Patent application number | Description | Published |
20090323709 | Determining and Distributing Routing Paths for Nodes in a Network - Disclosed are, inter alia, methods, apparatus, computer-storage media, mechanisms, and means associated with determining and distributing routing paths for nodes in a network. For each route computational node of multiple route computational nodes in a network: a tree of paths between itself and each of multiple nodes in the network is determined. A particular tree of paths is determined for a particular node of these multiple nodes to the other nodes based on at least two of the determined trees of paths for the route computational nodes. The particular node then sends a packet towards a destination based on the particular tree of paths determined for the particular node. | 12-31-2009 |
20130191463 | MANAGING ADDRESS VALIDATION STATES IN SWITCHES SNOOPING IPV6 - In one embodiment, a particular device (e.g., switch) receives a neighbor discovery (ND) message from a non-trusted non-switch device, the ND message having an associated address, and creates a corresponding binding entry for the address in a temporary tentative state without forwarding the ND message. In addition, the switch then generates and forwards a first duplicate address detection (DAD) message on behalf of the non-trusted non-switch device. In response to receiving a second DAD message from a non-owner device, the switch may either drop the second DAD message when a corresponding second address of the second DAD message is stored as a tentative-state entry, or else forward the second DAD message to a corresponding owner device of the second address for neighbor advertisement (NA) defense when the second address is not stored as a tentative-state entry. | 07-25-2013 |
20130291117 | PROTECTING ADDRESS RESOLUTION PROTOCOL NEIGHBOR DISCOVERY CACHE AGAINST DENIAL OF SERVICE ATTACKS - In one embodiment, a device (e.g., switch or registry) maintains a binding table for all internet protocol (IP) addresses in a particular subnet associated with the device, and in response to receiving a neighbor solicitation (NS) lookup message from a router for a particular address, determines whether the particular address is within the binding table. When the particular address is not within the binding table, the device causes the router to not store the particular address in a neighbor discovery (ND) cache at the router (e.g., by responding to clear the cache, or ignoring to prevent state from being created). In another embodiment, the ND-requesting router ensures that the particular address is not kept in an ND cache at the router in response to the device indicating that the particular address is not within its binding table (e.g., an explicit response to clear, or absence of instruction to store state). | 10-31-2013 |
20140123278 | DENIAL-OF-SERVICE ATTACK PROTECTION - In one embodiment, a device detects a denial-of-service attack and generates a message in response to the detection of the denial-of-service attack. The message is then virally distributed to a plurality of subscribed devices. | 05-01-2014 |
20140269717 | IPV6/IPV4 RESOLUTION-LESS FORWARDING UP TO A DESTINATION - In one embodiment, a switch in a computer network intercepts a packet to a destination target, the packet having a solicited node multicast address of the target as a destination media access control (MAC) address of the packet. As such, the switch may determine whether the solicited node multicast address is a hit or miss within a switch hardware table of the switch, and in response to a hit, re-writes the destination MAC address with a known value of the destination target from the table, and unicasts the packet to the destination target. In one or more additional embodiments, in response to a miss, and in response to a single-switch architecture, the switch drops the packet, while in response to a miss, and in response to a multi-switch architecture, the switch may compute a repository switch for the solicited multicast destination, and unicasts the packet to the computed repository switch. | 09-18-2014 |
20140282864 | THROTTLING AND LIMITING THE SCOPE OF NEIGHBOR SOLICITATION (NS) TRAFFIC - In one embodiment, a switch in a computer network may receive a neighbor solicitation (NS) message for a target node for which no neighbor authentication (NA) reply has been received at the switch. The switch may then determine whether to forward the NS message to only non-constrained links of the switch, or to both non-constrained links and constrained links of the switch. The determining may be configured to intermittently result in forwarding the NS message for the target node to both the non-constrained links and the constrained links. The switch may then forward the NS message according to the determination. | 09-18-2014 |
20150089081 | CO-EXISTENCE OF A DISTRIBUTED ROUTING PROTOCOL AND CENTRALIZED PATH COMPUTATION FOR DETERMINISTIC WIRELESS NETWORKS - In one embodiment, a device both communicates with a network operating a distributed proactive routing protocol, and participates in a centralized path computation protocol. The device communicates routing characteristics of the distributed proactive routing protocol for the network from the network to the centralized path computation protocol, and also communicates one or more computed paths from the centralized path computation protocol to the network, where the computed paths from the centralized path computation protocol are based on the routing characteristics of the distributed proactive routing protocol for the network. | 03-26-2015 |
Patent application number | Description | Published |
