Patent application number | Description | Published |
20080285541 | Intelligent computer network routing using logically centralized, physically distributed servers distinct form network routers - A route control architecture allows a network operator to flexibly control routing between the traffic ingresses and egresses in a computer network, without modifying existing routers. An intelligent route service control point (IRSCP) replaces distributed BGP decision processes of conventional network routers with a route computation that is flexible and logically centralized but physically distributed. One embodiment supplements the traditional BGP decision process with a ranking decision process that allows route-control applications to explicitly rank traffic egresses on a per-destination, per-router basis. A straightforward set of correctness requirements prevents routing anomalies in implementations that are scalable and fault-tolerant. | 11-20-2008 |
20090113057 | Proximity Routing For Session Based Applications Using Anycast - Certain exemplary embodiments can comprise a method, which can comprise automatically providing content to an information device from a content distribution node of a plurality of content distribution nodes. The information device can be adapted to send a request for the content from the first content distribution node utilizing an Internet Protocol (IP) address of the content distribution node. | 04-30-2009 |
20090290543 | Transmit and Receive Method for a Data Service - A method includes receiving a plurality of radio frequency (RF) channels in parallel at a receive site, and demodulating the RF channels using a plurality of demodulators of the receive site to generate a plurality of streams of packets, each stream of packets having a first address space. The method also includes combining the plurality of streams of packets at a tunneling destination of the receive site to generate a first stream of packets having a second address space. | 11-26-2009 |
20090300768 | Method and apparatus for identifying phishing websites in network traffic using generated regular expressions - According to an aspect of this invention, a method to detect phishing URLs involves: creating a whitelist of URLs using a first regular expression; creating a blacklist of URLs using a second regular expression; comparing a URL to the whitelist; and if the URL is not on the whitelist, comparing the URL to the blacklist. False negatives and positives may be avoided by classifying Internet domain names for the target organization as “legitimate”. This classification leaves a filtered set of URLs with unknown domain names which may be more closely examined to detect a potential phishing URL. Valid domain names may be classified without end-user participation. | 12-03-2009 |
20100121945 | Hybrid Unicast/Anycast Content Distribution Network System - A method includes receiving a request for an edge cache address, and comparing a requester address to an anycast group. The method can further include providing an anycast edge cache address when the requestor address is in the anycast group. Alternatively, the method can further include determining an optimal cache server, and providing a unicast address of the optimal cache server when the requester address is not in the anycast group. | 05-13-2010 |
20100122335 | System and Method for Filtering Unwanted Internet Protocol Traffic Based on Blacklists - A system and method for filtering unwanted Internet Protocol traffic based on blacklists receives a first blacklist containing a first plurality of Internet protocol addresses associated with unwanted Internet traffic. The system also operates a first plurality of access control lists adapted to block the unwanted Internet traffic from one of the first Internet protocol addresses listed in the first blacklist. The system also assigns a first weight to each of the first Internet protocol addresses based on a reliability of Internet traffic from each of the first Internet protocol addresses. Additionally, the system reduces a first number of the first access control lists to optimally trade off a number of desirable Internet protocol addresses blocked with a number of bad Internet protocol addresses blocked based on the first weight of each of the first Internet protocol addresses. | 05-13-2010 |
20100135304 | Method for applying macro-controls onto IP networks using intelligent route indexing - Systems and methods are described that manage routing information in an IP network using extensible indexing and use the indexing to control the network. The indexing and associated controls apply to any router within the routing domain. | 06-03-2010 |
20100153802 | System and Method for Anycast Transport Optimization - A system includes first, second, and third content servers, and an edge server. The first, second, and third content servers each are configured to cache content. The edge server is in communication with the first, second, and third content servers. The edge server is configured to receive a content request, and to request different portions of the content from each of the first, second, and third content servers based on a network cost of each of the first, second, and third content servers. | 06-17-2010 |
20100208744 | System and method for compressing internet protocol rounting tables - A networking device connects to a router and to an autonomous system (AS). The networking device receives a routing table from the router, exchanges routing information with the AS, updates the routing table in response to exchanging information with the AS, coalesces the updated routing table into a compressed routing table, and sends the compressed routing table back to the router. The compressed routing table causes the router to forward data in a manner that is identical to the received routing table. | 08-19-2010 |
