Cisco Technology, Inc., a corporation of California Patent applications |
Patent application number | Title | Published |
20160127225 | Label-switched Packets with Device-independent Labels - In one embodiment, a device-independent label is associated with multiple network devices such that the packet switching devices in a network will forward a packet based on the device-independent label to one of these multiple network devices. In one embodiment, these device-independent labels include, but are not limited to, domain-identifying labels and forwarding-punt labels. In one embodiment, a domain-identifying label is defined as a label that identifies a plurality of network nodes without identifying a single particular network node, single particular interface, nor single particular link. In one embodiment, a first-domain forwarding-punt label is placed at the top of the label stack to identify to forward the label-switched packet to any one of a plurality of designated forwarding nodes corresponding to the first-domain forwarding-punt label (e.g., for sending to a packet switching device which will have forwarding information for the second domain-identifying label.). | 05-05-2016 |
20160112319 | Hash-based Address Matching - In one embodiment, a packet switching device comprises: a lookup chip including one or more processors and on-lookup chip memory, and off-lookup chip memory. In one embodiment, the lookup chip is configured to determine processing information for packets including performing a longest prefix match on a destination address of packets using progressive, exact matching of one or more single prefix length hash keys generated from the packets with entries in one or more hash tables until a matching hash table entry is found. The matching hash table entry is associated with particular information identifying how to process (e.g., manipulate, forward, drop) the corresponding packet. In one embodiment, entries of a hash table are distributed between said on-lookup chip memory and said off-lookup chip memory. In one embodiment, signatures of lookup keys are included in a hash table entry to quickly evaluate whether there is a match. | 04-21-2016 |
20160021002 | Virtual Machines in a Packet Switching Device - In one embodiment, a packet switching device creates multiple virtual packet switching devices within the same physical packet switching device using virtual machines and sharing particular physical resources of the packet switching device. One embodiment uses this functionality to change the operating version (e.g., upgrade or downgrade) of the packet switching device by originally operating according to a first operating version, operating according to both a first and second operating version, and then ceasing operating according to the first operating version. Using such a technique, a packet switching device can be upgraded or downgraded while fully operating (e.g., without having to reboot line cards and route processing engines). | 01-21-2016 |
20150319079 | Service Node Using Services Applied by an Application Node - Packets are encapsulated and sent from a service node to an application node for applying one or more Layer-4 to Layer-7 services to the packets, with service-applied packets being returned to the service node. An identification of a virtual private network (VPN) may be carried within a request packet, encapsulating a particular packet, sent by a service node to an application node for applying a service to the particular packet; with the corresponding response packet sent to the service node including an identification of the VPN for use by the service node in forwarding the services-applied packet. Additionally, parameters may be included in a request packet to identify a particular service of a general service to be applied to a particular packet encapsulated in the request packet. | 11-05-2015 |
20150312133 | Autonomous System Border Router (ASBR) Advertising Routes with a Same Forwarding Label - In one embodiment, an autonomous system border router (ASBR) advertises a same forwarding label for received advertised routes of a merging context that were advertised with a same forwarding label for the ASBR to use when sending corresponding packets. An ASBR receives via a routing protocol from a particular router in the same autonomous system, a plurality of same-labeled received routes advertised with a same first forwarding label within a merging context. In response to each of the plurality of same-labeled received routes having the same first forwarding label to use to forward packets to the particular router and being in the same merging context, the ASBR determines a merged forwarding label and advertises to a peer ASBR in another autonomous system (AS) each of the plurality of same-labeled received routes with the merged forwarding label for the peer ASBR to use to forward packets to the ASBR. | 10-29-2015 |
20150312106 | Determining Characteristics of a Connection Traversing a Packet Switching Device - In one embodiment, characteristics of a connection traversing a packet switching device is determined, which includes, but not limited to, determining a network port number and/or address of an established connection based on a signature of the connection. In one embodiment, a packet switching device receives and forwards packets of particular communication between a device and a remote node in a network. The packet switching device maintains information of the particular communication and identification data for use in subsequent identification of said particular communication. In response to receiving a communications information request specifying a signature related to said particular communications, the packet switching device prepares and sends a response, which typically includes matching the signature to said maintained identification data resulting in identification of said information including a characterization of said particular communications, and sending a reply including the characterization of said particular communications. | 10-29-2015 |
20150309805 | Booting a Physical Device Using Custom-Created Frozen Partially-Booted Virtual Machines - In one embodiment, a physical device (e.g., packet switching device, computer, server) is booted using custom-created frozen partially-booted virtual machines, avoiding the time required for an end-to-end boot process. In one embodiment while the system is operating under a current version, a partially-booted virtual image of a new operating version for each of multiple processing elements of the device is produced according to static configuration information specific to the device, with each of these partially-booted virtual machines frozen. The device is rebooted to a fully operational device by unfreezing these partially-booted virtual machines, thus removing this portion of a boot process from the real-time booting of the device. The generation of the frozen partially-booted virtual machines is advantageously performed by the device itself based on current static configuration information and the availability of the specific hardware configuration of the device. | 10-29-2015 |
20150304185 | Operations Analysis of Packet Groups Identified based on Timestamps - In one embodiment, operations analysis of packet groups identified based on timestamps is performed. One embodiment includes sending a plurality of sent timeframe groups of a plurality of time-stamped packets from a first packet network node towards a second packet network node in a network and recording first information associated with each of the plurality of said sent timeframe groups of the plurality of time-stamped packets. The second network node receives a plurality of received timeframe groups of a received plurality of time-stamped packets of said sent plurality of time-stamped packets and recording second information associated with each of the plurality of said received timeframe groups of the received plurality of time-stamped packets. Operations analysis based on one or more operations characteristics of said first information and said second information to produce analysis results. | 10-22-2015 |
20150301963 | Dynamic Temporary Use of Packet Memory As Resource Memory - In one embodiment, packet memory and resource memory of a memory are independently managed, with regions of packet memory being freed of packets and temporarily made available to resource memory. In one embodiment, packet memory regions are dynamically made available to resource memory so that in-service system upgrade (ISSU) of a packet switching device can be performed without having to statically allocate (as per prior systems) twice the memory space required by resource memory during normal packet processing operations. One embodiment dynamically collects fragments of packet memory stored in packet memory to form a contiguous region of memory that can be used by resource memory in a memory system that is shared between many clients in a routing complex. One embodiment assigns a contiguous region no longer used by packet memory to resource memory, and from resource memory to packet memory, dynamically without packet loss or pause. | 10-22-2015 |
20150295815 | Autonomous System (AS) Policy-Adaptive Confederations with Selective Advertisement of AS Numbers to Non-Members - In one embodiment, an autonomous system (AS) policy-adaptive confederation selectively manipulates the ordered list of traversed AS's using AS's of members of the policy-adaptive confederation and/or the AS of the policy-adaptive confederation itself when advertising to routers of AS's outside the policy-adaptive confederation. In one embodiment, a first member router of a first autonomous system (AS) within a policy-adaptive confederation identified by a confederation AS receives from a second member router of a second AS within the policy-adaptive confederation a route advertisement for a first route associated with a first ordered AS list identifying one or more AS's within the policy-adaptive confederation. The first member advertises the first route associated with the first ordered AS list not including the confederation AS to a first external router external to the policy-adaptive confederation. | 10-15-2015 |
20150288536 | Avoiding Micro-loops in a Ring Topology of a Network - In one embodiment, micro-loops are avoided in ring topologies of packet switching devices by changing the order of propagation of link state information concerning failed communications between a particular packet switching device and a neighbor packet switching device. In one embodiment, the particular packet switching device communicates link state information of a high cost of the particular communications (e.g., in the direction from particular to neighbor packet switching devices) such that this link state information will propagate towards the particular packet switching device from at least from the furthest packet switching device in the ring topology that is currently configured to forward packets having a destination address of the neighbor packet switching device through the particular packet switching device. | 10-08-2015 |
20150271069 | Non-eligible Distance Vector Protocol Paths as Backup Paths - In one embodiment, non-eligible distance vector protocol paths are used as backup paths. In one embodiment, the distance vector protocol is Enhanced Interior Gateway Protocol (EIGRP) and unless a path is a feasible successor for a destination, the path is not eligible as a backup path. Therefore, if there is no feasible successor, there is no eligible backup path. One embodiment avoids an initial delay in finding a replacement path for traffic by determining and installing a non-eligible backup path (e.g., a path that is not a feasible successor) in one or more forwarding tables. In this manner, the router can immediately forward packets over this non-eligible backup path until, for example, forwarding in the network can converge in light of the primary path being no longer available. | 09-24-2015 |
