Patent application number | Description | Published |
20080219181 | HIGH-SPEED TRAFFIC MEASUREMENT AND ANALYSIS METHODOLOGIES AND PROTOCOLS - We formulate the network-wide traffic measurement/analysis problem as a series of set-cardinality-determination (SCD) problems. By leveraging recent advances in probabilistic distinct sample counting techniques, the set-cardinalities, and thus, the network-wide traffic measurements of interest can be computed in a distributed manner via the exchange of extremely light-weight traffic digests (TD's) amongst the network nodes, i.e. the routers. A TD for N packets only requires O(loglog N) bits of memory storage. The computation of such O(loglog N)-sized TD is also amenable for efficient hardware implementation at wire-speed of 10 Gbps and beyond. Given the small size of the TD's, it is possible to distribute nodal TD's to all routers within a domain by piggybacking them as opaque data objects inside existing control messages, such as OSPF link-state packets (LSPs) or I-BGP control messages. Once the required TD's are received, a router can estimate the traffic measurements of interest for each of its local link by solving a series of set-cardinality-determination problems. The traffic measurements of interest are typically in form of per-link, per-traffic-aggregate packet counts (or flow counts) where an aggregate is defined by the group of packets sharing the same originating and/or destination nodes (or links) and/or some intermediate nodes (or links). The local measurement results are then distributed within the domain so that each router can construct a network-wide view of routes/flow patterns of different traffic commodities where a commodity is defined as a group of packets sharing the same origination and/or termination nodes or links. After the initial network-wide traffic measurements are received, each router can further reduce the associated measurement/estimation errors by locally conducting a minimum square error (MSE) optimization based on network-wide commodity-flow conservation constraints. | 09-11-2008 |
20080240139 | Method and Apparatus for Operating Fast Switches Using Slow Schedulers - The invention includes an apparatus and method for switching packets through a switching fabric. The apparatus includes a plurality of input ports and output ports for receiving arriving packets and transmitting departing packets, a switching fabric for switching packets from the input ports to the output ports, and a plurality of schedulers controlling switching of packets through the switching fabric. The switching fabric includes a plurality of virtual output queues associated with a respective plurality of input-output port pairs. One of the schedulers is active during each of a plurality of timeslots. The one of the schedulers active during a current timeslot provides a packet schedule to the switching fabric for switching packets through the switching fabric during the current timeslot. The packet schedule is computed by the one of the schedulers active during the current timeslot using packet departure information for packets departing during previous timeslots during which the one of the schedulers was active and packet arrival information for packets arriving during previous timeslots during which the one of the schedulers was active. | 10-02-2008 |
20080267068 | Lightweight bandwidth-management scheme for elastic traffic - A lightweight probabilistic mechanism used to estimate the number of active flows, which estimate is used to determine the probability of admitting a new flow into the network. In one embodiment, a method for controlling admission of new flows at a node in a network of nodes interconnected by links includes: (a) for each of a plurality of incoming packets arriving at the node, each incoming packet corresponding to an active flow traversing the node: (a1) randomly selecting a packet from an output buffer of the node; (a2) determining whether the incoming packet is from the same active flow as the randomly-selected packet; and (a3) updating an estimate of the number of active flows traversing the node based on the determination of step (a2); and (b) determining whether to admit or drop part or all of a new flow at the node based on the estimated number of active flows traversing the node. | 10-30-2008 |
20080313132 | HIGH ACCURACY BLOOM FILTER USING PARTITIONED HASHING - A method and system for generating a bloom filter by mapping into respective groups each of a plurality of initial keys according to a first hash function and mapping each group hashed key into a bloom filter using k respective hash functions. | 12-18-2008 |
20100040066 | NETWORK ADDRESS LOOKUP BASED ON BLOOM FILTERS - In one embodiment, IP lookup into a routing table having prefixes of different prefix lengths is performed using a Bloom filter that was programmed with the prefixes corresponding to all of the different prefix lengths without having to expand any of the prefixes programmed into the Bloom filter. Membership probes are performed into the Bloom filter using candidate prefix values of a given network address. The Bloom filter can be implemented in a distributed manner using Bloom sub-filters, where each Bloom sub-filter is hashed based on a set of hash functions, where each different hash function in the set corresponds to a different prefix length in the routing table. Each Bloom sub-filter can in turn be implemented using a plurality of practically realizable multi-port memory devices controlled by a port scheduler. False-positive matches can be detected and next-hop information for true-positive matches retrieved using an off-chip, hash-based prefix table. | 02-18-2010 |