20110029596 | Anycast Transport Protocol for Content Distribution Networks - A cache server for providing content includes a processor configured to receive a first datagram from a client system sent to an anycast address, send a response datagram to the client system in response to the first datagram, receive a request datagram from the client system sent to the anycast address, and send a batch of content datagrams to the client system. The first datagram includes a universal resource locator corresponding to the content. The response datagram includes a content identifier for the content. The request datagram includes the content identifier, an offset, and a bandwidth indicator. The batch of content datagrams includes a portion of the content starting at the offset. | 02-03-2011 |
20110030054 | Progressive wiretap - Disclosed is a method and system for identifying a controller of a first computer transmitting a network attack to an attacked computer. To identify an attacker implementing the attack on the attacked computer, the present invention traces the attack back to the controller one hop at a time. The invention examines traces of the attacked computer to identify the first computer. Traffic transmitted to the first computer is redirected through a monitoring complex before being transmitted to the first computer. The controller is then detected from traffic monitoring by the monitoring complex. | 02-03-2011 |
20110040861 | Integrated Proximity Routing for Content Distribution - A domain name server includes a processor configured to receive a request from a requester for an edge cache address, identify a first edge cache serving content requests to an anycast address from the requester, and determine a load of first edge cache. The processor is further configured to provide unicast address of an alternate edge cache to requester in response to the request when the load exceeds a threshold or to provide anycast address to requester in response to request when the load is below the threshold. | 02-17-2011 |
20110055316 | Anycast Aware Transport for Content Distribution Networks - A system for providing content includes a plurality of content delivery servers and a routing control module. Each of the content delivery servers is configured to receive a first request from a client system sent to an anycast IP address for the content, and to provide a first portion of the content to the client system. Each of the content delivery servers is further configured to receive a second request from the client system sent to the anycast IP address for a second portion of the content, and to provide the second portion of the content to the client system. The routing control module is configured to modify the routing of the anycast address from a first content delivery server to a second content delivery server. | 03-03-2011 |
20110072127 | Network Aware Application Management - A method of managing a network application includes identifying a network path for the network application, obtaining network performance measurements along the network path, obtaining application performance information for the network application, and extracting infrastructure specific information for the infrastructure supporting the network application. The method further includes correlating the application performance information, network performance measurements, and the infrastructure specific information to identify a performance issue affecting the network application, and modifying the application behavior, the network behavior, or any combination thereof in response to the performance issue. | 03-24-2011 |
20110125920 | INTELLIGENT COMPUTER NETWORK ROUTING USING LOGICALLY CENTRALIZED, PHYSICALLY DISTRIBUTED SERVERS DISTINCT FROM NETWORK ROUTERS - A route control architecture allows a network operator to flexibly control routing between the traffic ingresses and egresses in a computer network, without modifying existing routers. An intelligent route service control point (IRSCP) replaces distributed BGP decision processes of conventional network routers with a route computation that is flexible and logically centralized but physically distributed. One embodiment supplements the traditional BGP decision process with a ranking decision process that allows route-control applications to explicitly rank traffic egresses on a per-destination, per-router basis. A straightforward set of correctness requirements prevents routing anomalies in implementations that are scalable and fault-tolerant. | 05-26-2011 |
20110134768 | NETWORK ANALYSIS USING NETWORK EVENT DATA - A system that incorporates teachings of the present disclosure may include, for example, network device having a controller to combine network data sources enabling simplified database queries across a plurality of data sources, normalize the data from the plurality of data sources, continuously collect routing information between two routers of interest, selectively and automatically extract network data involving network events and routing, determine a temporal correlation among identified network events, determine a spatial correlation among identified network events, and troubleshoot an interactive media service based on a combination of the temporal correlation and the spatial correlation determined between the defined edge routers. Other embodiments are disclosed. | 06-09-2011 |
20110134769 | Multi-path load balancing using route controller - Systems and methods are described that employ multi-path BGP to realize dynamic multi-path load balancing based on an Intelligent Route Service Control Point (IRSCP) router control architecture that uses dynamic traffic flow information to perform dynamic load balancing to enable precise and effective load balancing. | 06-09-2011 |
20110134931 | Virtual router migration - A Virtual Router (VR) is described that can move freely from one physical router to another in a network. Embodiments enable a network operator to configure a network management primitive that supports live migration of VRs from one physical router to another. To minimize disruptions, VRs allow a migrated control plane from a source router to clone its data plane state from the source router at a destination router while continuing to update its data plane state at the source router. Embodiments temporarily forward packets using both router location data planes to support asynchronous migration of links. | 06-09-2011 |
