Patent Grant
7769873
The invention relates to computer networks and, more particularly, to techniques for filtering packets within computer networks.
A computer network is a collection of interconnected computing devices that exchange data and share resources. In a packet-based network, such as the Internet, the computing devices communicate data by dividing the data into small blocks called packets. The packets are individually routed across the network from a source device to a destination device. The destination device extracts the data from the packets and assembles the data into its original form. Dividing the data into packets enables the source device to resend only those individual packets that may be lost during transmission.
Certain devices within the network, referred to as routers, maintain tables of routing information that describe available routes through the network. Each route defines a path between two locations on the network. Upon receiving incoming data packets, packet filters within the router compares header information, data, or both, contained by the packet to filtering rules of the filter to determine the fate of the packet. The filtering rules may specify, for example, particular source Internet Protocol (IP) address, destination IP addresses, protocol type, port number and other criteria for filtering packets. When the router identifies a packet that matches any of the filtering rules, the router performs an associated action to the packet depending on which filtering rule the packet matches. The action may include, for example, dropping the packet, remarking the packet as lower priority, counting packets that match the filtering rule, and the like. When the header information does not match any of the filtering rules the router identifies the destination for the packet according to the header information. Based on the header information, the router accesses one of the routing tables, selects an appropriate route for the packet and forwards the packet accordingly.
In general, a conventional router inserts static packet filters. The router may, for example, retrieve a description of the static filter from a configuration file and insert the static filter into a forwarding path of the router. For instance, the router may retrieve the description and insert the static filter upon startup or reboot of the router. Consequently, modification of the filters, such as insertion of a new filter or modification of existing filtering rules, typically requires updating the static configuration information of the configuration file and rebooting the router.
In general, the invention is directed to techniques for dynamically inserting filters into a forwarding path of a routing device, such as a router, in response to a generic filter description exchanged between routing devices. A first router may, for example, forward a generic filter description to a second router. The first and second routers may exchange the generic filter description in accordance with a communication protocol, such as Border Gateway Protocol (BGP) or a filtering protocol. The second router receives the generic filter description, and processes the generic filter description to generate machine instructions specific for forwarding hardware within the router. The generic filter description includes filtering criteria that the router may apply to data, such as packets. For example, the filtering criteria of the generic filter description may include, for example, a source Internet Protocol (IP) address of a device causing the DoS attack. The router may use the specified source IP address to filter out packets from the device sourcing the DoS attack.
The machine instructions generated from the generic filter description may be, for example, applied by a central forwarding engine, or distributed to a set of intelligent interface cards for application to inbound or outbound packet flows. In either case, the forwarding hardware executes the machine instructions to apply the filters during the packet forwarding process. Consequently, the forwarding hardware may be viewed as implementing the filtering rules within the forwarding path of the router. As referred to herein, a “forwarding path” refers to the path a packet flow follows through the router from an input interface card to an output interface card. The forwarding hardware performs an associated action on packets of packet flows that match any of the filtering rules, and forwards packet that do not match any of the filtering rules in accordance with forwarding information. In this manner, the router dynamically inserts filters, referred to herein as “dynamic filters,” into the forwarding path in response to exchanged filter descriptions.
The router may further forward the generic filter description with neighboring routers. For example, a first router may detect a network disturbance using traffic flow analysis, and generate a generic filter description to diffuse the network disturbance. The first router may forward the generic filter description to a second router and a third router, which are neighboring routers of the first router. The second and third routers may forward the generic filter description to neighboring routers. In this manner, routers exchange the generic filter description with other routers throughout a network. This results in filtering of packet flows near the source of the network disturbance. Instead of exchanging the generic filter description, the router may process the generic filter description to generate machine instructions, and exchange machine instructions with neighboring routers. In the case in which the router forwards the machine instructions to neighboring routers, the forwarding hardware of the routers must use similar low-level machine language.
The dynamic filters inserted into the forwarding path of the router may have a specified lifetime. In this manner, the router may maintain the dynamic filters for a specified amount of time, and remove the dynamic filters upon the expiration of that specified time. By only maintaining the dynamic filters for a specified amount of time, the router prevents the accumulation of dynamic filters that are no longer necessary, and prevent consumption of unnecessary resources.
In one embodiment, a method comprises receiving in a first network router a filter description from a second network router. The method further comprises dynamically inserting a filter in a forwarding path of the first network router in accordance with the received filter description. The method also includes filtering data flows of the forwarding path in accordance with the filter.
