专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08650618B2 Integrating service insertion architecture and virtual private network 有权
标题翻译：集成服务插入架构和虚拟专用网络
公开(公告)号：US08650618B2
公开(公告)日：2014-02-11
申请号：US12507422
申请日：2009-07-22
申请人： Rajiv Asati , Mohamed Khalid , Sunil Cherukuri , Kenneth A. Durazzo , Shree Murthy
发明人： Rajiv Asati , Mohamed Khalid , Sunil Cherukuri , Kenneth A. Durazzo , Shree Murthy
IPC分类号： G06F7/04
CPC分类号： H04L63/0272 , H04L12/4633 , H04L12/4641 , H04L63/0892 , H04L63/102 , H04L63/164
摘要： Apparatus, methods, and other embodiments associated with providing service insertion architecture (SIA) differentiated services in a virtual private network (VPN) environment are described. Embodiments may provision an authentication, authorization, and accounting (AAA) server with user-to-SIA service-context mapping information. With the AAA server provisioned, embodiments may acquire, in an IPSec VPN hub, during IPSec tunnel user authentication, from the AAA server, the user-to-SIA service-context mapping information. With the mapping information available, embodiments may dynamically map an SIA service to an IPSec VPN tunnel user based on the service information acquired from the Service Broker or Pseudo-Service Broker. The dynamic mapping facilitates providing differentiated services in the SIA by facilitating forwarding an IPSec packet received on the IPSec VPN tunnel from the user to a service node associated with the SIA service based, at least in part, on the IPSec SADB entry modified using the service information.
摘要翻译：描述了与在虚拟专用网络（VPN）环境中提供服务插入架构（SIA）差异化服务相关联的装置，方法和其他实施例。实施例可以提供具有用户到SIA服务 - 上下文映射信息的认证，授权和计费（AAA）服务器。在提供AAA服务器的情况下，实施例可以在IPSec VPN集线器中从AAA服务器获取用户到SIA服务上下文映射信息的IPSec隧道用户认证期间。利用可用的映射信息，实施例可以基于从服务代理或伪服务代理获取的服务信息来动态地将SIA服务映射到IPSec VPN隧道用户。动态映射有助于在SIA中提供差分服务，方法是至少部分地基于使用该服务修改的IPSec SADB条目，将在IPSec VPN隧道上接收的IPSec分组从用户转发到与SIA服务相关联的服务节点信息。

2. 发明申请

US20100254385A1 Service Insertion Architecture (SIA) in a Virtual Private Network (VPN) Aware Network 审中-公开
标题翻译：虚拟专用网（VPN）感知网络中的服务插入架构（SIA）
公开(公告)号：US20100254385A1
公开(公告)日：2010-10-07
申请号：US12419569
申请日：2009-04-07
申请人： Govind Prasad Sharma , Mohamed Khalid , Shree Murthy , Rajiv Asati
发明人： Govind Prasad Sharma , Mohamed Khalid , Shree Murthy , Rajiv Asati
IPC分类号： H04L12/56 , H04L12/54
CPC分类号： H04L45/00 , H04L12/4633 , H04L12/4641
摘要： Systems, methods, and other embodiments associated with interworking a VPN and an SIA are described. One example apparatus includes a mapping data store to store a mapping between two logical groups of network devices having separate forwarding planes that are at least partially incompatible. The apparatus includes an instantiation logic to establish the mapping based on unique identifiers associated with the logical groups. The apparatus also includes an encoding logic to implicitly encode information to identify the first logical group in a packet received from the first logical group, provided to the second logical group, and then provided back to the first logical group. The implicitly encoded information is configured to be used without modification by the forwarding plane associated with the second logical group and is configured to facilitate a member of the second logical group resolving the mapping.
摘要翻译：描述与互联VPN和SIA相关联的系统，方法和其他实施例。一个示例性设备包括映射数据存储，用于存储具有至少部分不兼容的具有单独转发平面的两个逻辑组网络设备之间的映射。该装置包括用于基于与逻辑组相关联的唯一标识符建立映射的实例化逻辑。该装置还包括编码逻辑，用于隐含地编码信息以识别提供给第二逻辑组的从第一逻辑组接收的分组中的第一逻辑组，然后提供给第一逻辑组。隐式编码的信息被配置为不经由与第二逻辑组相关联的转发平面的修改使用，并且被配置为便于解决映射的第二逻辑组的成员。

