公开(公告)号：US09100329B1

公开(公告)日：2015-08-04

申请号：US13536419

申请日：2012-06-28

申请人： Dongyi Jiang ,  Jin Shang ,  David Yu ,  Tsai-Zong Lin ,  Chih-Wei Chao

发明人： Dongyi Jiang ,  Jin Shang ,  David Yu ,  Tsai-Zong Lin ,  Chih-Wei Chao

IPC分类号： H04L12/26 ,  H04L12/707 ,  H04L12/703

CPC分类号： H04L45/28 ,  H04L41/0654 ,  H04L41/0663 ,  H04L45/22 ,  H04L45/74 ,  H04L49/557

摘要： A device receives traffic; identifies an address associated with the traffic; determines whether the address is associated with an aggregate interface, the aggregate interface being associated with a first port and a second port. The first port corresponds to a first node in a first state, that indicates that the first node is available to forward the traffic, and the second port corresponds to a second node in a second state, that indicates that that the second node is not available to forward the traffic. The device transmits the traffic to the first node via the first port and to the second node, via the second port, when the address is associated with the aggregate interface. Transmitting the traffic enables the second node to forward the traffic when the first node changes from the first state to the second state.

摘要翻译： 设备接收流量; 识别与流量相关联的地址; 确定地址是否与聚合接口相关联，聚合接口与第一端口和第二端口相关联。 第一端口对应于处于第一状态的第一节点，其指示第一节点可用于转发业务，并且第二端口对应于处于第二状态的第二节点，其指示第二节点不可用 转发流量。 当地址与聚合接口相关联时，设备经由第一端口向第一节点传送流量，并经由第二端口将流量发送到第二节点。 当第一节点从第一状态改变到第二状态时，发送流量使得第二节点能够转发流量。

公开(公告)号：US08953599B1

公开(公告)日：2015-02-10

申请号：US13539120

申请日：2012-06-29

申请人： Colby Barth ,  Nischal Sheth ,  Nitin Kumar ,  Xuefei Zhang ,  Panning Huang ,  Raghavendra Mallya ,  Bhasker R. Allam ,  Krishna Narayanaswamy ,  Dongyi Jiang ,  Tsai-Zong Lin ,  Jiaxiang Su

发明人： Colby Barth ,  Nischal Sheth ,  Nitin Kumar ,  Xuefei Zhang ,  Panning Huang ,  Raghavendra Mallya ,  Bhasker R. Allam ,  Krishna Narayanaswamy ,  Dongyi Jiang ,  Tsai-Zong Lin ,  Jiaxiang Su

IPC分类号： H04L12/28 ,  H04L12/751

CPC分类号： H04L45/02 ,  H04L45/40 ,  H04L45/586 ,  H04L45/60

摘要： In general, techniques are for providing a direct forwarding path between virtual routers within a single virtualized routing system. In one example, a method includes combining forwarding information from a plurality of virtual routers into collapsed forwarding information that comprises one or more direct forwarding paths between the respective virtual routers. The method also includes determining a direct forwarding path to an egress interface of the second virtual router, in response to receiving a network packet at an ingress interface of a first virtual router. The method also includes forwarding the network packet from the ingress interface of the first virtual router to the egress interface of the second virtual router using the direct forwarding path, wherein the network packet traverses a switch fabric directly from the ingress interface of the first virtual router to the egress interface of the second virtual router.

摘要翻译： 通常，技术用于在单个虚拟化路由系统内的虚拟路由器之间提供直接转发路径。 在一个示例中，一种方法包括将来自多个虚拟路由器的转发信息组合成包括在各个虚拟路由器之间的一个或多个直接转发路径的折叠转发信息。 响应于在第一虚拟路由器的入口接口处接收到网络分组，该方法还包括确定到第二虚拟路由器的出口接口的直接转发路径。 该方法还包括使用直接转发路径将网络分组从第一虚拟路由器的入口接口转发到第二虚拟路由器的出口接口，其中网络分组从第一虚拟路由器的入口接口直接穿越交换结构 到第二虚拟路由器的出口接口。