In another embodiment, a network router comprises a filter management process to receive a generic filter description from a neighboring router, and process the generic filter description to generate machine instructions for forwarding hardware within the network router. The network router further comprises a processor within the forwarding hardware that executes the machine instructions to implement the filter.
In another embodiment, a method comprises receiving a generic filter description. The method further comprises processing the generic filter description to generate machine instructions. The method also includes executing the machine instructions to filter data of a forwarding path of a network device. The method further includes forwarding the generic filter description to neighboring network routers.
In another embodiment, the invention is directed to a computer-readable medium containing instructions that cause a processor to receive within a first network router a filter description from a second network router. The computer-readable medium further comprises instructions that cause the processor to dynamically insert a filter in a forwarding path of the first network router in accordance with the filter description. The computer-readable medium further comprises instructions that cause the processor to filter data flows of the forwarding path in accordance with the filter.
The invention may provide one or more advantages. For example, a router may implement a filter within a forwarding path of forwarding hardware in real time. For example, the router may implement a filter within the forwarding engine of a router. Further, the router may forward a generic filter description to neighboring routers throughout a network. Forwarding the generic filter description to neighboring routers may allow the routers to filter the data flows close to the source of a network disturbance.
The details of one or more embodiments of the invention are set forth in the accompanying drawings and the description below. Other features, objects, and advantages of the invention will be apparent from the description and drawings, and from the claims.
Customer site networks 14 may be geographically distributed sites of multiple customers. Each of customer site networks 14 includes one or more devices (not shown), such as personal computers, laptop computers, handheld computers, workstations, servers, routers, switches, printers, fax machines, or the like. Customer site networks 14 may include one or more Local Area Networks (LANs), Wide Area Network (WANs), or the like. Although system 10 may include any number of customer site networks 14 coupled to public network 16 by any number of routers 12,
In general, routers 12 may dynamically filter packet flows in response to exchanged filtering information, such as a generic filter description. For example, one of routers 12 may detect a network disturbance, such as a denial of service (DoS) attack, and generate a generic filter description. The generic filter description includes filtering criteria that routers 12 may use to diffuse the network disturbance. For example, the filtering criteria may include a source Internet Protocol (IP) address of a device causing the DoS attack. The receiving routers 12 may use the specified source IP address to filter out packets from the device causing a DoS attack.
To dynamically filter packet flows, routers 12 process the generic filter description to generate machine instructions specific to forwarding hardware within routers 12. For example, the machine instructions may be applied by central forwarding engines within routers 12, or distributed to a set of intelligent interface cards for application to inbound or outbound packet flows, depending on the particular architecture of each of routers 12. In either case, the forwarding hardware executes the machine instructions in order to apply the filters during the forwarding process. Consequently, the forwarding hardware may be viewed as implementing the filtering rules within the forwarding path of routers 12.
As referred to herein, a “forwarding path” refers to the path a packet flow follows through one of routers 12 from an input interface card to an output interface card. The forwarding hardware performs an associated action on packets that match any of the filtering rules, and forwards packets that do not match any of the filtering rules in accordance with forwarding information. In this manner, the router dynamically inserts filters, referred to herein as dynamic filters, into the forwarding path in response to newly developed filter descriptions, exchanged filter descriptions, or a combination thereof.
Routers 12 may further exchange generic filter description with neighboring routers 12. For example, one of routers 12, such as router 12A, may detect a network disturbance and generate a generic filter description. Router 12A may forward the generic filter description to routers 12B and 12E. Router 12B may forward the generic filter description on to routers 12C and 12D. In this manner, the generic filter description is exchanged between routers 12 throughout public network 16. This results in filtering of packet flows near the source of the network disturbance. Instead of exchanging the generic filter description, routers 12 may process the generic filter description to generate machine instructions, and forward the machine instructions to neighboring routers 12. In the case in which routers 12 forward machine instructions to neighboring routers 12, the forwarding hardware of routers 12 must use the same low-level machine language.
The dynamic filters inserted into the forwarding path of routers 12 may have a specified lifetime, which may be specified in some manner, such as within the generic filter description. In this manner, routers 12 may maintain the dynamic filters for a specified amount of time, and remove the filters upon the expiration of the specified time. By only maintaining the dynamic filters for a specified amount of time, routers 12 prevent the accumulation of filters that no longer serve a purpose, and prevent consumption of unnecessary resources.