20150263811 | Network Server Layer Providing Disjoint Channels in Response to Client-Layer Disjoint Path Requests - In one embodiment, a network server layer provides disjoint channels in response to client-layer disjoint path requests. For example, the network layer can be an optical network, and the client layer may be a packet switching layer (e.g., label switching, Internet Protocol). In one embodiment, a server-layer node receives a client-layer disjoint path request to provide a server-layer channel through a server-layer network. The client-layer disjoint path request includes an identifier corresponding to an existing client-layer path that traverses a current channel through the server-layer network that does not include the server-layer node. The server-layer network determines a particular channel through the server-layer network that is disjoint to the current channel based on route information of the current channel, and then signaling is performed within the server-layer network to establish the particular channel. | 09-17-2015 |
20150200843 | Packet Labels For Identifying Synchronization Groups of Packets - In one embodiment, packet labels are used to identify synchronization groups of packets, such as for, but not limited to, performing processing of packets based on their corresponding synchronization group, as the synchronization label of a packet may define a current characteristic of the packet stream which is taken into account performing processing related to the packet. A plurality of synchronization groups of packets are generated and sent, by a first packet switching device, to a second packet switching device, with each particular packet of the plurality of synchronization groups of packets including a same synchronization label in a label stack of said particular packet that is different than a synchronization label used with another of the plurality of synchronization groups of packets, and with each synchronization group of the plurality of synchronization groups of packets including a plurality of packets. | 07-16-2015 |
20150139225 | Filtering on Classes and Particulars of a Packet Destination Address at Lower-Protocol Layers in a Networked Device - In one embodiment, a lower protocol layer in a network device filters packets based on a class and a particular of a destination address prior to sending information from the received packet to a higher protocol layer. For example, certain constrained networks include network nodes that do not have the ability to maintain a multicast distribution entry for each multicast address used in the network. By only forwarding on a portion of a multicast address, packets are often delivered to nodes in addition to the actual multicast subscribers. By filtering these incorrectly delivered packets at a lower protocol layer (e.g., layer-2 or layer-3), processing cycles at higher protocol layers are avoided. Additionally in one embodiment, class and particulars are deterministically determined (e.g., using a same hashing function) such that services can be discovered and used by subscribing to a corresponding multicast group. | 05-21-2015 |
20150092595 | Local Path Repair in a Wireless Deterministic Network - In one embodiment, an initial path is established in a wireless deterministic network between a source and a destination through one or more intermediate nodes, which are typically informed of a required metric between the source and the destination for communicating a packet. The initial path is locally (e.g., without contacting a path computation engine) reconfigured to bypass at least one of the intermediate nodes creating a new path, with the new path meeting the requirement(s) of the metric. Note, “locally reconfiguring” refers to the network nodes themselves determining a replacement path without reliance on a path computation engine or other entity (e.g., network management system, operating support system) in determining the replacement path. In one embodiment, a network node not on the initial path replaces a node on the initial path while using the same receive and send timeslots used in the initial path. | 04-02-2015 |
20150071255 | Sensor Data Transport and Consolidation Within Communication Nodes in a Network - In one embodiment, sensor data is transported in a network to a rendezvous point network node, which consolidates the information into a consolidated result which is communicated to the destination. Such consolidation by a network node reduces the number of paths required in the network between the sensors and the destination. One embodiment includes acquiring, by each of a plurality of originating nodes in a wireless deterministic network, external data related to a same physical event; communicating through the network said external data from each of the plurality of originating nodes to a rendezvous point network node (RP) within the network; processing, by the RP, said external data from each of the plurality of originating nodes to produce a consolidated result; and communicating the consolidated result to a destination node of the network. In one embodiment, the network is a low power lossy network (LLN). | 03-12-2015 |
20150036484 | Packet Switching Device Including Cascaded Aggregation Nodes - In one embodiment, a packet switching device includes one or more host devices and a cascade of aggregation nodes. The aggregation nodes aggregate customer traffic and communicate it with the host device. Typically the aggregation nodes are remotely located from the host device. The host device may be connected to one or both ends of the cascaded topology of aggregation nodes. In one embodiment, the cascaded topology of aggregation nodes automatically configures itself using initiation packets. In one embodiment, the cascaded topology of aggregation nodes reacts to detected faults, such as by changing direction packet traffic is sent through the cascaded topology. By cascading aggregation nodes, in contrast to having each aggregation node connected to the host device via one or more point-to-point links, communications costs are decreased in one embodiment. | 02-05-2015 |
20150032872 | Selectively Using Network Address Translated Mapped Addresses Based on their Prior Network Reachability - In one embodiment, network address translated (NAT) mapped addresses are selectively used based on their prior network reachability. One embodiment maintains for each particular mapped address (e.g., NAT public address pool member), a reachability status level based on prior usage of the particular mapped address to communicate with external destinations. By continuously monitoring the reachability “health” of mapped addresses, problem-experiencing mapped addresses can be avoided. One embodiment monitors the success and/or failure rates of connection attempts over a rolling time period to provide an up-to-date current view of the reachability status level of corresponding mapped addresses. In one embodiment, a network address translation device assigns, based on their reachability status level, these mapped addresses. One embodiment provides an administrative notification for particular mapped address or ceases using the particular mapped address in response to its reachability status level falling outside a predetermined or calculated level. | 01-29-2015 |
20150029948 | Protecting Packet Traffic in a Network Including an Adaptive Bandwidth Link - In one embodiment, a packet switching device receives a notification that a link has a diminished packet transport capacity. In response, the packet switching devices changes forwarding information for a portion of the packet traffic being sent over the diminished packet transport capacity link to traverse one or more reroute paths not including the diminished link, while some packet traffic continues to use the diminished packet transport capacity link. This notification can be received directly from a communications device, or via a routing protocol such as for a remote link that sent packet traffic may traverse. These rerouted paths may be precomputed and installed in forwarding data structures for fast rerouting, or computed and installed in response to receiving the notification. In one embodiment, quality of service (QoS) is adjusted in response to receiving the notification. | 01-29-2015 |
20150023328 | OAM and Time Slot Control in a Deterministic ARC Chain Topology Network - In one embodiment, a network of nodes is configured to communicate according to a configuration of Available Routing Construct (ARC) chains as well as monitoring communication in the network, and/or selectively controls whether or not provisioned particular links will be used. One embodiment colors nodes of the network (e.g., a wireless deterministic network) along different paths through the network and marks packets with the color of each traversed node to track a path taken by a packet. One embodiment sends a particular packet through the network and marks over which links the packet traverses and aggregates these traversed links of other copies of the particular packet. One embodiment controls whether or not the provisioned time slots are used based on flooding a control packet through the network with enable or disable information for each of these links. | 01-22-2015 |
20150023327 | Resilient Forwarding of Packets in an ARC Chain Topology Network - One embodiment includes: forwarding a particular packet through an Available Routing Construct (ARC) chain topology network. In one embodiment, this forwarding includes: sending the particular packet by each particular non-edge node on an arc of the plurality of arcs receiving the particular packet to each sibling on the arc that did not send the particular packet to said particular non-edge node, while not sending the particular packet if it was received from both siblings of said particular edge node; and sending the particular packet to a respective child node on a second arc of the plurality of arcs by each particular edge node of two edge nodes on the arc after receiving the particular packet. In one embodiment, the network is a wireless deterministic network with pre-assigned time slots for receiving and subsequently sending a same particular packet by each node of the network. | 01-22-2015 |
20150023326 | Installation of Time Slots for Sending a Packet through an ARC Chain Topology Network - One embodiment includes: determining, by a particular networked device, sending and receiving time slots for progressively communicating a particular packet among nodes of an arc of an Available Routing Construct (ARC) chain topology network in both directions on the arc to reach each edge node of the arc; and determining, by the particular networked device, for each edge node of the arc a predetermined respective time slot for communicating the particular packet to a respective child node on a second arc of the ARC chain topology network. One embodiment includes respectively installing said determined time slots in said nodes of the arc. In one embodiment, the network is a wireless deterministic network. In one embodiment, the predetermined respective time slot for each particular edge node is after all time slots in which the particular packet could be received by said particular edge node. | 01-22-2015 |
