Patent application number | Description | Published |
20080259805 | METHOD AND APPARATUS FOR MANAGING NETWORKS ACROSS MULTIPLE DOMAINS - A method and apparatus for managing networks across multiple domains are disclosed. For example, the method stores a mapping table that correlates one or more Customer Edge Routers (CERs) with one or more Route Processing Modules (RPMs) in at least one seed-file distributor, where each of the one or more Customer Edge Routers (CERs) is monitored by one of the at least one availability manager. The method receives an alarm associated with one of the one or more RPMs that affects one of the one or more CERs, where the alarm is received by one of the at least one availability manager that is monitoring the affected one of the one or more CERs. The method then provides a status associated with the one of said one or more RPMs in accordance with the alarm. | 10-23-2008 |
20080263388 | METHOD AND APPARATUS FOR MANAGING CUSTOMER TOPOLOGIES - A method and apparatus for managing customer topologies on packet networks are disclosed. For example, the method creates at least two event correlation instances for at least one customer topology, where a first event correlation instance resides in a primary availability management server, and a second event correlation instance resides in a secondary availability management server. The method also creates a test node for the first event correlation instance, where the test node provides at least one test message. The method then receives at least one response generated by the first event correlation instance that is responsive to the at least one test message, where the at least one response is received by the second event correlation instance. The method then performs a fail-over to the second event correlation instance from the first event correlation instance if a failure is detected from the at least one response. | 10-23-2008 |
20090154362 | METHOD AND APPARATUS FOR MONITORING OF A NETWORK DEVICE - A method and apparatus for monitoring of a network device are disclosed. For example, the method receives a monitoring record from a network device, and determines whether the network device is listed in an active pool of monitored network devices. The method then automatically enables the monitoring of the network device if the network device is not listed in the active pool of monitored network devices. | 06-18-2009 |
20090190472 | End-to-end network management with tie-down data integration - A method for managing tie-down information in a network management system for a telecommunications network including: providing tie-down information to the network management system associated with a plurality of tie-down demarcations using a tie-down information template comprising a plurality of tie-down information parameters associated with each of the plurality of tie-down demarcations, wherein the plurality of tie-down information parameters comprises a status; and updating the status associated with each of the plurality of tie-down demarcations based on network activity associated with the plurality of tie-down demarcations. | 07-30-2009 |
20090279551 | Vertical integration of network management for ethernet and the optical transport - Systems and methods are described that vertically integrate telecommunications network management across multiple transport domains and network layers to support E2E network management. Embodiments vertically integrate telecommunications network management across multiple transport layers such as physical layers (optical), data link layers (Ethernet), and upper layers (VLAN), and establish an inventory database for the plurality of transport layers in a network management OSS to integrate and correlate network alarms and other business applications. Embodiments provide a single platform for an E2E network management solution across and for multiple transport domains. | 11-12-2009 |
20100150170 | Scalable and Robust Mechanism for Remote IP Device Monitoring With Changing IP Address Assignment - A method is provided for monitoring devices with changing IP addresses. SNMP trap is received from a device at a first IP address to notify that a connection is up, and a SNMP poll is transmitted to the device to obtain an identifier. Predetermined consecutive SNMP GET requests are transmitted to the device in intervals. Responsive to failing to receive from the device predetermined consecutive SNMP GET responses equal to the predetermined consecutive SNMP GET requests, it is determined that there is a connection failure or a device failure and checked whether the device is in a maintenance window. If not in maintenance window, a trouble ticket is generated. Responsive to the failure, there is a predetermined waiting period for another SNMP trap from the device with a second IP address and the same identifier notifying that a connection is back up, and no trouble ticket is generated. | 06-17-2010 |
