-
11.发明授权
公开(公告)号:KR100353850B1
公开(公告)日:2002-09-28
申请号:KR1020000066638
申请日:2000-11-10
IPC: H04L12/28
Abstract: 본 발명은 멀티 프로토콜 레이블 교환(MPLS) 망에서 라우터간의 트래픽 흐름들에 대한 서비스품질(QoS)을 보장하는 경로 보호 방법 및 그 기록매체에 관한 것으로서, MPLS 망 등에서 임의의 두 레이블 에지 라우터(LER : Label Edge Router)간의 트래픽 흐름의 집합에 대한 QoS 조건이 주어져 있을 때, 사전 보호 경로 설정을 통해 망의 고장시에 신속히 제한적 레이블 스위치 경로(CR-LSP)를 복구하여 그 QoS 조건을 보장함으로써, 망의 자원 활용도와 서비스 가용성을 최대화하기 위한 경로 보호 방법 및 그 기록매체를 제공하기 위하여, 한 쌍의 LER 사이의 트래픽 흐름의 집합에 대한 QoS 조건을 만족하는 동작/보호 경로들로 경로 집합을 설정하는 단계; 설정된 경로 집합에 속하는 모든 경로들을 동작 경로로 활용하면서 동시에 서로의 보호 경로로도 활용할 수 있도록, 트래픽 흐름 집합에 속하는 각 트래픽 흐름들이 요구하는 자원을 경로 집합에 속하는 모든 경로들에 할당하여 예약한 후에, 고장인 경로를 식별하는 단계; 및 정상인 상태에서 고장인 상태로 바뀐 경로들에 할당되었던 예약 자원을 정상인 경로로 옮겨 할당함으로써 트래픽 흐름 집합의 QoS 조건을 만족시켜, 트래픽 흐름 집합을 QoS 조건이 만족되도록 전송하는 단계를 포함함.
-
公开(公告)号:KR1020020053519A
公开(公告)日:2002-07-05
申请号:KR1020000083177
申请日:2000-12-27
IPC: H04L12/20
CPC classification number: H04L45/507 , H04L12/4641 , H04L63/0272
Abstract: PURPOSE: A VPN(Virtual Private Network) service system in an MPLS(Multi Protocol Label Switching) network and a method thereof are provided so that an edge router can efficiently provide VPN service on the basis of a communication network like an MPLS network. CONSTITUTION: An operator command processing block(11) receives and processes an operator's command. A VPN_CFB(12) is a VPN service function block that provides VPN service actually. A BGP4_FB(13) indicates a BGP4+ function block to transfer generic routing information and VPN routing information. An SIG_FB(14), a function block to set up an LSP(Label Switched Path), executes a CR-LDP protocol or an RSVP-TE protocol. An IBM_FB(15) creates a resource management and forwarding entry and transfers the created entry to a VFE_FB(16). The VFE_FB(16) indicates a forwarding engine. A VPN_comp_t(17) is a table to manage information related to VPN groups and sites. A VPN_rib_t(18) is a table to manage VPN routing information. A VPN_path_t(19) is a table to manage paths by the site. An LSP_table(20) stores LSP associated information. A VPN_ft(21) indicates a VPN forwarding table.
