公开(公告)号：US09992221B1

公开(公告)日：2018-06-05

申请号：US14940083

申请日：2015-11-12

Applicant: Amdocs Software Systems Limited

Inventor： Eyal Felstaine ,  Itzik Kitroser ,  Ofer Hermoni ,  Shmuel Ur

IPC: H04L29/06

CPC classification number: H04L63/1458 ,  H04L63/1425 ,  H04L2463/142

Abstract: A system, method, and computer program product are provided that utilize a decoy in response to a distributed denial of service attack in a communication network. In use, a distributed denial of service (DDoS) attack directed at one or more resources of a communication network is detected. Additionally, at least one first communication channel associated with the communication network that is subject to the DDoS attack is identified. Further, at least one second communication channel to implement functionality of the at least one first communication channel is initiated, while maintaining the at least one first communication channel subject to the DDoS attack to use as a decoy for the DDoS attack. Moreover, the at least one second communication channel is utilized to implement the functionality of the at least one first communication channel while the at least one first communication channel subject to the DDoS attack is used as the decoy for the DDoS attack.

公开(公告)号：US09806979B1

公开(公告)日：2017-10-31

申请号：US14572728

申请日：2014-12-16

Applicant: Amdocs Software Systems Limited

Inventor： Eyal Felstaine ,  Ofer Hermoni ,  Nimrod Sandlerman

IPC: G06F15/173 ,  H04L12/26 ,  G06F9/455

CPC classification number: H04L43/10 ,  G06F9/45533 ,  G06F11/008 ,  G06F11/1451 ,  G06F11/1662 ,  G06F11/2002 ,  G06F11/2025 ,  G06F11/2035 ,  G06F11/2097 ,  G06F11/3433 ,  G06F2201/815 ,  G06F2201/84 ,  H04L41/0668 ,  H04L41/0893

Abstract: According to one aspect of the present invention there is provided a system, method, and computer program product for deploying a plurality of virtual network function (VNF) instances in a communication network using network function virtualization (NFV-based network), where the network includes a plurality of computing-related units and communication links in-between, the method including: determining at least one performance value for at least one of the computing-related units and communication links, determining at least one performance requirement for at least one of the VNF instances, and associating the at least one VNF instance with at least one of the computing-related units and the communication links according to the at least one performance requirement and the at least one performance value.

公开(公告)号：US09430262B1

公开(公告)日：2016-08-30

申请号：US14572719

申请日：2014-12-16

Applicant: Amdocs Software Systems Limited

Inventor： Eyal Felstaine ,  Ofer Hermoni ,  Nimrod Sandlerman

IPC: G06F9/45 ,  G06F9/455 ,  H04L29/08

CPC classification number: H04L67/1008 ,  G06F9/45533 ,  G06F9/45558 ,  G06F9/50 ,  G06F2009/45595 ,  H04L41/12 ,  H04L43/16 ,  H04L47/70 ,  H04L67/02 ,  H04L67/10 ,  H04L67/16 ,  H04L67/38

Abstract: A system, method, and computer program product are provided for managing hierarchy and optimization in network function virtualization based networks. In use, a first hardware unit of a plurality of hardware units associated with a network function virtualization (NFV) based communication network is identified, the first hardware unit being identified based on a first load characteristic associated with the first hardware unit. Further, a first virtual network function (VNF) instance associated with the first hardware unit is identified, the first VNF instance being associated with usage of at least one service. Additionally, at least one traffic route associated with the first VNF instance is identified, the at least one traffic route being associated with usage of the at least one service. Furthermore, a second hardware unit for handling at least a portion of a workload associated with the at least one service is identified, the second hardware unit being identified based on a second load characteristic associated with the second hardware unit, and the second hardware unit being capable of utilizing the at least one traffic route. Still yet, a second VNF instance is initiated in the second hardware unit. Moreover, at least part of the at least one service is migrated from the first VNF instance to the second VNF instance without disrupting the service.

Abstract translation: 提供了一种系统，方法和计算机程序产品，用于管理基于网络功能虚拟化的网络中的层次结构和优化。 在使用中，识别与基于网络功能虚拟化（NFV）的通信网络相关联的多个硬件单元的第一硬件单元，基于与第一硬件单元相关联的第一负载特性来识别第一硬件单元。 此外，识别与第一硬件单元相关联的第一虚拟网络功能（VNF）实例，所述第一VNF实例与至少一个服务的使用相关联。 另外，识别与第一VNF实例相关联的至少一个业务路由，所述至少一个业务路由与所述至少一个业务的使用相关联。 此外，识别用于处理与所述至少一个服务相关联的工作负荷的至少一部分的第二硬件单元，所述第二硬件单元基于与所述第二硬件单元相关联的第二负载特性来识别，所述第二硬件单元是 能够利用至少一个交通路线。 仍然，在第二硬件单元中启动第二VNF实例。 此外，至少一个服务的至少一部分从第一VNF实例迁移到第二VNF实例而不中断服务。

