。首先，移动主机使用M-IP协议与通常与M-IP归属代理共同定位的寻址元素（称为引导代理）建立联系，并且为移动终端分配临时归属地址主办。临时地址用于创建临时隧道。第二，这个临时隧道被用作通过标准DHCP交易发生的通信工具。因此，本发明被设计为使用a）M-IP作为到达家庭网络的信令机制，并为移动主机动态分配临时家庭地址; 和b）DHCP为移动主机分配永久家庭住址和任何其他配置状态。

10. 发明授权

US06842462B1 Wireless access of packet based networks 有权
标题翻译：基于分组的网络的无线接入
公开(公告)号：US06842462B1
公开(公告)日：2005-01-11
申请号：US09466485
申请日：1999-12-17
申请人： Ramachandran Ramjee , Thomas F. La Porta , Kannan Varadhan , Luca Salgarelli , Mark Haner , Arun Narayan Netravali , Gerard Terence Foster
发明人： Ramachandran Ramjee , Thomas F. La Porta , Kannan Varadhan , Luca Salgarelli , Mark Haner , Arun Narayan Netravali , Gerard Terence Foster
IPC分类号： H04L12/56 , H04L29/06 , H04J3/16
CPC分类号： H04L63/0823 , H04L63/0428 , H04L69/08 , H04W8/26 , H04W12/06 , H04W40/02 , H04W76/20 , H04W80/04 , H04W92/02
摘要： A General Packet Radio Service (GPRS) Accessed Extended Mobile Internet Protocol (EMIP) [G-EMIP] network is provided for wireless mobile device access to external packet data networks. Domains are defined to incorporate a subnet of standard GPRS and EMIP network entities accessed through a Domain Router. Packet access at the radio interface is provided using the base station portion of a GPRS network. Wireless link specific processing is relegated to this potion of the G-EMIP network. EMIP is utilized as a backbone network to provide mobility and service management and interconnection to external networks. A GPRS-IP Interworking entity (GII) interworks IP and GPRS protocols between GPRS and IP addressable network entities (i.e., translates messages of each protocol to corresponding messages of the other protocol). Mobility-related functionality is handled at the IP (network) layer. Mobile IP is used to support the macro-mobility and Handoff-Aware Wireless Access Internet Infrastructure (HAWAII) is used to support micro-mobility and paging. The Domain Router provides packet service management and interacts with a Home Location Register/Authentication Center, which provides GRPS registration, authentication and encryption.
摘要翻译：通用分组无线业务（GPRS）接入扩展移动因特网协议（EMIP）[G-EMIP]网络用于无线移动设备接入外部分组数据网络。域被定义为包含通过域路由器访问的标准GPRS和EMIP网络实体的子网。使用GPRS网络的基站部分提供在无线电接口处的分组接入。无线链路特定处理被归入G-EMIP网络的这一药水。 EMIP被用作骨干网络，以提供移动性和服务管理以及与外部网络的互连。 GPRS-IP互通实体（GII）在GPRS和IP可寻址网络实体之间互通IP和GPRS协议（即，将每个协议的消息转换为另一协议的相应消息）。移动性相关功能在IP（网络）层处理。移动IP用于支持宏移动性和Handoff-Aware无线接入互联网基础架构（HAWAII）用于支持微移动和分页。域路由器提供数据包服务管理，并与归属位置寄存器/认证中心交互，该中心提供GRPS注册，认证和加密。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式