Abstract translation: 目的:提供MPLS(Multi Protocol Label Switching,多协议标签交换)网络中的VPN(Virtual Private Network,虚拟专用网)业务系统及其方法,使得边缘路由器可以在诸如MPLS网络的通信网络的基础上高效地提供VPN业务。 构成:操作员指令处理块(11)接收并处理操作者的命令。 VPN_CFB(12)是实际提供VPN业务的VPN业务功能块。 BGP4_FB(13)表示传输通用路由信息和VPN路由信息的BGP4 +功能块。 SIG_FB(14)是建立LSP(标签交换路径)的功能块,执行CR-LDP协议或RSVP-TE协议。 IBM_FB(15)创建资源管理和转发条目,并将创建的条目传输到VFE_FB(16)。 VFE_FB(16)表示转发引擎。 VPN_comp_t(17)是管理与VPN组和站点有关的信息的表。 VPN_rib_t(18)是一个管理VPN路由信息的表格。 VPN_path_t(19)是用于管理站点路径的表。 LSP_table(20)存储LSP相关信息。 VPN_ft(21)表示VPN转发表。
-
公开(公告)号:KR100456637B1
公开(公告)日:2004-11-10
申请号:KR1020020079364
申请日:2002-12-12
Applicant: 한국전자통신연구원
IPC: G06F15/00
Abstract: PURPOSE: A system for a network security service including a classifier based on a blacklist is provided to promptly confront an intrusion of an attacking packet by detecting the attacking packet from a specified site before intruding into a service provider network. CONSTITUTION: A blacklist table(300) records the danger information for the near sites. The classifier(302) classifies the packets intruding from the near sites based on the danger information of the site registered to the blacklist table by installing to an entering point of the service provider network. The classifier switches the data processing paths in order to transmit the classified packet through the preset data processing path depending on the danger of the site from a parallel/serial connection path between the classifier and a confronting device(306), and the connection path to the confronting device not passing the classifier. An analyzer(304) discriminates the attacking packet by analyzing the packet entered from the classifier. The confronting device blocks the packet judged as the attacking packet or warns the detection of the attacking packet.
Abstract translation: 目的:提供一种包括基于黑名单的分类器的网络安全服务的系统,以便在入侵到服务提供商网络之前通过检测来自指定站点的攻击分组来及时对抗攻击分组的入侵。 组成:黑名单表(300)记录近地点的危险信息。 分类器(302)通过安装到服务提供商网络的入口点,基于登记到黑名单表的站点的危险信息,将从近端站点侵入的分组分类。 分类器切换数据处理路径以便根据来自分类器和相对设备之间的并行/串行连接路径的站点的危险通过预设的数据处理路径发送分类的分组(306),并且将连接路径 面对的设备不通过分类器。 分析器(304)通过分析从分类器输入的分组来鉴别攻击分组。 面对的设备阻止判断为攻击性分组的分组或警告检测到攻击性分组。
-
公开(公告)号:KR1020040038169A
公开(公告)日:2004-05-08
申请号:KR1020020067051
申请日:2002-10-31
Applicant: 한국전자통신연구원
IPC: H04L12/22
CPC classification number: H04L63/0464 , H04L63/0428 , H04L63/20
Abstract: PURPOSE: A security service system of an Internet service provider network including distributed security resources is provided to determine a next hop to which a marked packet moves by using address information of distributed security resources, and to transmit the packet to the determined hop, thereby supplying differentiated security services to customers by using distributed network security resources. CONSTITUTION: A packet analyzer(100) checks whether security information is a marked packet, and analyzes marking information if the security information is the marked packet. A security functional entity(110) performs a security function corresponding to the security information. A marking transformer(120) converts the security information, so that the same security function cannot be performed any more for the security information where the security function is carried out. A path decision unit(130) determines a next hop to which the packet moves by using address information of security resources, transmits the packet to the determined hop if the security information is the marked packet, and transmits the packet to the next hop according to routing information if the information is not the marked packet.