20110142053 | METHODS AND APPARATUS TO COMMUNICATIVELY COUPLE VIRTUAL PRIVATE NETWORKS TO VIRTUAL MACHINES WITHIN DISTRIBUTIVE COMPUTING NETWORKS - Methods and apparatus to communicatively couple virtual private networks to virtual machines within distributive computing networks are disclosed. A disclosed example method includes receiving a request to provision a virtual machine from a virtual private network, determining a host for the virtual machine within a distributive computing network, creating the virtual machine within the host, communicatively coupling the virtual machine to a virtual local area network switch within the distributive computing network, configuring a portion of a router to be communicatively coupled to the virtual machine via the virtual local area network switch by specifying an address space within the router associated with at least one of the virtual machine or the virtual private network communicatively coupled to the router, and communicatively coupling the portion of the router to the virtual private network. | 06-16-2011 |
20110145409 | Method For Applying Macro-Controls Onto IP Networks Using Intelligent Route Indexing - Systems and methods are described that manage routing information in an IP network using extensible indexing and use the indexing to control the network. The indexing and associated controls apply to any router within the routing domain. | 06-16-2011 |
20110153719 | Integrated Adaptive Anycast for Content Distribution - A system includes first and second cache servers a domain name server, and a route controller. The cache servers are each configured to respond to an anycast address. Additionally, the first cache server is configured to respond to a first unicast address, and the second cache server is configured to respond to a second unicast address. The router controller configured to determine wither the status of the first cache server is non-overloaded, overloaded, or offline. The route controller is further configured to instruct the domain name server to provide the second unicast address when the status is overloaded or offline, and modify routing of the anycast address to direct a content request sent to the anycast address to the second cache server when the status is offline. The domain name server is configured to receive a request from a requestor for a cache server address. Additionally, the domain name server is configured to provide an anycast address to the requestor when the status of the first cache server is non-overloaded, and provide the second unicast address to the requestor when the status of the first cache server is offline or overloaded. | 06-23-2011 |
20110153788 | Method and System for Automated Network Operations - A system includes a memory storing a set of instructions executable by a processor. The set of instructions is operable to receive a process for accomplishing a network management task, the process including a plurality of events including configuration changing events and condition checking events; receive parameters related to the task; include the parameters in the process; and execute the process. | 06-23-2011 |
20110153941 | Multi-Autonomous System Anycast Content Delivery Network - A content delivery network includes first and second sets of cache servers, a domain name server, and an anycast island controller. The first set of cache servers is hosted by a first autonomous system and the second set of cache servers is hosted by a second autonomous system. The cache servers are configured to respond to an anycast address for the content delivery network, to receive a request for content from a client system, and provide the content to the client system. The first and second autonomous systems are configured to balance the load across the first and second sets of cache servers, respectively. The domain name server is configured to receive a request from a requestor for a cache server address, and provide the anycast address to the requestor in response to the request. The anycast island controller is configured to receive load information from each of the cache servers, determine an amount of requests to transfer from the first autonomous system to the second autonomous system; send an instruction to the first autonomous system to transfer the amount of requests to the second autonomous system. | 06-23-2011 |
20110154101 | INFRASTRUCTURE FOR RAPID SERVICE DEPLOYMENT - A controller is used to provide a sharable, programmable and composable infrastructure. The controller includes a user manager to take input of user application programming interface calls that correspond to actions accepted from users. A physical manager fulfills requests from the user manager by manipulating distributed physical resources and logical devices in a network controlled by the controller. A configuration effector implements configuration changes to the physical resources and logical devices. A device monitor determines a status of the physical resources and logical devices, propagates the status to the physical manager for detecting a failure of the physical resources and logical devices in real-time, and mitigates the failure. | 06-23-2011 |
20110161730 | SYSTEMS, METHODS, AND APPARATUS TO DEBUG A NETWORK APPLICATION - Methods and apparatus to debug a network application are described. A described example network includes a live control network to collect control messages to create a history of network states, the history of network states reflecting an order in which control messages are processed, the live control network to roll back from a current state to a past state upon detection of an improper sequence of messages and to process the messages in a corrected sequence, the corrected sequence to be stored in the history. The described example network further includes a virtualized network corresponding to the live control network, the virtualized network responsive to a command from an operator to step through the history to facilitate debugging. | 06-30-2011 |
20110214177 | System and Method for Avoiding and Mitigating a DDoS Attack - Described is a system and method for receiving a data packet including a destination address and a source address, the data packet corresponding to a port number, assigning an address risk value for the data packet based on the source address and a port risk value for the data packet based on the port number. The data packet is categorized into a community based on the source address, wherein the community is predefined by a user corresponding to the destination address, the community includes a utility value. The address risk value and the port risk value are compared to the utility value to yield a benefit coefficient and the data packet is treated based on the benefit coefficient. | 09-01-2011 |
