Patents by Inventor Xiangqing Chang
Xiangqing Chang has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240106740Abstract: Disclosed is a method and an apparatus for packet forwarding, which relate to the network technology field and are applied to a network node. The method comprises: obtaining an SRV6 packet; if a function field in a target SID contains a security authentication instruction, obtaining a target argument based on an operation indicated by the security authentication instruction, and performing security authentication processing on the SRv6 packet based on the target argument; wherein, the target SID is an SID, corresponding to the network node, in a segment list carried by a header of the SRv6 packet, and the target argument is: an argument for the security authentication instruction recorded in the header; and forwarding the processed SRv6 packet to a next-hop device. By applying the solution for packet forwarding according to examples of the present disclosure, the security in forwarding the SRv6 packet along the SRv6 forwarding path can be improved.Type: ApplicationFiled: June 29, 2021Publication date: March 28, 2024Applicant: New H3C Technologies Co., Ltd.Inventors: Xiangqing CHANG, Zhaoyan LEI, Tao LIN, Juan QIN
-
Patent number: 9426678Abstract: A method is provided for a master apparatus of a Virtual Router Redundancy Protocol (VRRP) in a dual-homed node that is a part of a dual-homed network to implement a Layer 3 apparatus. The dual-homed network includes the dual-homed node and a Layer 2 MPLS-Transport Profile (MPLS-TP) network. The method includes monitoring a state of an uplink, when the monitoring detects that the uplink has a failure, notifying an original backup apparatus of the VRRP to perform a master-backup switch, and notifying a downlink apparatus of the master apparatus of the VRRP that a remote link has a failure, thereby causing the downlink apparatus to switch a working channel within the MPLS-TP network. The method includes, when a notification indicating that the master-backup switch has been performed is received from the original backup apparatus of the VRRP, switching to a backup apparatus of the VRRP.Type: GrantFiled: January 17, 2013Date of Patent: August 23, 2016Assignee: HANGZHOU H3C TECHNOLOGIES CO., LTD.Inventors: Xiangqing Chang, Zhonghua Gao, Min Yao, Jianfeng Liu
-
Patent number: 9173082Abstract: A method and device for preventing a roaming user terminal from re-authentication are provided. The method includes: when Virtual Local Area Network (VLAN) of a roaming user terminal changes, change information of the roaming user terminal is reported to a Broadband Remote Access Server (BRAS) via an Access Controller (AC) and the BRAS reports modified information of the roaming user terminal to an Authentication, Authorization, Accounting server (AAA server).Type: GrantFiled: December 22, 2011Date of Patent: October 27, 2015Assignee: HANGZHOU H3C TECHNOLOGIES CO., LTD.Inventors: Xiangqing Chang, Yang Shi, Jianfeng Liu, Haitao Zhang, Tao Zheng, Min Yao
-
Patent number: 9036561Abstract: Examples of the present disclosure provide a dual-homing protection method and device. In the dual-homing protection method, a forwarding item synchronizing channel and a data transfer channel are established between two Provider Edge (PE) devices in a dual-homing node, a Pseudo Wire (PW) and a Label Switched Path (LSP) protection group bearing the PW are established between a network side peer PE device and the two PE devices in the dual-homing node, which are taken as a logical device, so as to implement LSP protection within a network. The present disclosure may enable the protection within a network to be independent of access link protection. Subsequently, the management is simple.Type: GrantFiled: September 6, 2012Date of Patent: May 19, 2015Assignee: HANGZHOU H3C TECHNOLOGIES CO., LTD.Inventors: Xiangqing Chang, Jianfeng Liu, Min Yao, Zhonghua Gao, Liyao Zhao
-
Patent number: 8908689Abstract: The present invention provides an apparatus and method for processing a packet. An interface processing module selects one from all service processing modules as a service processing module for processing a packet; if the service processing module needs to perform tunnel processing for the packet, the service processing module transmits the packet after performing the tunnel processing; if another service processing module needs to perform tunnel processing for the packet, the service processing module transmits the packet to a service processing module needing to perform tunnel processing for the packet. According to the present invention, the packet can be processed uniformly by the service processing module, so it is not unnecessary to store session states in the service processing modules, and also not unnecessary to perform synchronization between the service processing modules, which greatly decreases complexity of processing the packet and saves system bandwidth.Type: GrantFiled: July 9, 2008Date of Patent: December 9, 2014Assignee: Hangzhou H3C Technologies Co., Ltd.Inventors: Xiangqing Chang, Xiao Li, Xudong Zou