公开(公告)号：US09794160B1

公开(公告)日：2017-10-17

申请号：US14597165

申请日：2015-01-14

Applicant: Amdocs Software Systems Limited

Inventor： Eyal Felstaine ,  Itzik Kitroser ,  Ofer Hermoni ,  Shmuel Ur

IPC: G06F15/173 ,  G06F15/16 ,  H04L12/26

CPC classification number: H04L43/50 ,  H04L43/04

Abstract: A system, method, and computer program product are provided for testing composite services in a communication network utilizing test data. In use, test data is sent to a composition of virtual services to test at least a portion of the composition of virtual services, the composition of virtual services including at least one first virtual service and at least one second virtual service chained such that the test data is received by the at least one first virtual service and an output of the at least one first virtual service is input to the at least one second virtual service, and at least a portion of the test data being configured such that at least a portion of the output of the at least one first virtual service is the same as the test data input to the at least one first virtual service. Additionally, a first output is received from the at least one second virtual service, the first output including a result of the output of the at least one first virtual service being input to the at least one second virtual service. Further, the test data is sent as an input to at least one third virtual service, the at least one third virtual service including the same functionality as the at least one second virtual service. In addition, a second output is received from the at least one third virtual service, the second output including a result of the test data being input to the at least one third virtual service including the same functionality as the at least one second virtual service. Moreover, the first output from the at least one second virtual service is compared with the second output from the at least one third virtual service including the same functionality as the at least one second virtual service to test the at least a portion of the composition of virtual services.

公开(公告)号：US09645899B1

公开(公告)日：2017-05-09

申请号：US14572726

申请日：2014-12-16

Applicant: Amdocs Software Systems Limited

Inventor： Eyal Felstaine ,  Ofer Hermoni ,  Nimrod Sandlerman

IPC: G06F11/20 ,  G06F11/14

CPC classification number: H04L43/10 ,  G06F9/45533 ,  G06F11/008 ,  G06F11/1451 ,  G06F11/1662 ,  G06F11/2002 ,  G06F11/2025 ,  G06F11/2035 ,  G06F11/2097 ,  G06F11/3433 ,  G06F2201/815 ,  G06F2201/84 ,  H04L41/0668 ,  H04L41/0893

Abstract: According to one aspect of the present invention there is provided a system, method, and computer program product for recovering from a network failure in a communication network using network function virtualization (NFV-based network), the method including: selecting a first network component of the NFV-based network, detecting at least one probable failure of the first network component, identifying at least one virtual network function (VNF) instance using the first network component, selecting a second network component to be used by same VNF for replacing the VNF instance in the first network component when the first network component is faulty, and securing at least one resource of the second network component for the VNF.

公开(公告)号：US09460286B1

公开(公告)日：2016-10-04

申请号：US14572723

申请日：2014-12-16

Applicant: Amdocs Software Systems Limited

Inventor： Eyal Felstaine ,  Ofer Hermoni ,  Nimrod Sandlerman

IPC: H04L29/06 ,  G06F21/56 ,  G06F21/43

CPC classification number: H04L63/1416 ,  H04L63/1441 ,  H04L63/1458 ,  H04L63/20

Abstract: A system, method, and computer program product are provided for providing security in a Network Function Virtualization based (NFV-based) communication network. In operation, a security attack is identified. Additionally, a first hardware unit attacked by the security attack is identified. Further, a hardware unit in which to initiate a security defense software program is identified. Moreover, the security defense software program is initiated in the identified hardware unit.

Abstract translation: 提供了一种系统，方法和计算机程序产品，用于在基于网络功能虚拟化（基于NFV的）通信网络中提供安全性。 在操作中，确定了安全攻击。 另外，确定了受安全攻击攻击的第一个硬件单元。 此外，识别出启动安全防御软件程序的硬件单元。 此外，安全防御软件程序在所识别的硬件单元中启动。

公开(公告)号：US09384028B1

公开(公告)日：2016-07-05

申请号：US14572716

申请日：2014-12-16

Applicant: Amdocs Software Systems Limited

Inventor： Eyal Felstaine ,  Ofer Hermoni ,  Nimrod Sandlerman

IPC: G06F9/45 ,  G06F9/455 ,  H04L29/08

CPC classification number: H04L67/02 ,  G06F9/45558 ,  G06F2009/45595 ,  H04L41/5025

Abstract: A system, method, and computer program product are provided for preserving service continuity in a Network Function Virtualization based (NFV-based) communication network. In use, a first virtual network function (VNF) instance associated with a first VNF in a first hardware unit in a Network Function Virtualization based (NFV-based) communication network is identified. Additionally, a second VNF instance on a second hardware unit is instantiated, the second VNF instance being compatible with the first VNF instance. Further, communication directed to the first VNF instance is diverted to the second VNF instance on the second hardware unit, in response to initiating the second VNF instance on a second hardware unit.