20100069074 | WIRELESS-RESOURCE BROKER - In one embodiment, a wireless-resource broker employs a self-enforcing spectrum-sharing policy, e.g., the expected utility (e.g., rate) a user obtains by following the policy provided by the broker is not less than the expected utility that the user obtains by switching to some other strategy. Each user is associated with one or more transmitter-receiver pairs, e.g., a transmitter of a wireless device and a receiver of a base station in communication via a wireless channel. The broker receives, as input, user parameters characterizing one or more of the transmitters and/or receivers and resource parameters characterizing one or more available spectrum blocks. The broker solves a linear-programming problem to generate and transmit a recommended policy for one or more users. The policy for each user includes information such as the spectrum block(s) to which the user is assigned, the transmission power for the user, and the transmission rate for the user. | 03-18-2010 |
20100251290 | ADVERTISEMENT SCHEDULING IN A PACKET-BASED MEDIA-DELIVERY SYSTEM - In one embodiment, a scheme for the display of targeted and personalized advertisements in a packet-based media-delivery system, such as an Internet Protocol Television (IPTV) service. An Internet keyword-based advertisement-bidding model is used to place the most-appropriate IPTV advertisements for viewers depending on their interests as determined through the users' Internet activities, while maximizing advertising revenue for the IPTV service provider. One method for scheduling an advertisement for rendering in one or more time slots in packet-based media programming comprises: (a) obtaining at least one keyword from one or more Internet sessions corresponding to at least one user; (b) receiving a plurality of bid amounts corresponding to a plurality of available advertisements for the one or more time slots; and (c) scheduling, based on the at least one keyword and at least one of the bid amounts, the advertisement to be rendered to the at least one user in the one or more time slots. | 09-30-2010 |
20100266215 | VARIABLE-STRIDE STREAM SEGMENTATION AND MULTI-PATTERN MATCHING - A variable-stride multi-pattern matching apparatus segments patterns and input streams into variable-size blocks according to a modified winnowing algorithm. The variable-stride pattern segments are used to determine the block-symbol alphabet for a variable-stride discrete finite automaton (VS-DFA) that is used for detecting the patterns in the input streams. Applications include network-intrusion detection and protection systems, genome matching, and forensics. The modification of the winnowing algorithm includes using special hash values to determine the position of delimiters of the patterns and input streams. The delimiters mark the beginnings and ends of the segments. In various embodiments, the patterns are segmented into head, core, and tail blocks. The approach provides for memory, memory-bandwidth, and processor-cycle efficient, deterministic, high-speed, line-rate pattern matching. | 10-21-2010 |
20110016206 | SYSTEMS AND METHODS FOR CREATING USER INTEREST PROFILES - Example methods include monitoring Internet traffic for a user, analyzing content of the Internet traffic, correlating the analyzed content with a simplified classifier set, ranking each correlated simplified classifier in the simplified classifier set, and storing the ranked simplified classifiers in a user interest profile for the user. Customer premise equipment may include a residential gateway, such as a wireless router, and user equipment such as a personal computer. Example systems may be configured from customer premise equipment or Internet service providers to generate user interest profiles in accordance with example methods. | 01-20-2011 |
20120281520 | SOFTROUTER PROTOCOL DISAGGREGATION - A SoftRouter architecture deconstructs routers by separating the control entities of a router from its forwarding components, enabling dynamic binding between them. In the SoftRouter architecture, control plane functions are aggregated and implemented on a few smart servers which control forwarding elements that are multiple network hops away. A dynamic binding protocol performs network-wide control plane failovers. Network stability is improved by aggregating and remotely hosting routing protocols, such as OSPF and BGP. This results in faster convergence, lower protocol messages processed, and fewer route changes following a failure. The SoftRouter architecture includes a few smart control entities that manage a large number of forwarding elements to provide greater support for network-wide control. In the SoftRouter architecture, routing protocols operate remotely at a control element and control one or more forwarding elements by downloading the forwarding tables, etc. into the forwarding elements. Intra-domain routing and inter-domain routing are also included. | 11-08-2012 |
20130011136 | Apparatus And Method For Protection In A Data Center - A manner of providing redundancy protection for a data center network that is both reliable and low-cost. In a data center network where the data traffic between numerous access nodes and a network core layer via primary aggregation nodes, an optical network device such as and OLT (optical line terminal) is provided as a backup aggregation node for one or more of the primary aggregation nodes. When a communication path through a primary aggregation node fails, traffic is routed through the optical network device. In a preferred embodiment, a communication link is formed from a plurality of access nodes to a single port of the OLT or other optical network device via an optical splitter that combines upstream transmissions and distributes downstream transmissions. The upstream transmissions from the plurality of access nodes may occur according to an allocation schedule generated when the backup aggregation node is needed. | 01-10-2013 |
