-
公开(公告)号:WO2011159445A2
公开(公告)日:2011-12-22
申请号:PCT/US2011/037970
申请日:2011-05-25
Applicant: MICROSOFT CORPORATION
Inventor: ALKHATIB, Hasan
CPC classification number: H04L61/251 , H04L29/12358 , H04L29/12575 , H04L61/2592
Abstract: Systems, methods and computer storage media for utilizing IPv6 addressing for globally unique identification of network endpoints when communications from or to an IPv4 compatible application. An IPv4 packet of data that is from and/or directed to an IPv4 endpoint is encapsulated in an IPv6 packet of data. An IPv6 compatible address is identified for a destination of the IPv6 packet of data. The IPv6 address is a globally unique identifier that is comprised of an IPv4 identifier that represents an IPv4 address of the encapsulated IPv4 packet. The IPv6 packet of data is communicated to the destination identified by the IPv6 address. A 4to6 stack may intercept the incoming IPv6 packet of data before the destination to strip the IPv6 header information revealing the IPv4 packet of data.
Abstract translation: 系统,方法和计算机存储介质,用于在与IPv4兼容的应用程序进行通信时利用IPv6寻址来全球唯一标识网络端点。 来自和/或定向到IPv4端点的IPv4数据包被封装在IPv6数据包中。 针对IPv6数据包的目的地标识IPv6兼容的地址。 IPv6地址是一个全球唯一的标识符,由一个IPv4标识符组成,该标识符表示封装的IPv4报文的IPv4地址。 将IPv6数据包传送到由IPv6地址标识的目的地。 4to6堆栈可以拦截目的地之前的数据的传入IPv6数据包,以剥离揭示IPv4数据包的IPv6头信息。
-
公开(公告)号:WO2011162942A2
公开(公告)日:2011-12-29
申请号:PCT/US2011/039324
申请日:2011-06-06
Applicant: MICROSOFT CORPORATION
Inventor: ALKHATIB, Hasan , OUTHRED, Geoff
CPC classification number: H04L45/745 , H04L12/4641 , H04L12/66 , H04L29/12047 , H04L29/12339 , H04L45/02 , H04L45/74 , H04L49/70 , H04L61/15 , H04L61/2007 , H04L61/2503
Abstract: Computerized methods, systems, and computer-readable media are provided for distributing virtualized gateway functionality to multiple nodes within a physical network. Initially, drivers that carry out the gateway functionality are provisioned to cooperate with endpoints instantiated on the network nodes, while a directory service is implemented to maintain a mapping between virtual internet protocol (IP) addresses and location-dependent addresses, as well as a table enumerating transformation actions according to known pathways connecting the endpoints within a network. In operation, the directory service replies to requests from the driver (carrying source and destination IP addresses of data packets) with the appropriate location-dependent addresses (utilizing the mapping) and the appropriate transformation action(s) (utilizing the table). The transformation action(s) include rewriting headers of the data packets to include the location-dependent addresses, encapsulating the data packets as inner data packets within respective outer data packets, or configuring the data packets with a tunneling protocol.
Abstract translation: 提供计算机化方法,系统和计算机可读介质以将虚拟网关功能分发到物理网络内的多个节点。 最初,执行网关功能的驱动程序被配置为与在网络节点上实例化的端点协作,而实现目录服务以维持虚拟互联网协议(IP)地址和位置相关地址之间的映射,以及表 根据连接网络中的端点的已知路径枚举转换动作。 在操作中,目录服务使用适当的位置相关地址(利用映射)和适当的变换动作(利用表)来回复来自驱动器的请求(携带数据分组的源和目的地IP地址)。 转换动作包括重写数据分组的报头以包括位置相关地址,将数据分组封装在相应的外部数据分组内的内部数据分组,或者用隧道协议配置数据分组。
-
公开(公告)号:WO2011162992A2
公开(公告)日:2011-12-29
申请号:PCT/US2011/040065
申请日:2011-06-10
Applicant: MICROSOFT CORPORATION
Inventor: ALKHATIB, Hasan , OUTHRED, Geoffrey , BANSAL, Deepak , PANASYUK, Anatoliy , RANGEGOWDA, Dharshan , CHAVEZ, Anthony
CPC classification number: G06F21/31 , H04L9/3234 , H04L9/3247 , H04L29/12264 , H04L29/12452 , H04L61/2046 , H04L61/2535 , H04L61/2546 , H04L63/0815 , H04L63/104 , H04L2209/60
Abstract: Computerized methods, systems, and computer-readable media for promoting cooperation between a first and second virtual network overlay ("overlay") are provided. The first overlay is governed by a first authority domain and includes members assigned virtual IP addresses from a first address range. The second overlay is governed by a second authority domain, which is associated with a second federation mechanism, for negotiating on behalf of the second overlay. The second federation mechanism is capable of negotiating with, or soliciting delegation of authority from, a first federation mechanism that is associated with the first authority domain. When negotiations are successful or authority is delegated, the second federation mechanism establishes a communication link between the second overlay and the first overlay or joins a member of the second overlay to the first overlay. Joining involves allocating a guest IP address from the first address range to the member.
