Abstract: Disclosed are systems and methods for network architecture that is a server-centric network architectural design.

Abstract: A geographic location of a network device is determined using response delay times from internet servers used as landmarks. A coordination server provides to a client a list of area landmark servers (ALS) with known geographic locations. The client probes ALSs, measures response delays, and provides results to the coordination server. The coordination server then provides to the client a list of additional city landmark servers (CLS) within the area. The client probes the CLSs and provides results to the coordination server which then determines the geographic location of the client.

Abstract: Large numbers of commodity servers in a data center may be inexpensively interconnected using low-cost commodity network switches, a first network port on each commodity server, a second network port on each commodity server, and a traffic-aware routing module executed on each commodity server. Connecting two or more commodity servers via the first network ports on each server to a commodity network switch forms a unit. Connecting two commodity servers in different units forms a group. Each unit has a direct connection via a second network port on a commodity server in the unit to another unit. Each group may have a direct connection via a second network port on a commodity server in the group to another group. Traffic-aware routing modules executed on each commodity server determine routing of data between servers and balance traffic across the first and second ports.

Abstract: A method and system for protecting an application that implements a communication protocol against exploitation of a communication-based vulnerability is provided. A protection system provides a protection policy that specifies how to recognize messages that expose a specific vulnerability and specifies actions to take when the vulnerability is exposed. A protection policy specifies the sequence of messages and their payload characteristics that expose a vulnerability. The protection system may specify the sequences of messages using a message protocol state machine. A message protocol state machine of an application represents the states that the application transitions through as it receives various messages. The message protocol state machine of the protection policy may be a portion of the message protocol state machine of the application relating to the vulnerability. The protection system uses the message protocol state machine to track the states that lead up to the exposing of the vulnerability.

Abstract: A method and system for providing a multi-level interconnection network is provided. A multi-level interconnection network comprises basic cells that are aggregated into higher level cells at each level of the network. At the first level, the basic cells are aggregated into first level cells. Each first level cell is an aggregation of a number of basic cells that is one more than the number of devices in a basic cell. The basic cells of a first level cell are fully connected; that is, each basic cell has a first level link or connection to each other basic cell. In a first level cell, each device of a basic cell has a first level link to each other basic cell. The multi-level interconnection network has higher level cells that are aggregations of lower level cells in a similar manner.

Abstract: A method and system for providing a multi-level interconnection network is provided. A multi-level interconnection network comprises basic cells that are aggregated into higher level cells at each level of the network. At the first level, the basic cells are aggregated into first level cells. Each first level cell is an aggregation of a number of basic cells that is one more than the number of devices in a basic cell. The basic cells of a first level cell are fully connected; that is, each basic cell has a first level link or connection to each other basic cell. In a first level cell, each device of a basic cell has a first level link to each other basic cell. The multi-level interconnection network has higher level cells that are aggregations of lower level cells in a similar manner.

Abstract: A middle layer network protocol enhancement, virtual connectivity (VC) makes the network attachment point changes of local and remote peers transparent to applications that use network services. A virtual connectivity module local to each peer translates communication connection parameters from apparent to real and vice versa, as well as sending and receiving secure connection updates directly to and from peers. Unlike Mobile IP, no routing infrastructure modifications are required. A subscribe-notify service provides connection update notifications when direct peer-to-peer connection updates are not possible, for example, when two communicating peers move simultaneously or when the moving peer is communicating with a peer behind network address translation (NAT). Methods for detecting these conditions are disclosed, as is a virtual connectivity protocol and virtual connectivity module architecture.

Abstract: An end host in a peer-to-peer system stores identifiers for both its peers and the neighbors of its peers. When the IP address of the end host and one of the peers changes, the end host's new IP address can be sent to each neighbor of the peer so that communication between the end host and the peer will not be lost. The order in which the neighbors of the peer are stored can be prioritized for faster delivery of the end host's changed IP address to the peer. The prioritizing can be by available bandwidth of the neighbors, proximity of the neighbors, trust between the peer and its neighbors, the probability that the IP address of the neighbors will change, etc. Proximity of the peers from each other and the end host can be a function of the identifier, which can be generated from a public key.

Abstract: A network address mapping system is described. The network address mapping system can identify a set of Web pages, collects information from the Web pages indicating geographical locations (“geolocations”), and correlate the geolocations with the network addresses from which the identified Web pages are served. The collected information can be weighted based on various factors, such as its relative position in a Web page. The collected information can then be used to identify a geolocation. The network mapping system can deduce geolocations for portions of ranges of network addresses based on the score, and can infer geolocations for other portions based on the deduced geolocations. This mapping can then be stored in a database and provided as a geomapping service. The network address mapping system is able to map network addresses to geographical locations.

