Patent application number | Description | Published |
20080212763 | Network-based methods and systems for responding to customer requests based on provider presence information - An “always-on” network and associated systems enable customers to compare and select products and services offered by one or more providers faster than previously thought possible. In addition, communication connections may be established between customers and providers in real-time. | 09-04-2008 |
20080313132 | HIGH ACCURACY BLOOM FILTER USING PARTITIONED HASHING - A method and system for generating a bloom filter by mapping into respective groups each of a plurality of initial keys according to a first hash function and mapping each group hashed key into a bloom filter using k respective hash functions. | 12-18-2008 |
20100040066 | NETWORK ADDRESS LOOKUP BASED ON BLOOM FILTERS - In one embodiment, IP lookup into a routing table having prefixes of different prefix lengths is performed using a Bloom filter that was programmed with the prefixes corresponding to all of the different prefix lengths without having to expand any of the prefixes programmed into the Bloom filter. Membership probes are performed into the Bloom filter using candidate prefix values of a given network address. The Bloom filter can be implemented in a distributed manner using Bloom sub-filters, where each Bloom sub-filter is hashed based on a set of hash functions, where each different hash function in the set corresponds to a different prefix length in the routing table. Each Bloom sub-filter can in turn be implemented using a plurality of practically realizable multi-port memory devices controlled by a port scheduler. False-positive matches can be detected and next-hop information for true-positive matches retrieved using an off-chip, hash-based prefix table. | 02-18-2010 |
20100040067 | HASH FUNCTIONS FOR APPLICATIONS SUCH AS NETWORK ADDRESS LOOKUP - In one embodiment, IP lookup into a routing table having prefixes of different prefix lengths is performed by hashing a candidate prefix value to generate a plurality of hash values, where m seed hash values are generated by applying m seed hash functions and one or more additional hash values are generated by combining two or more of the seed hash values in different ways, e.g., using a bit-wise XOR function. The hash values are used to perform membership probes into a Bloom filter programmed with the prefixes corresponding to all of the different prefix lengths in the routing table without having to expand any of the prefixes programmed into the Bloom filter. | 02-18-2010 |
20100269024 | METHOD AND APPARATUS FOR MULTISET MEMBERSHIP TESTING USING COMBINATORIAL BLOOM FILTERS - A method and apparatus providing improved set membership determination and group membership identification of candidate data elements using a single Bloom filter programmed to provide a plurality of non-zero f-bit binary vectors, where each of the f-bit binary vectors is associated with a respective group. The Bloom filter is programmed using one or more (but not all) of a plurality of hash filter sets. | 10-21-2010 |
20100316051 | PACKET PROCESSING USING BRAIDED TRIES - Packets are processed (e.g., routed or classified) in accordance with a braided trie, which represents the combination of two or more different original tries (e.g., representing different forwarding/classification tables). The different tries are combined by twisting the mappings for specific trie nodes to make the shapes of the different tries more similar. Each node in the braided trie contains a braiding bit for at least one original trie indicating the mapping for that trie's node. Trie braiding can significantly reduce the number of nodes used to represent the different original tries, thereby reducing memory usage and improving scalability. Braided tries can be used for such applications as virtual routers and packet classification in which different forwarding/classification tables are represented by a single braided trie stored in shared memory. | 12-16-2010 |
20100322255 | PROVIDING CLOUD-BASED SERVICES USING DYNAMIC NETWORK VIRTUALIZATION - The invention is directed to providing cloud-based services using dynamic network virtualization. Embodiments of the invention provide a cloud-based service over a system that has a dynamic network virtualization architecture. The architecture includes a set of distributed forwarding elements with centralized control, and at least one virtual machine that is bound to one of the forwarding elements. These features enable the virtual machine to be migrated across a wide area network while maintaining its original IP address and service continuity. | 12-23-2010 |
20100329133 | NETWORK DETECTION OF REAL-TIME APPLICATIONS USING INCREMENTAL LINEAR REGRESSION - Method and apparatus using incremental linear regression to derive a traffic flow signature indicative of a particular application within a packet stream. | 12-30-2010 |
20110044201 | LINE-RATE, REAL-TIME-TRAFFIC DETECTOR - A line-rate, real-time-traffic detector classifies a network traffic flow as real-time when it determines the smoothness of the packet arrival rate of the network traffic flow is bounded by an empirically derived bound. In some embodiments, to improve performance, a tighter smoothness bound is applied to the smoothness calculations performed on a first set of packet arrival times, while a looser smoothness bound is applied to a second set of packet arrival times, the second set inclusive of and larger than the first. | 02-24-2011 |