20080304457 | Secure mobile IPv6 registration - In one embodiment, a method comprises receiving by an agent a request from a network node for generation of a secure IPv6 address for use by the network node, the request including a selected subset of parameters selected by the network node and required for generation of the secure IPv6 address according to a prescribed secure address generation procedure, the selected subset including at least a public key owned by the network node; dynamically generating by the agent at least a second of the parameters required for generation of the secure IPv6 address; generating by the agent the secure IPv6 address based on the selected subset and the second of the parameters required for generation of the secure IPv6 address; and outputting, to the network node, an acknowledgment to the request and that includes the secure IPv6 address, and the parameters required for generation of the secure IPv6 address. | 12-11-2008 |
20080307516 | Secure neighbor discovery router for defending host nodes from rogue routers - In one embodiment, a method comprises receiving, by a router in a network, a router advertisement message on a network link of the network; detecting within the router advertisement message, by the router, an advertised address prefix and an identified router having transmitted the router advertisement message within the network; determining, by the router, whether the identified router is authorized to at least one of advertise itself as a router, or advertise the advertised address prefix on the network link; and selectively initiating, by the router, a defensive operation against the identified router based on the router determining the identified router is not authorized to advertise itself as a router, or advertise the advertised address prefix on the network link. | 12-11-2008 |
20090024758 | Detecting neighbor discovery denial of service attacks against a router - In one embodiment, a method comprises initiating neighbor discovery in response to detecting an absence of an IP destination address of a received data packet within a neighbor cache, including outputting a neighbor solicitation message targeting the IP destination address into a network served by the router, generating a hash index value based on the IP destination address combined with a randomized token stored in the router, and storing the data packet in a selected one of a plurality of pending message queues in the router based on the corresponding hash index value, each pending message queue configured for storing stored data packets having the corresponding hash index value and awaiting respective solicited neighbor advertisement messages from the network; and detecting whether the router is encountering a neighbor discovery denial of service attack based on a determined distribution of the stored data packets among the pending message queues. | 01-22-2009 |
20120300668 | GENERATING A LOOP-FREE ROUTING TOPOLOGY USING ROUTING ARCS - In one embodiment, a method comprises creating, in a computing network, a loop-free routing topology comprising a plurality of routing arcs for reaching a destination device, each routing arc comprising a first network device as a first end of the routing arc, a second network device as a second end of the routing arc, and at least a third network device configured for routing any network traffic along the routing arc toward the destination device via any one of the first or second ends of the routing arc; and causing the network traffic to be forwarded along at least one of the routing arcs to the destination device. | 11-29-2012 |
20130208594 | RECURSIVE LOAD BALANCING IN A LOOP-FREE ROUTING TOPOLOGY USING ROUTING ARCS - In one embodiment, a method comprises creating, in a computing network, a loop-free routing topology comprising a plurality of routing arcs for reaching a destination device, each routing arc comprising a first network device as a first end of the routing arc, a second network device as a second end of the routing arc, and at least a third network device configured for routing any network traffic along the routing arc toward the destination device via any one of the first or second ends of the routing arc; and load balancing the network traffic along the routing arcs based on traffic metrics obtained at the first and second ends of the routing arcs, including selectively sending a backpressure command to a first one of the routing arcs supplying at least a portion of the network traffic to a congested one of the routing arcs. | 08-15-2013 |
20140036729 | LABEL DISTRIBUTION AND ROUTE INSTALLATION IN A LOOP-FREE ROUTING TOPOLOGY USING ROUTING ARCS - In one embodiment, a method comprises creating, in a computing network, a loop-free routing topology for reaching a destination device, the loop-free routing topology comprising distinct paths for reaching the destination device; generating a set of serialized representations describing the loop-free routing topology, each serialized representation describing a corresponding one of the paths; and propagating the set of serialized representations from the destination device to network nodes in the computing network, enabling the network nodes to establish loop-free label switched paths for reaching the destination device via the loop-free routing topology. | 02-06-2014 |
20150036507 | RECURSIVE LOAD BALANCING IN A LOOP-FREE ROUTING TOPOLOGY USING ROUTING ARCS - In one embodiment, a method comprises creating, in a computing network, a loop-free routing topology comprising a plurality of routing arcs for reaching a destination device, each routing arc comprising a first network device as a first end of the routing arc, a second network device as a second end of the routing arc, and at least a third network device configured for routing any network traffic along the routing arc toward the destination device via any one of the first or second ends of the routing arc; and load balancing the network traffic along the routing arcs based on traffic metrics obtained at the first and second ends of the routing arcs, including selectively sending a backpressure command to a first one of the routing arcs supplying at least a portion of the network traffic to a congested one of the routing arcs. | 02-05-2015 |