3. 发明申请

US20070248091A1 Methods and apparatus for tunnel stitching in a network 审中-公开
标题翻译：网络中隧道拼接的方法和装置
公开(公告)号：US20070248091A1
公开(公告)日：2007-10-25
申请号：US11409586
申请日：2006-04-24
申请人： Mohamed Khalid , Rajiv Asati , Vijay Bollapragada , Sunil Cherukuri
发明人： Mohamed Khalid , Rajiv Asati , Vijay Bollapragada , Sunil Cherukuri
IPC分类号： H04L12/56
CPC分类号： H04L63/0272 , H04L63/029 , H04L63/061
摘要： An edge router (disposed between a packet-switched network and a label-switching network) is configured to receive an IKE message originating from a client on the Internet (e.g., packet-switched network) attempting to set up a tunnel. Upon receipt of the IKE message, the edge router utilizes a unique identifier in the IKE message to identify a virtual private network in the label-switching network. In lieu of terminating an IPSec tunnel at the edge router and performing a respective key exchange with the client, the edge router identifies a corresponding forwarding table associated with the virtual private network (identified by the unique identifier in the IKE message) and, based on the corresponding forwarding table, forwards the IKE message to a destination reachable via the label-switching network. The destination (e.g., a key server in a corresponding VPN) communicates with the client through the edge router to set up the tunnel.
摘要翻译：边缘路由器（布置在分组交换网络和标签交换网络之间）被配置为接收来自尝试建立隧道的因特网上的客户端（例如，分组交换网络）的IKE消息。在接收到IKE消息时，边缘路由器利用IKE消息中的唯一标识符来标识标签交换网络中的虚拟专用网络。边缘路由器代替在边缘路由器上终止IPSec隧道并与客户端进行相应的密钥交换，从而识别与虚拟专用网络相关联的对应转发表（由IKE消息中的唯一标识符标识），并且基于相应的转发表，将IKE消息转发到可通过标签交换网络到达的目的地。目的地（例如，对应的VPN中的密钥服务器）通过边缘路由器与客户端进行通信，以建立隧道。

4. 发明授权

US09281951B2 Any-to any multicasting in a tunnel based virtual private network 有权
标题翻译：任何 - 在基于隧道的虚拟专用网络中的任何多播
公开(公告)号：US09281951B2
公开(公告)日：2016-03-08
申请号：US12315454
申请日：2008-12-03
申请人： Rajiv Asati , Mohamed Khalid , Manikchand R. Bafna
发明人： Rajiv Asati , Mohamed Khalid , Manikchand R. Bafna
IPC分类号： H04L12/18 , H04L12/761
CPC分类号： H04L12/18 , H04L45/16 , H04L2212/00
摘要： Systems, methods, and other embodiments associated with any-to-any multicasting in a tunnel based virtual private network (VPN) are described. One example method includes calculating a resolved address for an unknown reverse path forwarding (RPF) neighbor in an any-to-any multicasting route. The resolved address is calculated using next hop resolution protocol (NHRP) resolution. The address is to be resolved based on control plane traffic. The NHRP address resolution is not to affect unicast routing. The example method may also include establishing the any-to-any multicasting route. Since the multicasting route is any-to-any (e.g., spoke-to-spoke), the multicasting route is not required to include a hub in the logical hub-and-spoke network.
摘要翻译：描述与基于隧道的虚拟专用网（VPN）中的任何多播相关联的系统，方法和其他实施例。一种示例性方法包括计算任何到任何多播路由中的未知反向路径转发（RPF）邻居的解析地址。使用下一跳解析协议（NHRP）分辨率计算解析的地址。该地址将根据控制平面流量进行解决。 NHRP地址解析不影响单播路由。示例方法还可以包括建立任何到任何多播路由。由于多播路由是任何到任意的（例如，辐对话），所以组播路由不需要将集线器包括在逻辑集线器辐射网络中。

