Enterasys Networks, Inc. Patent applications |
Patent application number | Title | Published |
20140282823 | DEVICE AND RELATED METHOD FOR ESTABLISHING NETWORK POLICY BASED ON APPLICATIONS - A function is provided in a network system for adjusting network policies associated with the operation of network infrastructure devices of the network system. Network policies are established on network devices including packet forwarding devices. The network has a capability to identify computer applications associated with traffic running on the network. A network policy controller of the network is arranged to change one or more policies of one or more network devices based on computer application information acquired. The policies changed may be network policies as well as mirroring policies. An example policy to change is direct a network device to mirror traffic to an application identification appliance for the purpose of identifying applications running on the network through a plurality of mechanisms. The function may be provided in one or more devices of the network. | 09-18-2014 |
20140280889 | SYSTEM AND RELATED METHOD FOR NETWORK MONITORING AND CONTROL BASED ON APPLICATIONS - A network architecture system that expands the control network administrators have on existing networks. The system provides application identification and usage data by user, by device and network location. Dynamic traffic mirroring of the system allows for the efficient use of a tool to identify computer applications running on the network. The system includes the ability to embed the tool where needed rather than pervasively based on the use of the dynamic mirroring to bring the packets to the tool. The architecture implemented functions allow the ability to start small with a single application identification tool added to a network management server, examine flows from throughout the network (via mirroring) and upgrade policy control based on real application identification data and usage, then grow to pervasive deployment where virtually all new flows could be identified and controlled via policy. This architecture enables substantially complete application visibility and control. | 09-18-2014 |
20140280829 | DEVICE AND RELATED METHOD FOR DYNAMIC TRAFFIC MIRRORING - A function is provided in a network system for the dynamic mirroring of network traffic for a variety of purposes including the identification of characteristics of the traffic. Multiple criteria are established for when, what and where to mirror the traffic. The criteria include what frames of traffic to mirror, what portions of the selected frames to mirror, one or more portals through which to mirror the selected frames, a destination for the mirroring and the establishment of a mirror in a device to carry out the mirroring. The criteria may also include when to stop the mirroring. The mirroring instructions can be changed based on the detection of a triggering event, such as authentication, device type or status, ownership of an attached function attached to the device, flow status, but not limited to that. The function may be established in one or more devices of the network. | 09-18-2014 |
20140280211 | DEVICE AND RELATED METHOD FOR APPLICATION IDENTIFICATION - A function is provided for identifying computer applications running on a network. Information obtained from frames having content associated with computer applications is examined and compared to information stored on the network. The stored information is obtained from a plurality of mechanisms including computer application signatures. An application identification engine of the function compares examined content with the known application information and determines an indication of the likely computer application associated with the examined frames. The determination output may include a level of confidence in the accuracy of the determination. The function includes an application programming interface to allow the introduction into the engine of custom mechanisms for application identification. The different mechanisms may be weighted. The function may be provided in one or more devices of the network including a standalone appliance. | 09-18-2014 |
20140279768 | DEVICE AND RELATED METHOD FOR SCORING APPLICATIONS RUNNING ON A NETWORK - A function is provided for effectively identifying computer applications running on a network. The function receives information related to frames of packets moving through the network. The information is compared to known information about computer applications. The known information is obtained from a plurality of mechanisms, including the option of obtaining it through custom mechanisms. The comparison information is scored for each of the plurality of mechanisms and those scores are combined to establish a single score indicative of the likely computer application associated with the received frames. One or more mathematical operations can be used to combine the scores. The mechanisms may be weighted for likely accuracy and the score that is established may include with it an indication of the level of confidence in that score. One or more of the plurality of mechanisms may be used to weight others of the types of mechanisms. | 09-18-2014 |
20110072286 | POWER CONTROLLED NETWORK DEVICES FOR SECURITY AND POWER CONSERVATION - The present invention provides method and systems for activating or deactivating network devices by managing the power of the network device. By controlling the power for network devices, the size and coverage of the network can be adjusted to meet the needs for the current usage. This can be particularly advantageous in wireless networks where multiple wireless access points may be provided to provide coverage during peak usage but present the additional security concern of the network being accessible to unauthorized users. Being able to power down unneeded wireless access points during off-peak usage allows for the minimization of such potential security concerns. | 03-24-2011 |
20100268933 | METHOD FOR NETWORK TRAFFIC MIRRORING WITH DATA PRIVACY - Systems and methods are provided for preserving the privacy of data contained in mirrored network traffic. The mirrored network traffic may comprise data that may be considered confidential, privileged, private, or otherwise sensitive data. For example, the data payload of a frame of mirrored network traffic may include private Voice over IP (VoIP) communications between users on one or more networks. The present invention provides various techniques for securing the privacy of data contained in the mirrored network traffic. Using the techniques of the present invention, network traffic comprising confidential, privileged, private, or otherwise sensitive data may be mirrored in such a manner as to provide for the privacy of such data over at least a portion if not all of the mirrored communications between the mirror source point and the minor destination point. | 10-21-2010 |
