97 results about "IP forwarding" patented technology

A secure virtual network platform connects two or more subnets in different or separate network domains. The secure virtual network can use the under layer physical networks in various domains as an IP forwarding fabric without changing any existing firewalls, security settings, or network topology. A first type of connection across the virtual network involves connecting server groups. A second type of connection across the virtual network involves connecting a server group to a physical network. A third type of connection across the virtual network involves connecting a physical network to another physical network.

A technique efficiently routes Internet Protocol (IP) traffic on paths between customer edge devices (CEs) across a provider network (“CE-CE paths”) in a computer network. According to the novel technique, a path computation element (PCE), e.g., a provider edge device (PE), may learn dynamic link attribute information of remote links from the provider network to one or more remote CEs (e.g., “PE-CE links” or “CE-PE links”). A multi-homed requesting CE requests from the PCE a set of CE-CE path metrics (e.g., costs) to one or more remote destination address prefixes, e.g., via each multihomed CE-PE link from the requesting CE. In response to the request, the PCE computes the set of available CE-CE paths and current metrics to the remote destination address prefixes and returns the corresponding CE-CE path metrics to the requesting CE. The requesting CE modifies its IP forwarding entries accordingly in order to perform IP traffic routing corresponding to the CE-CE path metrics (e.g., asymmetrical load balancing) across its multi-homed CE-PE links.

Methods and apparatus are disclosed herein for classifying packets using ternary and binary content-addressable memory stages to classify packets. One such system uses a stage of one or more TCAMS followed by a second stage one or more CAMS (or alternatively some other binary associative memories such as hash tables or TRIEs) to classify a packet. One exemplary system includes TCAMs for handling input and output classification and a forwarding CAM to classify packets for Internet Protocol (IP) forwarding decisions on a flow label. This input and output classification may include, but is not limited to routing, access control lists (ACLs), quality of service (QoS), network address translation (NAT), encryption, etc. These IP forwarding decisions may include, but are not limited to IP source and destination addresses, protocol type, flags and layer 4 source and destination ports, a virtual local area network (VLAN) id and / or other fields.

The present invention efficiently detects various DDoS attacks for large scale Internet with the temporal correlation of traffic flows on the two directions of a single link, the spatial correlation of DDoS attack traffic at different locations and powerful machine learning algorithms. With these techniques, the present invention effectively detects and identifies attack sources without modifying existing IP forwarding mechanisms and without a global upgrade to Internet backbone routers. More importantly, the present invention can detect synchronized DDoS attacks even if the volume of attack traffic is extremely small at the location that is close to the attack source.

This invention has as its object to provide an ATM relay device which attains high-speed, large-capacity packet relaying by distributing the load on an IP forwarding unit without having to improve the operation speed, processing performance, and the like of an IP forwarding function. This invention has an ATM switch core (111) for distributing input ATM cells to corresponding ones of a plurality of output ports on the basis of their destination information. A plurality of IP forwarding units (120-1 to 120-n), which are provided in correspondence with the respective output ports of the ATM switch core (111) and have unique forwarding processing functions, execute predetermined forwarding processes for packets obtained by reassembling ATM cells input via the respective output ports. An SAR 121 assigns destination information that assumes different values in units of packets to ATM cells, which form each of packets having an identical address of those processed by the plurality of IP forwarding units (120-1 to 120-n). The ATM cells of a packet assigned identical destination information by the SAR 121 are stored in a PerVC queuing unit 112 by a predetermined volume, and are output in the format that stores the ATM cells by the predetermined volume.