公开(公告)号：US08155150B1

公开(公告)日：2012-04-10

申请号：US12401911

申请日：2009-03-11

申请人： Sammy Chung ,  Dongyi Jiang ,  Tsai-Zong Lin ,  Jin Shang ,  Anthony Ng

发明人： Sammy Chung ,  Dongyi Jiang ,  Tsai-Zong Lin ,  Jin Shang ,  Anthony Ng

IPC分类号： H04J3/24

CPC分类号： H04L12/433 ,  H04L12/462

摘要： A method may be performed by a device in a network, the device including multiple security process units (SPUs). The method includes receiving a packet over the network, the packet including a media access control (MAC) address, and assigning one SPU as the MAC address owner. The method also includes sending information about the MAC address to other SPUs within the device, storing the MAC address in a MAC table within each SPU, and initiating a MAC age query to confirm the MAC address has timed out among all SPUs. The MAC age query is passed via a logical ring of the SPUs beginning with the MAC address owner. If the MAC address is aged out at each SPU, the MAC address is deleted from each MAC table. If the MAC entry is still active, a different SPU is assigned as the MAC address owner.

摘要翻译： 一种方法可以由网络中的设备执行，该设备包括多个安全处理单元（SPU）。 该方法包括通过网络接收分组，所述分组包括媒体访问控制（MAC）地址，并且分配一个SPU作为MAC地址所有者。 该方法还包括向设备内的其他SPU发送关于MAC地址的信息，将MAC地址存储在每个SPU内的MAC表中，以及启动MAC时间查询，以确认所有SPU中的MAC地址已经超时。 通过从MAC地址所有者开始的SPU的逻辑环来传递MAC时长查询。 如果MAC地址在每个SPU老化，则MAC地址从每个MAC表中删除。 如果MAC表项仍然处于活动状态，则会分配不同的SPU作为MAC地址所有者。

公开(公告)号：US09021547B1

公开(公告)日：2015-04-28

申请号：US13333439

申请日：2011-12-21

申请人： Tsai-Zong Lin ,  Chih-Wei Chao ,  Jin Shang ,  Dongyi Jiang ,  Anchung Chung

发明人： Tsai-Zong Lin ,  Chih-Wei Chao ,  Jin Shang ,  Dongyi Jiang ,  Anchung Chung

IPC分类号： G06F17/00 ,  G06F7/04 ,  H04L29/06

CPC分类号： H04L63/20 ,  H04L63/0227 ,  H04L63/164 ,  H04L63/166

摘要： This disclosure is directed toward an integrated switching and routing security device that provides zone-based security directly between layer two (L2) interfaces of L2 bridge domains and/or layer three (L3) interfaces of L3 routing instances within the security device. The integrated switching and routing security device supports both switching and routing functionalities for packets on L2 and L3 interfaces, and supports security within and between L2 bridge domains and L3 routing instances. The integrated switching and routing security device configures L2 security zones for one or more L2 interfaces and configures L3 security zones for one or more L3 interfaces. The integrated switching and routing security device then applies security policies to incoming packets according to the L2 security zones and/or the L3 security zones associated with the incoming interface and an outgoing interface for the packets to provide end-to-end security within the security device.

摘要翻译： 本公开涉及集成的交换和路由安全设备，其直接在L2网桥域的第二层（L2）接口和/或L3路由实例的第三层（L3）接口之间提供基于区域的安全性。 集成交换和路由安全设备支持L2和L3接口上的数据包的交换和路由功能，并支持L2桥接域和L3路由实例之间的安全性。 集成交换路由安全设备为一个或多个L2接口配置L2安全区域，并为一个或多个L3接口配置L3安全区域。 集成交换和路由安全设备然后根据与入局接口相关联的L2安全区域和/或L3安全区域对传入的分组应用安全策略，以及用于分组的输出接口，以提供安全性内的端到端安全性 设备。