20100157812 | METHOD AND APPARATUS FOR ASYNCHRONOUS ALARM CORRELATION - A method and apparatus for providing asynchronous alarm correlation in packet networks are disclosed. For example, the method receives a trigger, and performs an asynchronous correlation of at least one root cause alarm with at least one symptom alarm. | 06-24-2010 |
Patent application number | Description | Published |
20100194608 | GENERATING A BOUNDARY HASH-BASED HIERARCHICAL DATA STRUCTURE ASSOCIATED WITH A PLURALITY OF KNOWN ARBITRARY-LENGTH BIT STRINGS AND USING THE GENERATED HIERARCHICAL DATA STRUCTURE FOR DETECTING WHETHER AN ARBITRARY-LENGTH BIT STRING INPUT MATCHES ONE OF A PLURALITY OF KNOWN ARBITRARY-LENGTH BIT STRINGS - A high-speed, space-efficient, scalable and easily updateable data boundary hash-based structure is generated and used. The proposed boundary hash-based data structure provides minimal perfect hashing functionality while intrinsically supporting low-cost set-membership queries. In other words, in some embodiments, it provides at most one match candidate in a set of known arbitrary-length bit strings that is used to match the query. | 08-05-2010 |
20100315943 | INTERNET PROTOCOL FAST REROUTE FOR SHARED RISK LINK GROUP FAILURE RECOVERY - A scheme to achieve fast recovery from SRLG failures in the IP layer is described. An exemplary scheme, called multi-section shortest path first (“MSSPF”), builds on the idea of IP Fast Reroute (“IPFRR”), guarantees 100% recovery of SRLG failures and causes no dead loops. Given a source node, a destination node, and a shared risk group failure on a next hop from the source node to the destination node, failure recovery information may be determined by (1) accepting a graph representing network topology information including the source node and the destination node, (2) determining a node which is able to reach the destination node using a route which does not include the source node, wherein a path from the source node to the determined node is not affected by the shared risk group failure, and (3) storing, in association with the shared risk group failure, both (i) a network address associated with the determined node and (ii) an alternative output port of the source node using the shortest path from the source node to the determined node. | 12-16-2010 |
20120206279 | DETECTING WHETHER AN ARBITRARY-LENGTH BIT STRING INPUT MATCHES ONE OF A PLURALITY OF KNOWN ARBITRARY-LENGTH BIT STRINGS USING A HIERARCHICAL DATA STRUCTURE - Generating and using a high-speed, scalable, and easily updateable data structure are described. The proposed data structure provides minimal perfect hashing functionality while intrinsically supporting low-cost set-membership queries. In other words, in some embodiments, it provides at most one match candidate in a set of known arbitrary-length bit strings that is used to match the query. | 08-16-2012 |
20120287791 | BALANCING LOAD IN A NETWORK, SUCH AS A DATA CENTER NETWORK, USING FLOW BASED ROUTING - Load balancing is performed in a network using flow-based routing. For example, upon detection of a big flow, one or more alternative paths from a source host to a destination host in the network may be discovered by probing the network and generating, for each of the one or more alternative paths, an association of the packet header information of the big flow to an alternative path discovered using results of probing the network. Upon congestion in a path currently being used by the big flow, an alternative path that is not congested is selected from the one or more discovered alternative paths. The packet header information of the big flow is altered using the generated association of the packet header information to the selected alternative path such that the big flow will be transmitted using the selected alternative path. | 11-15-2012 |
20130003735 | DYNAMICALLY PROVISIONING MIDDLEBOXES - Hybrid security architecture (HSA) provides a platform for middlebox traversal in the network. The HSA decouples the middlebox control from network forwarding. More specifically, such embodiments may receive a data packet having a packet header including an Ethernet header identifying source and destination addresses in the network. A traffic type of the data packet is determined. Then, layer-2 forwarding information, which encodes a set of non-forwarding network service provider middleboxes in the network to be traversed by the data packet, is determined based on the traffic type. The layer-2 forwarding information is inserted into the Ethernet header and the data packet is forwarded into the network. The data packet will then traverse, according to the layer-2 forwarding information, a sequence of the middleboxes in the network, wherein at least one non-forwarding network service will be provided by each of the middleboxes to the data packet in a sequence. | 01-03-2013 |
