POLICY ENFORCEMENT PROXY
    52.
    发明申请
    POLICY ENFORCEMENT PROXY 有权
    政策执行情况

    公开(公告)号:US20150124809A1

    公开(公告)日:2015-05-07

    申请号:US14532787

    申请日:2014-11-04

    Abstract: Systems, methods, and non-transitory computer-readable storage media for implementing a policy enforcement proxy are disclosed. A data packet associated with a source endpoint group and a destination endpoint group is received at a network device. The network device performs a policy lookup based on the source endpoint group and the destination endpoint group. The network device determines that the policy is not available and in response, modifies the data packet and forwards it to a policy enforcement proxy.

    Abstract translation: 公开了用于实施策略执行代理的系统,方法和非暂时的计算机可读存储介质。 在网络设备处接收与源端点组和目的端点组相关联的数据分组。 网络设备根据源端点组和目标端点组执行策略查找。 网络设备确定策略不可用,作为响应,修改数据包并将其转发到策略执行代理。

    METHOD FOR SCALING ADDRESS LOOKUPS USING SYNTHETIC ADDRESSES
    53.
    发明申请
    METHOD FOR SCALING ADDRESS LOOKUPS USING SYNTHETIC ADDRESSES 有权
    使用合成地址缩放地址查询的方法

    公开(公告)号:US20150124805A1

    公开(公告)日:2015-05-07

    申请号:US14475349

    申请日:2014-09-02

    Abstract: Various examples of the present disclosure provide methods for unifying various types of end-point identifiers, such as IPv4 (e.g., Internet protocol version 4 represented by a VRF and an IPv4 address), IPv6 (e.g., Internet protocol version 6 represented by a VRF and an IPv6 address) and L2 (e.g., Layer-2 represented by a bridge domain (BD) and a media access control (MAC) address), by mapping end-point identifiers to a uniform space (e.g., a synthetic IPv4 address and a synthetic VRF) and allowing different forms of lookups to be uniformly handled. In some examples, a lookup database residing on a switch device can be sharded into a plurality of lookup table subsets, each of which resides on a different one of multiple switch chipsets (e.g., Tridents) in the switch device.

    Abstract translation: 本公开的各种示例提供了用于统一各种端点标识符(例如,由VRF和IPv4地址表示的因特网协议版本4),IPv6(例如,由VRF表示的因特网协议版本6)的各种端点标识符的方法 和IPv6地址)和L2(例如,由桥接域(BD)和媒体访问控制(MAC)地址表示的层2),通过将端点标识符映射到统一的空间(例如,合成IPv4地址和 合成VRF),并允许不同形式的查找被统一处理。 在一些示例中,驻留在交换机设备上的查找数据库可以划分成多个查找表子集,每个查找表子集驻留在交换设备中的多个交换芯片组(例如Trident)中的不同的一个。

    Ultra Low Latency Multi-Protocol Network Device
    55.
    发明申请
    Ultra Low Latency Multi-Protocol Network Device 有权
    超低延迟多协议网络设备

    公开(公告)号:US20140079062A1

    公开(公告)日:2014-03-20

    申请号:US13708200

    申请日:2012-12-07

    Abstract: Presented herein are techniques to achieve ultra low latency determination of processing decisions for packets in a network device. A packet is received at a port of a network device. A processing decision is determined in a first processing decision path based on content of the packet and one or more network policies. A processing decision is determined in a second processing decision path, in parallel with the first processing path, by accessing a table storing processing decisions. The second processing decision path can output a processing decision faster than the first processing decision path for packets that match one or more particular packet flow parameters contained in the table. A processing decision determined by the second processing decision path, if one can be made, is used, and otherwise a processing decision determined by the first processing decision path is used.

    Abstract translation: 这里提出的技术是实现超低等待时间确定网络设备中的分组的处理决策。 在网络设备的端口处接收分组。 基于分组的内容和一个或多个网络策略在第一处理决策路径中确定处理决定。 通过访问存储处理决定的表,在与第一处理路径并行的第二处理决定路径中确定处理决定。 第二处理决策路径可以比与表中包含的一个或多个特定分组流参数匹配的分组的第一处理决策路径更快地输出处理决策。 如果使用由第二处理决定路径确定的处理决定,则使用由第一处理判定路径确定的处理决定。

    Timestamping packets in a network
    58.
    再颁专利

    公开(公告)号:USRE49806E1

    公开(公告)日:2024-01-16

    申请号:US16400117

    申请日:2019-05-01

    CPC classification number: H04L43/0852 H04L43/106 H04L69/321

    Abstract: Techniques are presented herein to facilitate latency measurements in a networking environment. A first network device receives a packet for transport within a network domain that comprises a plurality of network devices. The plurality of network devices have a common time reference, that is, they are time synchronized. The first network device generates timestamp information indicating time of arrival of the packet at the first network device. The first network device inserts into the packet a tag that comprises at least a first subfield and a second subfield. The first subfield comprising a type indicator to signify to other network devices in the network domain that the tag includes timestamp information, and the second subfield includes the timestamp information. The first network device sends the packet from to into the network domain to another network device. Other network devices which receive that packet can make latency measurements.

    Managing virtual output queues
    59.
    发明授权

    公开(公告)号:US11552905B2

    公开(公告)日:2023-01-10

    申请号:US17184337

    申请日:2021-02-24

    Abstract: A first node of a packet switched network transmits at least one flow of protocol data units of a network to at least one output context of one of a plurality of second nodes of the network. The first node includes X virtual output queues (VOQs). The first node receives, from at least one of the second nodes, at least one fair rate record. Each fair rate record corresponds to a particular second node output context and describes a recommended rate of flow to the particular output context. The first node allocates up to X of the VOQs among flows corresponding to i) currently allocated VOQs, and ii) the flows corresponding to the received fair rate records. The first node operates each allocated VOQ according to the corresponding recommended rate of flow until a deallocation condition obtains for the each allocated VOQ.

    DISTRIBUTED POLICY ENFORCEMENT PROXY WITH DYNAMIC EPG SHARDING

    公开(公告)号:US20220021707A1

    公开(公告)日:2022-01-20

    申请号:US16931610

    申请日:2020-07-17

    Abstract: A distributed policy proxy system offloads network policy processing from an overloaded network element to policy proxy network elements. A network controller detects that policy resources are overloaded at a network element, and selects a group of policy proxy network elements. The network controller assigns an exclusive range of endpoint groups to each policy proxy network element. Each policy proxy network element is assigned to handle policy processing for its assigned range of endpoint groups. The network controller provides instructions to the policy proxy network elements to enable each policy proxy network element to apply the network policy for its assigned range of endpoint groups. The network controller also provides instructions to the overloaded network element to redirect a packet from the first endpoint group to a first policy proxy network element based on a destination of the packet.

Patent Agency Ranking