公开(公告)号：WO2007099507A3

公开(公告)日：2007-11-22

申请号：PCT/IB2007050669

申请日：2007-03-01

Applicant: IBM ,  DROZ PATRICK ,  HAAS ROBERT ,  KIND ANDREAS

Inventor： DROZ PATRICK ,  HAAS ROBERT ,  KIND ANDREAS

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  H04L43/04 ,  H04W76/046

Abstract: Network flow records from various administrative domains are provided to a network monitoring entity. The network monitoring entity analyzes the network flow records in a way to locate a source of malicious network flow.

Abstract translation: 来自各个管理域的网络流量记录被提供给网络监控实体。 网络监控实体通过分析网络流量记录来定位恶意网络流量的来源。

公开(公告)号：CA2509409C

公开(公告)日：2009-04-21

申请号：CA2509409

申请日：2003-10-30

Applicant: IBM

Inventor： MANNAL SOENKE ,  BOWEN ED ,  KIND ANDREAS ,  PLETKA ROMAN A ,  JEFFRIES CLARK D ,  DROZ PATRICK ,  KENCL LUKAS

IPC: H04L12/56

Abstract: Methods and apparatus are provided for controlling flow rates of a plurality of data packet flows into a queue 4 corresponding to a resource 3 of a netwo rk device 1. The flows comprise a set 7 of non-responsive flows, and a set 8 of other flows which may comprise responsive flows and/or flows whose responsiveness is unknown. The flow rates are managed in accordance with a queue management scheme such that adjustments are made to each flow rate in dependence on excess bandwidth in the resource, the amounts of the adjustmen ts being dependent on one or more adjustment parameters for each flow. An error signal is generated based on the deviation from a desired allocation ratio o f the ratio of the total flow rates into the queue 4 for the sets of flows 7, 8. At least one adjustment parameter for at least one flow is then varied in dependence on the error signal in such a manner as to reduce the aforementioned deviation. A closed-loop control scheme thus operates in conjunction with the underlying queue management scheme to promote fair bandwidth allocation even in the presence of a mix of responsive and non- responsive flows.

公开(公告)号：DE60313037T2

公开(公告)日：2007-12-13

申请号：DE60313037

申请日：2003-10-30

Applicant: IBM

Inventor： BOWEN ED ,  DROZ PATRICK ,  JEFFRIES CLARK D ,  KENCL LUKAS ,  KIND ANDREAS ,  PLETKA ROMAN A ,  MANNAL SOENKE

IPC: H04L12/56

Abstract: Methods and apparatus are provided for controlling flow rates of a plurality of data packet flows into a queue 4 corresponding to a resource 3 of a network device 1 . The flows comprise a set 7 of non-responsive flows, and a set 8 of other flows which may comprise responsive flows and/or flows whose responsiveness is unknown. The flow rates are managed in accordance with a queue management scheme such that adjustments are made to each flow rate in dependence on excess bandwidth in the resource, the amounts of the adjustments being dependent on one or more adjustment parameters for each flow. An error signal is generated based on the deviation from a desired allocation ratio of the ratio of the total flow rates into the queue 4 for the sets of flows 7, 8 . At least one adjustment parameter for at least one flow is then varied in dependence on the error signal in such a manner as to reduce the aforementioned deviation. A closed-loop control scheme thus operates in conjunction with the underlying queue management scheme to promote fair bandwidth allocation even in the presence of a mix of responsive and non-responsive flows.

公开(公告)号：MY133313A

公开(公告)日：2007-11-30

申请号：MYPI20034435

申请日：2003-11-19

Applicant: IBM

Inventor： BOWEN HOYT EDWIN JR ,  DROZ PATRICK ,  JEFFERIES CLARK D ,  KENCL LUKAS ,  KIND ANDREAS ,  MANNAL SOENKE V ,  PLETKA ROMAN A