20110219445 | Methods, Systems and Computer Program Products for Identifying Traffic on the Internet Using Communities of Interest - Methods for identifying wanted traffic on the Internet are provided. The methods include determining a traffic history for a user of the Internet; identifying wanted traffic in a stream of Internet traffic based on the determined traffic history; and prioritizing the identified wanted traffic such that unwanted traffic is assigned a lower priority than the wanted traffic. Related systems and computer program products are also provided. | 09-08-2011 |
20110231475 | Internet Protocol Version 6 Content Routing - A content delivery system includes a cache server, a domain name server, and a redirector. The domain name server is configured to receive a request for a cache server address, and provide an IPv6 anycast address. The redirector is configured to receive a content request addressed to the IPv6 anycast address from a client system, receive load information from the cache server, and determine if the cache server is available. The redirector is further configured to forward the content request to the cache server when the cache server is available. The cache server is configured to receive the content request forwarded from the redirectors, send a response to the content request to a client system, the response including an IPv6 unicast address of the cache server as a source address, an IPv6 unicast address of the client system as a destination address, and the IPv6 anycast address as a home address, and provide the content to the requestor. | 09-22-2011 |
20120131664 | METHOD AND APPARATUS FOR CONTENT AWARE OPTIMIZED TUNNELING IN A MOBILITY ENVIRONMENT - A method, computer readable medium and apparatus for performing content aware optimized tunneling in a communication network are disclosed. For example, the method authenticates a user endpoint device, establishes a tunnel to the user endpoint device if the user endpoint device is authenticated, analyzes content of a data packet transmitted through the tunnel to determine if the tunnel should be re-directed, and re-directs the tunnel to a gateway general packet radio services support node light based upon the content of the data packet. | 05-24-2012 |
20120137287 | OPTIMIZED GAME SERVER RELOCATION ENVIRONMENT - A system is provided for migrating a VM over a WAN. A first server has a VM. The first and second servers are operatively connected over the WAN by a virtual private local area network service. The first server migrates the VM to the second server by coping files and state of the VM to the second server without interrupting the interactive software on the VM. During a last round of migrating the VM, for packets intended for the VM on the first server, the first server buffers the packets in a buffer as buffered packets. Instead of delivering the buffered packets to the VM, the first server transmits the buffered packets to the second server. The second server plays the buffered packets to the VM migrated to and operating on the second server, such that buffered packets are played before current packets currently received from the clients are played. | 05-31-2012 |
20120147824 | METHODS AND APPARATUS TO CONFIGURE VIRTUAL PRIVATE MOBILE NETWORKS - Methods and apparatus to configure virtual private mobile networks are disclosed. A disclosed example method includes receiving a request at a wireless network provider from a client, the request instructing the wireless network provider to create the virtual private mobile network for the client, identifying available network elements within a wireless network of the wireless network provider based on the request from the client, configuring a portion of a control plane and a portion of a data plane of the identified network elements for the virtual private mobile network, and enabling user equipment associated with the client to wirelessly communicatively couple to the virtual private mobile network. | 06-14-2012 |
20120158976 | METHODS AND APPARATUS TO MIGRATE BORDER GATEWAY PROTOCOL SESSIONS BETWEEN ROUTERS - Methods and apparatus to migrate border gateway protocol sessions between routers are disclosed. An example method to migrate a border gateway protocol session from a first router to a second router disclosed herein comprises exporting a connection state to migrate a transport control protocol connection supporting the border gateway protocol session with a session endpoint from the first router to the second router, and after the transport control protocol connection has been migrated to the second router, announcing, from the first router to the second router, routes contained in an exported routing information base associated with the session endpoint, the second router to process the routes to migrate handling of the border gateway protocol session with the session endpoint to the second router. | 06-21-2012 |
20120260337 | System and Method for Avoiding and Mitigating a DDoS Attack - Described is a system and method for receiving a data packet including a destination address and a source address, categorizing the data packet into a community based on the source address, wherein the community is predefined by a user corresponding to the destination address and selecting a treatment for the data packet based on the community. The method may be implemented on a router to avoid and/or mitigate the harmful effects of a Distributed Denial of Service (“DDoS”) attack on a computer system or network. | 10-11-2012 |
20120284699 | Systems, Method, and Apparatus to Debug a Network Application - A method includes instantiating a cloned network that includes a second set of virtual service nodes. The second set of virtual service nodes includes at least one cloned virtual service node that is a clone of a corresponding virtual service node in a first set of virtual service nodes. The at least one cloned virtual service node has access to a history of events that occurred at the corresponding virtual service node in the first set of virtual service nodes. The method includes initiating an interactive debugging session that includes step by step processing of the events of the history of events. | 11-08-2012 |