Abstract translation: 目的:提供包括分布式安全资源在内的互联网服务提供商网络的安全服务系统,通过使用分布式安全资源的地址信息来确定标记分组移动的下一跳,并将分组发送到确定的跳,从而提供 通过使用分布式网络安全资源向客户提供差异化的安全服务。 规定:分组分析器(100)检查安全信息是否是标记分组,并且如果安全信息是标记分组,则分析标记信息。 安全功能实体(110)执行对应于安全信息的安全功能。 标记变压器(120)转换安全信息,使得对于执行安全功能的安全信息,不能再执行相同的安全功能。 路径决定单元(130)通过使用安全资源的地址信息来确定分组移动的下一跳,如果安全信息是标记的分组,则将分组发送到所确定的跳跃,并根据 如果信息不是标记的数据包,路由信息。
-
公开(公告)号:KR1020040038168A
公开(公告)日:2004-05-08
申请号:KR1020020067050
申请日:2002-10-31
Applicant: 한국전자통신연구원
IPC: H04L12/22
CPC classification number: H04L63/0428 , H04L63/20
Abstract: PURPOSE: An Internet security service method using a packet marking function is provided to mark grades of customer packets, and to selectively pass through a security functional entity existing in an Internet service provider network, thereby supplying grade-based security services. CONSTITUTION: When a packet enters an Internet provider network, a security grade marker marks a security grade of the packet through a predetermined field(200). A decoder interprets the marked packet, and perceives the security grade(210). If the interpreted security grade is preset to correspond to an IDS(Invasion Detection System), the corresponding security grade is the IDS, and a security function is provided through the IDS(220). A decoder of a security functional entity and a security function supplier interpret the packet where the security function is carried out, and execute the security function corresponding to the preset security grade. Another security functional entity performs the security function.
Abstract translation: 目的:提供使用分组标记功能的因特网安全服务方法来标记客户分组的等级,并选择性地通过存在于因特网服务提供商网络中的安全功能实体,从而提供基于等级的安全服务。 规定:当数据包进入互联网提供商网络时,安全级别标记通过预定字段标记数据包的安全等级(200)。 解码器解释标记的分组,并感知安全等级(210)。 如果解释的安全等级被预设为对应于IDS(入侵检测系统),则相应的安全级别是IDS,并且通过IDS(220)提供安全功能。 安全功能实体的解码器和安全功能供应商解释执行安全功能的分组,并执行与预设安全等级对应的安全功能。 另一个安全功能实体执行安全功能。
-
Patent Agency Ranking
公开(公告)号:KR1020040026198A
公开(公告)日:2004-03-30
申请号:KR1020020057564
申请日:2002-09-23
Applicant: 한국전자통신연구원
IPC: H04L12/927 , H04L12/733 , H04L12/22
CPC classification number: H04L47/805 , H04L45/12 , H04L45/44 , H04L45/70 , H04L47/2425 , H04L63/1408 , H04L63/1441
Abstract: PURPOSE: A method of setting a connection for supplying multiple-grade network security services is provided to receive a connection request of a user when the connection request is received in a service provider network, and to suggest a process of setting a connection, thereby simultaneously supplying a network security service and a QoS function. CONSTITUTION: A system inputs a connection request of a user, in which a QoS requirement and a security service requirement are defined(S310). A path calculator retrieves all the shortest routing paths satisfying the QoS requirement, and decides whether the retrieved paths exist(S320,S330). If so, the path calculator retrieves security service resources of routers including in a retrieved routing path, and decides whether a path satisfies the security service requirement(S340,S350). If the path calculator succeeds in searching the proper path, an RRA(Resource Reservation Agent) sets the path and reserves QoS resources and security service resources(S360). An RIUA(Resource Information Update Agent) corrects an SRIB(Security Resource Information Base) and a QoSRIB(QoS Resource Information Bases)(S380).
