-
1.发明申请SCALABLE SECURITY SERVICES FOR MULTICAST IN A ROUTER HAVING INTEGRATED ZONE-BASED FIREWALL 有权具有集成区域防火墙的路由器中的可扩展安全服务公开(公告)号:US20100043067A1
公开(公告)日:2010-02-18
申请号:US12432366
申请日:2009-04-29
CPC分类号: H04L63/0227 , H04L12/18 , H04L45/00 , H04L45/16 , H04L45/30 , H04L63/0254 , H04L63/104
摘要: A multicast-capable firewall allows firewall security policies to be applied to multicast traffic. The multicast-capable firewall may be integrated within a routing device, thus allowing a single device to provide both routing functionality, including multicast support, as well as firewall services. The routing device provides a user interface by which a user specifies one or more zones to be recognized by the integrated firewall when applying stateful firewall services to multicast packets. The user interface supports a syntax that allows the user to define subsets of the plurality of interfaces associated with the zones, and define a single multicast policy to be applied to multicast sessions associated with a multicast group. The multicast policy identifies common services to be applied pre-replication, and exceptions specifying additional services to be applied post-replication to copies of the multicast packets for the one or more zones.
摘要翻译: 具有组播功能的防火墙允许将防火墙安全策略应用于组播流量。 可组播的防火墙可以集成在路由设备内,从而允许单个设备提供包括组播支持在内的路由功能以及防火墙服务。 路由设备提供一个用户界面,用户通过该用户界面指定一个或多个区域,以便在向组播数据包应用状态防火墙服务时由集成防火墙识别。 用户界面支持语法,允许用户定义与区域相关联的多个接口的子集,并且定义要应用于与多播组相关联的多播会话的单个组播策略。 多播策略标识要应用预复制的常用服务,以及将要复制后应用的其他服务指定给一个或多个区域的多播数据包副本的异常。
-
2.发明授权Forwarding plane configuration for separation of services and forwarding in an integrated services router 有权转发平面配置,用于在综合业务路由器中分离业务和转发公开(公告)号:US08300532B1
公开(公告)日:2012-10-30
申请号:US12235677
申请日:2008-09-23
申请人: Anjan Venkatramani , Kannan Varadhan , Jean-Marc Frailong , Sanjay Gupta , Linda Sun , Sankar Ramamoorthi , Pradeep Sindhu , Anand S. Athreya , Chih-Wei Chao , Shuhua Ge
发明人: Anjan Venkatramani , Kannan Varadhan , Jean-Marc Frailong , Sanjay Gupta , Linda Sun , Sankar Ramamoorthi , Pradeep Sindhu , Anand S. Athreya , Chih-Wei Chao , Shuhua Ge
CPC分类号: H04L45/306 , H04L45/38
摘要: A method may include receiving a packet at an ingress line interface in a forwarding plane of a network element, the packet including header information. The method may also include conducting a flow table lookup in the forwarding plane to identify an existing flow for the packet and determining, in the forwarding plane and based on the header information, whether a predicted flow can be identified for the packet if an existing flow can not be identified. The method may further include performing a service access control list (ACL) lookup in the forwarding plane if a predicted flow can not be identified; and forwarding the packet to one of a services plane or an egress line interface in the forwarding plane based on one of the existing flow, the predicted flow, or the service ACL lookup.
