70 results about "Policy-based routing" patented technology

Techniques are disclosed for lawfully intercepting information in communication environments with end-to-end encryption. For example, a method for intercepting encrypted communications exchanged between a first computing device and a second computing device in a communication network, wherein the interception is performed by a third computing device in the communication network, comprises the following steps. The third computing device obtains one or more packets having a packet address associated with one of the first computing device and the second computing device. The one or more packets are obtained by the third computing device, in response to at least one interception routing policy being implemented in at least one element in the communication network, such that the one or more obtained packets may be decrypted so as to obtain data contained therein. The third computing device preserves the packet address of the one or more obtained packets. The third computing device forwards the one or more packets toward a packet-destination one of the first computing device and the second computing device such that the packet-destination one of the first computing device and the second computing device is unable to detect from the one or more packets that the one or more packets were intercepted by the third computing device.

Systems and methods are disclosed for reducing the cost of sending messages over an intermittent network of computing devices via multiple communication channels by creating a first message on a first device, the message intended to be sent to a second device over the network multiple communication channels; applying a first policy to reduce the cost of sending messages over the intermittent network of computing devices, the first policy containing one or more rules to determine whether to send the first message to the second device, each rule being a function of one or more messaging attributes of messages, channels or the system environment; and dynamically updating the first policy by sending a second message to the first device, the second message being a system message that results in the addition, deletion or other modification of the rules contained in the policy to reduce the cost of sending messages over the intermittent network of computing devices.

A multi-service network switch capable of providing multiple network services from a single platform. The switch incorporates a distributed packet forwarding architecture where each of the various cards is capable of making independent forwarding decisions. The switch further allows for dynamic resource management for dynamically assigning modem and ISDN resources to an incoming call. The switch may also include fault management features to guard against single points of failure within the switch. The switch further allows the partitioning of the switch into multiple virtual routers where each virtual router has its own set of resources and a routing table. Each virtual router is further partitioned into virtual private networks for further controlling access to the network. The switch supports policy based routing where specific routing paths are selected based on a domain name, a telephone number, and the like. The switch also provides tiered access of the Internet by defining quality of access levels to each incoming connection request. The switch may further support an IP routing protocol and architecture in which the layer two protocols are independent of the physical interface they run on. Furthermore, the switch includes a generic forwarding interface software for hiding the details of transmitting and receiving packets over different interface types.

A multi-service network switch capable of providing multiple network services from a single platform. The switch incorporates a distributed packet forwarding architecture where each of the various cards is capable of making independent forwarding decisions. The switch further allows for dynamic resource management for dynamically assigning modem and ISDN resources to an incoming call. The switch may also include fault management features to guard against single points of failure within the switch. The switch further allows the partitioning of the switch into multiple virtual routers where each virtual router has its own wet of resources and a routing table. Each virtual router is further partitioned into virtual private networks for further controlling access to the network. The switch's supports policy based routing where specific routing paths are selected based a domain name, a telephone number, and the like. The switch also provides tiered access of the Internet by defining quality of access levels to each incoming connection request. The switch may further support an IP routing protocol and architecture in which the layer two protocols are independent of the physical interface they run on. Furthermore, the switch includes a generic forwarding interface software for hiding the details of transmitting and receiving packets over different interface types.

The present application is directed towards policy based routing for intelligent traffic management via multiple next hops. In some embodiments, the systems and methods disclosed herein may provide management of inbound and outbound traffic across multiple network links, and may further provide reliability in case of link failure, and provide balancing of traffic, responsive to the latency and bandwidth requirements of various applications. Accordingly, these systems and methods may provide intelligent policy-based routing and network and port address translation, sensitive to application traffic types, protocols, source IP addresses and ports, destination IP addresses and ports, or any combination thereof, and can balance traffic loads among multiple available paths based on multiple traffic characteristics. The routing may performed on a packet-by-packet basis, a transaction-by-transaction basis, or a session-by-session basis, and the systems and methods may include capabilities for application-aware health monitoring of available network paths.

A multi-service network switch capable of providing multiple network services from a single platform. The switch incorporates a distributed packet forwarding architecture where each of the various cards is capable of making independent forwarding decisions. The switch further allows for dynamic resource management for dynamically assigning modem and ISDN resources to an incoming call. The switch may also include fault management features to guard against single points of failure within the switch. The switch further allows the partitioning of the switch into multiple virtual routers where each virtual router has its own wet of resources and a routing table. Each virtual router is further partitioned into virtual private networks for further controlling access to the network. The switch supports policy based routing where specific routing paths are selected based on a domain name, a telephone number, and the like. The switch also provides tiered access of the Internet by defining quality of access levels to each incoming connection request. The switch may further support an IP routing protocol and architecture in which the layer two protocols are independent of the physical interface they run on. Furthermore, the switch includes a generic forwarding interface software for hiding the details of transmitting and receiving packets over different interface types.

A network device that ensures network continuity includes a processor and a communications interface. The processor determines whether the network device is functioning properly. The processor then generates a signal indicating whether the network device is functioning properly and transmits the signal to the communications interface. The communications interface is coupled to the processor and a policy based routing system. The communications interface processes the signal to activate or deactivate a link to the policy based routing system.

The invention provides a system and method for identifying a pre-computed path for an incoming connection at a node in a policy-based routing network. The method comprises: examining requirements of the incoming connection; examining policies associated with routes available from the node; identifying at least one policy of the policies which meets the requirements of the incoming connection; and utilizing that one policy for the pre-computed path for the incoming connection.

A method and system for packet classification is proposed for applications such as firewalls, intrusion detection, policy-based routing, and network service differentiations, within network systems such as Internet or intranet/extranet systems. The proposed method and system is characterized by the use of protocol-oriented rule rearrangement, the probable bit vector (PBV) based on the aggregated bit vectors (ABV) and folded bit vectors (FBV), an ABV-FBV index table dataset whose data structure is based on a featured split full-tree schema, and a DCBV (Don't-Care Bit Vector) dataset for packet classification. The combination of these features allows the packet classification to be implemented with a reduced amount of memory and access time during operation.

This invention discloses a method for implementing link aggregation based on policy-based routing. It includes following steps: the user sends the PPP calling to the wideband access server, the above sever completes the service access, transmits process and service reversing of PPF /IP, when the state of gate exit link turns on, sends the user data to the router, the down stream data is sent to the wideband access server through the router. When the gateway exit link turns off , the user data is sent to backup router, the down stream user data is sent the wide band server through the backup router. The invention can implement the configuration management for the exit of main rout reliably and high efficiently.

It is an object of the invention to enable multiple services or service providers to share the facilities of an access network infrastructure providing physical connectivity to subscribers. A network access device advantageously may be used in communication network services with a service or service provider that is separate from the operator of the access network infrastructure.

The invention discloses a method and device for realizing policy routing in an Ethernet switch chip, which relates to the technical field of network communication, and solves the problem that the message forwarding efficiency is low since the existing policy routing needs to obtain the IP (Internet protocol) address of a network application server and perform routing information conversion. The method disclosed by the invention comprises the following steps of: configuring a policy routing table based on the information such as a message source-based IP address, a TCP/UDP (transmission control protocol/user datagram protocol) source port number, a TCP/UDP destination port number, a DSCP (differentiated services code point) value and the like to obtain the second exit information of corresponding policy routing; and searching a common routing table to obtain corresponding first exit information. The method and device disclosed by the invention can conveniently realize policy routing based on different user sources, different network applications and different service quality requirements, and also can flexibly select the common routing result information or policy routing information; and the realization is simple, the system cost is low, and the routing flexibility and message forwarding efficiency can be greatly improved.