In an apparatus and method for dispersively processing an IP packet forwarding for supporting a quality of service(QoS), an IP forwarding information base gotten by processing and extracting a routing protocol is dispersed to all input ports of a router on the basis of the QoS in a private network processor for performing a routing protocol process function, so as to dispersively process the IP packet forwarding. The method for dispersively processing the IP packet forwarding for supporting the QoS includes the steps of: a) classifying reception IP packets according to the QoS and storing them at an input-side class queue; b) searching the forwarding information base by using an exact matching table and an LPM (Longest Prefix Matching) search table according to an IP header value of the IP packet stored at the input-side class queue, and gaining forwarding information; c) transferring the IP packet according to the gained forwarding information; d) classifying the transferred IP packets according to the QoS, and storing them at an output-side class queue; and e) outputting the IP packet stored at the output-side class queue according to the QoS, whereby being used in the IP packet forwarding dispersion processing apparatus for supporting the quality of service, etc.

A secure virtual network platform connects two or more subnets in different or separate network domains. The secure virtual network can use the under layer physical networks in various domains as an IP forwarding fabric without changing any existing firewalls, security settings, or network topology. A first type of connection across the virtual network involves connecting server groups. A second type of connection across the virtual network involves connecting a server group to a physical network. A third type of connection across the virtual network involves connecting a physical network to another physical network.

A packet forwarding apparatus with a function of registering packet forwarding control information for each user terminal into a user management table during PPPoE connection and authentication phases in which the apparatus carries out predetermined communication procedures with each user terminal. During DHCP and IP forwarding phases following the authentication phase, the packet forwarding apparatus controls packet forwarding based on the user management table. Packets are forwarded in the form of PPPoE frame until the authentication phase is completed and packets are forwarded in the form of Ethernet frame in the DHCP and IP forwarding phases.

The invention provides a method and a device for achieving packet forwarding. The method is applied to a distributed firewall device which is at least composed of a plurality of interface boards, a plurality of business boards and a main control board. The method at least includes that each interface board receives a forward message in a private network and sends the forward message to a corresponding business board, each business board receives the forward message, a source internet protocol (IP) address of the forward message is modified to a preset public network IP address of the local business board, a source port of the forward message is modified to any network address translation port of a network address translation port section distributed by the main control board, a network address translation session is established, the converted forward message is sent to a corresponding interface board, and the interface boards send the converted forward message in a public network. According to the method and the device, the main control board of a distributed firewall distributes ports used for network address translation (NAT) based on a request of each business board, and thereby the NAT is performed for the forward message, a corresponding NAT is established, and the new establishing and concurrence of the NAT session can increase with the increasing of the business boards.

The invention provides a test environment accessing method. A testing environment is disposed in a testing server. A mapping relationship between the domain name of the testing environment and IP of the testing server is configured and stored in a shared server. A proxy server receives an accessing request which is transmitted by a mobile terminal and defines the domain name of the testing environment to be accessed. The proxy server acquires the IP of the testing server according to the mapping relationship which is stored in a network server and forwards the accessing request to the IP of the testing server. Through the preconfigured mapping relationship between the domain name of the testing environment and the IP of the testing server in the shared server, testing personnel only require transmitting the accessing request to an objective testing server through the proxy server, and local configuration of mapping relationship between the domain name and the IP by the testing personnel is not required, thereby saving resource and reducing a requirement for the skill of the testing personnel. The invention further provides a proxy server.

A method for multi-hop forwarding of data packets in vehicular ad-hoc networks is disclosed. Each node knows both its own and the destination's geographical coordinates. The coordinates of the one-hop neighbors are obtained from periodically broadcast Cooperative-Awareness Messages (CAMs). The method comprises the following distributed coordination scheme, executed by each node upon receiving a packet: i) computing the set of candidate forwarders; ii) ranking the candidate forwarders according to an utility metric; iii) forwarding the packet after a period of time proportional to its rank if top-ranked, dropping the packet otherwise. The base utility metric used for ranking forwarders is the inverse of the distance to the destination. Moreover, an extension is disclosed where this metric is replaced by the inverse of the expected number of packet transmissions to reach the destination. The latter metric is calculated based on spatial connectivity information cooperatively collected by nodes in the network.