20150023325 | Configuring New Paths in a Wireless Deterministic Network - In one embodiment, a first node in a wireless deterministic network communicates to a second node configuration information identifying a destination-facing path portion of a particular one-way path traversing from a source node to a destination node within the wireless deterministic network. The destination-facing portion includes a path traversing from the second node over one or more additional nodes to the destination node over which to forward packets received over a first portion of the particular one-way path from the source node to the second node. The configuration information includes a particular time slot for the second node to receive packets being sent over the particular one-way path. In one embodiment, the first node receives from the second node an acknowledgement message in the particular time slot that the destination-facing portion of the particular one-way path was configured and activated. | 01-22-2015 |
20150023313 | Exclusive and Overlapping Transmission Unit Allocation and Use in a Network - One embodiment allocates and uses exclusive and overlapping transmission units in a network. One embodiment includes sending information, from a first network node in a network, during an exclusive transmission unit, wherein the exclusive transmission unit includes one or more wireless time slot-frequency pairings assigned to the first network node to send info nation without another assigned network transmission unit providing overlapping time slot-frequency interference from another network node communicating in the network. One embodiment includes sending information, from the first network node, during an overlapping transmission unit, wherein the overlapping transmission unit includes one or more wireless time slot-frequency pairings assigned to the first network node to send information, with the overlapping transmission unit overlapping in time slot-frequency with one or more other assigned network transmission units that will cause interference if simultaneously used. | 01-22-2015 |
20150009863 | Automated Transitioning Between Different Communication Protocols in a Network - One embodiment includes, inter alia, methods, apparatus, computer-storage media, mechanisms, and/or means associated with automated transitioning between different communication protocols in a network. In one embodiment, automatic transition routers are automatically discovered along with the knowledge of what non-native protocols need to be transported across a network. Communication pathways are automatically established as needed to transport these non-native protocols. One embodiment is particularly useful in transitioning a network from one protocol to another, such as from Internet Protocol version 4 to version 6. | 01-08-2015 |
20140314081 | Automatic Assignment of Internet Protocol Addresses in a Ring Network - In one embodiment, a negotiation is performed between each adjacent pair of a plurality of packet switching devices in a ring network to determine an Internet Protocol (IP) subnet to be used for communicating between said packet switching devices of said adjacent pair. Packets are communicated by said packet switching devices of said adjacent pair using a different IP address of said determined IP subnet. In one embodiment, each of the plurality of packet switching devices is initially assigned an IP subnet to use on one of its two interfaces participating in the ring network; and wherein said negotiation determines which of said two interfaces will use said initially assigned IP subnet. | 10-23-2014 |
20140313891 | Automatic Adjusting of Reputation Thresholds in Order to Change the Processing of Certain Packets - One embodiment includes a firewall, intrusion prevention, or other device that automatically and dynamically adjusts packets subjected to certain rate limiting based on the reputation level associated with these packets (e.g., based on the reputation score of the source of a packet). In response to measured traffic, one embodiment automatically adjusts the range of reputation scores determining which packets are subjected to this rate limiting (e.g., which packets are possibly dropped), such as, but not limited to increase or decrease the measured traffic. For example, packet traffic with a worse reputation can be singled out for this rate limiting during a period of increased traffic, and then when the measured traffic subsides, the range of reputation scores can be correspondingly changed to allow more measured traffic. | 10-23-2014 |
20140286072 | IDENTIFYING A RESULT USING MULTIPLE CONTENT-ADDRESSABLE MEMORY LOOKUP OPERATIONS - In one embodiment, a first search operation is performed based on a base lookup word on a first plurality of content-addressable memory entries of an overall plurality of priority-ordered content-addressable memory entries to identify a first matching entry and a corresponding first overall search position of the first matching entry within the overall plurality of priority-ordered content-addressable memory entries. A second search operation is performed based on the base lookup word on a second plurality of content-addressable memory entries of the overall plurality of priority-ordered content-addressable memory entries to identify a second matching entry and a corresponding second overall search position of the second matching entry within the overall plurality of priority-ordered content-addressable memory entries. The corresponding first overall search position is compared to the corresponding second overall search position to determine the overall search result. | 09-25-2014 |
20140064722 | Optical Transport Network Delay Measurement - In one embodiment, a one-way delay is measured between optical devices in an optical transport network based on roundtrip times of request and corresponding response frames. A first optical device sends a sequence of delay measurement request frames to a second optical device, which varies a local delay before responding to a request frame, thus causing a slippage in the sequence of reply frames received by the first device. The point at which the request frames are received in relation to the stream of frames sent by the optical device can be identified based on the frame slippage. Therefore, the delay measurement can be adjusted by a corresponding offset to the beginning of a frame in order to increase the accuracy of the one-way delay measurement. | 03-06-2014 |
20140064292 | Switching to a Protection Path Without Causing Packet Reordering - In one embodiment, a working path through a packet switched network is protected by a protection path. In response to a switchover condition, a packet switching device ceases to enqueue packets for sending over the current working path. Packets are enqueue for sending over the protection path, with a delay by a predetermined duration before beginning to dequeue and send of packets over the protection path. A sending packet switching device, by delaying an appropriate predetermined duration, can guarantee that the protection switching operation will not induce packet reordering nor packet loss. This predetermined delay is calculated, possibly based on measurements, of different component delays of sending packets over the working and protection paths. For example, these component delays typically include latency within the sending device, latency of communications between the sending device and the destination, and latency with the destination. | 03-06-2014 |
20140059289 | Content-addressable Memory Lookup Device Supporting Iterative Lookup Operations - In one embodiment, multiple content-addressable memory entries are associated with each other to effectively form a batch content-addressable memory entry that spans multiple physical entries of the content-addressable memory device. To match against this content-addressable memory entry, multiple lookup operations are required—i.e., one lookup operation for each combined physical entry. Further, one embodiment provides that a batch content-addressable memory entry can span one, two, three, or more physical content-addressable memory entries, and batch content-addressable memory entries of varying sizes could be programmed into a single content-addressable memory device. Thus, a lookup operation might take two lookup iterations on the physical entries of the content-addressable memory device, with a next lookup operation taking a different number of lookup iterations (e.g., one, three or more). | 02-27-2014 |
20140059288 | Batch Entries Sharing Individual Content-addressable Memory Entries - In one embodiment, batch entries include multiple content-addressable memory (CAM) entries, and CAM entries are allowed to be shared among different batch entries. For example, two or more batch entries might have a common set of bits (e.g., representing an address, an address prefix, etc.). Rather than consuming bits of multiple CAM entries, a single CAM entry can be programmed with this common information. Other CAM entries associated with different batch entries are programmed with the distinguishing/different values. A batch lookup operation on a batch entry of two or more CAM entries requires multiple lookup operations on the CAM entries. One embodiment uses a batch mask vector to provide information to decode what CAM entries are shared among which batch entries during a series of lookup operations, which can be performed in one or both directions through the CAM entries. | 02-27-2014 |
20140029622 | Reliably Transporting Packet Streams Using Packet Replication - In one embodiment, packet streams are reliably transported through a network using packet replication. A packet stream is received at a duplication point in a network, with two or more copies of each of the packet streams being transported, typically over divergent paths in the network, to a merge point from which a single copy of the packet stream is forwarded or consumed. In one embodiment, this merge point is a packet switching device that includes ingress card(s) and egress line card(s), wherein multiple copies of the packet stream are received by ingress line card(s), with only a single copy provided to an egress line card of the packet switching device. In this manner, a switching fabric or other communication mechanism communicatively coupling the ingress line card(s) to the egress line card, nor the egress line card, is taxed with the burden imposed by additional copies of packet stream. | 01-30-2014 |
20140029449 | Investigating the Integrity of Forwarding Paths within a Packet Switching Device - In one embodiment, the integrity of forwarding paths within a packet switching device is investigated. A packet switching device creates a probe packet. The packet switching device then communicates the probe packet within the packet switching device in a normal forwarding manner, while monitoring at multiple positions along forwarding paths through the packet switching device for the appearance of the probe packet. The traveling within the packet switching device of the probe packet, including as identified by the monitored positions, is analyzed to identify whether or not the probe packet was correctly forwarded at one or more locations within the packet switching device. | 01-30-2014 |
20140003426 | Reducing Proliferation of Network-to-Link-Layer Address Resolution Messages | 01-02-2014 |
20130315600 | Registration of Device Characteristics with Optical Layer for Use in Establishing Connections Through an Optical Network - Disclosed are, inter alia, methods, apparatus, computer-storage media, mechanisms, and means associated with registration of optical device characteristics of optical network devices with an optical control layer of the optical network for use in establishing compatible connections through the optical network. Especially end network devices and internal network optical devices that regenerate the optical signal register their communication capabilities of their optical interfaces with the optical control layer of an optical network. This registration allows a light path to be established through the optical network which is compatible with the registered capabilities. The optical control layer may be centralized in an optical layer server and/or distributed among optical devices in the optical network, such as on control processors in multiple, optical layer devices. | 11-28-2013 |