5. 发明授权

US08503453B2 Adaptive quality of service in an easy virtual private network environment 有权
标题翻译：在简单的虚拟专用网络环境中自适应的服务质量
公开(公告)号：US08503453B2
公开(公告)日：2013-08-06
申请号：US11601948
申请日：2006-11-20
申请人： Rajiv Asati , Mohamed Khalid , Aamer Akhter , Pratima Sethi
发明人： Rajiv Asati , Mohamed Khalid , Aamer Akhter , Pratima Sethi
IPC分类号： H04L12/26
CPC分类号： H04L41/5006 , H04L12/4641 , H04L41/0893 , H04L41/5003 , H04L47/10 , H04L47/20
摘要： In one embodiment, a QoS manager process that receives, at an EzVPN server device, connection speed data from an EzVPN client device. In addition, the QoS manager process processes, at the EzVPN server device, the connection speed data to determine a QoS policy for a communications session between the EzVPN client device and the EzVPN server device. Furthermore, the QoS manager process applies, at the EzVPN server device, the QoS policy to the communications session between the EzVPN client device and the EzVPN server device as determined by the processing of the connection speed data.
摘要翻译：在一个实施例中，在EzVPN服务器设备处接收来自EzVPN客户端设备的连接速度数据的QoS管理器进程。另外，QoS管理器处理在EzVPN服务器设备处理连接速度数据，以确定EzVPN客户端设备和EzVPN服务器设备之间的通信会话的QoS策略。此外，QoS管理器进程在EzVPN服务器设备处将QoS策略应用于由连接速度数据的处理确定的EzVPN客户端设备和EzVPN服务器设备之间的通信会话。

6. 发明授权

US08346961B2 System and method for using routing protocol extensions for improving spoke to spoke communication in a computer network 有权
标题翻译：使用路由协议扩展以改善计算机网络中的辐条通信的系统和方法
公开(公告)号：US08346961B2
公开(公告)日：2013-01-01
申请号：US11954831
申请日：2007-12-12
申请人： Rajiv Asati , Mohamed Khalid , Alvaro Enrique Retana , Donnie Van Savage , Pratima Pramod Sethi
发明人： Rajiv Asati , Mohamed Khalid , Alvaro Enrique Retana , Donnie Van Savage , Pratima Pramod Sethi
IPC分类号： G06F15/173
CPC分类号： H04L29/12386 , H04L45/02 , H04L61/2521
摘要： Systems and methods for using routing protocol extensions to improve spoke to spoke communication in a computer network are disclosed. Embodiments provide systems and methods to establish a tunnel between a first spoke and a hub, exchange routing information between the first spoke and the hub using a routing protocol, extend the routing protocol and an associated database to include next hop mapping information, and establish a tunnel between the first spoke and a second spoke according to information in the database.
摘要翻译：公开了使用路由协议扩展来改进计算机网络中的辐条通信的系统和方法。实施例提供了在第一辐条和集线器之间建立隧道的系统和方法，使用路由协议在第一辐条与集线器之间交换路由信息，扩展路由协议和相关联的数据库以包括下一跳映射信息，并建立根据数据库中的信息，第一个辐条和第二个辐条之间的隧道。

7. 发明申请

US20100135294A1 Any-to any multicasting in a tunnel based virtual private network 有权
标题翻译：任何 - 在基于隧道的虚拟专用网络中的任何多播
公开(公告)号：US20100135294A1
公开(公告)日：2010-06-03
申请号：US12315454
申请日：2008-12-03
申请人： Rajiv Asati , Mohamed Khalid , Manikchand R. Bafna
发明人： Rajiv Asati , Mohamed Khalid , Manikchand R. Bafna
IPC分类号： H04L12/56
CPC分类号： H04L12/18 , H04L45/16 , H04L2212/00
摘要： Systems, methods, and other embodiments associated with any-to-any multicasting in a tunnel based virtual private network (VPN) are described. One example method includes calculating a resolved address for an unknown reverse path forwarding (RPF) neighbor in an any-to-any multicasting route. The resolved address is calculated using next hop resolution protocol (NHRP) resolution. The address is to be resolved based on control plane traffic. The NHRP address resolution is not to affect unicast routing. The example method may also include establishing the any-to-any multicasting route. Since the multicasting route is any-to-any (e.g., spoke-to-spoke), the multicasting route is not required to include a hub in the logical hub-and-spoke network.
摘要翻译：描述与基于隧道的虚拟专用网（VPN）中的任何多播相关联的系统，方法和其他实施例。一种示例性方法包括计算任何到任何多播路由中的未知反向路径转发（RPF）邻居的解析地址。使用下一跳解析协议（NHRP）分辨率计算解析的地址。该地址将根据控制平面流量进行解决。 NHRP地址解析不影响单播路由。示例方法还可以包括建立任何到任何多播路由。由于多播路由是任何到任意的（例如，辐对话），所以组播路由不需要将集线器包括在逻辑集线器辐射网络中。