In one embodiment, the present invention sends SNMP queries to sets and / or ranges of IP numbers to determine whether a network device exists at each IP number and whether the network device has IP forwarding capabilities. The set of IP numbers searched may be specified by specifying ranges or subnets or by providing a list of discrete IP numbers. When a new network device with IP forwarding capabilities is discovered, that network device is added to a list of discovered network devices. The list is displayed to the network manager. In one embodiment, in addition to discovering newly added devices via IP number polling, the invention also discovers newly added devices from SNMP messages (“traps”) broadcast by a newly added device. In one embodiment, each network device discovered as a result of a SNMP trap is added to the newly discovered device list.

The method includes steps: (1) building virtual interface between virtual exchanger and IP forwarding module; (2) virtual interface processes data from users at virtual interface side, and processed data through IP forwarding module to send to IP public network; (3) virtual interface processes data from IP public network forwarded by IP forwarding module; and the processed data through virtual exchanger to send to users at virtual exchanger side. The invention expands service range of exchanger system, reduces port resources of device engaged by VPLS user when the VPLS user accesses public network. Benefits are: increasing earnings means of operation company, and difficulties of building VPLS through VS.

The invention discloses a message transmission method and a gateway device. The method comprises the steps that: a first exchange chip receives a unicast message; if the unicast message is a TRILL (Transparent Interconnection of Lots of Links) message, the first exchange chip decapsulates the TRILL header and the outer-layer Ethernet header of the TRILL message to obtain the Ethernet message in the TRILL message and sends the Ethernet message to a second exchange chip serving as the agent exchange chip of the first exchange chip, and the second exchange chip performs IP forwarding on the Ethernet message; if the unicast message is the Ethernet message, the first exchange chip inquires the virtual interface MAC list of the device according to a target MAC address carried in the inner-layer Ethernet header of the Ethernet message; if the virtual interface MAC list of the device has no record corresponding to the MAC address, a MAC forwarding list and a Nickname forwarding list are inquired according to the target MAC address and VLAN of the Ethernet message to perform TRILL forwarding. According to the message transmission method and the gateway device, loopback interface resources can be saved.

The present invention provides a method, a system and a device for the detection of link faults in the field of communication, which is used to detect the communication link between a communication device or a host and a first-hop routing device. A detection message is formed in a detection device, the destination IP address in the message is the IP address of the detection device, the destination media access control (MAC) address is the MAC address of the first-hop routing device, and the source MAC address is the MAC address of the detection device; the detection message is transmitted by a hardware and retransmitted by the routing device based on the IP address, and according to the received message, the detection device determines whether the link is faulty. Suitable for the large-scale networking, the present invention can realize the rapid two-way faulty detection, reduce the maintenance cost of operation and does not have the problem of protocol intercommunication among devices, the deployment is simple, and only the normal date plane can be retransmitted by the first-hop routing device, so the performance load of the first-hop routing device does not exist.

The invention is a method for backuping the Ethernet port accessed to IP network. It sets at least two blocks of IP repeat board as the main backup board in the exchanger, each board has a port accessing to the IP network, all the Ethernet ports are initialized with a same IP address and MAC address, then controls the main backup board, uses the main board to carry on the reception and transmission of IP network information, the backup board doesn't receive the information from the IP network, the IP package is sent to the main board at first through inter-board communication, and then they are sent to the IP network through the main board. When carrying on the convert of backup board and main board, the new main board sends out an address resolution protocol (ARP) for gateway device. The invention provides a simple backup method of Ethernet ports between boards, it saves the running cost, and it can realize the smooth conversion.