20130301652 | Sharing Excess Committed Network Appliance Resources - In one embodiment, excess committed network appliance resources are shared for providing services within a network appliance. One approach maintains service resources in a committed service resource pool and one or more other pools of service resources. Service resources are taken from a corresponding pool as needed. Service resources are reallocated to the committed resource pool as needed to ensure that service resources are available to service corresponding packet streams at their corresponding committed rate. Examples of such services provided by a network appliance include, but are not limited to, network address translation (NAT), firewall, Internet Protocol Security (IPsec), virtual private network (VPN), or deep packet inspection (DPI) services. | 11-14-2013 |
20130223228 | Resilient Forwarding of Packets with a Per-Customer Edge (per-CE) Label - In one embodiment, a packet switching device is configured to perform a lookup operation, based on a particular per-CE label (per-Customer Edge label) included in a particular packet, in a forwarding data structure for identifying forwarding information for the particular packet. When a corresponding outbound path is unavailable, a per-VRF (per-Virtual Routing and Forwarding) lookup operation in a VRF data structure, identified based on the particular per-CE label, based on a destination address of a packet encapsulated within the received packet. A corresponding packet is forwarded based on the results of the VRF lookup operation. In one embodiment, a set of more than one egress line card is identified based on this lookup operation, and packets of different routes are load balanced among egress line cards in this identified set of egress line cards. | 08-29-2013 |
20130176845 | Determining Backup Forwarding Paths Based on Route Distinguisher Correlation Values - In one embodiment, a packet switching device determines backup forwarding paths based on route distinguisher correlation values. A route distinguisher correlation value is some value associated with multiple routes, which allows a packet switching device to consider routes associated with a same route distinguisher correlation value, but having different route distinguishers and a same prefix to be considered as going to a same destination. Examples of route distinguisher correlation value used in one embodiment include, but are not limited to: scalar values, a route distinguisher of a different route, a virtual private network associated with a different route; a route target associated with the a different route; or a Border Gateway Protocol (BGP) Next-hop address associated with a different route. | 07-11-2013 |
20130170340 | Dynamically Adjusting Active Members in Multichassis Link Bundle - In one embodiment, active links are added to, and removed from, a multichassis link bundle with one side of the multichassis link bundle terminated on multiple devices of a multichassis device. In one embodiment, adding active links includes selecting which particular device to which to add an active link to the multichassis link bundle based on a device priority of each of the multiple devices, with a device priority of a given device being based on a current number of active links associated with the given device. | 07-04-2013 |
20130142036 | Fast Repair of a Bundled Link Interface Using Packet Replication - In one embodiment, a packet switching device sends packets to be sent from a single link of a bundled link interface to multiple egress network processing units (on a same or different line cards). A single one of these multiple egress network processing units is configured to be in the active mode sending particular sets of packets. The other egress network processing units are configured for these particular sets of packets to be in the non-active mode, and hence, will correspondingly drop these particular sets of packets. In case of failure, an egress network processing unit can quickly (e.g., changing a flag) be changed to the active mode to quickly reduce or eliminate loss of packets. | 06-06-2013 |
20130121150 | Modifying Backbone Service Instance Identifiers based on an Identified Flow of Associated Frames - In one embodiment, backbone service instance identifiers (I-SIDs) of backbone frames are modified based on flow identification of frames encapsulated therein to induce entropy into the headers of the backbone frames. Backbone packet switching devices use the modified service instance identifier to load balance the corresponding frame through the backbone network. At an exit point of the backbone network, the original backbone service instance identifier (I-SID) associated with a frame encapsulated in a backbone frame is recovered from the modified service instance identifier, with this recovery typically including determining the flow identification of the frame encapsulated in the backbone frame. | 05-16-2013 |
20130114613 | Virtual Machines in a Packet Switching Device - In one embodiment, a packet switching device creates multiple virtual packet switching devices within the same physical packet switching device using virtual machines and sharing particular physical resources of the packet switching device. One embodiment uses this functionality to change the operating version (e.g., upgrade or downgrade) of the packet switching device by originally operating according to a first operating version, operating according to both a first and second operating version, and then ceasing operating according to the first operating version. Using such a technique, a packet switching device can be upgraded or downgraded while fully operating (e.g., without having to reboot line cards and route processing engines). | 05-09-2013 |
20130114593 | Reliable Transportation a Stream of Packets Using Packet Replication - In one embodiment, a device receives a first packet stream and a second packet stream over different paths through a network, wherein each of said sent first and the second packet streams includes a same replicated stream of packets. The apparatus processes packets of the first packet stream when the first packet stream is in an active packet stream, and while buffering and subsequently dropping packets of the second packet stream when the second packet stream is in a non-active state. In response to identifying a difference in a number of packets in the same replicated stream of packets received in the second packet stream compared to in the first packet stream equaling or exceeding a predetermined threshold, the second packet stream becomes in the active state and missing packets are forwarded from the buffered second stream packets. | 05-09-2013 |
20130089097 | Forwarding IPv6 Packets based on Shorter Addresses Derived from Their IPv6 Destination Addresses - In one embodiment, a packet switching device is configured to convert an Internet Protocol Version 6 (IPv6) destination address, of a received particular IPv6 packet, to a second, shorter destination address. This second destination address is then used to determine forwarding information for the received IPv6 packet, which is forwarded accordingly. In one embodiment, this second address is a 32-bit address, and in particular, an Internet Protocol Version 4 (IPv4) address. Thus, one embodiment can use the IPv4 forwarding infrastructure of a packet switching device for determining how to forward IPv6 packets. In a network according to one embodiment, packets are encapsulated in an IPv6 packet using an IPv6 destination address (that can be converted to an IPv4 address) of an egress edge packet switching device. Thus, core packet switching devices can forward IPv6 packets using IPv4 lookup operations. | 04-11-2013 |
20130088974 | Avoiding Micro-loops in a Ring Topology of a Network - In one embodiment, micro-loops are avoided in ring topologies of packet switching devices by changing the order of propagation of link state information concerning failed communications between a particular packet switching device and a neighbor packet switching device. In one embodiment, the particular packet switching device communicates link state information of a high cost of the particular communications (e.g., in the direction from particular to neighbor packet switching devices) such that this link state information will propagate towards the particular packet switching device from at least from the furthest packet switching device in the ring topology that is currently configured to forward packets having a destination address of the neighbor packet switching device through the particular packet switching device. | 04-11-2013 |
20130070764 | Establishing a Bidirectional Forwarding Detection (BFD) Asynchronous Mode Session without Knowing A Priori Layer-2 or Layer-3 Information - In one embodiment, a Bidirectional Forwarding Detection (BFD) asynchronous mode session is established between two packet switching devices interconnected by one or more physical links. Prior to L2 or L3 services being established, each of these packet switching devices does not know the Media Access Control (MAC) nor Internet Protocol (IP) addresses of each interface of the other packet switching device that is connected to one of these link(s). A request to establish a BFD session is sent from one packet switching device to the other, with a MAC frame including the request being addressed to a group, broadcast, or other address that the receiving packet switching device will recognize and thus process the received request. Based on information contained in this received MAC frame, the receiving packet switching device has the information it needs, and sends a BFD control frame to the other packet switching device. | 03-21-2013 |
20130034111 | Inducing Protocol Violations For Identifying a Stream of Information - In one embodiment, protocol violations of a particular protocol are induced at one or more predetermined intervals within a particular stream of information encoded according to the particular protocol in order to produce a marked particular stream of information for use in subsequent identification of the marked particular stream of information. The marked stream is multiplexed or otherwise communicated to a second device. The second device detects, and typically corrects, the induced protocol violations. And based on which stream of information included the induced protocol violations and the multiplexing/distribution pattern of the other streams of information, the second device can identify which stream is which and process or forward accordingly. | 02-07-2013 |
20120293199 | Programmable Priority Encoder - In one embodiment, a programmable priority encoder is configured to receive inputs, including an ordered list of a plurality of input request values each representing either a request or a non-request, and a starting position within the ordered list of the plurality of input request values. The programmable priority encoder is configured to generate an identification of a result position of a first input indicating said request in order from a position identified from the starting position within the ordered list. In one embodiment, the programmable priority encoder includes a hierarchal structure of logic blocks including a plurality of columns of logic blocks; wherein a first-stage column of the plurality of columns of logic blocks is configured to operate on at most N input values; and wherein the ordered list of the plurality of input request values consists of N input request values. | 11-22-2012 |