20130086004 | UPDATING A PERFECT HASH DATA STRUCTURE, SUCH AS A MULTI-DIMENSIONAL PERFECT HASH DATA STRUCTURE, USED FOR HIGH-SPEED STRING MATCHING - A representation of a new rule, defined as a set of a new transition(s), is inserted into a perfect hash table which includes previously placed transitions to generate an updated perfect hash table. This may be done by, for each new transition: (a) hashing the new transition; and (b) if there is no conflict, inserting the hashed new transition into the table. If, however, the hashed new transition conflicts with any of the previously placed transitions, either (A) any transitions of the state associated with the conflicting transition are removed from the table , the hashed new transition is placed into the table, and the removed transitions are re-placed into the table, or (B) any previously placed transitions of the state associated with the new transition are removed, and the transitions of the state associated with the new transition are re-placed into the table. | 04-04-2013 |
20130086017 | GENERATING PROGRESSIVELY A PERFECT HASH DATA STRUCTURE, SUCH AS A MULTI-DIMENSIONAL PERFECT HASH DATA STRUCTURE, AND USING THE GENERATED DATA STRUCTURE FOR HIGH-SPEED STRING MATCHING - A multi-dimensional perfect hash table construction technique is based on which the well-known AC automaton, and can be implemented by very compact perfect hash tables. The technique may place transitions, each from a source state to a destination state, of an automaton into a hash table to generate a perfect hash table by: (a) dividing the transitions into multiple independent sets according to their respective source states; (b) ordering the sets of transitions based on the number of transitions belonging to the set, thereby defining an order of the sets from largest to smallest; and (c) constructing a perfect hash table by, for each of the sets of transitions, in the order from largest to smallest, hashing the transitions of the set into the hashing table to generate a perfect hashing table. | 04-04-2013 |
20140101155 | GENERATING A TUNABLE FINITE AUTOMATON FOR REGULAR EXPRESSION MATCHING - Deterministic Finite Automatons (DFAs) and Nondeterministic Finite Automatons (NFAs) are two typical automatons used in the Network Intrusion Detection System (NIDS). Although they both perform regular expression matching, they have quite different performance and memory usage properties. DFAs provide fast and deterministic matching performance but suffer from the well-known state explosion problem. NFAs are compact, but their matching performance is unpredictable and with no worst case guarantee. A new automaton representation of regular expressions, called Tunable Finite Automaton (TFA), is described. TFAs resolve the DFAs' state explosion problem and the NFAs' unpredictable performance problem. Different from a DFA, which has only one active state, a TFA allows multiple concurrent active states. Thus, the total number of states required by the TFA to track the matching status is much smaller than that required by the DFA. Different from an NFA, a TFA guarantees that the number of concurrent active states is bounded by a bound factor b that can be tuned during the construction of the TFA according to the needs of the application for speed and storage. A TFA can achieve significant reductions in the number of states and memory space. | 04-10-2014 |
20140101156 | REGROUPING NON-DERMINISTIC FINITE AUTOMATON ACTIVE STATES TO MINIMIZE DISTINCT SUBSETS - Deterministic Finite Automatons (DFAs) and Nondeterministic Finite Automatons (NFAs) are two typical automatons used in the Network Intrusion Detection System (NIDS). Although they both perform regular expression matching, they have quite different performance and memory usage properties. DFAs provide fast and deterministic matching performance but suffer from the well-known state explosion problem. NFAs are compact, but their matching performance is unpredictable and with no worst case guarantee. A new automaton representation of regular expressions, called Tunable Finite Automaton (TFA), is described. TFAs resolve the DFAs' state explosion problem and the NFAs' unpredictable performance problem. Different from a DFA, which has only one active state, a TFA allows multiple concurrent active states. Thus, the total number of states required by the TFA to track the matching status is much smaller than that required by the DFA. Different from an NFA, a TFA guarantees that the number of concurrent active states is bounded by a bound factor b that can be tuned during the construction of the TFA according to the needs of the application for speed and storage. A TFA can achieve significant reductions in the number of states and memory space. | 04-10-2014 |