20110075571 | DISTRIBUTED VIRTUAL HOME AGENT FOR MOBILE INTERNET PROTOCOL - The present invention provides a method and apparatus for a distributed virtual home agent. One embodiment of the method includes implementing a first primary home agent on a first portion of a plurality of hardware elements that operate according to a mobile Internet Protocol (IP) and a second primary home agent on a second portion of the plurality of hardware elements. A first backup home agent is implemented on the second portion of the plurality of hardware elements and a second backup home agent is implemented on the first portion of the plurality of hardware elements. Packets addressed to the first or second primary home agent can be directed to both the first and second portions of the plurality of hardware elements so that states of the first and second backup home agents mirror states of the first and second primary home agents, respectively. | 03-31-2011 |
20110090911 | METHOD AND APPARATUS FOR TRANSPARENT CLOUD COMPUTING WITH A VIRTUALIZED NETWORK INFRASTRUCTURE - A capability is provided for providing transparent cloud computing with a virtualized network infrastructure. A method for enabling use of a resource of a data center as an extension of a customer network includes receiving, at a forwarding element (FE), a packet intended for a virtual machine hosted at an edge domain of the data center, determining a VLAN ID of the VLAN for the customer network in the edge domain, updating the packet to include the VLAN ID of the VLAN for the customer network in the edge domain, and propagating the updated packet from the FE toward virtual machine. The edge domain supports a plurality of VLANs for a respective plurality of customer networks. The packet includes an identifier of the customer network and a MAC address of the virtual machine. The VLAN ID of the VLAN for the customer network in the edge domain is determined using the identifier of the customer network and the MAC address of the virtual machine. The FE may be associated with the edge domain at which the virtual machine is hosted, an edge domain of the data center that is different than the edge domain at which the virtual machine is hosted, or the customer network. Depending on the location of the FE at which the packet is received, additional processing may be provided as needed. | 04-21-2011 |
20110137930 | METHOD AND APPARATUS FOR GENERATING A SHAPE GRAPH FROM A BINARY TRIE - A capability is provided for representing a set of data values using data structures, including converting a binary trie data structure representing the set of data values to a shape graph data structure representing the set of data values. The shape graph data structure is generated from the binary trie data structure based on the shapes of the sub-trees rooted at the nodes of the binary trie data structure. The shape graph includes vertices representing shapes of the sub-trees of the binary trie data structure. A shape graph data structure permits operations similar to the operations that may be performed on the binary trie data structure for performing lookups for data values from the set of data values, while at the same time reducing the structural redundancy of the binary trie data structure such that the shape graph data structure provides significant improvements in memory usage over the binary trie data structure. | 06-09-2011 |
20120136846 | METHODS OF HASHING FOR NETWORKS AND SYSTEMS THEREOF - Example embodiments are directed to methods of hashing for networks and systems thereof. At least one example embodiment provides a method of processing elements in a system. The method includes receiving a first element, generating a first plurality of hash values based on the first element and a first plurality of hash functions, determining a first plurality of buckets in a table based on the first plurality of hash values, each of the first plurality of buckets associated with a different one of the hash values, selecting one of the first plurality of buckets, storing a first associated value in the selected bucket, the first associated value being associated with the first element, and encoding an identifier (ID) of the hash function generating the hash value associated with the selected bucket into a filter based on the hash value. | 05-31-2012 |
20130011136 | Apparatus And Method For Protection In A Data Center - A manner of providing redundancy protection for a data center network that is both reliable and low-cost. In a data center network where the data traffic between numerous access nodes and a network core layer via primary aggregation nodes, an optical network device such as and OLT (optical line terminal) is provided as a backup aggregation node for one or more of the primary aggregation nodes. When a communication path through a primary aggregation node fails, traffic is routed through the optical network device. In a preferred embodiment, a communication link is formed from a plurality of access nodes to a single port of the OLT or other optical network device via an optical splitter that combines upstream transmissions and distributes downstream transmissions. The upstream transmissions from the plurality of access nodes may occur according to an allocation schedule generated when the backup aggregation node is needed. | 01-10-2013 |
20130166943 | Method And Apparatus For Energy Efficient Distributed And Elastic Load Balancing - Various embodiments provide a method and apparatus of providing a load balancing configuration that adapts to the overall load and scales the power consumption with the load to improve energy efficiency and scalability. The energy efficient distributed and elastic load balancing architecture includes a collection of multi-tiered servers organized as a tree structure. The handling of incoming service requests is distributed amongst a number of the servers. Each server in the virtual load distribution tree accepts handles incoming service requests based on its own load. Once a predetermined loading on the receiving server has been reached, the receiving server passes the incoming requests to one or more of its children servers. | 06-27-2013 |
