437 results about "Ip layer" patented technology

The present invention relates to a switch for processing data units, such as IP data packets. The switch can be implemented as a router that includes a plurality of input ports, a plurality of output ports and a switch fabric capable of establishing logical pathways to interconnect a certain input port with a certain output port. A characterizing element of the router is its ability to control bandwidth usage on a basis of a logical pathway. This prevents congestion to occur in the switch fabric and also at the level of the output ports. For every active logical pathway the router sets-up a bandwidth control mechanism including at least one queue to hold data units received at an input port. The bandwidth control mechanism performs an accounting operation to determine the average bandwidth usage and if less than a threshold requests for releasing data units in the switch fabric are sent to the switch fabric controller. When the threshold is exceeded the bandwidth control mechanism stops sending requests for service to the switch fabric controller. The system also supports priorities. Instead of stopping the issuance of signals requesting release of data packets the priority level of the queue (reflected in a priority field in the signal requesting release of a data packet) changes from HI to LO. The switch fabric controller is designed to recognize priority requests and will accept LO priority requests only when there are no other HI priority requests pending. The present invention also provides a data transport device which includes a plurality of nodes interconnected by a physical link that establishes two ring-shaped paths on which data is transported on opposite directions. Each node is capable of sending a control message to the upstream node to advise the upstream node of the data carrying requirements of the node at which the message has originated. The upstream node can then throttle the introduction of data in the paths to preserve capacity that can be used by the downstream nodes.

The SCSI and iSCSI layers over the TCP / IP layers of the protocol stack in an IP network client and in an IP network-attached storage server are replaced with a thin network block services layer. The network block services layer 71 implements a network block services protocol having a very reduced set of commands transmitted between the client and the storage server. The network block services protocol is used in a configuration process in which logical volumes of the network-attached storage are exported to the client and become local pseudo-disk instances. The client's operating system and application programs access the local pseudo-disk instances with what appears to be a standard device driver for a local disk device. The device driver maintains a TCP connection to each open device, and responds to connection failure by re-connecting with an alternative server IP port.

The present invention provides a system, method and apparatus for providing security in an IP-based end user device, such personal computer clients, hard phones, soft phones, cellular phones, dual-mode phones, handheld communication devices, wireless communications devices and any other device capable of supporting real time IP-based applications. An application layer, a TCP / IP layer and a datalink layer of the IP-based end user device are monitored. Whenever an incoming session is detected and analyzed, the incoming session is accepted whenever one or more session security parameter(s) are satisfied and the incoming session is denied whenever the session security parameter(s) are not satisfied. Whenever an incoming packet is detected and analyzed, the incoming packet is processed whenever one or more packet security parameter(s) are satisfied and the incoming packet is dropped whenever the packet security parameter(s) are not satisfied.

The SCSI and iSCSI layers over the TCP / IP layers of the protocol stack in an IP network client and in an IP network-attached storage server are replaced with a thin network block services layer. The network block services layer 71 implements a network block services protocol having a very reduced set of commands transmitted between the client and the storage server. The network block services protocol is used in a configuration process in which logical volumes of the network-attached storage are exported to the client and become local pseudo-disk instances. The client's operating system and application programs access the local pseudo-disk instances with what appears to be a standard device driver for a local disk device. The device driver maintains a TCP connection to each open device, and responds to connection failure by re-connecting with an alternative server IP port.

The present invention relates to a switch for processing data units, such as IF data packets. The switch can be implemented as a router that includes a plurality of input ports, a plurality of output ports and a switch fabric capable of establishing logical pathways to interconnect a certain input port with a certain output port. A characterizing element of the router is its ability to control bandwidth usage on a basis of a logical pathway. This prevents congestion to occur in the switch fabric and also at the level of the output ports. For every active logical pathway the router sets-up a bandwidth control mechanism including at least one queue to hold data units received at an input port. The bandwidth control mechanism performs an accounting operation to determine the average bandwidth usage and if less than a threshold requests for releasing data units in the switch fabric are sent to the switch fabric controller. When the threshold is exceeded the bandwidth control mechanism stops sending requests for service to the switch fabric controller. The system also supports priorities. Instead of stopping the issuance of signals requesting release of data packets the priority level of the queue (reflected in a priority field in the signal requesting release of a data packet) changes from HI to LO. The switch fabric controller is designed to recognize priority requests and will accept LO priority requests only when there are no other HI priority requests pending. The present invention also provides a data transport device which includes a plurality of nodes interconnected by a physical link that establishes two ring-shaped paths on which data is transported on opposite directions. Each node is capable of sending a control message to the upstream node to advise the upstream node of the data carrying requirements of the node at which the message has originated. The upstream node can then throttle the introduction of data in the paths to preserve capacity that can be used by the downstream nodes.