Control unit 30 may comprise a routing engine 36 and a forwarding engine 38. Routing engine 36 includes an operating system 40 that provides a multi-tasking operating environment for execution of a number of concurrent processes 42. An example of such an operating system is FreeBSD, which is an advanced UNIX operating system that is compatible with a number of programmable processors, including processors commercially available.
Processes 42 executing on operating system 40 may include a routing protocol process 44 that implements complex routing protocols and other functions. Routing protocol process 44 includes one or more threads that implement the various network protocols supported by routing engine 36. Routing protocol process 44 may include, for example, threads that implement protocols, such as Border Gateway Protocol (BGP), for exchanging routing information 46 with other routing devices and for updating routing information 46. Routing information 46 may describe a topology of public network 16, and more particularly, routes through public network 16. In particular, routing information 46 describes various routes within the network, and the appropriate next hops for each route, i.e., the neighboring devices of router 12A along each of the routes.
Routing engine 36 analyzes stored routing information 46 and generates at least one forwarding table 48 for forwarding engine 38. Forwarding table 48 may associate, for example, network destinations with specific next hops and corresponding IFCs 24. Forwarding table 48 need not be a table. For example, forwarding table 48 may be a link list, a radix tree, a database, a flat file, or various other data structures.
Processes 42 executing within routing engine 36 further include a filter management process 50 that manages the application of filters within router 12A. Filter management process 50 accesses filter configuration information (“FILTER CONFIG INFO”) 57, and generates machine instructions to implement static filters 52A-52M (“static filters 52”). Filter management process 50 may, for example, implement static filters 52 upon startup or reboot. Static filters 52 define filtering rules that router 12A applies to packets of packet flows. Router 12A applies an associated action to packets that match any of the filtering rules. For example, router 12A may apply one of static filters 52 based on a variety of criteria, such as to packet flows destined for a particular one of customer site networks 14 in order to limit the customer to use of a specific amount of bandwidth. Router 12A may apply static filters 52 to packet flows of one of IFCs 24, corresponding physical or logical interfaces coupling IFCs 24 to control unit 30, a particular forwarding table 48, or the entire router 12A.
In addition, filter management process 50 provides for the dynamic insertion of filters, i.e., dynamic filters, into the forwarding path of the packet flows. In particular, filter management process 50 may, for example, receive a generic filter description. The generic filter description may, for example, provide a filter description in a format that conforms to a hardware-independent filtering protocol. The generic filter description may come from traffic analysis tools internal to router 12A or from a neighboring router. The generic filter description includes filtering rules to be applied to certain packets and packet flows. The filtering rules may specify, for example, particular source IP address, destination IP addresses, protocol type, port number and other criteria for identifying matching packets. The generic filter description may also include an action associated with each of the filtering rules. The associated action may include dropping the packet, counting the packet in order to maintain traffic statistics, sampling the packet to profile network traffic, remarking the packet with a lower priority, and relaying the packet to an alternate forwarding table. Further, the generic filter description may specify the amount of time to apply of the filter, e.g., a lifetime of the filter.
Filter management process 50 processes the input to produce machine instructions for implementation as dynamic filter 54. For example, filter management process 50 may include a compiler (not shown) that inputs a generic description, such as source code, and outputs machine instructions for the generic description. Filter management process 50 processes the hardware-independent filter description to generate low-level machine instructions capable of executing the desired instructions. Filter management process 50 communicates the machine instructions to forwarding hardware, such as forwarding engine 38, and directs forwarding engine 38 to apply the machine instructions to a particular forwarding path. Forwarding engine 38 executes the machine instructions, in turn, implementing dynamic filter 54. Router 12A may apply dynamic filter 54 to certain packets and packet flows of one of IFCs 24, corresponding physical or logical interfaces coupling IFCs 24 to control unit 30, a particular forwarding table 48, or the entire router 12A. Router 12A may further apply dynamic filter 54 to packet flows of router 12A for the specified amount of time. Filter management process 50 may also track the lifetime of dynamic filter 54. After the lifetime of dynamic filter 54 expires, router 12A issues commands directing forwarding engine 38 to remove dynamic filter 54 from the forwarding path.