20120281541 | Signaling Describing the Operation of a Link Bundle - In one embodiment, a first device communicates with a second device, including sending and receiving one or more link bundle control packets and/or link control packets over a link bundle. The link bundle includes a plurality of links with each link being coupled between the first device and the second device for communicating information. These link bundle control packets are directed at the operation of the link bundle in its entirety; while the link control packets which are directed to the operation of a corresponding single particular link. The first device communicates with the second device, including operating the link bundle according to these one or more link bundle control packets and/or link control packets. | 11-08-2012 |
20120275338 | Selectively Populating Forwarding Information Bases in a Packet Switch - In one embodiment, forwarding information bases (FIBs) are selectively populated in a packet switch. A packet switching device determines, based on one or more protocol signaling messages, a subset, which is less than all, on which FIBs a lookup operation may be performed for identifying forwarding information for a received particular packet. The packet switching device populates each of these FIBs, but not all of the FIBs of the packet switching device, with forwarding information corresponding to the particular forwarding value. Thus, FIB resources are consumed for only those FIBs which could actually be used, and not all of the FIBs, for forwarding packets in the data plane of the packet switching device, whether these packets are received on a primary or backup path. | 11-01-2012 |
20120257629 | Termination of a Pseudowires on Multiple Line Cards - In one embodiment, line cards of packet switching or other network devices are configured for terminating pseudowires. Typically, this includes multiple line cards being configured for terminating a same pseudowire, which allows the corresponding pseudowire traffic to be received by any one of these multiple line cards. Each of these pseudowire-terminating line cards is typically configured to apply one or more features to a pseudowire packet. Examples of these features include, but are not limited to: Access Control List, Quality of Service, Netflow, and Lawful Intercept. For a received packet to be sent out one of these pseudowires, a two-stage lookup operation can be used to first identify the pseudowire over which to forward the packet; and a second lookup operation based on the pseudowire to identify forwarding information corresponding to a path through a network over which a corresponding pseudowire is configured. | 10-11-2012 |
20120213225 | Packet Switching Label Assignment Across Multiple Packet Switching Forwarding Groups - In one embodiment, a packet switching device assigns a same particular packet switching label to each particular route of a plurality of particular routes having the same one or more best paths, wherein the plurality of particular routes includes routes from at least two different forwarding groups. A forwarding group is defined as a specific route, one or more routes associated with a same customer edge router, or one or more routes associated with a single virtual routing and forwarding domain (VRF). The packet switching device advertises to other packet switching device(s) to add this same particular label to packets having one of the plurality of particular routes, which they do. The packet switching device then packet switches packets based on the particular label received in a label field in a header of these packets. | 08-23-2012 |
20120213222 | Single-homing and Active-Active Multi-homing in a Virtual Private LAN Service - In one embodiment, single-homing and active-active multi-homing is provided in a Virtual Private LAN Service (VPLS). A customer edge node actively communicates frames of a same Virtual Private Network (VPN) instance with two or more VPLS nodes of a VPLS network. The VPLS nodes are configured to appropriately forward frames throughout the VPLS network: without looping of a frame sent by the same external node back to the same external node, without flooding multiple copies of a frame to the same external node, and while performing learning of addresses in forwarding tables of said VPLS nodes such that said forwarding tables of said VPLS nodes converge despite frames of the same LAN service being received by said at least two of said VPLS nodes from the same external node. | 08-23-2012 |
20120213220 | Automated Transitioning Between Different Communication Protocols in a Network - One embodiment includes, inter alia, methods, apparatus, computer-storage media, mechanisms, and/or means associated with automated transitioning between different communication protocols in a network. In one embodiment, automatic transition routers are automatically discovered along with the knowledge of what non-native protocols need to be transported across a network. Communication pathways are automatically established as needed to transport these non-native protocols. One embodiment is particularly useful in transitioning a network from one protocol to another, such as from Internet Protocol version 4 to version 6. | 08-23-2012 |
20120201135 | Reassignment of Distributed Packet Flows - In one embodiment, packet flows are distributed among groups, such as, but not limited to, queues or links. For example in the context of a bundled interface in which multiple links appear as a single logical interface on each of the sender and receiver, packet flows are distributed among these multiple links by the sender. When one or more links become unavailable, packet flows of the affected links are reassigned to other active links, while packet flows assigned to the unaffected links remain associated with the same link in contrast to prior systems which do not attempt to preserve prior associations between packet flows and links. By maintaining these associations, the receiver of the packets does not need to adjust to the different arrival links of packet flows. | 08-09-2012 |
20120063450 | Data Path Processing Information included in the Pseudowire Layer of Packets - Data path processing information is included in the pseudowire layer of pseudowire packets in order to provide information for use in the data path processing of data (e.g., a packet), typically, but not always, included in the payload of the pseudowire packet itself. The pseudowire packet typically includes in corresponding fields: a pseudowire label for identifying a pseudowire type; a pseudowire control word; and payload data. The pseudowire type identifies the structure of the pseudowire control word field and the payload field, including the location of data path meta data, such as in the pseudowire control word field or payload field. This data path meta data identifies one or more attributes for use in processing the payload data. | 03-15-2012 |
20120033664 | Label Distribution Protocol Advertisement of Services Provided by Application Nodes - An application node advertises service(s), using a label distribution protocol, that it offers to other network nodes and a corresponding label to use to identify these services(s). For example, a Targeted Label Distribution Protocol (tLDP) session may be established between a packet switching device and the application node providing these services to communicate the advertisement. Packets are encapsulated and sent from a service node (e.g., packet switching device) with the corresponding label to have one or more advertised services applied to the packet by an application node (e.g., a packet switching device and/or computing platform such as a Cisco ASR 1000). | 02-09-2012 |
20120033663 | Discovery of Services Provided by Application Nodes in a Network - An application node advertises service(s), using a routing protocol, that it offers to other network nodes. For example, the routing protocol used to advertise service(s) in a Service Provider Network is typically an link-state, Interior Gateway Protocol (IGP), such as, but not limited to, Intermediate System to Intermediate System (IS-IS) or Open Shortest Path First (OSPF). Packets are encapsulated and sent from a service node (e.g., packet switching device) using one or more advertised services applied to a packet by an application node (e.g., a packet switching device and/or computing platform such as a Cisco ASR 1000). | 02-09-2012 |
20120027015 | Application of Services in a Packet Switching Device - A service is applied in a packet switching device to both directions of a flow of packets through the packet switching device, with the application of this Layer-4 to layer-7 service to one direction requiring state information shared from the application of the service to packets traversing in the other direction. The service (e.g. firewall, network address translation) can be applied by different processing complexes which do not share memory; thus, state information is communicated between the processing complexes. When the service is applied by a single processing complex, packets can be directed explicitly to the single processing complex. The inline application of services in a packet switching system typically eliminates the need to change a packet's path through the packet switching system to that through a dedicated application server, and may eliminate the need for a dedicated services card or blade server. | 02-02-2012 |
20120026897 | Packet Switching Device Using Results Determined by an Application Node - Packets are encapsulated and sent from a service node (e.g., packet switching device) using one or more services applied to a packet by an application node (e.g., a packet switching device and/or computing platform such as a Cisco ASR 1000) to generate a result, which is used by the service node to process packets of a flow of packets to which the packet belonged. An example of a service applied to a packet is a classification service, such as, but not limited to, using deep packet inspection on the packet to identify a classification result. The service node can, for example, use this classification result to process other packets in a same packet flow, such that all packets of a flow do not need to be, nor typically are, sent to an application node for processing. | 02-02-2012 |
20120005367 | Adaptive Policers Responsive to Utilization Levels of a Resource - Policers receive packets of flows of packet traffic, which are to be communicated to monitored resource. The utilization levels of the monitored resource are induced by these flows of packet traffic. Based on the observed utilization levels (including possibly measured durations in one or more of these utilization levels), a determination is made if, and how to adjust policers for policing their respective flow, with policers being adjusted accordingly. In this manner, adaptive policers (typically located remotely from the monitored resource) are adjusted in response to one or more utilization levels (including possible durations at these utilization levels—i.e., a persistence of the congestion for the resource) of one or more monitored resources, with these identified utilization levels (and possibly durations) used in determining how much to modify a policing rate. | 01-05-2012 |
20120002672 | Service Node Using Services Applied by an Application Node - Packets are encapsulated and sent from a service node to an application node for applying one or more Layer-4 to Layer-7 services to the packets, with service-applied packets being returned to the service node. An identification of a virtual private network (VPN) may be carried within a request packet, encapsulating a particular packet, sent by a service node to an application node for applying a service to the particular packet; with the corresponding response packet sent to the service node including an identification of the VPN for use by the service node node in forwarding the services-applied packet. | 01-05-2012 |
