Patent application number | Description | Published |
20100132028 | METHOD FOR IMPLEMENTING SECURITY-RELATED PROCESSING ON PACKET AND NETWORK SECURITY DEVICE - Embodiments of the present invention provide method for implementing security-related processing on packet and a network security device. Through establishing a relationship between stream attribute information of an initial packet of a stream and security-related processing information implemented on the initial packet, when a succeeding packet of the stream is received, the previously stored relationship is acquired according to stream attribute information of the succeeding packet, the security-related processing is implemented on the succeeding packet according to the security-related processing information in the relationship. Therefore, according to the method for implementing security-related processing on packet and the network security device provided by the present invention, the process of searching for security information entries for succeeding packets of a stream is not required, the security-related processing procedure of the packet is thus accelerated, and the packet processing efficiency is improved. | 05-27-2010 |
20100195647 | METHOD AND APPARATUS FOR PACKET PROCESSING - The present invention discloses a packet processing apparatus and method. The packet processing apparatus is applied to an L4˜L7 network device, including a plurality of interface processing units and a plurality of service processing units, the interface processing units are connected with the service processing units through a first connection unit; and each of the interface processing units is adapted to select, after receiving a packet from outside, a service processing unit from all the service processing units and transmit the packet to the selected service processing unit; and each of the service processing units is adapted to perform service processing to the packet after receiving the packet. The present invention improves packet processing capability and reliability of the L4˜L7 network device. | 08-05-2010 |
20100260181 | METHOD, PROGRAM, AND SYSTEM FOR IMPLEMENTING CENTRALIZED CONTROL PLANE AND DISTRIBUTED DATA PLANE - The present invention discloses a method for implementing centralized control plane and distributed data plane and that comprises the following steps: the main control unit of the main board generates control information and delivers it to the adaptation layer of the main board; the adaptation layer of the main board transmits the control information to the adaptation layer of the service board(s); the adaptation layer of the service board(s) delivers the control information to the data plane and hardware engine of the service board(s). The present discloses a program and system for implementing centralized control plane and distributed data plane. The present invention provides a software architecture using an adaptation layer to implement centralized control plane and distributed data plane to ensure high performance and good scalability of the new architecture, reduce system complexity, and keep system simplicity and efficiency. | 10-14-2010 |
20100322239 | METHOD AND AN APPARATUS FOR PROCESSING PACKETS - The present invention discloses a packet processing method, which applies to a high-performance and scalable flow processing system architecture. The service board performs security processing for packets received from external devices by using the firewall function before sending them to the main CPU; similarly, the service board also performs security processing for packets sent from the main CPU by using the firewall function before the main CPU sends them to external devices. The methods of the present invention utilize high performance and good scalability of the new architecture. In a network with heavy and high-speed traffic, the service board performs security processing for packets by using the firewall function and then transmits the valid packets to the main CPU. Thus, the main CPU is protected by the firewall function against attack packets. | 12-23-2010 |
20110249674 | APPARATUS AND METHOD FOR PROCESSING PACKET - The present invention provides an apparatus and method for processing a packet. An interface processing module selects one from all service processing modules as a service processing module for processing a packet; if the service processing module needs to perform tunnel processing for the packet, the service processing module transmits the packet after performing the tunnel processing; if another service processing module needs to perform tunnel processing for the packet, the service processing module transmits the packet to a service processing module needing to perform tunnel processing for the packet. According to the present invention, the packet can be processed uniformly by the service processing module, so it is not unnecessary to store session states in the service processing modules, and also not unnecessary to perform synchronization between the service processing modules, which greatly decreases complexity of processing the packet and saves system bandwidth. | 10-13-2011 |
20110252228 | METHOD AND APPARATUS FOR ENSURING PACKET TRANSMISSION SECURITY - An apparatus and method for ensuring distributed packet transmission security are provided. In an embodiment of the present invention, a main control board allocates SA information to multiple processing boards according to a pre-defined criterion, so that each processing board which receives and stores the SA information may implement IPSec processing. As such, the IPSec processing is shared by the multiple processing boards. Accordingly, when there are a large number of IPSec tunnels on one interface, the IPSec processing to the packets passing the IPSec tunnels will not completely rely on only the processing board where the interface is located. Instead, the IPSec processing is allocated to different processing boards. Therefore, the multiple processing boards effectively share the IPSec processing corresponding to multiple SAs. The efficiency of the IPSec processing is increased. | 10-13-2011 |
20130223273 | METHOD AND APPARATUS FOR EVALUATING AN AIR INTERFACE CONDITION OF A WLAN - In a method and an apparatus for evaluating air interface condition of a wireless local area network (WLAN), the evaluation of the air interface condition of the WLAN is divided into four layers: the evaluation of the air interface condition of the pre-defined area, the evaluation of the air interface condition of each place in the pre-defined area, the evaluation of the air interface condition of each AP in each place and the evaluation of the air interface condition of each user accessing each AP. The method and apparatus are able to provide definite evaluation denoting the level of the air interface condition through analyzing and quantizing of the statistical information items with respect to the overall air interface condition of the whole area covered by the WLAN or the partial air interface condition of each place, each AP and each user in the pre-defined area. | 08-29-2013 |
20130265941 | PREVENTING ROAMING USER TERMINAL RE-AUTHENICATION - A method and device for preventing a roaming user terminal from re-authentication are provided. The method includes: when Virtual Local Area Network (VLAN) of a roaming user terminal changes, change information of the roaming user terminal is reported to a Broadband Remote Access Server (BRAS) via an Access Controller (AC) and the BRAS reports modified information of the roaming user terminal to an Authentication, Authorization, Accounting server (AAA server). | 10-10-2013 |
20140301275 | DUAL-HOMING PROTECTION - Examples of the present disclosure provide a dual-homing protection method and device. In the dual-homing protection method, a forwarding item synchronizing channel and a data transfer channel are established between two Provider Edge (PE) devices in a dual-homing node, a Pseudo Wire (PW) and a Label Switched Path (LSP) protection group bearing the PW are established between a network side peer PE device and the two PE devices in the dual-homing node, which are taken as a logical device, so as to implement LSP protection within a network. The present disclosure may enable the protection within a network to be independent of access link protection. Subsequently, the management is simple. | 10-09-2014 |
20140334292 | Implementing Dual-Homed Node Protection - A method is provided for a master apparatus of a Virtual Router Redundancy Protocol (VRRP) in a dual-homed node that is a part of a dual-homed network to implement a Layer 3 apparatus. The dual-homed network includes the dual-homed node and a Layer 2 MPLS-Transport Profile (MPLS-TP) network. The method includes monitoring a state of an uplink, when the monitoring detects that the uplink has a failure, notifying an original backup apparatus of the VRRP to perform a master-backup switch, and notifying a downlink apparatus of the master apparatus of the VRRP that a remote link has a failure, thereby causing the downlink apparatus to switch a working channel within the MPLS-TP network. The method includes, when a notification indicating that the master-backup switch has been performed is received from the original backup apparatus of the VRRP, switching to a backup apparatus of the VRRP. | 11-13-2014 |