Filter management process 50 further manages filter communication sessions with neighboring routers. For example, filter management process 50 may receive a generic filter description from a neighboring router. As described in detail above, the generic filter description indicates filtering rules to apply to packet flows. Filter management process 50 forwards the generic filter description to neighboring routers. For instance, filter management process 50 may generate a packet containing the generic filter description for each neighboring router, and forward the packet to the neighboring routers. In this manner, the generic filter description may be exchanged between routers throughout public network 16.
Router 12A may operate according to executable instructions fetched from a computer-readable medium. Examples of such media include random access memory (RAM), read-only memory (ROM), non-volatile random access memory (NVRAM), electrically erasable programmable read-only memory (EEPROM), flash memory, and the like. The functions of router 12A may be implemented by executing the instructions of the computer-readable medium with one or more processors, discrete hardware circuitry, firmware, software executing on a programmable processor, or a combination of any of the above.
Upon receiving the generic filter description, router 12A may forward the generic filter description to neighboring network devices (66). For example, router 12A may receive packets that contain the input filter description, and may forward the packets to neighboring routers 12A. This may be advantageous in allowing routers within a network to filter packet flows close to a source of network disturbances, thereby reducing network bandwidth consumed by the flows and minimizing the potential effects of the disturbances. For a DoS attack, for example, the routers may propagate the filter description until suspicious packet flows are filtered by routers or other network devices close to the source of the packet flows.
In addition to forwarding the generic filter description, router 12A implements the described filtering operation by processing the generic filter description to generate machine instructions (68). For example, the filter description received by router 12A may be hardware-independent. Consequently, filter management process 50 of router 12A may translate the hardware-independent filter description into low-level machine instructions for specific forwarding hardware, e.g. forwarding engine 38. Filter management process 50 relays the machine instructions to forwarding engine 38 (70). Forwarding engine 38 inserts dynamic filter 54 into the forwarding path, i.e., executes the machine instructions to apply the filter to received packets (72). Router 12A applies the filtering rules of dynamic filter 54 to packets and packet flows that enter router 12A (74). Router 12A may apply dynamic filter 54 to each packet flow that enters router 12A. Alternatively, router 12A may apply dynamic filter 54 to only a portion of the packet flows entering router 12A. Further, router 12A may either apply dynamic filter 54 to packet flows inbound to router 12A or to packet flows outbound from router 12A. Applying dynamic filter 50 to inbound packet flows, however, may be advantageous when packets are discarded upon matching filtering rules, and therefore does not have to use any resources to perform a lookup for the packet.
When packet information of one of the packets matches one of the forwarding rules of dynamic filter 54, forwarding engine 38 applies an associated action (76). For instance, router 12A may discard the packet. Alternatively, router 12A may mark the packet with a lower priority and continue to relay the packet along the forwarding path.
Filter management process 50 tracks the amount of time since dynamic filter 54 was inserted into the forwarding path to determine whether the lifetime of dynamic filter 54 has expired (77). When the lifetime of dynamic filter 54 has not expired, router 12A continues to filter the data flows in accordance with dynamic filter 54 along with any static filters 52. When the lifetime of dynamic filter 54 has expired, router 12A removes dynamic filter 54 from the forwarding path (78).
IFCs 124 receive and send data packets via network links 126 and 128, respectively, and are interconnected by a high-speed switch 127 and links 129. Switch 127 may comprise, for example, switch fabric, switchgear, a configurable network switch or hub, and the like. Links 129 may comprise any form of communication path, such as electrical paths within an integrated circuit, external data busses, optical links, network connections, wireless connections, and the like. IFCs 124 may be coupled to network links 126, 128 via a number of interface ports (not shown). IFCs 124 comprise a controller 125 that forwards packets in accordance with forwarding information generated by routing engine 136.
Routing engine 136 further includes a filter management process 150 that manages filtering within routers 12. Filter management process 150 receives a generic filter description, translates the generic filter description into machine instructions, and relays the machine instructions to controller 125 of at least one of IFCs 124 for implementation as dynamic filters 154. In particular, controllers 125 execute the machine instructions from filter management process 150 to implement dynamic filters 154 and apply the defined operation to received packets.
In addition, controller 125 determines the next hop for each of the packets from the distributed forwarding information, identifies a corresponding IFC 124 associated with the next hop, relays the packet to the appropriate IFC 124 via switch 127 and links 129. Controller 125 of the selected IFC 124 receives the outbound packet from switch 127, applies any filters associated with the outbound interface, and forwards the packet through an outbound link 128.