20130060601 | PRIVACY-PRESERVING ADVERTISEMENT TARGETING USING RANDOMIZED PROFILE PERTURBATION - A distribution and scheduling system for advertisements that targets ads to users and maximizes service-provider revenue without having full knowledge of user-profile information. Each user device stores a user profile and is pre-loaded with a set of ads that could possibly be shown during a timeslot. Each user device selects and displays an ad based on the user profile but does not identify the selected ad to the service provider. Instead, the user devices provide perturbed user-profile information in the form of Boolean vectors, which the service provider uses in conjunction with a guaranteed-approximation online algorithm to estimate the number of users that saw a particular ad. Thus, the service provider can charge advertisers for the number of times their ads are viewed, without knowing the users' profiles or which ads were viewed by individual users, and users can view the targeted ads while maintaining privacy from the service provider. | 03-07-2013 |
20130166943 | Method And Apparatus For Energy Efficient Distributed And Elastic Load Balancing - Various embodiments provide a method and apparatus of providing a load balancing configuration that adapts to the overall load and scales the power consumption with the load to improve energy efficiency and scalability. The energy efficient distributed and elastic load balancing architecture includes a collection of multi-tiered servers organized as a tree structure. The handling of incoming service requests is distributed amongst a number of the servers. Each server in the virtual load distribution tree accepts handles incoming service requests based on its own load. Once a predetermined loading on the receiving server has been reached, the receiving server passes the incoming requests to one or more of its children servers. | 06-27-2013 |
20130204903 | PROBABILISTIC FINGERPRINT CHECKING FOR PREVENTING DATA LEAKAGE - A data-leakage prevention capability is presented herein. The data-leakage prevention capability prevents leakage of data, of a file set having a plurality of files, from a secure network using online fingerprint checking of data flows at a boundary of the secure network. The online fingerprint checking is performed using a set of data structures configured for the file set. The data structures for the file set are configured based on file set characteristics information of the file set and a target detection lag indicative of a maximum number of bits within which a data leakage event for the file set is to be determined. The data structure configuration is computed for a plurality of data structures configured for use in monitoring the files of the file set. The data structure configuration includes a plurality of data structure locations and data structure sizes for the respective plurality of data structures. | 08-08-2013 |
20130254248 | Method And Apparatus For A Distributed File System In A Cloud Network - Various embodiments provide a method and apparatus of providing a distributed network file system in a cloud network that provides performance guarantees in cloud storage that are independent of the accessed files and the access locations. A client's file system is provisioned using a file placement strategy that is based on client's access locations and determined maximum access bandwidths and does not require knowledge of file access patterns. | 09-26-2013 |
20140089506 | SECURING SOFTWARE DEFINED NETWORKS VIA FLOW DEFLECTION - A flow deflection capability is provided for deflecting data flows within a Software Defined Network (SDN) in order to provide security for the SDN. A flow forwarding rule is generated for a first network element of the SDN based on detection of a condition (e.g., TCAM utilization condition, CPU utilization condition, or the like) associated with the first network element. The flow forwarding rule is generated by a control element of the SDN or the first network element of the SDN. The flow forwarding rule is indicative that at least a portion of new flow requests received at the first network element are to be forwarded from the first network element to a second network element of the SDN. The flow forwarding rule may specify full flow deflection or selective flow deflection. | 03-27-2014 |
20140089510 | JOINT ALLOCATION OF CLOUD AND NETWORK RESOURCES IN A DISTRIBUTED CLOUD SYSTEM - A capability is provided for allocating cloud and network resources in a distributed cloud system including a plurality of data centers. A request for resources is received. The request for resources includes a request for cloud resources and an indication of an amount of cloud resources requested. The request for resources also may include a request for network resources or one or more constraints. A set of feasible resource mappings is determined based on the request for resources and information associated with the distributed cloud system. A resource mapping to use for the request for resources is selected from the set of feasible resource mappings. The selected resource mapping includes a mapping of the requested cloud resources to cloud resources of one or more of the data centers and an identification of network resources configured to support communications for the cloud resources of the one or more data centers. | 03-27-2014 |