Abstract translation: 提供了一种系统，方法和计算机程序产品，用于在基于网络功能虚拟化（基于NFV的）通信网络中保持服务连续性。 在使用中，识别与基于网络功能虚拟化（基于NFV的）通信网络中的第一硬件单元中的第一VNF相关联的第一虚拟网络功能（VNF）实例。 另外，第二硬件单元上的第二VNF实例被实例化，第二VNF实例与第一VNF实例兼容。 此外，响应于在第二硬件单元上启动第二VNF实例，针对第一VNF实例的通信被转移到第二硬件单元上的第二VNF实例。

公开(公告)号：US20160043944A1

公开(公告)日：2016-02-11

申请号：US14561126

申请日：2014-12-04

Applicant: Amdocs Software Systems Limited

Inventor： Eyal Felstaine ,  Itzik Kitroser ,  Ofer Hermoni ,  Shmuel Ur

IPC: H04L12/721 ,  H04L12/26

CPC classification number: H04L45/70 ,  G06F9/50 ,  H04L41/0896 ,  H04L41/5041 ,  H04L43/12 ,  H04L47/10 ,  H04L47/12 ,  H04L47/2475 ,  H04L63/083

Abstract: A system, method, and computer program product are provided for augmenting a physical network system utilizing a network function virtualization orchestrator (NFV-O). In use, data traffic is monitored utilizing a Network Function Virtualization Orchestrator (NFV-O) module associated with at least a portion of a physical network system, the NFV-O module being operable to manage data flow associated with one or more Virtual Network Functions (VNFs) and one or more physical elements of the physical network system. Additionally, it is determined whether flow of the data traffic should be modified based on at least one of a traffic load or a traffic type utilizing the NFV-O module integrated in the physical network system. Further, at least a portion of the data traffic is directed from at least one of the physical elements to at least one of the VNFs when it is determined that the flow of the data traffic should be modified.

Abstract translation: 提供了一种系统，方法和计算机程序产品，用于使用网络功能虚拟化协调器（NFV-O）增强物理网络系统。 在使用中，使用与物理网络系统的至少一部分相关联的网络功能虚拟化协调器（NFV-O）模块监视数据业务，所述NFV-O模块可操作以管理与一个或多个虚拟网络功能相关联的数据流 （VNF）和物理网络系统的一个或多个物理元件。 此外，基于集成在物理网络系统中的NFV-O模块的业务负载或业务类型中的至少一个，确定是否应该修改数据流量的流量。 此外，当确定数据业务的流量应当被修改时，至少一部分数据业务被从物理元素中的至少一个引导到至少一个VNF。

公开(公告)号：US09838265B2

公开(公告)日：2017-12-05

申请号：US14572729

申请日：2014-12-16

Applicant: Amdocs Software Systems Limited

Inventor： Eyal Felstaine ,  Ofer Hermoni ,  Nimrod Sandlerman ,  Itzik Kitroser

IPC: G06F15/173 ,  H04L12/24 ,  H04W12/08 ,  H04W28/00

CPC classification number: G06F11/0793 ,  G06F11/0709 ,  G06F11/2023 ,  H04L41/022 ,  H04L41/20 ,  H04L41/28 ,  H04L67/10 ,  H04W12/08 ,  H04W28/00

Abstract: According to one aspect of the present invention there is provided a system, method, and computer program product for communicating information in a communication network using network function virtualization (NFV-based communication network), the method including: sending a communication from a first entity of the NFV-based communication network, the first entity being a sender, and receiving the communication by a second entity of the NFV-based communication network, the second entity being a receiver, where the communication includes: an identification of the sender of the communication, and an identification of the receiver of the communication, an identification of a function associated with the NFV-based communication network, and an authorization associating one or more of the sender and the receiver with the function.

公开(公告)号：US09794187B1

公开(公告)日：2017-10-17

申请号：US14572735

申请日：2014-12-16

Applicant: Amdocs Software Systems Limited

Inventor： Eyal Felstaine ,  Ofer Hermoni ,  Nimrod Sandlerman

IPC: G06F15/173 ,  H04L12/911 ,  H04L29/08

CPC classification number: H04L67/1008 ,  G06F9/45533 ,  G06F9/45558 ,  G06F9/50 ,  G06F2009/45595 ,  H04L41/12 ,  H04L43/16 ,  H04L47/70 ,  H04L67/02 ,  H04L67/10 ,  H04L67/16 ,  H04L67/38

Abstract: A system, method, and computer program product are provided for resource conversion in network function virtualization based networks. In use, a first resource of a first type is identified in a first hardware unit, the first resource at least potentially having insufficient availability and being associated with a Network Function Virtualization based (NFV-based) communication network. Additionally, a second resource of a second type is identified, the second resource being associated with the first hardware unit, the second resource being identified as sufficiently available. Further, a third resource of the first type is identified, the third resource being associated with a second hardware unit, the second hardware unit being associated with the second resource, the third resource being identified as sufficiently available.