Abstract translation: 目的:提供一种设置用于提供多级网络安全服务的连接的方法,用于在服务提供商网络中接收到连接请求时接收用户的连接请求,并建议设置连接的过程,从而同时 提供网络安全服务和QoS功能。 构成:系统输入用户的连接请求,其中定义了QoS要求和安全服务要求(S310)。 路径计算器检索满足QoS要求的所有最短路由路径,并且确定所检索的路径是否存在(S320,S330)。 如果是,则路径计算器检索路由器中包括检索到的路由路径中的安全服务资源,并且确定路径是否满足安全服务要求(S340,S350)。 如果路径计算器成功搜索正确的路径,则RRA(资源预留代理)设置路径并保留QoS资源和安全服务资源(S360)。 RIUA(资源信息更新代理)更正SRIB(安全资源信息库)和QoSRIB(QoS资源信息库)(S380)。
-
公开(公告)号:KR100411880B1
公开(公告)日:2003-12-24
申请号:KR1020000083177
申请日:2000-12-27
IPC: H04L12/20
Abstract: PURPOSE: A VPN(Virtual Private Network) service system in an MPLS(Multi Protocol Label Switching) network and a method thereof are provided so that an edge router can efficiently provide VPN service on the basis of a communication network like an MPLS network. CONSTITUTION: An operator command processing block(11) receives and processes an operator's command. A VPN_CFB(12) is a VPN service function block that provides VPN service actually. A BGP4_FB(13) indicates a BGP4+ function block to transfer generic routing information and VPN routing information. An SIG_FB(14), a function block to set up an LSP(Label Switched Path), executes a CR-LDP protocol or an RSVP-TE protocol. An IBM_FB(15) creates a resource management and forwarding entry and transfers the created entry to a VFE_FB(16). The VFE_FB(16) indicates a forwarding engine. A VPN_comp_t(17) is a table to manage information related to VPN groups and sites. A VPN_rib_t(18) is a table to manage VPN routing information. A VPN_path_t(19) is a table to manage paths by the site. An LSP_table(20) stores LSP associated information. A VPN_ft(21) indicates a VPN forwarding table.
Abstract translation: 目的:提供MPLS(多协议标签交换)网络中的VPN(虚拟专用网络)服务系统及其方法,使得边缘路由器能够基于诸如MPLS网络的通信网络有效地提供VPN服务。 构成:操作员命令处理块(11)接收并处理操作员的命令。 VPN_CFB(12)是实际提供VPN服务的VPN服务功能块。 BGP4_FB(13)指示传送通用路由信息和VPN路由信息的BGP4 +功能块。 用于建立LSP(标签交换路径)的功能块SIG_FB(14)执行CR-LDP协议或RSVP-TE协议。 IBM_FB(15)创建资源管理和转发条目,并将创建的条目传送到VFE_FB(16)。 VFE_FB(16)指示转发引擎。 VPN_comp_t(17)是管理与VPN组和站点相关的信息的表格。 VPN_rib_t(18)是管理VPN路由信息的表格。 VPN_path_t(19)是一个管理站点路径的表格。 LSP_table(20)存储LSP相关信息。 VPN_ft(21)表示VPN转发表。
-
公开(公告)号:KR1020030091257A
公开(公告)日:2003-12-03
申请号:KR1020020029146
申请日:2002-05-27
Applicant: 한국전자통신연구원
IPC: G06F15/00
Abstract: PURPOSE: A method for offering and executing a policy using a system function on a policy based network security management system is provided to increase expandability and flexibility of a policy server by generating a network security policy as referring the system function of a client, and offering it to the related policy client. CONSTITUTION: The system function having a different value for maintaining and managing each policy client is recognized mutually between the policy server and the policy client. The policy server generates, edits, or stores the network security policy referring the system function(S20). The policy server transfers the network security policy to the policy client(S30). The policy client replaces the system function with an actual value returned from the system function of the network security policy(S40). The policy client executes the network security policy(S50).