20130204903 | PROBABILISTIC FINGERPRINT CHECKING FOR PREVENTING DATA LEAKAGE - A data-leakage prevention capability is presented herein. The data-leakage prevention capability prevents leakage of data, of a file set having a plurality of files, from a secure network using online fingerprint checking of data flows at a boundary of the secure network. The online fingerprint checking is performed using a set of data structures configured for the file set. The data structures for the file set are configured based on file set characteristics information of the file set and a target detection lag indicative of a maximum number of bits within which a data leakage event for the file set is to be determined. The data structure configuration is computed for a plurality of data structures configured for use in monitoring the files of the file set. The data structure configuration includes a plurality of data structure locations and data structure sizes for the respective plurality of data structures. | 08-08-2013 |
20130212710 | Data Leakage Prevention for Cloud and Enterprise Networks - Apparatuses, methods and articles of manufacture for performing data leakage prevention are provided. Data leakage prevention may be performed by determining a signature of a transmitted document, the transmitted document being in transit to a location beyond a network boundary. The signature of the transmitted document is compared with one or more signatures of documents authorized to be transmitted beyond the network boundary. The transmitted document is prevented from being transmitted beyond the network boundary if the signature of the document does not correspond to a signature of a document authorized to be transmitted beyond the network boundary. | 08-15-2013 |
20130290539 | RESOURCE PLACEMENT IN NETWORKED CLOUD BASED ON RESOURCE CONSTRAINTS - Various exemplary embodiments relate to a method and related network node including one or more of the following: receiving, at the cloud controller, a request message including a first request for a first cloud resource; identifying a set of potential devices for providing the first cloud resource; calculating a plurality of weight values corresponding to at least a portion of the set of potential devices for providing the first cloud resource, wherein the plurality of weight values are calculated based on a plurality of delta values associated with the at least a portion of the set of potential devices; selecting a device based on the plurality of weight values to provide the first cloud resource; and updating the delta value associated with the selected device. | 10-31-2013 |
20130305311 | APPARATUS AND METHOD FOR PROVIDING A FLUID SECURITY LAYER - A security management capability enables migration of individual security rules between storage/application locations. The migration of a security rule may include selection of a location at which the security rule is to be applied and migration of the security rule to the selected location at which the security rule is to be applied. The selection of the location at which the security rule is to be applied may be performed based on security rule policies and/or security rule location selection information. The security rule is migrated from a current location (e.g., a location at which the security rule is currently applied, a management system, or the like) to the selected location at which the security rule is to be applied. In this manner, a fluid security layer may be provided. The fluid security layer may be optimized for one or more of security level, performance, cost, or the like. | 11-14-2013 |
20140089506 | SECURING SOFTWARE DEFINED NETWORKS VIA FLOW DEFLECTION - A flow deflection capability is provided for deflecting data flows within a Software Defined Network (SDN) in order to provide security for the SDN. A flow forwarding rule is generated for a first network element of the SDN based on detection of a condition (e.g., TCAM utilization condition, CPU utilization condition, or the like) associated with the first network element. The flow forwarding rule is generated by a control element of the SDN or the first network element of the SDN. The flow forwarding rule is indicative that at least a portion of new flow requests received at the first network element are to be forwarded from the first network element to a second network element of the SDN. The flow forwarding rule may specify full flow deflection or selective flow deflection. | 03-27-2014 |
20140089510 | JOINT ALLOCATION OF CLOUD AND NETWORK RESOURCES IN A DISTRIBUTED CLOUD SYSTEM - A capability is provided for allocating cloud and network resources in a distributed cloud system including a plurality of data centers. A request for resources is received. The request for resources includes a request for cloud resources and an indication of an amount of cloud resources requested. The request for resources also may include a request for network resources or one or more constraints. A set of feasible resource mappings is determined based on the request for resources and information associated with the distributed cloud system. A resource mapping to use for the request for resources is selected from the set of feasible resource mappings. The selected resource mapping includes a mapping of the requested cloud resources to cloud resources of one or more of the data centers and an identification of network resources configured to support communications for the cloud resources of the one or more data centers. | 03-27-2014 |
20140328350 | LOW-COST FLOW MATCHING IN SOFTWARE DEFINED NETWORKS WITHOUT TCAMS - Various exemplary embodiments relate to a method for processing data packets by a first-hop switch in a data network, including: receiving a first data packet associated with a flow; determining whether the flow associated with the first data packet is found in a flow table in the first-hop switch; modifying the first data packet by replacing a packet header field with flow definition information; and transmitting the modified first data packet based upon the flow definition information. | 11-06-2014 |