Abstract translation: 提供了用于促进第一和第二虚拟网络覆盖(“覆盖”)之间的协作的计算机化方法,系统和计算机可读介质。 第一个覆盖由第一个授权域管理,并包括从第一个地址范围分配虚拟IP地址的成员。 第二重叠由第二权限域管理,第二权限域与第二联合机制相关联,用于代表第二重叠进行协商。 第二个联邦机制能够与第一个与第一个权威机构相关联的第一个联合机制进行谈判或者征集授权。 当谈判成功或授权被授权时,第二联合机制在第二重叠和第一覆盖之间建立通信链接,或者将第二覆盖的成员连接到第一重叠。 加入涉及将访客IP地址从第一个地址范围分配给该成员。
-
公开(公告)号:WO2011142972A2
公开(公告)日:2011-11-17
申请号:PCT/US2011/034191
申请日:2011-04-27
Applicant: MICROSOFT CORPORATION
Inventor: ALKHATIB, Hasan , KIM, Changhoon , OUTHRED, Geoff , BANSAL, Deepak , GREENBERG, Albert , MALTZ, Dave , PATEL, Parveen
CPC classification number: H04L12/4641 , H04L12/4633 , H04L45/04 , H04L45/42 , H04L45/46 , H04L45/566 , H04L45/586
Abstract: Computerized methods, systems, and computer-readable media are provided for establishing and managing a virtual network (V-net) and virtual machine (VM) switches that enable protected and isolated interconnections between members of the V-net. The V-net members include an originating network adapter that generates data packets addressed to a destination network adapter. Upon detecting data-packet generation, a source-side VM switch accesses a forwarding table associated with the V-net, ascertains a destination-side, VM-switch locator that corresponds to an identifier of the destination network adapter, and modifies the data packets to include the identifier. The forwarding table represents a mapping between the members of the V-net and VM switches located on respective nodes within the data center. In operation, the mapping enforces communication policies that govern data-packet traffic. Upon receiving the data packets, the destination-side VM switch restores the data packets and forwards them to the destination network adapter.
Abstract translation: 提供了计算机化方法,系统和计算机可读介质,用于建立和管理虚拟网络(V-net)和虚拟机(VM)交换机,从而实现V-net成员之间的保护和隔离互连。 V-net成员包括生成发往目标网络适配器的数据包的始发网络适配器。 在检测到数据包生成时,源侧VM交换机访问与V-net相关联的转发表,确定与目的网络适配器的标识符相对应的目的地侧的VM交换机定位符,并修改数据包 包括标识符。 转发表表示位于数据中心内的相应节点上的V-net和VM交换机的成员之间的映射。 在操作中,映射强制执行数据包流量的通信策略。 目的端VM交换机接收到数据包后,恢复数据包并将其转发到目的网络适配器。
-
公开(公告)号:WO2011109565A2
公开(公告)日:2011-09-09
申请号:PCT/US2011/026931
申请日:2011-03-02
Applicant: MICROSOFT CORPORATION
Inventor: BANSAL, Deepak , ALKHATIB, Hasan
CPC classification number: H04L69/14 , H04L47/193 , H04L47/20 , H04L47/22 , H04L67/10 , H04L69/161 , H04L69/326 , H04L69/329 , H04L69/40 , Y02D50/30
Abstract: Computerized methods, systems, and computer-storage media for establishing and managing a transmission control protocol (TCP)-based tunnel ("tunnel") are provided. The tunnel spans between a data center and a private enterprise network and connects endpoints, of a service application, that reside in each location. During communication, the endpoints transmit data packets over one or more channels (e.g., higher-level channel and lower-level channel) that comprise the tunnel. Each of the channels supports reliability mechanisms (e.g., congestion-control mechanism and loss-recovery mechanism) integrally running thereon, for ensuring complete data-packet delivery. To prevent unwarranted performance degradation caused by duplicative efforts of reliability mechanisms, a fabric controller is employed to selectively disable one or more of the reliability mechanisms individually. The selective disablement of the reliability mechanisms is invoked by predefined criteria, such as instructions from a service model or detected identity of a source/destination endpoint, and is invoked on a per network connection basis.
