Patent application number | Description | Published |
20080259934 | DISTRIBUTED VIRTUAL SYSTEM TO SUPPORT MANAGED, NETWORK-BASED SERVICES - Methods and systems are provided for allocating network resources of a distributed virtual system to support managed, network-based services. According to one embodiment, a VR-based switch having multiple processing elements is configured for operation at an Internet POP. An NOS is provided on each of the processing elements. Resources of the VR-based switch are segmented between a first and second subscriber by mapping VRs assigned to the first and second subscriber onto appropriate processing elements. Then, a first and second set of customized services are configured, each including two or more of firewalling, virtual private networking, encryption, traffic shaping, routing and network address translation (NAT), to be provided by the VR-based switch. Customized services are configured by allocating appropriate service object groups to the VRs, which can be dynamically distributed by the NOS to customized processors of the processing elements to achieve desired computational support. | 10-23-2008 |
20090046728 | SYSTEM AND METHOD FOR DELIVERING SECURITY SERVICES - Systems and methods are provided for delivering security services. According to one embodiment, multiple virtual routers are established within a service processing switch, which is operable to be logically interposed between a public communications network and multiple subscriber sites. Each of the virtual routers has associated therewith a subset of processing and storage resources of the service processing switch. Subscribers are provided with respective sets of customized application layer services. Subscriber resource isolation is provided by partitioning the virtual routers between the subscribers including allocating and configuring partitions, having subsets of the virtual routers, to the subscribers. Changeable provisioning of processing capacity between the subscribers is provided by dynamically reallocating resources of the service processing switch between the partitions based on comparative processing demands of the customized application layer services. | 02-19-2009 |
20110032942 | FAST PATH COMPLEX FLOW PROCESSING - Methods and systems for processing complex flows are provided. According to one embodiment, a packet associated with a complex flow is received. A first flow-based packet classification is performed based on a first set of attributes of the packet. A first flow processing operation is identified by performing a first flow cache lookup based on the first flow-based packet classification and the first flow processing operation is performed on the packet. After performing the first flow processing operation on the packet, a second flow-based packet classification of the packet is performed based on a second set of attributes of the packet. A second flow processing operation is identified by performing a second flow cache lookup based on the second flow-based packet classification and the second flow processing operation is performed on the packet. Finally, the packet is sent to an egress interface. | 02-10-2011 |
20120072568 | SWITCH MANAGEMENT SYSTEM AND METHOD - Methods and systems for managing a service provider switch are provided. According to one embodiment, a network operating system (NOS) is provided on each processor element (PE) of the switch. The NOS includes an object manager (OM) responsible for managing global software object groups, managing software object configurations, managing local software objects and groups and routing control information between address spaces based on locations of software objects. The OM performs management plane communications among software objects by way of system calls. The OM performs data plane communications among software objects by way of object-to-object channels. The switch is provisioned with a network-based managed IP service for a particular customer of the service provider by pushing the service onto an object-to-object channel that has been established between a first software object and a second software object of the software objects. | 03-22-2012 |
20120311125 | SWITCH MANAGEMENT SYSTEM AND METHOD - Methods and systems for managing a service provider switch are provided. According to one embodiment, a method is provided for provisioning a switch with a network-based managed Internet Protocol (IP) service. A network operating system (NOS) is provided on each processor element (PE) of the switch. The NOS includes an object manager (OM) responsible for managing global software object groups, managing software object configurations, managing local software objects and groups and routing control information between address spaces based on locations of software objects. The OM performs management plane communications among software objects by way of system calls. The OM performs data plane communications among software objects by way of object-to-object channels. The switch is provisioned with a network-based managed IP service for a particular customer by pushing discrete and customized software objects representing the network-based managed IP service onto an object-to-object channel established between two of the software objects. | 12-06-2012 |
20120324216 | TUNNEL INTERFACE FOR SECURING TRAFFIC OVER A NETWORK - Methods and systems for a flexible, scalable hardware and software platform that allows a managed security service provider to easily provide security services to multiple customers is provided. According to one embodiment, a request to establish an IP connection between two locations of a subscriber is received at a service management system (SMS) of the service provider. A tunnel is established between service processing switches coupled in communication through a public network. First and second packet routing nodes within the service processing switches are associated with the first and second locations, respectively. An encryption configuration decision is bound with a routing configuration of the packet routing nodes, by, when the request is to establish a secure IP connection, configuring, the packet routing nodes to cause all packets transmitted to the other location to be encrypted and to cause all packets received from the other location to be decrypted. | 12-20-2012 |
20120324532 | PACKET ROUTING SYSTEM AND METHOD - Methods and systems for offering network-based managed security services are provided. According to one embodiment, an IP service processing switch includes multiple service blades and one or more packet-passing data rings. The service blades each have multiple processors for providing customized security services to subscribers of a service provider. Upon receipt of a packet by a service blade from the one or more packet-passing data rings, a PEID value within the packet is inspected and when the PEID value corresponds to a PEID assigned to a processor associated with the service blade, the packet is steered to a software entity of a VR on the processor that corresponds to an LQID value within the packet. And, when the PEID value does not correspond to any PEIDs assigned to processors on the service blade, the packet is passed to a next service blade on the one or more packet-passing data rings. | 12-20-2012 |
20140059234 | Switch Management System and Method - Methods and systems for managing a service provider switch are provided. According to one embodiment, a method is provided for provisioning a switch with a network-based managed Internet Protocol (IP) service. A network operating system (NOS) is provided on each processor element (PE) of the switch. The NOS includes an object manager (OM) responsible for managing global software object groups, managing software object configurations, managing local software objects and groups and routing control information between address spaces based on locations of software objects. The OM performs management plane communications among software objects by way of system calls. The OM performs data plane communications among software objects by way of object-to-object channels. The switch is provisioned with a network-based managed IP service for a particular customer by pushing discrete and customized software objects representing the network-based managed IP service onto an object-to-object channel established between two of the software objects. | 02-27-2014 |
20150019859 | TUNNEL INTERFACE FOR SECURING TRAFFIC OVER A NETWORK - Methods and systems for a flexible, scalable hardware and software platform that allows a managed security service provider to easily provide security services to multiple customers are provided. According to one embodiment, a method is provided for delivering customized network services to subscribers of a service provider. Multiple virtual routers (VRs) are provided within each of multiple service processing switches of a service provider. Each VR is supported by an object group and each object of the object group supports a network service. One or more VRs are assigned to a subscriber of multiple subscribers of the service provider. Customized network services are provided to the subscriber by the one or more VRs assigned to the subscriber. | 01-15-2015 |