摘要翻译: 方法可以包括在网元的转发平面中的入口线路接口处接收分组,该分组包括报头信息。 该方法还可以包括在转发平面中进行流表查找以识别分组的现有流,并且在转发平面中并且基于报头信息来确定是否可以为分组识别预测流,如果现有流 无法识别。 该方法还可以包括如果不能识别预测流,则在转发平面中执行服务访问控制列表(ACL)查找; 以及基于现有流,预测流或服务ACL查找之一将分组转发到转发平面中的服务平面或出口线路接口之一。
-
3.发明授权Scalable security services for multicast in a router having integrated zone-based firewall 有权具有集成区域防火墙的路由器中可多播的可扩展安全服务公开(公告)号:US08713627B2
公开(公告)日:2014-04-29
申请号:US12432366
申请日:2009-04-29
IPC分类号: H04L29/06
CPC分类号: H04L63/0227 , H04L12/18 , H04L45/00 , H04L45/16 , H04L45/30 , H04L63/0254 , H04L63/104
摘要: A multicast-capable firewall allows firewall security policies to be applied to multicast traffic. The multicast-capable firewall may be integrated within a routing device, thus allowing a single device to provide both routing functionality, including multicast support, as well as firewall services. The routing device provides a user interface by which a user specifies one or more zones to be recognized by the integrated firewall when applying stateful firewall services to multicast packets. The user interface supports a syntax that allows the user to define subsets of the plurality of interfaces associated with the zones, and define a single multicast policy to be applied to multicast sessions associated with a multicast group. The multicast policy identifies common services to be applied pre-replication, and exceptions specifying additional services to be applied post-replication to copies of the multicast packets for the one or more zones.
摘要翻译: 具有组播功能的防火墙允许将防火墙安全策略应用于组播流量。 可组播的防火墙可以集成在路由设备内,从而允许单个设备提供包括组播支持在内的路由功能以及防火墙服务。 路由设备提供一个用户界面,用户通过该用户界面指定一个或多个区域,以便在向组播数据包应用状态防火墙服务时由集成防火墙识别。 用户界面支持语法,允许用户定义与区域相关联的多个接口的子集,并且定义要应用于与多播组相关联的多播会话的单个组播策略。 多播策略标识要应用预复制的常用服务,以及将要复制后应用的其他服务指定给一个或多个区域的多播数据包副本的异常。
-
4.发明授权Methods and apparatus related to any-to-any connectivity within a data center 有权与数据中心内的任何连接相关的方法和设备公开(公告)号:US08730954B2
公开(公告)日:2014-05-20
申请号:US12495337
申请日:2009-06-30
CPC分类号: H04Q3/68 , H04L49/1515 , H04L49/1523 , H04L49/153 , H04L49/254 , H04L49/351 , H04L49/40 , H04L49/70
摘要: In one embodiment, an apparatus includes a switch core that defines a single logical entity and has a multi-stage switch fabric physically distributed across a plurality of chassis. The multi-stage switch fabric has a plurality of ingress ports and a plurality of egress ports. The switch core is configured to be coupled to a plurality of peripheral processing devices via the plurality of ingress ports and the plurality of egress ports. The switch core is also configured to provide non-blocking connectivity at line rate between a first peripheral processing device disposed with a first chassis and a second peripheral processing device disposed within a second chassis.
摘要翻译: 在一个实施例中,设备包括交换机核心,其定义单个逻辑实体并且具有物理上分布在多个机箱上的多级交换机结构。 多级交换结构具有多个入口和多个出口。 交换机核心被配置为经由多个入口端口和多个出口端口耦合到多个外围处理设备。 交换机核心还被配置为在布置在第一机架的第一外围处理设备与设置在第二机架内的第二外围处理设备之间的线路速率下提供非阻塞连接。
-
公开(公告)号:US20140003433A1
公开(公告)日:2014-01-02
申请号:US13538344
申请日:2012-06-29
IPC分类号: H04L12/56
CPC分类号: H04L49/355 , H04L67/327
摘要: In some embodiments, a non-transitory processor-readable medium stores code representing instructions to be executed by a processor. The code causes the processor to receive, from a source peripheral processing device, a portion of a data packet having a destination address associated with a destination peripheral processing device. The code causes the processor to identify, based on the destination address, a service to be performed on the portion of the data packet. The code causes the processor to select, based on the service, an identifier of a service module associated with the service. The code further causes the processor to send the portion of the data packet to the service module via a distributed switch fabric such that the service module performs the service on the portion of the data packet and sends the portion of the data packet to the destination peripheral processing device via the distributed switch fabric.