The invention relates to the field of cloud computing technologies, in particular to a method for implementing two-wire access through a virtual machine with a single network card. The method comprises the following steps that firstly, kernel parameters of an operating system are configured in a host machine and IP (Internet Protocol) forwarding is allowed; secondly, two network cards are configured in the host machine, one network card is in bridge connection with a network bridge br1 and is provided with a private IP for creating the virtual machine; thirdly, the other network card is connected to a switch of an outer network and is in bridge connection with br0 for distributing a public IP of the virtual machine, and the IP is not configured; fourthly, after the virtual machine is created successfully, one private IP is distributed to the virtual machine; fifthly, when the virtual machine needs two-wire access, a pair of public IPs is configured on the network bridge br0, a virtual network interface of the br0 is marked through id of the virtual machine, and the pair of public IPs is respectively mapped to the private IP of the virtual machine by utilizing an NAT (Network Address Translation) mapping rule; lastly, when the two-wire access is not needed, the NAT mapping rule corresponding to the virtual machine is deleted. According to the method, access of a two-wire network of the virtual machine is implemented under the environment of the single network card, and the method can be used for network access of the virtual machine.

The invention provides a device, a system and a method supporting base station data exchange. The method mainly comprises the following steps of: pre-establishing an IP forwarding table, and receiving a data message sent by a source BS; querying the IP forwarding table according to a destination IP address, an entrance physical port or an entrance ONU port and an entrance PON service logical portof the data message so as to acquire an exit physical port and an exit PON service logical port of the data message; and forwarding the data message to a destination BS by using the exit physical port or an exit ONU port and the exit PON service logical port. By using the device, the system and the method, a PON network as a transmission network supports an X2 interface, and the direct intercommunication in the true sense in stead of the intercommunication through a wireless gateway between the BSes is realized.

The invention discloses an MPLS (Multi-protocol Label Switching) network control system and an MPLS network control method based on SDN (Software Defined Network). The MPLS network control system based on SDN comprises an SDN controller, wherein the SDN controller is used for issuing an IP forwarding table, a label forwarding table and a flow table to a switch; the flow table comprises an IP message for matching according to the targeted IP and a message with the label matching according to the label; the switch comprises a boundary switch router and a label switch router; the boundary switch router is used for receiving the IP forwarding table, the label forwarding table and the flow table, and processing the received messages according to the flow table; the label switch router is used for receiving the label forwarding table and the flow table, and processing the received messages according to the flow table. The technical scheme disclosed by the invention can fully utilize the link resources in the whole network to achieve a better network flow optimization effect.

The invention discloses a multi-tunnel transmission device based on user service. The device comprises a control module for users to send configuration orders, a tunnel selection module for analyzing characteristics of messages, and forwarding the messages to different tunnels according to the nature of the messages when uplink and downlink messages enter the system, a first interface drive module for receiving data messages on a wireless side, a second interface drive module for receiving data messages on a wired side, a quick turning module for packing and unpacking tunnels of control and provisioning of wireless access points (CAPWAP) message headers, a business module for packing and unpacking tunnels of corresponding business message headers, and an internet protocol (IP) forwarding module for packing internet protocol message headers, sub-sheets and routers. The device realizes forwarding of various types of different tunnels, improves forwarding efficiency of business data, and reduces forwarding expenditure.

The invention provides a method for achieving local shunting by a self-learning mode. The method comprises the following steps: in an intelligent edge network, configuring a local UE ip forwarding table on a service plane through data packet learning, and carrying out data local shunting based on the UE ip forwarding table; and if user bearer deletion or user attachment exists, then deleting the UE ip forwarding table through a service plane aging mode. According to the method for achieving the local shunting by the self-learning mode provided by the invention, intelligent edge network equipment is deployed between a base station and a core network to realize local service shunting, and when the intelligent edge network equipment has failures and is restarted and two sets of intelligent edge network equipment are not deployed, local data shunting can be rapidly completed under the condition that the user access condition is not influenced. According to the scheme of the invention, therequirement for the structural cost of the networking is low, on the premise of ensuring the reliability and security of the network, the network construction cost is greatly reduced, and a positive promotion effect on the large-scale deployment of intelligent network equipment is achieved.