8. 发明申请

US20100085977A1 Optimized Dynamic Multipoint Virtual Private Network Over IPv6 Network 有权
标题翻译： IPv6网络优化动态多点虚拟专网
公开(公告)号：US20100085977A1
公开(公告)日：2010-04-08
申请号：US12246432
申请日：2008-10-06
申请人： Mohamed Khalid , Rajiv Asati , Ciprian Popoviciu , Aamer Akhter , Manikchand Roopchand Bafna
发明人： Mohamed Khalid , Rajiv Asati , Ciprian Popoviciu , Aamer Akhter , Manikchand Roopchand Bafna
IPC分类号： H04L12/56
CPC分类号： H04L12/4641 , H04L29/12358 , H04L61/251
摘要： Method and apparatus including registering a first spoke router with a hub router, forwarding an Internet Protocol version Four (IPv4) data packet from the first spoke router to a second spoke router over an Internet Protocol version Six (IPv6) multipoint tunnel via the hub router, transmitting a binding information associated with the first spoke router from the hub router to the second spoke router, and establishing a direct communication path by the second spoke router with the first spoke router based on the received binding information are provided.
摘要翻译：一种方法和装置，包括：将第一辐条路由器与集线器路由器进行注册;经由集线器路由器通过互联网协议版本六（IPv6）多点隧道将互联网协议版本四（IPv4）数据分组从第一分支路由器转发到第二分支路由器向所述第二分支路由器发送与所述第一分支路由器相关联的绑定信息，以及基于所接收的绑定信息，利用所述第二分支路由器与所述第一分支路由器建立直接通信路径。

9. 发明授权

US08447039B2 Active-active hierarchical key servers 有权
标题翻译：主动 - 主动分层关键服务器
公开(公告)号：US08447039B2
公开(公告)日：2013-05-21
申请号：US11862027
申请日：2007-09-26
申请人： Mohamed Khalid , Rajiv Asati , Scott Thomas Fanning , Haseeb Niazi , Kavitha Kamarthy , Sheela Rowles
发明人： Mohamed Khalid , Rajiv Asati , Scott Thomas Fanning , Haseeb Niazi , Kavitha Kamarthy , Sheela Rowles
IPC分类号： H04L29/06
CPC分类号： H04L9/0891 , H04L9/083 , H04L63/0272 , H04L63/062 , H04L63/065
摘要： In one embodiment, group member devices may be divided into at least one cluster, wherein each cluster includes a primary key server designated to synchronize with a master key server. Each cluster further includes at least one registration server configured to communicate with member devices in the group within the cluster and to synchronize with the primary key server.
摘要翻译：在一个实施例中，组成员设备可以被划分为至少一个群集，其中每个群集包括被指定为与主密钥服务器同步的主密钥服务器。每个集群还包括至少一个注册服务器，其被配置为与集群内的组中的成员设备通信并与主密钥服务器同步。

10. 发明授权

US07944854B2 IP security within multi-topology routing 有权
标题翻译：多拓扑路由中的IP安全
公开(公告)号：US07944854B2
公开(公告)日：2011-05-17
申请号：US11969457
申请日：2008-01-04
申请人： Aamer Akhter , Manikchand Roopchand Bafna , Rajiv Asati , Mohamed Khalid
发明人： Aamer Akhter , Manikchand Roopchand Bafna , Rajiv Asati , Mohamed Khalid
IPC分类号： H04L12/28
CPC分类号： H04L45/302 , H04L41/0803 , H04L45/00 , H04L45/02 , H04L63/164
摘要： A method for IP Security within Multi-Topology Routing is disclosed. Disclosed methods may also include IKE extensions. A route eligible for IPSec protection is injected into a topology routing table. Network traffic can then be protected in accordance with a security session, such as an IPSec session, between a first network node and a second network node and forwarded through a selected topology to take advantage of the service-differentiation capabilities of MTR.
摘要翻译：披露了多拓扑路由中IP安全的方法。公开的方法还可以包括IKE扩展。符合IPSec保护条件的路由注入到拓扑路由表中。然后可以根据第一网络节点和第二网络节点之间的安全会话（例如IPSec会话）来保护网络流量，并通过选定的拓扑转发，以利用MTR的服务区分能力。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式