摘要翻译: 在一些实施例中,非暂时处理器可读介质存储表示要由处理器执行的指令的代码。 代码使得处理器从源外围处理设备接收具有与目的地外围设备处理设备相关联的目的地地址的数据分组的一部分。 代码使得处理器基于目的地地址来识别要在数据分组的部分上执行的服务。 代码使得处理器基于该服务来选择与服务相关联的服务模块的标识符。 该代码还使得处理器经由分布式交换结构将数据分组的一部分发送到服务模块,使得服务模块在数据分组的一部分上执行服务,并将数据分组的一部分发送到目的地外设 处理设备通过分布式交换结构。
-
公开(公告)号:US08335213B2
公开(公告)日:2012-12-18
申请号:US12495358
申请日:2009-06-30
IPC分类号: H04Q11/00
CPC分类号: H04L49/602 , H04L49/1515 , H04L49/351 , H04L49/357
摘要: In one embodiment, an apparatus includes a switch core that has a multi-stage switch fabric. The multi-stage switch fabric has a set of ingress ports and a set of egress ports. The switch core can be configured to be coupled to a set of edge devices via the set of ingress ports and the set of egress ports. The switch core can be configured to receive a packet from an ingress port from the set of ingress ports. The switch core can be configured to send a set of cells associated with the packet from the ingress port to an egress port from the set of egress ports without a store-and-forward delay associated with a zero-load latency for the switch core.
摘要翻译: 在一个实施例中,一种装置包括具有多级交换结构的交换机核心。 多级交换结构具有一组入口端口和一组出口端口。 交换机核心可以被配置为经由一组入口端口和出口端口组来耦合到一组边缘设备。 交换机核心可以配置为从入口端口的一组入口端口接收数据包。 交换机核心可以被配置为将来自入口端口的与分组相关联的一组小区从出口端口发送到出口端口,而没有与交换机核心的零负载延迟相关联的存储转发延迟。
-
公开(公告)号:US09847953B2
公开(公告)日:2017-12-19
申请号:US12495364
申请日:2009-06-30
IPC分类号: H04L12/28 , H04L12/931 , H04L12/933 , H04L12/947
CPC分类号: H04L49/35 , H04L49/00 , H04L49/1515 , H04L49/251 , H04L49/356 , H04L49/70
摘要: In one embodiment, an apparatus includes a switch core that has a multi-stage switch fabric. A first set of peripheral processing devices coupled to the multi-stage switch fabric by a set of connections that have a protocol. Each peripheral processing device from the first set of peripheral processing devices is a storage node that has virtualized resources. The virtualized resources of the first set of peripheral processing devices collectively define a virtual storage resource interconnected by the switch core. A second set of peripheral processing devices coupled to the multi-stage switch fabric by a set of connections that have the protocol. Each peripheral processing device from the first set of peripheral processing devices is a compute node that has virtualized resources. The virtualized resources of the second set of peripheral processing devices collectively define a virtual compute resource interconnected by the switch core.
-
8.发明申请METHODS AND APPARATUS RELATED TO ANY-TO-ANY CONNECTIVITY WITHIN A DATA CENTER 有权与数据中心中的任何连接相关的方法和装置公开(公告)号:US20100061394A1
公开(公告)日:2010-03-11
申请号:US12495337
申请日:2009-06-30
IPC分类号: H04L12/56
CPC分类号: H04Q3/68 , H04L49/1515 , H04L49/1523 , H04L49/153 , H04L49/254 , H04L49/351 , H04L49/40 , H04L49/70
摘要: In one embodiment, an apparatus includes a switch core that defines a single logical entity and has a multi-stage switch fabric physically distributed across a plurality of chassis. The multi-stage switch fabric has a plurality of ingress ports and a plurality of egress ports. The switch core is configured to be coupled to a plurality of peripheral processing devices via the plurality of ingress ports and the plurality of egress ports. The switch core is also configured to provide non-blocking connectivity at line rate between a first peripheral processing device disposed with a first chassis and a second peripheral processing device disposed within a second chassis.