20120311107 | METHODS AND APPARATUS TO CONFIGURE VIRTUAL PRIVATE MOBILE NETWORKS TO REDUCE LATENCY - Methods and apparatus to configure virtual private mobile networks for latency are disclosed. A disclosed example method includes provisioning logically a virtual private mobile network within a wireless network to reduce latency of a communication associated with a latency sensitive application, determining a mobile device is communicatively coupling to the wireless network via the latency sensitive application, and coupling the mobile device to the virtual private mobile network to reduce latency of the communication associated with the latency sensitive application. | 12-06-2012 |
20120331545 | METHODS AND APPARATUS TO CONFIGURE VIRTUAL PRIVATE MOBILE NETWORKS FOR SECURITY - Methods and apparatus to configure virtual private mobile networks for security are disclosed. A disclosed example method includes identifying, in a wireless network, a communication from a user equipment that matches a security event profile, transmitting, from the wireless network, an instruction to enable the user equipment to be communicatively coupled to a virtual private mobile network, the virtual private mobile network being provisioned for security within the wireless network, and enabling the user equipment to transmit a second communication through the virtual private mobile network securely isolated from other portions of the wireless network. | 12-27-2012 |
20130031630 | Method and Apparatus for Identifying Phishing Websites in Network Traffic Using Generated Regular Expressions - According to an aspect of this invention, a method to detect phishing URLs involves: creating a whitelist of URLs using a first regular expression; creating a blacklist of URLs using a second regular expression; comparing a URL to the whitelist; and if the URL is not on the whitelist, comparing the URL to the blacklist. False negatives and positives may be avoided by classifying Internet domain names for the target organization as “legitimate”. This classification leaves a filtered set of URLs with unknown domain names which may be more closely examined to detect a potential phishing URL. Valid domain names may be classified without end-user participation. | 01-31-2013 |
20130054763 | METHODS AND APPARATUS TO CONFIGURE VIRTUAL PRIVATE MOBILE NETWORKS WITH VIRTUAL PRIVATE NETWORKS - Methods and apparatus to configure virtual private mobile networks with virtual private networks are disclosed. A disclosed example method includes logically provisioning, for a client, the virtual private mobile network to process wireless network communications associated with the client that correspond to a specified address space of the client, provisioning at least a portion of a server within a cloud computing data center to host resources for the client, and configuring at least a portion of an edge router of the cloud computing data center to transmit the wireless network communications between the portion of the server and the virtual private mobile network. | 02-28-2013 |
20130073905 | Systems, Methods, and Apparatus to Debug a Network Application by Utilizing a Cloned Network and an Interactive Debugging Technique - A method includes instantiating a cloned network that includes a second set of virtual service nodes. The second set of virtual service nodes includes at least one cloned virtual service node that is a clone of a corresponding virtual service node in a first set of virtual service nodes. The at least one cloned virtual service node has access to a history of events that occurred at the corresponding virtual service node in the first set of virtual service nodes. The method includes initiating an interactive debugging session that includes processing of the events of the history of events. | 03-21-2013 |
20130077470 | Method For Applying Macro-Controls Onto IP Networks Using Intelligent Route Indexing - Systems and methods are described that manage routing information in an IP network using extensible indexing and use the indexing to control the network. The indexing and associated controls apply to any router within the routing domain. | 03-28-2013 |
20130080480 | Cloud Infrastructure Services - An aspect of the disclosed technology is a general-purpose platform that may be used to provide resilient cloud services. Tasks may be written as procedures in general-purpose programming languages that directly manipulate resources via control interfaces. In one implementation, resource states, such as router configurations and virtual machine states, associated with a cloud customer that provides communications services, may be abstracted into tables in a relational or semi-structured database. State changes that have been written to the database tables are automatically propagated by the database to appropriate customer physical devices, such as network elements, thereby implementing various customer network operations. | 03-28-2013 |
20130111033 | SYSTEMS, METHODS, AND ARTICLES OF MANUFACTURE TO PROVIDE CLOUD RESOURCE ORCHESTRATION | 05-02-2013 |
20140040206 | PIPELINED DATA REPLICATION FOR DISASTER RECOVERY - Pipelined data replication for disaster recovery is disclosed. An example pipelined data replication method for disaster recovery disclosed herein comprises sending replicated first data from a primary processing environment to a secondary processing environment for backup by the secondary processing environment, the replicated first data being a replica of first data in the primary processing environment, processing the first data in the primary processing environment prior to the backup of the replicated first data by the secondary processing environment being confirmed, and preventing a result of the processing of the first data from being released by the primary processing environment until the backup of the replicated first data by the secondary processing environment is confirmed. | 02-06-2014 |