Various embodiments of the invention have been described. These and other embodiments are within the scope of the following claims.
| Number | Name | Date | Kind |
|---|---|---|---|
| 5600642 | Pauwels et al. | Feb 1997 | A |
| 5951651 | Lakshman et al. | Sep 1999 | A |
| 6147976 | Shand et al. | Nov 2000 | A |
| 6266704 | Reed et al. | Jul 2001 | B1 |
| 6374303 | Armitage et al. | Apr 2002 | B1 |
| 6477166 | Sanzi et al. | Nov 2002 | B1 |
| 6493349 | Casey | Dec 2002 | B1 |
| 6501754 | Ohba et al. | Dec 2002 | B1 |
| 6507914 | Cain et al. | Jan 2003 | B1 |
| 6553028 | Tang et al. | Apr 2003 | B1 |
| 6731652 | Ramfelt et al. | May 2004 | B2 |
| 6735702 | Yavatkar et al. | May 2004 | B1 |
| 6738814 | Cox et al. | May 2004 | B1 |
| 6751218 | Hagirahim et al. | Jun 2004 | B1 |
| 6772347 | Xie et al. | Aug 2004 | B1 |
| 6778531 | Kodialam et al. | Aug 2004 | B1 |
| 6807182 | Dolphin et al. | Oct 2004 | B1 |
| 6876657 | Brewer et al. | Apr 2005 | B1 |
| 6879594 | Lee et al. | Apr 2005 | B1 |
| 6920503 | Nanji et al. | Jul 2005 | B1 |
| 6968389 | Menditto et al. | Nov 2005 | B1 |
| 7035226 | Enoki et al. | Apr 2006 | B2 |
| 7039687 | Jamieson et al. | May 2006 | B1 |
| 7080161 | Leddy et al. | Jul 2006 | B2 |
| 7082102 | Wright | Jul 2006 | B1 |
| 7120931 | Cheriton | Oct 2006 | B1 |
| 7133928 | McCanne | Nov 2006 | B2 |
| 7251218 | Joregensen | Jul 2007 | B2 |
| 7269135 | Frick et al. | Sep 2007 | B2 |
| 7281058 | Shepherd et al. | Oct 2007 | B1 |
| 7299296 | Lo et al. | Nov 2007 | B1 |
| 7330468 | Tse-Au | Feb 2008 | B1 |
| 7333491 | Chen et al. | Feb 2008 | B2 |
| 7359328 | Allan | Apr 2008 | B1 |
| 7360084 | Hardjono | Apr 2008 | B1 |
| 7366894 | Kalimuthu et al. | Apr 2008 | B1 |
| 7418003 | Alvarez et al. | Aug 2008 | B1 |
| 7421487 | Peterson et al. | Sep 2008 | B1 |
| 7463591 | Kompella et al. | Dec 2008 | B1 |
| 7477642 | Aggarwal et al. | Jan 2009 | B2 |
| 7483439 | Shepherd et al. | Jan 2009 | B2 |
| 7519010 | Aggarwal et al. | Apr 2009 | B1 |
| 7522599 | Aggarwal et al. | Apr 2009 | B1 |
| 7522600 | Aggarwal et al. | Apr 2009 | B1 |
| 7545735 | Shabtay et al. | Jun 2009 | B1 |
| 7558219 | Aggarwal et al. | Jul 2009 | B1 |
| 7558263 | Aggarwal et al. | Jul 2009 | B1 |
| 7564803 | Minei et al. | Jul 2009 | B1 |
| 7564806 | Aggarwal et al. | Jul 2009 | B1 |
| 7570604 | Aggarwal et al. | Aug 2009 | B1 |
| 7570605 | Aggarwal et al. | Aug 2009 | B1 |
| 20020071390 | Reeves et al. | Jun 2002 | A1 |
| 20020101819 | Goldstone | Aug 2002 | A1 |
| 20020118644 | Moir | Aug 2002 | A1 |
| 20020181477 | Mo et al. | Dec 2002 | A1 |
| 20020186664 | Gibson et al. | Dec 2002 | A1 |
| 20020191584 | Korus et al. | Dec 2002 | A1 |
| 20020198687 | Dewan et al. | Dec 2002 | A1 |
| 20030012215 | Novaes | Jan 2003 | A1 |