摘要翻译: 在一个实施例中,设备包括交换机核心,其定义单个逻辑实体并且具有物理上分布在多个机箱上的多级交换机结构。 多级交换结构具有多个入口和多个出口。 交换机核心被配置为经由多个入口端口和多个出口端口耦合到多个外围处理设备。 交换机核心还被配置为在布置在第一机架的第一外围处理设备与设置在第二机架内的第二外围处理设备之间的线路速率下提供非阻塞连接。
-
公开(公告)号:US20100061391A1
公开(公告)日:2010-03-11
申请号:US12558130
申请日:2009-09-11
CPC分类号: H04L49/3072 , H04L49/1515 , H04L49/35 , H04L49/356 , H04L49/70
摘要: In one embodiment, an apparatus can include a first edge device that can have a packet processing module. The first edge device can be configured to receive a packet. The packet processing module of the first edge device can be configured to produce cells based on the packet. A second edge device can have a packet processing module configured to reassemble the packet based on the cells. A multi-stage switch fabric can be coupled to the first edge device and the second edge device. The multi-stage switch fabric can define a single logical entity. The multi-stage switch fabric can have switch modules. Each switch module from the switch modules can have a shared memory device. The multi-stage switch fabric can be configured to switch the cells so that the cells are sent to the second edge device.
摘要翻译: 在一个实施例中,装置可以包括可以具有分组处理模块的第一边缘设备。 第一边缘设备可以被配置为接收分组。 第一边缘设备的分组处理模块可以被配置为基于分组来生成单元。 第二边缘设备可以具有配置成基于小区重新组合分组的分组处理模块。 多级交换结构可以耦合到第一边缘设备和第二边缘设备。 多级交换结构可以定义单个逻辑实体。 多级交换结构可以具有交换机模块。 交换机模块的每个交换机模块都可以具有共享存储设备。 多级交换结构可以被配置为切换小区,使得小区被发送到第二边缘设备。
-
10.发明申请公开(公告)号:US20100061389A1
公开(公告)日:2010-03-11
申请号:US12495364
申请日:2009-06-30
IPC分类号: H04L12/56
CPC分类号: H04L49/35 , H04L49/00 , H04L49/1515 , H04L49/251 , H04L49/356 , H04L49/70
摘要: In one embodiment, an apparatus includes a switch core that has a multi-stage switch fabric. A first set of peripheral processing devices coupled to the multi-stage switch fabric by a set of connections that have a protocol. Each peripheral processing device from the first set of peripheral processing devices is a storage node that has virtualized resources. The virtualized resources of the first set of peripheral processing devices collectively define a virtual storage resource interconnected by the switch core. A second set of peripheral processing devices coupled to the multi-stage switch fabric by a set of connections that have the protocol. Each peripheral processing device from the first set of peripheral processing devices is a compute node that has virtualized resources. The virtualized resources of the second set of peripheral processing devices collectively define a virtual compute resource interconnected by the switch core.
摘要翻译: 在一个实施例中,一种装置包括具有多级交换结构的交换机核心。 通过具有协议的一组连接耦合到多级交换机结构的第一组外围处理设备。 来自第一组外围处理装置的每个外围处理装置是具有虚拟资源的存储节点。 第一组外围处理设备的虚拟化资源共同定义了由交换机核心互连的虚拟存储资源。 通过具有协议的一组连接耦合到多级交换机结构的第二组外设处理设备。 来自第一组外围处理装置的每个外围处理装置是具有虚拟资源的计算节点。 第二组外围处理设备的虚拟化资源共同定义了由交换机核心互连的虚拟计算资源。
-
-
-
-
-
-
-
-
-
搜索结果
43 条记录 (耗时 0.027 秒)