Abstract translation: 提供了用于建立和管理基于传输控制协议(TCP)的隧道(“隧道”)的计算机化方法,系统和计算机存储介质。 隧道跨越数据中心和私有企业网络,并连接驻留在每个位置的服务应用程序的端点。 在通信期间,端点通过包括隧道的一个或多个信道(例如,较高级信道和下级信道)发送数据分组。 每个信道支持在其上整体运行的可靠性机制(例如,拥塞控制机制和丢失恢复机制),以确保完整的数据分组传递。 为了防止由可靠性机制的重复努力引起的不合理的性能下降,使用结构控制器来分别选择性地禁用一个或多个可靠性机制。 可靠性机制的选择性禁用由诸如来自服务模型的指令或源/目的地端点的检测到的标识的预定义标准来调用,并且在每个网络连接的基础上被调用。
-
Patent Agency Ranking
公开(公告)号:WO2011056714A2
公开(公告)日:2011-05-12
申请号:PCT/US2010/054559
申请日:2010-10-28
Applicant: MICROSOFT CORPORATION
Inventor: ALKHATIB, Hasan , BANSAL, Deepak
IPC: H04L12/28
CPC classification number: H04L29/12349 , H04L45/64 , H04L61/2507 , H04L63/0272
Abstract: Computerized methods, systems, and computer-storage media for establishing and managing a virtual network overlay ("overlay") are provided. The overlay spans between a data center and a private enterprise network and includes endpoints, of a service application, that reside in each location. The service-application endpoints residing in the data center and in the enterprise private network are reachable by data packets at physical IP addresses. Virtual presences of the service-application endpoints are instantiated within the overlay by assigning the service-application endpoints respective virtual IP addresses and maintaining an association between the virtual IP addresses and the physical IP addresses. This association facilitates routing the data packets between the service-application endpoints, based on communications exchanged between their virtual presences within the overlay. Also, the association secures a connection between the service-application endpoints within the overlay that blocks communications from other endpoints without a virtual presence in the overlay.
Abstract translation: 提供了用于建立和管理虚拟网络覆盖(“覆盖”)的计算机化的方法,系统和计算机存储介质。 覆盖层跨越数据中心和私人企业网络之间,并包含驻留在每个位置的服务应用程序的端点。 驻留在数据中心和企业专用网络中的服务应用端点可通过物理IP地址处的数据包到达。 通过为服务应用程序端点分配相应的虚拟IP地址并维护虚拟IP地址与物理IP地址之间的关联,服务应用程序端点的虚拟存在被实例化。 该关联有助于根据在覆盖内的虚拟存在之间交换的通信在服务应用端点之间路由数据分组。 另外,该关联保证覆盖内的服务应用端点之间的连接,该连接阻止来自其他端点的通信,而没有覆盖中的虚拟存在。
-
公开(公告)号:EP2586160A2
公开(公告)日:2013-05-01
申请号:EP11798589.5
申请日:2011-06-06
Applicant: Microsoft Corporation
Inventor: ALKHATIB, Hasan , OUTHRED, Geoff
CPC classification number: H04L45/745 , H04L12/4641 , H04L12/66 , H04L29/12047 , H04L29/12339 , H04L45/02 , H04L45/74 , H04L49/70 , H04L61/15 , H04L61/2007 , H04L61/2503
Abstract: Computerized methods, systems, and computer-readable media are provided for distributing virtualized gateway functionality to multiple nodes within a physical network. Initially, drivers that carry out the gateway functionality are provisioned to cooperate with endpoints instantiated on the network nodes, while a directory service is implemented to maintain a mapping between virtual internet protocol (IP) addresses and location-dependent addresses, as well as a table enumerating transformation actions according to known pathways connecting the endpoints within a network. In operation, the directory service replies to requests from the driver (carrying source and destination IP addresses of data packets) with the appropriate location-dependent addresses (utilizing the mapping) and the appropriate transformation action(s) (utilizing the table). The transformation action(s) include rewriting headers of the data packets to include the location-dependent addresses, encapsulating the data packets as inner data packets within respective outer data packets, or configuring the data packets with a tunneling protocol.
-
公开(公告)号:EP2583433A2
公开(公告)日:2013-04-24
申请号:EP11796141.7
申请日:2011-05-25
Applicant: Microsoft Corporation
Inventor: ALKHATIB, Hasan
CPC classification number: H04L61/251 , H04L29/12358 , H04L29/12575 , H04L61/2592
Abstract: Systems, methods and computer storage media for utilizing IPv6 addressing for globally unique identification of network endpoints when communications from or to an IPv4 compatible application. An IPv4 packet of data that is from and/or directed to an IPv4 endpoint is encapsulated in an IPv6 packet of data. An IPv6 compatible address is identified for a destination of the IPv6 packet of data. The IPv6 address is a globally unique identifier that is comprised of an IPv4 identifier that represents an IPv4 address of the encapsulated IPv4 packet. The IPv6 packet of data is communicated to the destination identified by the IPv6 address. A 4to6 stack may intercept the incoming IPv6 packet of data before the destination to strip the IPv6 header information revealing the IPv4 packet of data.