20140101157 | ENCODING NON-DERMINISTIC FINITE AUTOMATON STATES EFFICIENTLY IN A MANNER THAT PERMITS SIMPLE AND FAST UNION OPERATIONS - Deterministic Finite Automatons (DFAs) and Nondeterministic Finite Automatons (NFAs) are two typical automatons used in the Network Intrusion Detection System (NIDS). Although they both perform regular expression matching, they have quite different performance and memory usage properties. DFAs provide fast and deterministic matching performance but suffer from the well-known state explosion problem. NFAs are compact, but their matching performance is unpredictable and with no worst case guarantee. A new automaton representation of regular expressions, called Tunable Finite Automaton (TFA), is described. TFAs resolve the DFAs' state explosion problem and the NFAs' unpredictable performance problem. Different from a DFA, which has only one active state, a TFA allows multiple concurrent active states. Thus, the total number of states required by the TFA to track the matching status is much smaller than that required by the DFA. Different from an NFA, a TFA guarantees that the number of concurrent active states is bounded by a bound factor b that can be tuned during the construction of the TFA according to the needs of the application for speed and storage. A TFA can achieve significant reductions in the number of states and memory space. | 04-10-2014 |
20140101187 | USING A TUNABLE FINITE AUTOMATON FOR REGULAR EXPRESSION MATCHING - Deterministic Finite Automatons (DFAs) and Nondeterministic Finite Automatons (NFAs) are two typical automatons used in the Network Intrusion Detection System (NIDS). Although they both perform regular expression matching, they have quite different performance and memory usage properties. DFAs provide fast and deterministic matching performance but suffer from the well-known state explosion problem. NFAs are compact, but their matching performance is unpredictable and with no worst case guarantee. A new automaton representation of regular expressions, called Tunable Finite Automaton (TFA), is described. TFAs resolve the DFAs' state explosion problem and the NFAs' unpredictable performance problem. Different from a DFA, which has only one active state, a TFA allows multiple concurrent active states. Thus, the total number of states required by the TFA to track the matching status is much smaller than that required by the DFA. Different from an NFA, a TFA guarantees that the number of concurrent active states is bounded by a bound factor b that can be tuned during the construction of the TFA according to the needs of the application for speed and storage. A TFA can achieve significant reductions in the number of states and memory space. | 04-10-2014 |
20140269715 | FINDING NONEQUIVALENT CLASSIFIERS TO REDUCE TERNARY CONTENT ADDRESSABLE MEMORY (TCAM) USAGE - The problem of providing an efficient physical implementation of a (first) classifier defined by a first rule set, at least a part of which first classifier having a sparse distribution in Boolean space, is solved by (1) converting the first classifier, having a corresponding Boolean space, into a second classifier, wherein the second classifier has a corresponding Boolean space which is not semantically equivalent to the Boolean space corresponding to the first classifier, and wherein the second classifier is defined by a second set of rules which is smaller than the first set of rules defining the first classifier; and (2) defining a bit string transformation which transforms a first bit string into a second bit string, wherein applying the first bit string to the first classifier is equivalent to applying the second bit string to the second classifier. In at least some example embodiments, the first bit string includes packet header information. In at least some example embodiments, the second classifier is implemented on a TCAM. In at least some example embodiments, the bit string transformation is implemented on an FPGA. | 09-18-2014 |