Abstract translation: 目的:提供一种在基于策略的网络安全管理系统上提供和执行使用系统功能的策略的方法,通过生成网络安全策略来提高策略服务器的可扩展性和灵活性,以引用客户端的系统功能,并提供 它到相关政策客户端。 构成:策略服务器和策略客户端之间可以相互确认具有维护和管理每个策略客户端的不同值的系统功能。 策略服务器根据系统功能生成,编辑或存储网络安全策略(S20)。 策略服务器将网络安全策略传送给策略客户端(S30)。 策略客户端使用从网络安全策略的系统功能返回的实际值替换系统功能(S40)。 策略客户端执行网络安全策略(S50)。
-
19.发明公开
公开(公告)号:KR1020020036464A
公开(公告)日:2002-05-16
申请号:KR1020000066638
申请日:2000-11-10
IPC: H04L12/28
CPC classification number: H04L45/302 , H04L45/24 , H04L45/50
Abstract: PURPOSE: A path protecting method for securing a service quality with respect to traffic flows between routers in a multi protocol label switching network is provided to increase a resource application rate of a network and a service availability by recovering a CR-LSP(Constraint-based Label Switched Path) rapidly through a previous protection path set in case that a network has a trouble, thereby securing a QoS(Quality of service) condition when the QoS condition with respect to a set of a traffic flow between two LER(Label Edge Router)s is provided in an MPLS(Multi Protocol Label Switching) network. CONSTITUTION: A set(S) of a CR-LSP for satisfying a QoS condition with respect to traffic flows between a pair of LERs is set(201). The CR-LSP set(S) is provided for using all CR-LSPs as an operation path and using an interactive protection path, respectively. A CR-LSP having a trouble out of all CR-LSPs possessed in the CR-LSP set(S) is detected(202), and a transmission of a traffic flow is performed(203) until transmissions of all traffic flows are completed through only normal CR-LSPs(204). If the transmission is completed, the set CR-LSP set(S) is released(205).
Abstract translation: 目的:提供一种用于保证多协议标签交换网络中路由器之间的业务流量的业务质量的路径保护方法,以通过恢复CR-LSP(基于约束的)来增加网络的资源应用速率和服务可用性 标签交换路径)快速地通过在网络有故障的情况下设置的先前保护路径,从而在相对于两个LER(标签边缘路由器)之间的业务流集合的QoS条件时确保QoS(服务质量)条件 )s被提供在MPLS(多协议标签交换)网络中。 构成:设置用于满足关于一对LER之间的业务流的QoS条件的CR-LSP的集合(S)(201)。 提供CR-LSP集合(S),用于分别使用所有CR-LSP作为操作路径并使用交互式保护路径。 检测出在CR-LSP集合(S)中拥有的所有CR-LSP中具有故障的CR-LSP(202),并且执行业务流的传输(203),直到所有业务流的传输完成为止 只有正常的CR-LSP(204)。 如果发送完成,则释放设置的CR-LSP组(S)(205)。
-
公开(公告)号:KR100492909B1
公开(公告)日:2005-06-03
申请号:KR1020020018900
申请日:2002-04-08
Applicant: 한국전자통신연구원
IPC: H04L12/44
Abstract: 본 발명은 사용자 관점의 트리 구조 정책을 재사용 용기를 활용하여 저장하는 방법에 관한 것이다.
본 발명은 공유 가능한 재사용 트리들을 미리 지정하여 재사용 용기에 따로 관리하는 방법(S100)과; 사용자의 관점에서 공유되는 노드 없이 루티드(rooted) 트리 구조로 구성된 규칙 및 정책을 재사용 용기를 활용하여 방향성 무환 그래프(directed acyclic graph) 구조로 자동으로 변환하여 저장하는 방법(S200); 및 사용자 관점의 트리 삽입 요청과 사용자 관점의 트리 삭제 요청 및 사용자 관점의 객체 수정 요청에 따라서 재사용 용기를 활용하여 이미 저장되어 있는 방향성 무환 그래프 구조에 트리를 삽입하거나 삭제하는 한편, 특정한 객체를 수정하는 방법(S300,S400,S500)으로 이루어지며,
이에 따라서, 사용자 관점의 정책 구조와 물리적 저장 구조를 분리시키고 저장 공간을 절약할 수 있으며, 정책 편집을 편리하게 하고 정책 저장 구조를 용이하게 변경할 수 있다.
-
-
-
-
-
-
-
-
-
Search Results
22
records
(took 0.025 seconds)