The invention provides a user message processing method and device, and the user message processing method and device are applied to EDs in an EVI network. The method includes the steps of setting up class-II EVI channels facing towards a public router and at least one EVI VPN channel facing towards a VPN router in an assigned EVI embodiment, inquiring a VPN to which a user router protocol message belongs, if the corresponding VPN is inquired, conducting routing learning on the VPN, if not, conducting routing learning in a public domain, inquiring a VPN to which a user data message belongs when IP forwarding is conducted on the user data message, if the corresponding VPN is inquired, forwarding the user data message according to a VPN router forwarding list, and if not, forwarding the user data message according to a public router forwarding list. According to the method and device, a user is allowed to conduct more flexible programming in a private network of the user, and the user can set up different IP networks to meet the requirements of the user.

The invention relates to the field of cloud calculation, and especially relates to a network firewall realization method suitable for a virtual machine. In the method, it has to be ensured that a host computer is provided with firewall software and has ip forwarding unlatched. A created virtual machine is connected to a network through a bridging mode; then a sub link list of the virtual machine is created on the host computer, next, a network firewall rule is selected according to the virtual machine, and the firewall rule is added to the sub link list of the virtual machine; and finally, the sub link list of the virtual machine is linked to a FARWARD list of a firewall. If a user modifies the network firewall rule, a corresponding firework rule is updated to the sub link list of the virtual machine. According to the invention, the firewall rule can be executed simply on the host computer, the installation of the firework software inside operation of the virtual machine is unnecessary, and the method saves resources and flexibly and conveniently realizes the network firewall of the virtual machine.

The invention discloses a method for fast achieving packet forwarding in a wireless ad hoc network of a TDMA protocol. The problems that in the prior art, node hardware resources are insufficient, time cost caused by packet frames in the forwarding process is large, and network performance is low are solved. The method comprises the implementation steps that a routing table is built in an MAC layer achieved through an FPGA, and after data frames of the MAC layer are received, receiving and forwarding are determined according to the address type of the data frames; if received addresses are broadcast addresses, data are received; if the received addresses are other nodes, a data packet is discarded; if the received addresses are current nodes, destination addresses of the data frames are judged, and if the destination addresses of the data frames are the current nodes, the data are directly received; if the destination addresses of the data frames are other nodes, the data frames are forwarded according to the routing table in the MAC layer. The method effectively lowers hardware resource cost, forwarding end-to-end delay is lowered, and the network performance is improved.

The invention provides a control method and device for forwarding paths and control equipment. The method comprises the steps that the control equipment determines out available forwarding paths of aservice in a management domain according to network topology information in the management domain of the control equipment and computing way constraint information of the service; the control equipment selects out the main forwarding path and the backup forwarding paths from the available forwarding paths according to a scheduling strategy; and the control equipment conducts routing strategy configuration on related forwarding equipment in the management domain according to the selected main forwarding path and backup forwarding paths. According to the control method and device, complex and variable computing strategies are all centralized to a controller, a bottom-layer distributed control network from the control equipment to the various forwarding equipment is retained, various protocols and IP forwarding engineering in the existing network are compatible, and the forwarding equipment can complete control over the network without updating software.

The invention discloses a method for optimizing service precedence message fast forwarding. The method for optimizing service precedence message fast forwarding is characterized by including the following steps that S1, service is classified according to user needs, IP quintuple fast forwarding list items containing the specified service are placed into the same specified service fast forwarding list, and the IP quintuple fast forwarding list items which do not contain the specified service are placed into a common service fast forwarding list; S2, firewall equipment receives a message, each fast forwarding list item of the specified service fast forwarding list is matched first, if the matching is successful, the message is processed and forwarded, otherwise each fast forwarding list item of the common service fast forwarding list is matched, if the matching is successful, the message is processed and forwarded, and if not, the step S1 is returned and executed. After the firewall equipment receives the message, the fast forwarding lists are searched according to the service needing to be processed in the message, if the corresponding fast forwarding list containing the processing service is searched, the message is processed and forwarded, and therefore message processing efficiency is greatly improved.