20100182934 | DISTRIBUTED CONNECTION-ORIENTED SERVICES FOR SWITCHED COMMUNICATION NETWORKS - Method and apparatus providing connection-oriented services for packet switched data communications networks. Directory services include distributed discovery of MAC addresses and protocol alias addresses. Topology services include a link state topology exchange among switches, which provides each switch with a complete topology graph of the network. This enables an access switch receiving a data packet to determine a complete path from a source end system to a destination end system. Another service includes resolution of broadcast frames to unicast frames, in order to reduce the amount of broadcast traffic. Policy restrictions may be applied prior to connection setup. Path determination services enable multiple paths from a source to a destination. Connection management includes source routed mapping of connections on the desired path. A distributed call rerouting service is provided wherein if a link on an active path fails, each switch receives a topology change notification and unmaps any connection involving the failed link. A broadcast/unknown service provides restricted flooding of nonresolvable packets. Furthermore, connection-oriented switching is provided based on the source and destination MAC addresses as a connection identifier. Still further, resolution of networks outside the switch domain is enabled by access switches listening for network and server route advertisements and maintaining best routes to said networks and servers. The best route metrics may be combined with best path metrics to determine a path from a first access switch to an egress switch connected to the external network. | 07-22-2010 |
20100177778 | DISTRIBUTED CONNECTION-ORIENTED SERVICES FOR SWITCHED COMMUNICATION NETWORKS - Method and apparatus providing connection-oriented services for packet switched data communications networks. Directory services include distributed discovery of MAC addresses and protocol alias addresses. Topology services include a link state topology exchange among switches, which provides each switch with a complete topology graph of the network. This enables an access switch receiving a data packet to determine a complete path from a source end system to a destination end system. Another service includes resolution of broadcast frames to unicast frames, in order to reduce the amount of broadcast traffic. Policy restrictions may be applied prior to connection setup. Path determination services enable multiple paths from a source to a destination. Connection management includes source routed mapping of connections on the desired path. A distributed call rerouting service is provided wherein if a link on an active path fails, each switch receives a topology change notification and unmaps any connection involving the failed link. A broadcast/unknown service provides restricted flooding of nonresolvable packets. Furthermore, connection-oriented switching is provided based on the source and destination MAC addresses as a connection identifier. Still further, resolution of networks outside the switch domain is enabled by access switches listening for network and server route advertisements and maintaining best routes to said networks and servers. The best route metrics may be combined with best path metrics to determine a path from a first access switch to an egress switch connected to the external network. | 07-15-2010 |
20090316704 | APPARATUS AND METHOD FOR A VIRTUAL HIERARCHIAL LOCAL AREA NETWORK - A method and apparatus are provided for creating a virtual hierarchical local area network. The method and apparatus provide a hierarchical framing technique that allows a network architecture to realize a local area network hierarchy within the network. In this manner, a first local area network hierarchy is defined by communication in a first frame format between a first set of network devices and a second set of network devices. A second local area network hierarchy is defined by communication in a second frame format between members of the second set of network devices. The second frame format includes the fields of a frame in the first frame format that is used to communicate between the first set of communication devices and the second set of communication devices. | 12-24-2009 |
20090187968 | SYSTEM AND METHOD FOR DYNAMIC NETWORK POLICY MANAGEMENT - A system and method that provides dynamic network policy management. The system enables a network administrator to regulate usage of network services upon initiation of and throughout network sessions. The system employs a method of identifying selectable characteristics of attached functions to establish static and dynamic policies, which policies may be amended before, during and after any session throughout the network based on the monitored detection of any of a number of specified triggering events or activities. Particular policies associated with a particular identified attached function in prior sessions may be cached or saved and employed in subsequent sessions to provide network usage permissions more rapidly in such subsequent sessions. The cached or saved policy information may also be used to identify network usage, control, and security. The system and method of the present invention provides static and dynamic policy allocation for network usage provisioning. | 07-23-2009 |
20090141732 | METHODS AND APPARATUS FOR DIFFERENTIATED SERVICES OVER A PACKET-BASED NETWORK - Methods and apparatus for the provision of differentiated services in a packet-based network may be provided in a communications device such as a switch or router having input ports and output ports. Each output port is associated with a set of configurable queues that store incoming data packets from one or more input ports. A scheduling mechanism retrieves data packets from individual queues in accord with a specified configuration, providing both pure priority and proportionate de-queuing to achieve a guaranteed QoS over a connectionless network. | 06-04-2009 |
20080219276 | METHODS AND APPARATUS FOR AUTOMATED EDGE DEVICE CONFIGURATION IN A HETEROGENEOUS NETWORK - A PE device learns the address of a local CE device by monitoring the control messages, such as address resolution messages, originating from those local devices. In one embodiment, automated configuration of the PE devices participating in a Layer 2 VPN is facilitated by permitting a PE device to share the addresses for its locally-attached CE devices with the remote PE devices in the VPN. A PE device may share the addresses of the remote CE devices with the local CE devices by initiating its own control message or responding to an control message issued by one of its local CE devices. This latter mechanism in effect hides the distributed, heterogeneous nature of the network from a local CE device. | 09-11-2008 |