Abstract: A method and system for scheduling packets to provide fair bandwidth sharing is provided. A packet scheduling system is composed of a communication link and flows from different network applications. These flows share the same communication link and have different bandwidth reservation according to different application requirements. In this invention, the bandwidth of the communication link is expressed into its binary form, and the binary coefficients are used to form a Square Weight Matrix. Moreover, each non-zero binary coefficient is expressed by a Weighted Binary Tree. The Square Weight Matrix is further spread by a Weight Spread Sequence and each Weighted Binary Tree is spread into a Time-Slot Array by using a Binary Reversal operation. When a flow is accepted by the scheduling system, the system first expresses the requested bandwidth of the flow into binary form, and then for each non-zero coefficients, the system allocates a node with the same weight from the Weighted Binary Trees to the flow.

Abstract: A method for detecting a spurious timeout in a TCP network which can be used to avoid unnecessarily triggering the TCP rate adaptation is disclosed. Upon detection of a timeout on a given packet, a shortened packet version of the possibly lost packet is retransmitted. The retransmitted packet is at least one byte shorter than the original packet. The node receiving this retransmitted packet will acknowledge the receipt of the packet as specified in the TCP protocol. The acknowledgment will contain the sequence number of the lowest byte the receiving node has not yet received. Because the retransmitted packet is shorter than the original packet, the sequence number of this as yet not received byte will be less than or equal to the last byte of the original packet if the original packet was not received indicating a valid timeout.

Abstract: An end host in a peer-to-peer system stores identifiers for both its peers and the neighbors of its peers. When the IP address of the end host and one of the peers changes, the end host's new IP address can be sent to each neighbor of the peer so that communication between the end host and the peer will not be lost. The order in which the neighbors of the peer are stored can be prioritized for faster delivery of the end host's changed IP address to the peer. The prioritizing can be by available bandwidth of the neighbors, proximity of the neighbors, trust between the peer and its neighbors, the probability that the IP address of the neighbors will change, etc. Proximity of the peers from each other and the end host can be a function of the identifier, which can be generated from a public key.

Abstract: A method for detecting a spurious timeout in a TCP network which can be used to avoid unnecessarily triggering the TCP rate adaptation is disclosed. Upon detection of a timeout on a given packet, a shortened packet version of the possibly lost packet is retransmitted. The retransmitted packet is at least one byte shorter than the original packet. The node receiving this retransmitted packet will acknowledge the receipt of the packet as specified in the TCP protocol. The acknowledgment will contain the sequence number of the lowest byte the receiving node has not yet received. Because the retransmitted packet is shorter than the original packet, the sequence number of this as yet not received byte will be less than or equal to the last byte of the original packet if the original packet was not received indicating a valid timeout.

Abstract: A method and system for protecting an application that implements a communication protocol against exploitation of a communication-based vulnerability is provided. A protection system provides a protection policy that specifies how to recognize messages that expose a specific vulnerability and specifies actions to take when the vulnerability is exposed. A protection policy specifies the sequence of messages and their payload characteristics that expose a vulnerability. The protection system may specify the sequences of messages using a message protocol state machine. A message protocol state machine of an application represents the states that the application transitions through as it receives various messages. The message protocol state machine of the protection policy may be a portion of the message protocol state machine of the application relating to the vulnerability. The protection system uses the message protocol state machine to track the states that lead up to the exposing of the vulnerability.

Abstract: A middle layer network protocol enhancement, virtual connectivity (VC) makes the network attachment point changes of local and remote peers transparent to applications that use network services. A virtual connectivity module local to each peer translates communication connection parameters from apparent to real and vice versa, as well as sending and receiving secure connection updates directly to and from peers. Unlike Mobile IP, no routing infrastructure modifications are required. A subscribe-notify service provides connection update notifications when direct peer-to-peer connection updates are not possible, for example, when two communicating peers move simultaneously or when the moving peer is communicating with a peer behind network address translation (NAT). Methods for detecting these conditions are disclosed, as is a virtual connectivity protocol and virtual connectivity module architecture.

Abstract: A middle layer network protocol enhancement, virtual connectivity (VC) makes the network attachment point changes of local and remote peers transparent to applications that use network services. A virtual connectivity module local to each peer translates communication connection parameters from apparent to real and vice versa, as well as sending and receiving secure connection updates directly to and from peers. Unlike Mobile IP, no routing infrastructure modifications are required. A subscribe-notify service provides connection update notifications when direct peer-to-peer connection updates are not possible, for example, when two communicating peers move simultaneously or when the moving peer is communicating with a peer behind network address translation (NAT). Methods for detecting these conditions are disclosed, as is a virtual connectivity protocol and virtual connectivity module architecture.