IPC: H04L12/56

Abstract: METHODS AND APPARATUS ARE PROVIDED FOR CONTROLLING FLOW RATES OF A PLURALITY OF DATA PACKET FLOWS INTO A QUEUE 4 CORRESPONDING TO A RESOURCE 3 OF A NETWORK DEVICE 1. THE FLOWS COMPRISE A SET 7 OF NON-RESPONSIVE FLOWS, AND A SET 8 OF OTHER FLOWS WHICH MAY COMPRISE RESPONSIVE FLOWS AND/OR FLOWS WHOSE RESPONSIVENESS IS UNKNOWN. THE FLOW RATES ARE MANAGED IN ACCORDANCE WITH A QUEUE MANAGEMENT SCHEMESUCH ADJUSTMENTS ARE MADE TO EACH FLOW RATE IN DEPENDENCE ON EXCESS BANDWIDTH IN THE RESOURCE, THE AMOUNTS OF THE ADJUSTMENTS BEING DEPENDENT ON ONE OR MORE ADJUSTMENT PARAMETERS FOR EACH FLOW. AN ERROR SIGNAL IS GENERATED BASED ON THE DEVIATION FROM A DESIRED ALLOCATION RATIO OF THE RATIO OF THE TOTAL FLOW RATES INTO THE EQUEUE 4 FOR THE SETS OF FLOWS 7, 8. AT LEAST ONE ADJUSTMENT PARAMETER FOR AT LEAST ONE FLOW IS THEN VERIED IN DEPENDENCE ON THE ERROR SIGNAL IN SUCH A MANNER AS TO REDUCE THE AFOREMENTIONED DEVIATION. A CLOSED-LOOP CONTROL SCHEME THUS OPERATES IN CONJUCTION WITH THE UNDERLYING QUEUE MANAGEMENT SCHEME TO PROMOTE FAIR BANDWIDTH ALLOCATION EVEN IN THE PRESENCE OF A MIX OF RESPONSIVE AND NON-RESPONSIVE FLOWS.(FIG. 1)

公开(公告)号：CA2669932A1

公开(公告)日：2008-06-26

申请号：CA2669932

申请日：2007-11-02

Applicant: IBM

Inventor： VAN LUNTEREN JAN ,  KIND ANDREAS

IPC: H04L29/06

Abstract: The invention relates to an apparatus for analysing a network flow, compr ising - a parser for extracting flow identification information from the net work flow, - a flow metering unit for metering the network flow, - a program mable controller for controlling the flow metering unit and the parser.

公开(公告)号：AT358938T

公开(公告)日：2007-04-15

申请号：AT03758477

申请日：2003-10-30

Applicant: IBM

Inventor： BOWEN ED ,  DROZ PATRICK ,  JEFFRIES CLARK D ,  KENCL LUKAS ,  KIND ANDREAS ,  PLETKA ROMAN A ,  MANNAL SOENKE

IPC: H04L12/56

Abstract: Methods and apparatus are provided for controlling flow rates of a plurality of data packet flows into a queue 4 corresponding to a resource 3 of a network device 1 . The flows comprise a set 7 of non-responsive flows, and a set 8 of other flows which may comprise responsive flows and/or flows whose responsiveness is unknown. The flow rates are managed in accordance with a queue management scheme such that adjustments are made to each flow rate in dependence on excess bandwidth in the resource, the amounts of the adjustments being dependent on one or more adjustment parameters for each flow. An error signal is generated based on the deviation from a desired allocation ratio of the ratio of the total flow rates into the queue 4 for the sets of flows 7, 8 . At least one adjustment parameter for at least one flow is then varied in dependence on the error signal in such a manner as to reduce the aforementioned deviation. A closed-loop control scheme thus operates in conjunction with the underlying queue management scheme to promote fair bandwidth allocation even in the presence of a mix of responsive and non-responsive flows.

公开(公告)号：BR0317582A

公开(公告)日：2005-11-22

申请号：BR0317582

申请日：2003-10-30

Applicant: IBM

Inventor： BOWEN ED ,  DROZ PATRICK ,  JEFFRIES CLARK D ,  KENCL LUKAS ,  KIND ANDREAS ,  PLETKA ROMAN A ,  MANNAL SOENKE

IPC: H04L12/56

Abstract: Methods and apparatus are provided for controlling flow rates of a plurality of data packet flows into a queue 4 corresponding to a resource 3 of a network device 1 . The flows comprise a set 7 of non-responsive flows, and a set 8 of other flows which may comprise responsive flows and/or flows whose responsiveness is unknown. The flow rates are managed in accordance with a queue management scheme such that adjustments are made to each flow rate in dependence on excess bandwidth in the resource, the amounts of the adjustments being dependent on one or more adjustment parameters for each flow. An error signal is generated based on the deviation from a desired allocation ratio of the ratio of the total flow rates into the queue 4 for the sets of flows 7, 8 . At least one adjustment parameter for at least one flow is then varied in dependence on the error signal in such a manner as to reduce the aforementioned deviation. A closed-loop control scheme thus operates in conjunction with the underlying queue management scheme to promote fair bandwidth allocation even in the presence of a mix of responsive and non-responsive flows.