20110268130 | Coordinated Updating of Forwarding Information Bases in a Multistage Packet Switching Device - Disclosed are, inter alia, methods, apparatus, computer-storage media, mechanisms, and means associated with the coordinated updating of forwarding information bases (FIBs) in a multistage packet switching device, which performs at least lookup operations on multiple different FIBs in determining how to forward a packet. One embodiment uses lookup operations on two different FIBs, with these being an ingress FIB on an ingress line card and an egress FIB on an egress line card. In response to a change in the forwarding information for a stream of packets, the egress FIBs are first updated to include both the old and new forwarding information. After all egress FIBs have been updated, the ingress FIBs are updated to use the new forwarding information. This update procedure is designed to eliminate loss or duplication of packets induced during the updating of these FIBs to use the new forwarding information. | 11-03-2011 |
20110264779 | Using Values Represented as Internet Protocol (IP) Addresses to Access Resources in a Non-Internet Protocol Address Space - Non-Internet Protocol (IP) centric resources are accessed based on a value in the form of an IP address. This value (represented as the IP address) is converted to a non-IP address, which is to used access one or more non-IP address space resources. This value (represented as the IP address) typically includes an encoding of the non-IP address and/or an indirect reference (e.g., table index, pointer to a memory location) to the non-IP address. | 10-27-2011 |
20110206058 | Automatic Determination of Groupings of Communications Interfaces - A particular networked machine broadcasts packets from its interfaces resulting in patterns of returned copies of the sent broadcast packets received on its interfaces. Based on these patterns, a determination is made to identify groupings of one or more of the interfaces that are considered by remote devices as being grouped together, as a broadcast packet transmitted from an interface belonging to a grouping will be received on, and only on, a single interface in each of the other groupings, with a grouping being one or more interfaces. In one implementation, a grouping is defined as a single independent interface, or an aggregation of two or more interfaces combined into a single logical interface, such as, but not limited to that of a PortChannel. | 08-25-2011 |
20110206047 | Multiple Network Architecture Providing for Migration of Devices - In providing seamless migration of virtual or physical devices among networks of a virtual local area network (VLAN) such as one spanning multiple data centers, a same virtual anycast Medium Access Control (VMAC) is used for reaching default gateways in virtual and/or physical devices. Each network is typically configured such that source MAC learning for the VMAC should happen only for packets coming from the local default gateway. In this manner, when a device is migrated between networks of the VLAN, the same IP address and corresponding MAC address (typically still residing in the MAC cache of the migrated device) can be used to reach the local default gateway. | 08-25-2011 |
20110200330 | Increasing the Number of Domain identifiers for Use by a Switch in an Established Fibre Channel Switched Fabric - The number of domain identifiers is incrementally increased for use by a switch in an established fibre channel switched fabric. In other words, the number of domains assigned to a switch by the Principal Switch of the fibre channel switched fabric is increased without triggering the reconfiguration of the established fibre channel switched fabric. In one implementation, incrementally adding one or more additional domain identifiers includes requesting said one or more additional domain identifiers from a Principal Switch of the fibre channel switched fabric using a different World Wide Name (WWN) than used to acquire the original one or more domain identifiers used by the switch. | 08-18-2011 |
20110199902 | Automatic Adjusting of Reputation Thresholds in Order to Change the Processing of Certain Packets - A firewall, intrusion prevention or other device automatically and dynamically adjusts packets subjected to certain rate limiting based on the reputation level associated with their source. When measured traffic increases beyond a desired amount, the range of reputation scores causing their associated packets to be subjected to this rate limiting is adjusted to throttle the measured traffic to fall within desired limits. In this manner, packet traffic with a worse reputation can be singled out for this rate limiting during a period of increased traffic. When the measured traffic subsides, the range of reputation scores can be correspondingly changed to allow more measured traffic. | 08-18-2011 |
20110197060 | Externally Managed Security and Validation Processing Device - An externally managed security and validation processing device includes a cryptographic processing subsystem configured for performing security or validation services; an application interface configured for communicating security or validation services with an application system; and a secure management interface configured for communicating information, including configuration information for the cryptographic processing system for performing said security or validation services, with a service profile system external to the apparatus without passing said configuration information through the application system. The service profile system can typically also migrate security services provided by one apparatus to another apparatus. | 08-11-2011 |
20110194564 | Distributing Ethernet Alarm Indication Signal Information to Multiple Virtual Local Area Networks - Ethernet Alarm Indication Signal (ETH-AIS) information for multiple Virtual Local Area Networks (VLANs) is consolidated and distributed to the multiple VLANs in a single Ethernet frame. Note, as used herein, “Alarm Indication Signal (ETH-AIS)” refers to an IEEE 802.x or ITU-T Y.1731 Ethernet Alarm Indication Signal. A device receiving the Ethernet frame with the consolidated ETH-AIS information typically forwards the frame out each port that communicates traffic for one of the VLANs included in the consolidated ETH-AIS information. | 08-11-2011 |
20110158253 | Increasing Transmission Rate to a Remote Device In Response to Attributing Information Loss as Not Being a Result of Network Congestion - In response to a detected loss of previously transmitted information by an apparatus communicating with a remote device (e.g., using TCP), the rate of transmission of information is increased by the apparatus in response to attributing the detected loss of previously transmitted information as not being caused by congestion. This attribution of the packet loss is typically determined based on roundtrip delays between sent information and received corresponding acknowledgments, which may be used directly or indirectly, such as by estimating network queuing delays based on the measured roundtrip delays. | 06-30-2011 |
20110154019 | Graceful Conversion of a Security to a Non-security Transparent Proxy - A graceful conversion of a security to a non-security transparent proxy is performed. A security transparent proxy is an intermediary between two end devices, with an established secure connection with each end device using different security keys. In response to a policy decision or other stimulus, the security transparent proxy is gracefully converted to a non-security transparent proxy such that it can forward, without decrypting and encrypting, the information received from a first endpoint on the first connection therewith to the second endpoint on the second connection therewith. This conversion is “graceful” in that it does not drop either of the two original sessions. In one embodiment, this graceful conversion is accomplished by triggering a key renegotiation on both of the two sessions such that the two connections will use the same encryption key. | 06-23-2011 |
20110141880 | Hierarchical Protection Switching Framework - A hierarchical protection switching framework uses detectors and protectors. A protector registers with a detector to receive notifications. A detector identifies a condition and the interested protector, and notifies the interested protector. The protector in response to the notification, typically either performs protection switching or notifies another protector of the condition. This protection switching is an extensible operation, and typically may include, but is not limited to switching traffic to a backup facility from a facility corresponding to the condition and switching traffic to a backup component from a component corresponding to the condition. The decision of a protector whether to notify another protector of the condition can be made based on different factors, such as, but not limited to a failure of the protection switching by the protector, a database lookup operation to identify whether notification of another particular condition has been received or not received, etc. | 06-16-2011 |
20110110382 | Distribution of Packets Among PortChannel Groups of PortChannel Links - PortChannel groups are disclosed which include multiple PortChannel links of a PortChannel. Further, the selection of a particular PortChannel group, and possibly a PortChannel link within a selected PortChannel group, for a packet is provided by user-programmable matching of programmed values or rules to data extracted from the packet. In this manner, the forwarding of packets over PortChannel groups can be explicit. Moreover, packets of different flows of a packet session can be caused to be forwarded over a same PortChannel group, possibly leading to a service node for performing one or more applications based on the packets of the flow(s) of a packet session. | 05-12-2011 |
20110096784 | Controlled Propagation of VLAN Declarations - The propagation of virtual local area network (VLAN) declarations is controlled, to minimize or eliminate their propagation to packet switching devices which do not carry traffic for a corresponding VLAN. Initially and in response to a first time receipt of a VLAN declaration for a particular VLAN on a particular interface of a packet switching device, VLAN declarations for the particular VLAN is propagated out every interface of the packet switching device. After a predetermined time frame, if a VLAN declaration has not been received on a particular interface for an active VLAN, propagation of the VLAN declarations for the active VLAN will be suppressed for the particular interface. | 04-28-2011 |
20110096777 | Determining Packet Forwarding Information For Packets Sent From A Protocol Offload Engine In A Packet Switching Device - Disclosed are, inter alia, methods, apparatus, computer-readable media, mechanisms used in one embodiment configured for, and means for, determining packet forwarding information for packets sent from a protocol offload engine in a packet switching device. The protocol offload engine performs the protocol processing for a protocol application (e.g., BGP) running on a separate control plane processing system, and generates packets to be sent to external devices. The protocol offload engine sends these packets to one of the line cards without using the routing information lookup facility of the control plane processing system, thereby, freeing the control plane processing system to use those processing cycles to perform other tasks. | 04-28-2011 |
20110080911 | Forwarding of Packets to a Same Location Having a Same Internet Protocol (IP) Address Embedded in a Different Advertised Route - Routes advertised in a network may include an Internet Protocol (IP) address and one or more values to distinguish the route from other route(s) including the same IP address. Routes in a same context (e.g., within a same Virtual Private Network or for an entire network) with a same IP address are considered to refer to a same destination. When these routes are associated with different paths through a network, these different paths can be used to forward traffic for packets associated with routes including a same IP address (in a same context), particularly in response to a network problem. | 04-07-2011 |
