939 results about "Address Resolution Protocol" patented technology

A system and method prevent unauthorized users and devices, in a dynamic user / device environment, from obtaining access to shared-medium public and semi-public IP networks. A network includes a layered communication system and routers / switches for coupling users and devices to a Dynamic Host Control Protocol (DHCP) server and an authentication server. Databases support the servers. The network incorporates Address Resolution Protocol (ARP). Authorized users and devices register for service by providing the DHCP with user identification for log-in, passwords, MAC addresses, etc. When users connect to the network access point, a DHCP exchange is initiated to obtain a valid IP address and other associated parameters. The DHCP client initiates a MAC broadcast for IP addresses which contain in the request the end user's device MAC address. The associated router switch will pick up and forward to a DHCP server the end user's device request. The DHCP server will process the end user's request and extract the end user's device MAC address. With the end user's MAC address, the DHCP server accesses its device and / or user information in the database. If the MAC address is not registered, the DHCP server refuses to handle the request and logs the attempt, potentially alerting network operators of a security breach. If the MAC address is registered, a DHCP server selects an appropriate IP address and associated parameters to be returned to the requesting end user and connects via programming or command interface to the router switch that is forwarding the DHCP request on behalf of the end user device. The server adds an ARP IP to the MAC address table entry with the selected IP address and end user's MAC address. End user device authentication and IP lease are marked as provisional. A timer is started for a suggested duration. Optionally, the DHCP dynamically sets up filter rules in the router switch limiting access to a subset of IP addresses such as the address of a log-in server. Initial DHCP processing is completed and an IP address is assigned to the requesting end user's device by DHCP. When the timer expires, if the DHCP server finds the authenticating user state is provisional, it will revoke the IP lease, invalidate the corresponding ARP to MAC table entry in the associated router switch, and reset any IP-permissive filtering for that device. If the user is in the full authenticated state, it will simply remove the restrictive filtering.

Disclosed is a technology by which rules on communication permission or control are enforced to network internal devices such that an environment which looks as if to have a virtual firewall existing between network internal devices can be established. A communication control apparatus for this is located on the same level in the network as other devices are located. By using this communication control apparatus, an address resolution protocol (ARP) packet in which a data link layer address is manipulated is provided to devices that are the objects of communication cut-off, such that data packets transmitted by the communication cut-off object devices are transmitted to manipulated abnormal addresses. By doing so, communication with the communication cut-off object devices is cut off. For a device which is in a communication cut-off state although the device is not an object of communication cut-off any more, the communication control apparatus transmits an ARP packet including normal address information to the device such that the communication cut-off state is canceled.

A serverless name resolution protocol ensures convergence despite the size of the network, without requiring an ever-increasing cache and with a reasonable numbers of hops. This convergence is ensured through a multi-level cache and a proactive cache initialization strategy. The multi-level cache is built based on a circular number space. Each level contains information from different levels of slivers of the circular space. A mechanism is included to add a level to the multi-level cache when the node determines that the last level is full. A peer-to-peer name resolution protocol (PNRP) includes a mechanism to allow resolution of names which are mapped onto the circular number space through a hash function. Further, the PNRP may also operate with the domain name system by providing each node with an identification consisting of a domain name service (DNS) component and a unique number.

A system and unified method of address resolution in an IP-based network. A Resolver determines whether an input address is a URL / URI, and if so, extracts a domain name. If the input address is an E.164 number, the Resolver converts the E.164 number into a domain name in ENUM format. The Resolver then sends a domain name query to a DNS which, if able, returns the IP address for either a Global MGCF or a destination server along with a supported Application protocol. If the DNS is unable to perform the translation, or the Application protocol returned is not supported by the requesting application, the Resolver sends a domain name query to an extended Location Server (LS) to obtain an IP address of a gateway function capable of interfacing with the destination server.

A system and unified method of address resolution in an IP-based network. A Resolver determines whether an input address is a URL / URI, and if so, extracts a domain name. If the input address is an E.164 number, the Resolver converts the E.164 number into a domain name in ENUM format. The Resolver then sends a domain name query to a DNS which, if able, returns the IP address for either a Global MGCF or a destination server along with a supported Application protocol. If the DNS is unable to perform the translation, or the Application protocol returned is not supported by the requesting application, the Resolver sends a domain name query to an extended Location Server (LS) to obtain an IP address of a gateway function capable of interfacing with the destination server.

Supporting virtual private networks by using a new layer 3 address to encapsulate a network-bound packet so that its context information, from which a layer 2 (e.g., MAC) address can be derived, is preserved. If this encapsulation was not done, the layer 2 address would change over each segment of the network. Thus, the encapsulation preserves the concept of group identification, using at least a part of the context, over the entire network and not just at the edge of the network. If a packet is received from the network (to be forwarded to a customer), the layer 3 address that was added in the encapsulation is stripped off. The original layer 3 destination address may be used with a client device addressing table to determine a new context information, and a layer 2 (e.g., MAC) address of a destination client device. If the client device addressing table does not include entries corresponding to the layer 3 destination address, an address resolution protocol (or “ARP”) may be broadcast to request such information or contents of inbound packets may be observed (snooping). The packet may then be forwarded to an aggregation device.

An embodiment of the invention provides an address resolution protocol (ARP) message forwarding method, an exchanger and a controller. The ARP message forwarding method includes: a first exchanger receives ARP messages; the first exchanger sends the ARP messages to the controller in the network to lead the controllers to construct response messages containing forwarding port messages according to the ARP messages; the first exchanger receives the response messages sent by the controller; and the first exchanger forwards the response messages to a corresponding port according to the forwarding port messages. The controller provides ARP service for a main machine of the network managed by the controller, and therefore network efficiency can be improved and network bandwidth can be saved.

The present invention includes a method and apparatus for controlling data link layer access to protected servers on a computer network by a client device. Address resolution requests broadcast on the network by the client device seeking access to any network device are received and then processed to determine whether the client device is unknown. If the client device is unknown, restriction address resolution replies are transmitted to the protected devices to restrict access by the client device to the protected devices and allow access to an authentication server. The authentication server is monitored to determine if the client device is authorized or unauthorized by the authentication server. If the client device is authorized, access is allowed to the protected devices. If the client device is unauthorized, blocking address resolution replies are transmitted on the computer network to block access by the client device to all other network devices.