公开(公告)号：DE112010004940T5

公开(公告)日：2012-12-06

申请号：DE112010004940

申请日：2010-08-03

Applicant: IBM

Inventor： JANSEN BERNHARD ,  KIND ANDREAS ,  STOECKLIN MARC P

IPC: H04L12/24 ,  H04L12/26 ,  H04L29/12

Abstract: Es werden Verfahren und Vorrichtungen zum automatischen Erkennen des Adressbereichs für ein IP-Netzwerk (2) bereitgestellt. Es werden Datenverkehrsdaten ermittelt, wobei die Datenverkehrsdaten für jeden von einer Netzwerkeinheit über die Netzwerkgrenze hinweg geleiteten Datenverkehr die Quell- und/oder die Ziel-IP-Adressen des Datenverkehrs umfassen sowie (a) die jeweils andere Ziel- und/oder Quell-IP-Adresse und/oder (b) Richtungsdaten, welche die Flussrichtung über die Netzwerkgrenze hinweg anzeigen. Es wird eine Baumdatenstruktur erzeugt, welche die IP-Adressen in den Datenverkehrsdaten darstellt. Aufeinanderfolgenden Verzweigungspunkten in einem Zweig des Baums sind aufeinanderfolgende Abschnitte einer IP-Adresse zugehörig. IP-Adressen mit gemeinsamen Anfangsabschnitten werden in dem Baum mit zumindest einem gemeinsamen Verzweigungspunkt dargestellt. Verzweigungspunkten in dem Baum werden in Abhängigkeit von der Auftrittshäufigkeit der dargestellten IP-Adressen in zumindest einer Teilmenge der Datenverkehrsdaten Gewichte zugewiesen. Der IP-Adressbereich des Netzwerks (2) wird dann durch Identifizieren des Verzweigungspunkts, dem der allen IP-Adressen in dem Netzwerk (2) gemeine letzte Anfangsadressabschnitt zugehörig ist, in Abhängigkeit von den zugewiesenen Gewichten erkannt. Eine Einheit (1) wird automatisch mit dem IP-Adressbereich konfiguriert, um im Betrieb der Einheit (1) eine Unterscheidung zwischen IP-Adressen innerhalb und außerhalb des Netzwerks (2) zu gestatten, z. B. zum Filtern oder zum Klassifizieren von Verkehr. Die Einheit (1), bei der es sich auch um eine Netzwerkeinheit handeln kann, die zur Ermittlung der Datenverkehrsdaten den Datenverkehr überwacht, kann den Adressbereichs-Erkennungsprozess zum Zweck der Selbstkonfigurierung durchführen.

公开(公告)号：GB2484878A

公开(公告)日：2012-04-25

申请号：GB201203406

申请日：2010-08-03

Applicant: IBM

Inventor： JANSEN BERNHARD ,  KIND ANDREAS ,  STOECKLIN MARC P

IPC: H04L29/12 ,  H04L12/24 ,  H04L12/26

Abstract: Methods and apparatus are provided for automatic address range detection for an IP network (2). Flow data is obtained, the flow data comprising, for each flow relayed by a network device across the network boundary, one of the source and destination IP addresses for the flow and one of (a) the other of the source and destination IP addresses and (b) direction data indicative of the flow direction across the network boundary. A tree data structure is generated representing the IP addresses in the flow data. Successive nodes in a branch of the tree are associated with successive portions of an IP address. IP addresses with initial portions in common are represented in the tree with at least one node in common. Weights are assigned to nodes in the tree in dependence on occurrences of the represented IP addresses in at least a subset of the flow data. The IP address range of the network (2) is then detected by identifying, in dependence on the assigned weights, the node associated with the last initial address portion common to all IP addresses in the network (2). A device (1) is automatically configured with the IP address range to permit distinction between IP addresses inside and outside the network (2) in operation of the device (1), e.g. for filtering or traffic classification. The device (1), which may also be a network device which monitors traffic to obtain the flow data, may perform the address range detection process for self-configuration purposes.

公开(公告)号：AU2003274502A1

公开(公告)日：2004-07-14

申请号：AU2003274502

申请日：2003-10-30

Applicant: IBM

Inventor： KENCL LUKAS ,  KIND ANDREAS ,  PLETKA ROMAN A ,  MANNAL SOENKE ,  BOWEN ED ,  DROZ PATRICK ,  JEFFRIES CLARK D

IPC: H04L12/56

Abstract: Methods and apparatus are provided for controlling flow rates of a plurality of data packet flows into a queue 4 corresponding to a resource 3 of a network device 1 . The flows comprise a set 7 of non-responsive flows, and a set 8 of other flows which may comprise responsive flows and/or flows whose responsiveness is unknown. The flow rates are managed in accordance with a queue management scheme such that adjustments are made to each flow rate in dependence on excess bandwidth in the resource, the amounts of the adjustments being dependent on one or more adjustment parameters for each flow. An error signal is generated based on the deviation from a desired allocation ratio of the ratio of the total flow rates into the queue 4 for the sets of flows 7, 8 . At least one adjustment parameter for at least one flow is then varied in dependence on the error signal in such a manner as to reduce the aforementioned deviation. A closed-loop control scheme thus operates in conjunction with the underlying queue management scheme to promote fair bandwidth allocation even in the presence of a mix of responsive and non-responsive flows.