Methods of transparent connection failover allowing a remote computer (i.e., a client), to continue to use a network connection to communicate with one of at least two or more other computers (i.e., the backup servers) over a network, when one of the other computers (i.e., the primary server) fails. With the mechanisms of this invention, there is no need for the client to establish a new connection to a backup server when the primary server fails. The failover is preferably executed within a bridge layer between the TCP layer and the IP layer of the server's TCP / IP stack. No modifications are required to the network infrastructure, the client's TCP / IP stack, the client application or the server application. The methods support active or semi-active replication of the server application, and do not require rollback of the application during failover. The invention also provides mechanisms for bringing up new backup servers.

The solution of the present invention provides systems and methods for encoding information into an Internet Protocol identification field (IPID) of an IP layer header of a network packet in a manner acceptable to many or all of the network devices that encounter the encoded packet. In one embodiment, the solution described herein encodes the IP identification field of the IPID header with information to be communicated between devices. Appliances may use the encoded IP field as a signal or a means for a low-bandwidth subcarrier of data between the appliances that is transparent to any intervening network equipment. For example, the encoded field may be used to announce or probe the presence of a device, a functionality or capability of device or to indicate a type or speed of a network connection of a port on a device.

The invention relates to a load balancing system based on content, comprising load balancing based on content, inspection of content and health status of a backend server, self high availability of load balancing and load balancing algorithm thereof, wherein, the load balancing based on content refers to that a system works in the seventh layer of a seven-layer model of an OSI Internet, and belongs to the load balancing of an application layer; the inspection of content and health status of a backend server is provided with an inspection module of system resources to inspect the content and the health status of the backend server in real time; in order to avoid single-point failures of the load balancing system, the load balancing system uses dual-system configuration to realize the high availability; a main system and a standby system keep the consistency of connection information at client by data synchronization. When a system is in the failure status, a standby load balancing system automatically takes over services. The system of the invention changes the goofy load balancing mode of the traditional IP layer load balancing, and thus, the load hit rate can be effectively increased. The load balancing system does not require that the backend server stores the same content, which largely saves server resources.

The solution of the present invention provides systems and methods for encoding information into an Internet Protocol identification field (IPID) of an IP layer header of a network packet in a manner acceptable to many or all of the network devices that encounter the encoded packet. In one embodiment, the solution described herein encodes the IP identification field of the IPID header with information to be communicated between devices. Appliances may use the encoded IP field as a signal or a means for a low-bandwidth subcarrier of data between the appliances that is transparent to any intervening network equipment. For example, the encoded field may be used to announce or probe the presence of a device, a functionality or capability of device or to indicate a type or speed of a network connection of a port on a device.

A joint “packet-optical” layer restoration mechanism protects against single, packet-layer router failures by managing network resources from both the packet layer and the optical transport layer in a synergistic manner. It reuses packet-layer router service-ports and / or transport-layer service wavelengths associated with optical switch-ports instead of reserving additional standby packet-layer router service-ports. It can reuse resources from primary paths that are unaffected by router failures and paths that exist for link-failure protection at the optical layer. Embodiments feature a modified node structure that includes both an IP router and a dynamically reconfigurable OXC, which dynamically establishes connectivity between IP-router ports and transport-layer optical fibers. The joint-layer router provides fine-granularity grooming at the IP layer and full-fledged wavelength networking via dynamic wavelength switching and / or wavelength translation at the optical layer. The latter can change the wavelength cross-connections on-demand to perform restoration or to modify the connectivity between IP routers in the network.

A method and system for combining the bandwidth available to a user communications device from multiple access points by switching output requests and corresponding replies to such requests among a plurality of such access points. In the simplest implementation the switching can be on a round-robin basis, but the switching can be enhanced to prioritize and use quality of service requirements associated with each output request, and also to measure congestion at each access point and base switching upon the congestion level. The invention operates by generating subset ISO communication stacks for each available access point, preferably the subset from the IP layer to the data control link, and switching between these stacks.