Abstract translation: 系统,方法和计算机存储介质,用于在来自IPv4兼容应用程序或与IPv4兼容应用程序通信时,利用IPv6寻址对网络端点进行全球唯一标识。 来自和/或指向IPv4端点的IPv4数据包被封装在IPv6数据包中。 IPv6兼容地址被标识为IPv6数据包的目的地。 IPv6地址是全球唯一的标识符,由标识IPv4封装的IPv4地址的IPv4标识符组成。 将IPv6数据包发送到由IPv6地址标识的目的地。 4to6堆栈可以在目的地之前截取传入的IPv6数据包,以剥离揭示IPv4数据包的IPv6头部信息。
-
公开(公告)号:EP2543162A2
公开(公告)日:2013-01-09
申请号:EP11751325.9
申请日:2011-03-02
Applicant: Microsoft Corporation
Inventor: BANSAL, Deepak , ALKHATIB, Hasan
CPC classification number: H04L69/14 , H04L47/193 , H04L47/20 , H04L47/22 , H04L67/10 , H04L69/161 , H04L69/326 , H04L69/329 , H04L69/40 , Y02D50/30
Abstract: Computerized methods, systems, and computer-storage media for establishing and managing a transmission control protocol (TCP)-based tunnel (“tunnel”) are provided. The tunnel spans between a data center and a private enterprise network and connects endpoints, of a service application, that reside in each location. During communication, the endpoints transmit data packets over one or more channels (e.g., higher-level channel and lower-level channel) that comprise the tunnel. Each of the channels supports reliability mechanisms (e.g., congestion-control mechanism and loss-recovery mechanism) integrally running thereon, for ensuring complete data-packet delivery. To prevent unwarranted performance degradation caused by duplicative efforts of reliability mechanisms, a fabric controller is employed to selectively disable one or more of the reliability mechanisms individually. The selective disablement of the reliability mechanisms is invoked by predefined criteria, such as instructions from a service model or detected identity of a source/destination endpoint, and is invoked on a per network connection basis.
Abstract translation: 提供了用于建立和管理基于传输控制协议(TCP)的隧道(隧道)的计算机化方法,系统和计算机存储介质。 隧道跨越数据中心和私人企业网络,并连接驻留在每个位置的服务应用程序的端点。 在通信期间,端点通过组成隧道的一个或多个信道(例如,更高级信道和更低级信道)发送数据分组。 每个信道支持在其上整体运行的可靠性机制(例如,拥塞控制机制和丢失恢复机制),用于确保完整的数据分组传递。 为了防止由可靠性机制的重复工作引起的不必要的性能下降,采用结构控制器来分别选择性地禁用一个或多个可靠性机制。 可靠性机制的选择性禁用通过预定义标准来调用,例如来自服务模型的指令或源/目标端点的检测到的标识,并且基于每个网络连接调用。
-
公开(公告)号:EP2586179A2
公开(公告)日:2013-05-01
申请号:EP11798623.2
申请日:2011-06-10
Applicant: Microsoft Corporation
Inventor: ALKHATIB, Hasan , OUTHRED, Geoffrey , BANSAL, Deepak , PANASYUK, Anatoliy , RANGEGOWDA, Dharshan , CHAVEZ, Anthony
CPC classification number: G06F21/31 , H04L9/3234 , H04L9/3247 , H04L29/12264 , H04L29/12452 , H04L61/2046 , H04L61/2535 , H04L61/2546 , H04L63/0815 , H04L63/104 , H04L2209/60
Abstract: Computerized methods, systems, and computer-readable media for promoting cooperation between a first and second virtual network overlay ("overlay") are provided. The first overlay is governed by a first authority domain and includes members assigned virtual IP addresses from a first address range. The second overlay is governed by a second authority domain, which is associated with a second federation mechanism, for negotiating on behalf of the second overlay. The second federation mechanism is capable of negotiating with, or soliciting delegation of authority from, a first federation mechanism that is associated with the first authority domain. When negotiations are successful or authority is delegated, the second federation mechanism establishes a communication link between the second overlay and the first overlay or joins a member of the second overlay to the first overlay. Joining involves allocating a guest IP address from the first address range to the member.
-
-
-
-
-
-
-
-
-
Search Results
12
records
(took 0.023 seconds)
