Patent application number | Description | Published |
20130083697 | MANAGING AND PROVISIONING VIRTUAL ROUTERS - Methods and systems are provided for provisioning and managing network-based virtual private networks (VPNs). According to one embodiment, routing information, including virtual private network (VPN) addresses reachable, for customer sites connected via service processing switches is learned or discovered. The routing information is disseminated among routers associated with multiple network-based customer VPNs for multiple customers. A routing configuration is generated for a network-based customer VPN based on the routing information and a global customer routing profile. Virtual routers (VRs) of the service processing switches are provisioned to support the customer VPN based on the routing configuration. A custom routing profile for the customer VPN is received that identifies one or more routing protocols to be used for one or more segments of the customer VPN. The customer VPN is automatically reconfigured by programmatically generating appropriate routing configurations for the VRs based on the routing information and the custom routing profile. | 04-04-2013 |
20130104235 | DETECTION OF UNDESIRED COMPUTER FILES IN ARCHIVES - Systems and methods for content filtering are provided. According to one embodiment, a type and structure of an archive file are determined. The archive file includes identification bytes that identify the type of archive file and header information both in unencrypted and uncompressed form and a file data portion containing contents of files in encrypted form, compressed form or both. The determination is based solely on the identification bytes and/or the header information. Based thereon, descriptive information, describing characteristics of the files, is extracted from the header information for each file. The descriptive information includes a checksum of the file in uncompressed form, a size of the file in uncompressed form and/or a size of the file in compressed form. A file is identified as being potentially malicious or undesired when a comparison of the descriptive information to detection signatures of known malicious or undesired files results in a match. | 04-25-2013 |
20130121152 | ADAPTIVE LOAD BALANCING - Methods and systems for performing load balancing within an Ethernet network are provided. According to one embodiment, a set of virtual networks, into which a network has been logically divided that can be used by a first component is maintained. Each of the virtual networks is a loop-free switching path, reverse path learning network and provides a path through the network between the first component and a second component. A packet destined for the second component is received by the first component. On a packet-by-packet basis or on a per flow basis, the first component dynamically selects a particular path by selecting a virtual network for transporting the received packet that tends to balance traffic load across the virtual networks. The first component causes the received packet to be transported through the network to the second component via the particular path. | 05-16-2013 |
20130125238 | CONTENT FILTERING OF REMOTE FILE-SYSTEM ACCESS PROTOCOLS - Methods and systems for content filtering of remote file-system access protocols are provided. According to one embodiment, a first set of Server Message Block/Common Internet File System (SMB/CIFS) protocol requests originated by a first process running on a client and relating to a file associated with a share of a server and a second set of SMB/CIFS protocol requests originated by a second process running on the client and relating to the file are transparently proxied by a gateway device. The existence or non-existence of malicious, dangerous or unauthorized content contained within the file is determined by the gateway device by (i) buffering data being read from or written to the file as a result of the first and second set of SMB/CIFS protocol requests into a shared file buffer; and (ii) performing content filtering on the shared file buffer when a scanning condition is satisfied. | 05-16-2013 |
20130152203 | OPERATION OF A DUAL INSTRUCTION PIPE VIRUS CO-PROCESSOR - Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a method for virus processing content objects is provided. A content object is stored within a system memory by a general purpose processor using a virtual address. Most recently used entries of a page directory and a page table of the system memory are cached within a translation lookaside buffer (TLB) of a virus co-processor. Instructions are read from a virus signature memory of the co-processor. Those of a first type are assigned to a first of multiple instruction pipes of the co-processor. The first instruction pipe executes an instruction including accessing a portion of the content object by performing direct virtual memory addressing of the system memory using a physical address derived based on the virtual address and the TLB and comparing it to a string associated with the instruction. | 06-13-2013 |
20130155862 | PERFORMING RATE LIMITING WITHIN A NETWORK - Methods and systems for performing rate limiting are provided. According to one embodiment, information is maintained regarding a set of virtual networks into which a network has been logically divided. Each virtual network comprises a loop-free switching path, reverse path learning network and provides a path through the network between a first and second component thereby collectively providing multiple paths between the first and second components. Packets are received by the first component that are associated with a flow sent by a source component. The packets are forwarded by the first component to the second component along a particular path defined by the set of virtual networks. A congestion metric is determined for the particular path and based thereon it is determined whether a congestion threshold has been reached. Responsive to an affirmative determination, the source component is instructed to limit the rate at which the packets are sent. | 06-20-2013 |
20130156033 | SCALABLE IP-SERVICES ENABLED MULTICAST FORWARDING WITH EFFICIENT RESOURCE UTILIZATION - Methods, apparatus and data structures are provided for managing multicast IP flows. According to one embodiment, active multicast IP sessions are identified by a router. A data structure is maintained by the router and contains therein information regarding the multicast sessions, including a first pointer for each of the multicast sessions, at least one chain of one or more blocks of second pointers and one or more transmit control blocks (TCBs). Each first pointer points to a chain of one or more blocks of second pointers. Each second pointer corresponds to an outbound interface (OIF) participating in the multicast session and identifies a number of times packets associated with the multicast session are to be replicated. The TCBs have stored therein control information to process or route packets. Each second pointer points to a TCB that identifies an OIF of the router through which packets are to be transmitted. | 06-20-2013 |
20130170346 | MANAGING HIERARCHICALLY ORGANIZED SUBSCRIBER PROFILES - Methods are provided for managing hierarchically organized subscriber profiles. According to one embodiment, a connection for a subscriber is created based on a service context of the subscriber. A connection request is received from a subscriber of a network service delivery environment. The subscriber is associated with a first-level profile identifier indicative of a service context for the subscriber. One or more other subscribers can be associated with the first-level profile identifier. Lower-level profile identifiers are determined using the first-level profile identifier. The lower-level profile identifiers indicate a set of services that is available to the subscriber during the connection. Creating a connection for the subscriber that enables forwarding of packets based on the lower-level profile identifiers. | 07-04-2013 |
20130198839 | SYSTEMS AND METHODS FOR DETECTING AND PREVENTING FLOODING ATTACKS IN A NETWORK ENVIRONMENT - A method for processing network traffic data includes receiving a packet, and determining whether the packet is a previously dropped packet that is being retransmitted. A method for processing network traffic content includes receiving a plurality of headers, the plurality of headers having respective first field values, and determining whether the first field values of the respective headers form a first prescribed pattern. A method for processing network traffic content includes receiving a plurality of packets, and determining an existence of a flooding attack without tracking each of the plurality of packets with a SYN bit. | 08-01-2013 |