20150207741 | APPARATUS FOR HYBRID ROUTING IN SDN NETWORKS TO AVOID CONGESTION AND ACHIEVE GOOD LOAD BALANCING UNDER FLUCTUATING TRAFFIC LOAD - A controller having an application optimally routing traffic to balance fluctuating traffic loads in a SDN network. A processor is configured to control the data plane to establish routing through the plurality of routers, wherein the processor is configured to establish hybrid routing comprising both explicit routing and destination-based routing. The processor utilizes a set of traffic matrices representing the fluctuating traffic load over time. A destination-based multi-path routing algorithm is configured to improve load balancing of the traffic load based on the set of representative traffic matrices. The destination based routing is calculated based on linear programming. The processor comprises a traffic categorization algorithm configured to identify a set of key flows, wherein the processor is configured to explicitly route the set of key flows. The processor is configured such that the set of key flows consume a small fraction of a ternary content-addressable memory (TCAM), and such that the set of key flows provide a routing decision for a large portion of the traffic load. | 07-23-2015 |
Patent application number | Description | Published |
20080232347 | Determining rerouting information for single-node failure recovery in an internet protocol network - For a survivable portion of a network, a backup port for a first router of the survivable network, to reach a destination node in the event of a single node failure, may be determined by (a) accepting a routing path graph having the destination node, wherein the routing path graph includes one or more links terminated by one or more primary ports of the first router; and (b) for each router of at least a part of the routing path graph, (1) assuming that the current router is removed, defining (A) a first part of the routing path graph including the destination node, and (B) a second part of the routing path graph separated from the first part wherein the second part defines one or more sub-graphs, and (2) determining the backup port for the first router by examining at least one of the one or more sub-graphs to find a link to the first part of the routing path graph. | 09-25-2008 |
20100202460 | MAINTAINING PACKET SEQUENCE USING CELL FLOW CONTROL - Packets out-of-sequence problem can be solved by using a window flow control scheme that can dispatch traffic at the cell level, in a round robin fashion, as evenly as possible. Each VOQ at the input port has a sequence head pointer that is used to assign sequence numbers (SN) to the cells. Also a sequence tail pointer is available at each VOQ that is used to acknowledge and limit the amount of cells that can be sent to the output ports based on the window size of the scheme. Each VIQ at the output port has a sequence pointer or sequence number (SN) pointer that indicates to the VIQ which cell to wait for. Once the VIQ receives the cell that the SN pointer indicated, the output port sends an ACK packet back to the input port. By using sequence numbers and the relevant pointers, the packet out-of-sequence problem is solved. | 08-12-2010 |
20110093484 | CONFIGURING STATE MACHINES USED TO ORDER AND SELECT MATCHING OPERATIONS FOR DETERMINING WHETHER AN INPUT STRING MATCHES ANY OF AT LEAST ONE REGULAR EXPRESSION USING LOOKAHEAD FINITE AUTOMATA BASED REGULAR EXPRESSION DETECTION - State machines used to order and select matching operations for determining whether an input string matches any of at least one regular expression are configured by ( | 04-21-2011 |
20110093496 | DETERMINING WHETHER AN INPUT STRING MATCHES AT LEAST ONE REGULAR EXPRESSION USING LOOKAHEAD FINITE AUTOMATA BASED REGULAR EXPRESSION DETECTION - Previously configured state machines may accept an input string, and for each of the regular expression(s), check for a match between the input string accepted and the given regular expression using the configured nodes of the state machine corresponding to the given regular expression. Checking for a match between the input string accepted and the given regular expression using configured nodes of a state machine corresponding to the given regular expression by using the configured nodes of the state machine may include (1) checking detection events from a simple string detector, (2) submitting queries to identified modules of a variable string detector, and (3) receiving detection events from the identified modules of the variable string detector. | 04-21-2011 |
20110128959 | HASH-BASED PREFIX-COMPRESSED TRIE FOR IP ROUTE LOOKUP - A method and apparatus for performing an Internet Protocol (IP) network lookup in a forwarding device including an internal processor memory storing a first next hop information table and membership query information, and an external processor memory storing a plurality of prefix-compressed trees and a second next hop information table is described. In another embodiment consistent with present invention, a method (and apparatus) for creating stored data structures representing network forwarding information used for network route lookup is described. | 06-02-2011 |