-
Publication number: 20140334292Abstract: A method is provided for a master apparatus of a Virtual Router Redundancy Protocol (VRRP) in a dual-homed node that is a part of a dual-homed network to implement a Layer 3 apparatus. The dual-homed network includes the dual-homed node and a Layer 2 MPLS-Transport Profile (MPLS-TP) network. The method includes monitoring a state of an uplink, when the monitoring detects that the uplink has a failure, notifying an original backup apparatus of the VRRP to perform a master-backup switch, and notifying a downlink apparatus of the master apparatus of the VRRP that a remote link has a failure, thereby causing the downlink apparatus to switch a working channel within the MPLS-TP network. The method includes, when a notification indicating that the master-backup switch has been performed is received from the original backup apparatus of the VRRP, switching to a backup apparatus of the VRRP.Type: ApplicationFiled: January 17, 2013Publication date: November 13, 2014Inventors: Xiangqing Chang, Zhonghua Gao, Min Yao, Jianfeng Liu
-
Publication number: 20140301275Abstract: Examples of the present disclosure provide a dual-homing protection method and device. In the dual-homing protection method, a forwarding item synchronizing channel and a data transfer channel are established between two Provider Edge (PE) devices in a dual-homing node, a Pseudo Wire (PW) and a Label Switched Path (LSP) protection group bearing the PW are established between a network side peer PE device and the two PE devices in the dual-homing node, which are taken as a logical device, so as to implement LSP protection within a network. The present disclosure may enable the protection within a network to be independent of access link protection. Subsequently, the management is simple.Type: ApplicationFiled: September 6, 2012Publication date: October 9, 2014Inventors: Xiangqing Chang, Jianfeng Liu, Min Yao, Zhonghua Gao, Liyao Zhao
-
Patent number: 8559423Abstract: The present invention discloses a packet processing apparatus and method. The packet processing apparatus is applied to an L4˜L7 network device, including a plurality of interface processing units and a plurality of service processing units, the interface processing units are connected with the service processing units through a first connection unit; and each of the interface processing units is adapted to select, after receiving a packet from outside, a service processing unit from all the service processing units and transmit the packet to the selected service processing unit; and each of the service processing units is adapted to perform service processing to the packet after receiving the packet. The present invention improves packet processing capability and reliability of the L4˜L7 network device.Type: GrantFiled: June 26, 2008Date of Patent: October 15, 2013Assignee: Hangzhou H3C Technologies Co., Ltd.Inventors: Ju Wang, Zhanming Wei, Xudong Zou, Xiao Li, Xiangqing Chang
-
Publication number: 20130265941Abstract: A method and device for preventing a roaming user terminal from re-authentication are provided. The method includes: when Virtual Local Area Network (VLAN) of a roaming user terminal changes, change information of the roaming user terminal is reported to a Broadband Remote Access Server (BRAS) via an Access Controller (AC) and the BRAS reports modified information of the roaming user terminal to an Authentication, Authorization, Accounting server (AAA server).Type: ApplicationFiled: December 22, 2011Publication date: October 10, 2013Applicant: Hangzhou H3C Technologies Co., Ltd.Inventors: Xiangqing Chang, Yang Shi, Jianfeng Liu, Haitao Zhang, Tao Zheng, Min Yao
-
Publication number: 20130223273Abstract: In a method and an apparatus for evaluating air interface condition of a wireless local area network (WLAN), the evaluation of the air interface condition of the WLAN is divided into four layers: the evaluation of the air interface condition of the pre-defined area, the evaluation of the air interface condition of each place in the pre-defined area, the evaluation of the air interface condition of each AP in each place and the evaluation of the air interface condition of each user accessing each AP. The method and apparatus are able to provide definite evaluation denoting the level of the air interface condition through analyzing and quantizing of the statistical information items with respect to the overall air interface condition of the whole area covered by the WLAN or the partial air interface condition of each place, each AP and each user in the pre-defined area.Type: ApplicationFiled: October 21, 2011Publication date: August 29, 2013Applicant: HANGZHOU H3C TECHNOLOGIES CO,.LTD.Inventors: Xiangqing Chang, Yujin Zhao, Hongfei Zhang, Haitao Zhang, Jianfeng Liu
-