| 20030014665 | Anderson et al. | Jan 2003 | A1 |
| 20030021282 | Hospodor | Jan 2003 | A1 |
| 20030031175 | Hayashi et al. | Feb 2003 | A1 |
| 20030039248 | Weaver | Feb 2003 | A1 |
| 20030043772 | Mathis et al. | Mar 2003 | A1 |
| 20030056007 | Katsube et al. | Mar 2003 | A1 |
| 20030063591 | Leung et al. | Apr 2003 | A1 |
| 20030087653 | Leung et al. | May 2003 | A1 |
| 20030088696 | McCanne | May 2003 | A1 |
| 20030099235 | Shin et al. | May 2003 | A1 |
| 20030112748 | Puppa et al. | Jun 2003 | A1 |
| 20030123446 | Muirhead et al. | Jul 2003 | A1 |
| 20030172114 | Leung | Sep 2003 | A1 |
| 20030177221 | Ould-Brahim et al. | Sep 2003 | A1 |
| 20030191937 | Balissat et al. | Oct 2003 | A1 |
| 20030212900 | Liu et al. | Nov 2003 | A1 |
| 20040037279 | Zelig et al. | Feb 2004 | A1 |
| 20040047342 | Gavish et al. | Mar 2004 | A1 |
| 20040081154 | Kouvelase | Apr 2004 | A1 |
| 20040151180 | Hu et al. | Aug 2004 | A1 |
| 20040151181 | Chu et al. | Aug 2004 | A1 |
| 20040190517 | Gupta et al. | Sep 2004 | A1 |
| 20040218536 | Yasukawa et al. | Nov 2004 | A1 |
| 20040240445 | Shin et al. | Dec 2004 | A1 |
| 20040240446 | Compton | Dec 2004 | A1 |
| 20050001720 | Mason et al. | Jan 2005 | A1 |
| 20050018693 | Dull | Jan 2005 | A1 |
| 20050097203 | Unbehagen et al. | May 2005 | A1 |
| 20050108419 | Eubanks | May 2005 | A1 |
| 20050111351 | Shen | May 2005 | A1 |
| 20050169270 | Mutou et al. | Aug 2005 | A1 |
| 20050220132 | Oman et al. | Oct 2005 | A1 |
| 20050232193 | Jorgensen | Oct 2005 | A1 |
| 20050262232 | Cuervo et al. | Nov 2005 | A1 |
| 20050265308 | Barbir et al. | Dec 2005 | A1 |
| 20050271035 | Cohen et al. | Dec 2005 | A1 |
| 20050271036 | Cohen et al. | Dec 2005 | A1 |
| 20050281192 | Nadeau et al. | Dec 2005 | A1 |
| 20060013141 | Mutoh et al. | Jan 2006 | A1 |
| 20060039364 | Wright | Feb 2006 | A1 |
| 20060047851 | Voit et al. | Mar 2006 | A1 |
| 20060088031 | Nalawade | Apr 2006 | A1 |
| 20060126496 | Filsfils et al. | Jun 2006 | A1 |
| 20060147204 | Yasukawa et al. | Jul 2006 | A1 |
| 20060153067 | Vasseur et al. | Jul 2006 | A1 |
| 20060164975 | Filsfils et al. | Jul 2006 | A1 |
| 20060182034 | Klinker et al. | Aug 2006 | A1 |
| 20060221958 | Wijnands et al. | Oct 2006 | A1 |
| 20070036162 | Tingle et al. | Feb 2007 | A1 |
| 20070098003 | Boers et al. | May 2007 | A1 |
| 20070124454 | Watkinson | May 2007 | A1 |
| 20070140107 | Eckert et al. | Jun 2007 | A1 |
| 20080056258 | Sharma et al. | Mar 2008 | A1 |
| 20080123524 | Vasseur et al. | May 2008 | A1 |
| 20080123654 | Tse-Au | May 2008 | A1 |
| 20090028149 | Yasukawa et al. | Jan 2009 | A1 |
| Number | Date | Country |
|---|---|---|
| 2005130258 | May 2005 | JP |
| 2005167482 | Jun 2005 | JP |
| 2005252385 | Sep 2005 | JP |
| 2004001206 | Jan 2004 | KR |
| 2004071032 | Aug 2004 | WO |