20110075680 | Forwarding of Packets Based on a Filtered Forwarding Information Base - A filtered Forwarding Information Base (FIB) (the “complete local FIB”) is used to determine how to forward packets, typically on line cards. The complete local FIB is generated by filtering (i.e., dropping or removing) extraneous entries in the standard global FIB of a router. This smaller FIB is then installed within the memory of a forwarding engine, possibly implemented as a single application-specific integrated circuit (ASIC), for use in determining how to forward packets, with the router forwarding packets accordingly. | 03-31-2011 |
20110069639 | Withdrawing Multiple Advertised Routes Based On A Single Tag Which May Be Of Particular Use In Border Gateway Protocol - Advertised routes are associated with a particular tag in a routing database in a second router. A first router subsequently sends one or more messages associated with a route withdraw operation that specifies the particular tag, such that second router can identify, based on the particular tag, a set including multiple routes, and remove those multiple routes from its routing database. For example, the tag may be a Border Gateway Protocol attribute, a Border Gateway Protocol communities attribute, or some other indication, numeric quantity, or opaque value. | 03-24-2011 |
20110019677 | Limiting of Network Device Resources Responsive to IPv6 Originating Entity Identification - Methods, apparatus, computer-storage media, mechanisms, and means associated therewith are used to limit network device resources based on the identification of the Internet Protocol version 6 (IPv6) originating entity (e.g., subscriber of a network carrier). As an IPv6 originating entity will typically be assigned 264 or more valid IPv6 addresses, the originating entity may send packets with a source address of any of these valid IPv6 addresses and still be compliant with Internet standards and/or other specifications (e.g., RFCs). By determining the originating entity and controlling the allocation of network device resources based on the originating entity (in contrast to on a per valid IPv6 address basis), a network service provider can manage its network device resources, such as in a manner to prevent a depletion of resources caused by an originating entity using a plethora valid IPv6 addresses, or a malicious denial-of-service attack. | 01-27-2011 |
20110019671 | Partitioned Forwarding of Packets Originated on a Broadcast Link Among Layer 2 Forwarding Devices of Different Adjacency Networks - The designated forwarding device functionality for forwarding of packets originated on a broadcast link among layer 2 is shared among multiple forwarding devices of different adjacency networks. As these networks do not form adjacencies, the forwarding devices do not natively participate in a same spanning tree for determining how to forward packets, and a designated forwarding device is used for forwarding packets originated on the common broadcast link. Distributing the role of a designated forwarding device among multiple of the forwarding devices provides a means for more efficiently forwarding packets to their destinations. | 01-27-2011 |
20100306405 | Prefetch Optimization of the Communication of Data Using Descriptor Lists - The size and location of an envelope of a data block are included in the posting to a second device of a descriptor list entry for the data block, thus allowing the second device to read the data block without having to first read the descriptor list entry. This envelope may be the same size and location of the data block, or this envelope may be larger than the data block. For example, as the size of the posted register may not be large enough to also store all of the bits required to specify the exact size and position of the data block, a larger data block envelope is defined without specifying the exact low order bits of the size and/or location of the data block envelope. | 12-02-2010 |
20100215047 | SUBSETS OF THE FORWARD INFORMATION BASE (FIB) DISTRIBUTED AMONG LINE CARDS IN A SWITCHING DEVICE - Disclosed are, inter alia, methods, apparatus, computer-storage media, mechanisms, and means associated with subsets of the Forward Information Base (FIB) distributed among line cards in a switching device; especially wherein one or more of the line cards does not contain the complete FIB, and this line card forwards packets, for which it does not have the forwarding information, to another line card which has the forwarding information for the packet. | 08-26-2010 |
20100211799 | Protecting Digital Data such as Images on a Device with Image Acquisition Capabilities - Digital data, such as images on a digital camera, is typically protected (e.g., encrypted and/or authenticated) based on a master key stored off the device. The original master key can be acquired in a number of different ways, including being generated by the device or by another device. A one-way, progressive series of keys are derived from the master key such that only images or data of a same session can be authenticated or decrypted for viewing, export or manipulation of the decrypted image/data. In order to decrypt images or data of a previous session on the device, the master key must be imported to the device, such as by, but not limited to, taking a picture of a representation of the key and interpreting the image to reacquire the master key. | 08-19-2010 |
20100191863 | Protected Device Initiated Pinhole Creation to Allow Access to the Protected Device in Response to a Domain Name System (DNS) Query - Disclosed are, inter alia, methods, apparatus, computer-storage media, mechanisms, and means associated with a protected device initiating a pinhole through a network address translator and/or firewall to allow access to the protected device in response to a Domain Name System (DNS) query. In response to a received DNS query from a domain name system (DNS) server, an apparatus requests a traffic pinhole be created in a firewall or network address translator for allowing traffic initiated from a device, on another side of the firewall or said network address translator from the apparatus, to reach the apparatus. | 07-29-2010 |
20100183308 | Registration of Device Characteristics with Optical Layer for Use in Establishing Connections Through an Optical Network - Disclosed are, inter alia, methods, apparatus, computer-storage media, mechanisms, and means associated with registration of optical device characteristics of optical network devices with an optical control layer of the optical network for use in establishing compatible connections through the optical network. Especially end network devices and internal network optical devices that regenerate the optical signal register their communication capabilities of their optical interfaces with the optical control layer of an optical network. This registration allows a light path to be established through the optical network which is compatible with the registered capabilities. The optical control layer may be centralized in an optical layer server and/or distributed among optical devices in the optical network, such as on control processors in multiple, optical layer devices. | 07-22-2010 |
20100080131 | Validation of Routes Advertised by Border Gateway Protocol - Disclosed are, inter alia, methods, apparatus, computer-storage media, mechanisms, and means associated with validation of routes advertised by Border Gateway Protocol. One embodiment validates or invalidates a route received in a Border Gateway Protocol (BGP) update message. A route is validated in response to determining that the originating autonomous system specified in the AS_Path attribute for the route in a received BGP update message has authority to advertise the route and/or whether or not multiple autonomous systems identified in the AS_Path attribute of the update message is authorized to advertise the route, possibly in a particular order. | 04-01-2010 |
20100074391 | Shift Register with Dynamic Entry Point Particularly Useful for Aligning Skewed Data - Disclosed are, inter alia, methods, apparatus, computer-storage media, mechanisms, and means associated with a shift register with a dynamic entry point, which may particularly useful for aligning skewed data. The dynamic entry shift register typically includes a series of storage elements, with multiplexers distributed between the storage elements. Each of the multiplexers is configured to select between: (a) the output signal of a previous storage element, and (b) the input signal. A control is configured to configure the multiplexers for a data signal applied as the input signal to induce an appropriate delay of the data signal as the output signal. The dynamic entry shift register can be scaled to accommodate a longer delay while still using only 2:1 multiplexers between stages in the dynamic entry shift register(s). | 03-25-2010 |
20100067374 | Reducing Flooding in a Bridged Network - Disclosed are, inter alia, methods, apparatus, computer-storage media, mechanisms, and means associated with loss of reducing flooding in a bridged network, typically including a device directly connected to multiple upstream bridges. These bridges are configured such that the device receives broadcast/multicast traffic from a single interface of one of the bridges, while allowing unicast traffic over each of the communications links connecting the device to the bridges. In one configuration, the device implements virtual machine(s), each including a virtual network interface associated with a MAC address; and the directly connected bridges are configured, for each particular MAC address of these MAC addresses of the virtual interfaces, such that one and only one of the bridges will forward packets having the particular MAC address as its destination address over a communications link directly connected to the device. | 03-18-2010 |
20100061380 | Load Balancing across Multiple Network Address Translation (NAT) Instances and/or Processors - Disclosed are, inter alia, methods, apparatus, computer-storage media, mechanisms, and means associated with load balancing across multiple network address translation (NAT) instances and/or processors. N network address translation (NAT) processors and/or instances are each assigned a portion of the source address traffic in order to load balance the network address translation among them. Additionally, the address space of translated addresses is partitioned and uniquely assigned to the NAT processors and/or instances such that the identification of the assigned NAT processor and/or instance associated with a received translated address can be readily determined there from, and then used to network address translate that received packet. | 03-11-2010 |
20100046511 | Automated Discovery of Network Devices Supporting Particular Transport Layer Protocols - Disclosed are, inter alia, methods, apparatus, computer-storage media, mechanisms, and means associated with automated discovery of network devices supporting particular transport layer protocols, such as, but not limited to Stream Control Transmission Protocol (SCTP). Packet switching devices automatically discover peer packet switching devices supporting a particular transport layer protocol, and then establish a session using the particular transport layer protocol between them for subsequent use in transporting packets. | 02-25-2010 |