Patent number: 8392701Abstract: An apparatus and method for ensuring distributed packet transmission security are provided. In an embodiment of the present invention, a main control board allocates SA information to multiple processing boards according to a pre-defined criterion, so that each processing board which receives and stores the SA information may implement IPSec processing. As such, the IPSec processing is shared by the multiple processing boards. Accordingly, when there are a large number of IPSec tunnels on one interface, the IPSec processing to the packets passing the IPSec tunnels will not completely rely on only the processing board where the interface is located. Instead, the IPSec processing is allocated to different processing boards. Therefore, the multiple processing boards effectively share the IPSec processing corresponding to multiple SAs. The efficiency of the IPSec processing is increased.Type: GrantFiled: July 22, 2008Date of Patent: March 5, 2013Assignee: Hangzhou H3C Technologies Co., Ltd.Inventors: Xiangqing Chang, Wei Zheng
-
Patent number: 8327129Abstract: The present invention discloses a method, an apparatus, and a system for IKE negotiation. One method comprises: upon receiving a data packet, selecting one of multiple service cards according to a pre-configured policy and triggering the service card to send an IKE negotiation packet; and saving the mapping between the IKE negotiation packet and the service card. The other method comprises: upon receiving an IKE negotiation packet, selecting one of multiple service cards according to a pre-configured policy, triggering the service card to perform IKE negotiation, and saving the mapping between of the IKE negotiation packet and the service card. The solution enables a network node a node to distribute IKE negotiations to different service cards to perform IKE negotiation at the same time, improving IKE negotiation speed.Type: GrantFiled: June 23, 2008Date of Patent: December 4, 2012Assignee: Hangzhou H3C Technologies Co., Ltd.Inventors: Weichen Ren, Xudong Zou, Zhanming Wei, Xiangqing Chang
-
Patent number: 8316432Abstract: Embodiments of the present invention provide method for implementing security-related processing on packet and a network security device. Through establishing a relationship between stream attribute information of an initial packet of a stream and security-related processing information implemented on the initial packet, when a succeeding packet of the stream is received, the previously stored relationship is acquired according to stream attribute information of the succeeding packet, the security-related processing is implemented on the succeeding packet according to the security-related processing information in the relationship.Type: GrantFiled: July 17, 2008Date of Patent: November 20, 2012Assignee: Hangzhou H3C Technologies Co., Ltd.Inventors: Ju Wang, Mingyu Li, Xudong Zou, Xiangqing Chang, Zhongwei Fang, Xiao Li
-
Patent number: 8259740Abstract: The present invention discloses a packet processing method, which applies to a high-performance and scalable flow processing system architecture. The service board performs security processing for packets received from external devices by using the firewall function before sending them to the main CPU; similarly, the service board also performs security processing for packets sent from the main CPU by using the firewall function before the main CPU sends them to external devices. The methods of the present invention utilize high performance and good scalability of the new architecture. In a network with heavy and high-speed traffic, the service board performs security processing for packets by using the firewall function and then transmits the valid packets to the main CPU. Thus, the main CPU is protected by the firewall function against attack packets.Type: GrantFiled: June 12, 2008Date of Patent: September 4, 2012Assignee: Hangzhou H3C Technologies Co., Ltd.Inventors: Xiao Li, Xiangqing Chang, Xudong Zou
-
Patent number: 8249038Abstract: The present invention discloses a method for implementing centralized control plane and distributed data plane and that comprises the following steps: the main control unit of the main board generates control information and delivers it to the adaptation layer of the main board; the adaptation layer of the main board transmits the control information to the adaptation layer of the service board(s); the adaptation layer of the service board(s) delivers the control information to the data plane and hardware engine of the service board(s). The present discloses a program and system for implementing centralized control plane and distributed data plane. The present invention provides a software architecture using an adaptation layer to implement centralized control plane and distributed data plane to ensure high performance and good scalability of the new architecture, reduce system complexity, and keep system simplicity and efficiency.Type: GrantFiled: June 2, 2008Date of Patent: August 21, 2012Assignee: Hangzhou H3C Technologies Co., Ltd.Inventors: Xiangqing Chang, Xuefeng Zhang, Xudong Zou
-