20110128960 | HASH-BASED PREFIX-COMPRESSED TRIE FOR IP ROUTE LOOKUP - A method and apparatus for updating stored data structures representing network forwarding information used for network route lookup is described. By making sure there is only one level of dependency between data structures storing forwarding information, these data structures may be updated quickly and with minimal overhead | 06-02-2011 |
20150326426 | PARTIAL SOFTWARE DEFINED NETWORK SWITCH REPLACEMENT IN IP NETWORKS - The claimed subject matter is directed to novel methods and systems for a network topology wherein an IP network is partially integrated and enhanced with a relatively small number of SDN-OF enabled network devices to provide a resilient network that is able to quickly recover from a network failure and achieves post-recovery load balancing while minimizing cost and complexity. By combining SDN-OF enabled switches with traditional IP nodes such as routers, a novel network architecture and methods are described herein that allows for ultra-fast and load balancing-aware failure recovery of the data network. | 11-12-2015 |
Patent application number | Description | Published |
20090306079 | 3,4-DI-SUBSTITUTED CYCLOBUTENE-1,2-DIONES AS CXC-CHEMOKINE RECEPTOR LIGANDS - There are disclosed compounds of the formula | 12-10-2009 |
20100136165 | CONFECTIONERY COMPOSITION, ARTICLE, METHOD, AND APPARATUS - A dough-like confectionery material contains a solid particulate, a liquid, and a diffusion controller. The dough-like confectionery material is an effective replacement for panned coatings, and it can be applied to an edible substrate, such as candy or chewing gum to form a layered confection. Methods and apparatus for forming layered confections are also described. | 06-03-2010 |
20100136184 | CONFECTIONERY COMPOSITION, ARTICLE, METHOD, AND APPARATUS - A dough-like confectionery material contains a solid particulate, a liquid, and a diffusion controller. The dough-like confectionery material is an effective replacement for panned coatings, and it can be applied to an edible substrate, such as candy or chewing gum to form a layered confection. Methods and apparatus for forming layered confections are also described. | 06-03-2010 |
20100136185 | MULTI-REGION CONFECTIONERY COMPOSITION, ARTICLE, METHOD, AND APPARATUS - A dough-like confectionery material contains a solid particulate, a liquid, and a diffusion controller. The dough-like confectionery material is an effective replacement for panned coatings, and it can be applied to an edible substrate, such as candy or chewing gum to form a layered confection. Methods and apparatus for forming layered confections are also described. | 06-03-2010 |
20110213029 | 3,4-Di-Substituted Cyclobutene-1,2-Diones as CXC-Chemokine Receptor Ligands - There are disclosed compounds of the formula | 09-01-2011 |
20130209644 | CONFECTIONERY COMPOSITION AND ARTICLE - A dough-like confectionery material contains a solid particulate, a liquid, and a diffusion controller. The dough-like confectionery material is an effective replacement for panned coatings, and it can be applied to an edible substrate, such as candy or chewing gum to form a layered confection. Methods and apparatus for forming layered confections are also described. | 08-15-2013 |
20130216661 | MULTI-REGION CONFECTIONERY - A dough-like confectionery material contains a solid particulate, a liquid, and a diffusion controller. The dough-like confectionery material is an effective replacement for panned coatings, and it can be applied to an edible substrate, such as candy or chewing gum to form a layered confection. Methods and apparatus for forming layered confections are also described. | 08-22-2013 |
Patent application number | Description | Published |
20080299277 | Sweetening Compositions - This disclosure relates to sweetening compositions that include (1) at least a sweetener selected from the group consisting of sucralose, acesulfame potassium, saccharin, aspartame, a stevia extract, neotame, cyclamate, a Luo Han Guo extract, a polyol, and a mixture thereof; (2) at least a preservative selected from the group consisting of potassium sorbate, sodium sorbate, sodium benzoate, potassium benzoate, methyl gallate, propyl gallate, sodium ethylenediaminetetraacetate, methyl paraben, propyl paraben, and a mixture thereof; and (3) at least an acid selected from the group consisting of citric acid, succinic acid, lactic acid, propionic acid, tartaric acid, tannic acid, phosphoric acid, adipic acid, malic acid, acetic acid, gluconic acid, ascorbic acid, and a mixture thereof. | 12-04-2008 |