Patent number: 8190857Abstract: A method accelerates access of a multi-core system to its critical resources, which includes preparing to delete a critical node in a critical resource, separating the critical node from the critical resource, and deleting the critical node if the conditions for deleting the critical node are satisfied. An apparatus includes a confirmation module for the node to be deleted and a deletion module to accelerate access of a multi-core system to its critical resources.Type: GrantFiled: September 26, 2007Date of Patent: May 29, 2012Assignee: Hangzhou H3C Technologies, Co., LtdInventors: Dan Meng, Xiangqing Chang, Yibin Gong, Kunpeng Zhao
-
Publication number: 20110249674Abstract: The present invention provides an apparatus and method for processing a packet. An interface processing module selects one from all service processing modules as a service processing module for processing a packet; if the service processing module needs to perform tunnel processing for the packet, the service processing module transmits the packet after performing the tunnel processing; if another service processing module needs to perform tunnel processing for the packet, the service processing module transmits the packet to a service processing module needing to perform tunnel processing for the packet. According to the present invention, the packet can be processed uniformly by the service processing module, so it is not unnecessary to store session states in the service processing modules, and also not unnecessary to perform synchronization between the service processing modules, which greatly decreases complexity of processing the packet and saves system bandwidth.Type: ApplicationFiled: July 9, 2008Publication date: October 13, 2011Applicant: HANGZHOU H3C TECHNOLOGIES CO., LTD.Inventors: Xiangqing Chang, Xiao Li, Xudong Zou
-
Publication number: 20110252228Abstract: An apparatus and method for ensuring distributed packet transmission security are provided. In an embodiment of the present invention, a main control board allocates SA information to multiple processing boards according to a pre-defined criterion, so that each processing board which receives and stores the SA information may implement IPSec processing. As such, the IPSec processing is shared by the multiple processing boards. Accordingly, when there are a large number of IPSec tunnels on one interface, the IPSec processing to the packets passing the IPSec tunnels will not completely rely on only the processing board where the interface is located. Instead, the IPSec processing is allocated to different processing boards. Therefore, the multiple processing boards effectively share the IPSec processing corresponding to multiple SAs. The efficiency of the IPSec processing is increased.Type: ApplicationFiled: July 22, 2008Publication date: October 13, 2011Applicant: HANGZHOU H3C TECHNOLOGIES CO., LTD.Inventors: Xiangqing Chang, Wei Zheng
-
Publication number: 20100322239Abstract: The present invention discloses a packet processing method, which applies to a high-performance and scalable flow processing system architecture. The service board performs security processing for packets received from external devices by using the firewall function before sending them to the main CPU; similarly, the service board also performs security processing for packets sent from the main CPU by using the firewall function before the main CPU sends them to external devices. The methods of the present invention utilize high performance and good scalability of the new architecture. In a network with heavy and high-speed traffic, the service board performs security processing for packets by using the firewall function and then transmits the valid packets to the main CPU. Thus, the main CPU is protected by the firewall function against attack packets.Type: ApplicationFiled: June 12, 2008Publication date: December 23, 2010Applicant: HANGZHOU H3C TECHNOLOGIES CO., LTD.Inventors: Xiao Li, Xiangqing Chang, Xudong Zou
-
Publication number: 20100313023Abstract: The present invention discloses a method, an apparatus, and a system for IKE negotiation. One method comprises: upon receiving a data packet, selecting one of multiple service cards according to a pre-configured policy and triggering the service card to send an IKE negotiation packet; and saving the mapping between the IKE negotiation packet and the service card. The other method comprises: upon receiving an IKE negotiation packet, selecting one of multiple service cards according to a pre-configured policy, triggering the service card to perform IKE negotiation, and saving the mapping between of the IKE negotiation packet and the service card. The solution enables a network node a node to distribute IKE negotiations to different service cards to perform IKE negotiation at the same time, improving IKE negotiation speed.Type: ApplicationFiled: June 23, 2008Publication date: December 9, 2010Applicant: HANGZHOU H3C TECHNOLOGIES CO., LTD.Inventors: Weichen Ren, Xudong Zou, Zhanming Wei, Xiangqing Chang