20090323709 | Determining and Distributing Routing Paths for Nodes in a Network - Disclosed are, inter alia, methods, apparatus, computer-storage media, mechanisms, and means associated with determining and distributing routing paths for nodes in a network. For each route computational node of multiple route computational nodes in a network: a tree of paths between itself and each of multiple nodes in the network is determined. A particular tree of paths is determined for a particular node of these multiple nodes to the other nodes based on at least two of the determined trees of paths for the route computational nodes. The particular node then sends a packet towards a destination based on the particular tree of paths determined for the particular node. | 12-31-2009 |
20090316697 | Pre-Dropping of a Packet if Its Time-To-Live (TTL) Value is Not Large Enough to Reach a Destination - Disclosed are, inter alia, methods, apparatus, computer-storage media, mechanisms, and means associated with pre-dropping of a packet if its Time-To-Live (TTL) value is not large enough to reach a destination, such as, but not limited to, its destination if it is a unicast packet, or at least one more destination for a multicast packet. A packet switching device maintains associations between (a) nearest receiving node distances and (b) prefixes or complete addresses. If a packet does not have enough TTL to reach an intended recipient identified by a corresponding nearest receiving node distance, then the packet is dropped even though the TTL has not expired. In this manner, some bandwidth and other network resources are not wasted on traffic that will timeout via the TTL mechanism before reaching a subsequent intended recipient. | 12-24-2009 |
20090296580 | Cooperative Flow Locks Distributed Among Multiple Components - Disclosed are, inter alia, methods, apparatus, computer-storage media, mechanisms, and means associated with cooperative flow locks distributed among multiple components, such as on different application-specific integrated circuits in a packet switching device. Flow locks are typically used for maintaining the order of packets and operations performed thereon by the coordination of a context (e.g., the processing of a packet by a packet processor) with a corresponding flow lock interface, and by the manner of communication performed among the flow lock interface and the distributed flow locks. | 12-03-2009 |
20090271570 | Content-Addressable Memory Lookup Operations with Error Detection - Disclosed are, inter alia, methods, apparatus, computer-storage media, mechanisms, and means associated with content-addressable memory lookup operations with error detection. Lookup operations are performed on two identical sets of content-addressable memory entries to identify two lookup results. An error detection operation is performed on the highest-priority matching entry of each set of content-addressable memory entries. An overall lookup result is determined based on the lookup and error detection results. | 10-29-2009 |
20090207846 | PROPAGATION OF MINIMUM GUARANTEED SCHEDULING RATES AMONG SCHEDULING LAYERS IN A HIERARCHICAL SCHEDULE - A hierarchy of schedules propagate minimum guaranteed scheduling rates among scheduling layers in a hierarchical schedule. The minimum guaranteed scheduling rate for a parent schedule entry is typically based on the summation of the minimum guaranteed scheduling rates of its immediate child schedule entries. This propagation of minimum rate scheduling guarantees for a class of traffic can be dynamic (e.g., based on the active traffic for this class of traffic, active services for this class of traffic), or statically configured. One embodiment also includes multiple scheduling lanes for scheduling items, such as, but not limited to packets or indications thereof, such that different categories of traffic (e.g., propagated minimum guaranteed scheduling rate, non-propagated minimum guaranteed scheduling rate, high priority, excess rate, etc.) of scheduled items can be propagated through the hierarchy of schedules accordingly without being blocked behind a lower priority or different type of traffic. | 08-20-2009 |
20090201811 | Load Balancing Manipulation of Packet Flows Within a Transport Conduit - Disclosed are, inter alia, methods, apparatus, computer-readable media, mechanisms, and means for load balancing manipulation of packet flows within a transport conduit (e.g., a tunnel, pseudo wire, etc.), typically using a load balancing value which is independent of standard routing-based parameters (e.g., source address, destination address, source port, destination port, protocol type, etc.). A load balancing value is included in encapsulated packets transported across a network using a transport conduit. This load balancing value can be used to load balance the individual flows/microflows within the transport conduit. | 08-13-2009 |
20090201808 | Rate Controlling of Packets Destined for the Route Processor - Packets destined for the route processor of a packet switching device are rate controlled. Typically, line cards are configured to rate limit packets of offending packet flows destined for the route processor, such, but not limited to in response to a quantity of packets in the route processor. Filtering of packets of offending packet flows at the line cards reduces the work required of the route processor. | 08-13-2009 |
20090196298 | Transportation of IEEE 802.1ah Frames over Multiprotocol Label Switching Pseudowires for Virtual Private LAN Services - Disclosed are, inter alia, methods, apparatus, computer-storage media, mechanisms, and means for transportation of IEEE 802.1 | 08-06-2009 |
20090190482 | Relative One-Way Delay Measurements Over Multiple Paths Between Devices - Disclosed are, inter alia, methods, apparatus, computer-readable storage media, mechanisms, and means for measuring relative one-way delay measurements over multiple paths between devices. The relative one-way delays from a networked device to a remote device can be determined based on the round-trip delay of pairs of probe/probe-return packets as each pair takes a different path to the remote device and takes the same path from the remote device to the networked device. The relative one-way delays from a remote device to a networked device can be determined based on the round-trip delay of pairs of probe/probe-return packets as each pair takes a same path to the remote device and takes a different path from the remote device to the networked device. | 07-30-2009 |
20090183046 | Programmable Test Clock Generation Responsive to Clock Signal Characterization - Disclosed are, inter alia, methods, apparatus, mechanisms, and means for characterizing a clock signal within an application-specific integrated circuit (ASIC), and then, also on the ASIC, generating a testing clock signal based on the characterization of the operative clock signal for testing purposes. An ASIC includes a clock signal characterization circuit configured to characterize a clock signal within the ASIC; and a programmable testing clock signal generator configured for being programmed based on said characterization of the clock signal, and for generating a test clock signal based on its said programming. | 07-16-2009 |
20090141721 | Deterministic Multiprotocol Label Switching (MPLS) Labels - Disclosed are, inter alia, methods, apparatus, computer-readable media, mechanisms, and means for deterministically determining MPLS labels as functions of addresses of Forwarding Equivalence Classes (FECs), and using these determined labels in the forwarding of packets. By each packet switching device in a network deterministically determining the same MPLS label to use for each FEC, each packet switching device knows what label will be used by the other packet switching devices, without running Label Distribution Protocol (LDP) or another label publishing protocol. Additionally, this knowledge extends to all packet switching devices in a network, not merely neighboring packet switching devices, which allows a packet switching device to specify a stack of labels to define a desired path through the network for explicit path routing and/or fast rerouting of traffic without having to previously establish a tunnel or path using Resource Reservation Protocol (RSVP), for example. | 06-04-2009 |
20090091442 | INVENTORY DEVICES AND METHODS - In one implementation, a method includes reading first component data from a first tag associated with a first component of a device. The device may be powered on or off. The first component data indicate components associated with the first component at a first time. The method may involve obtaining second component data from a second tag associated with a support structure. The second component data may indicate components disposed in the support structure at a second time. The method may also involve comparing the first component data with the second component data and determining whether the first component data match the second component data. | 04-09-2009 |
20090080399 | METHODS AND APPARATUS FOR SUPPORTING PROXY MOBILE IP REGISTRATION IN A WIRELESS LOCAL AREA NETWORK - Methods and apparatus for enabling mobility of a node that does not support Mobile IP are disclosed. When an AP receives a data packet, the AP may compare the data packet (e.g., source address) with the AP information for one or more APs to determine whether to send a registration request on behalf of the node. More particularly, the AP determines from the source address whether the node is located on a subnet identical to a subnet of the AP. If the node is located on the subnet of the AP, no Mobile IP service is required on behalf of the node. However, when it is determined from the source address that the node is not located on the subnet identical to the subnet of the Access Point, the AP composes and sends a mobile IP registration request on behalf of the node. For instance, the mobile IP registration request may be composed using the gateway associated with the “home” AP (e.g., having a matching subnet) as the node's Home Agent. | 03-26-2009 |
20090052326 | BACKWARD CONGESTION NOTIFICATION - In one embodiment, an apparatus comprises a network interface system having at least one input port configured for receiving frames and a logic system comprising at least one logic device. The logic system may be configured to perform the following functions: determining a source address and a destination address of a frame received at an ingress port; calculating a flow hash based at least upon the source address and the destination address; forming a congestion management (“CM”) tag that includes the flow hash; inserting the CM tag in the frame; and forwarding the frame to the destination address. | 02-26-2009 |
20090003432 | Expedited splicing of video streams - In one embodiment, a method is described that includes receiving a conditioned bitstream that includes a digital insertion location and primary network packets that contain compressed video data. The digital insertion location includes replaceable network packets. The method also includes receiving a second bitstream that includes replacement compressed video data. The method also includes determining a location of the digital insertion location. The method further includes adjusting the bitrate of the replacement compressed video data to create adjusted replacement compressed video data. The method further includes providing timestamp information with the replacement compressed video data. The method additionally includes packetizing the adjusted replacement compressed video data and timestamp information into replacement network packets. The method further includes combining the replacement network packets into the digital insertion location in the conditioned bitstream at the network packet level without depacketizing or decompressing the compressed video data in the primary network packets. | 01-01-2009 |
20080198810 | METHODS AND APPARATUS FOR BROADCAST OPTIMIZATION IN MOBILE IP - Methods and apparatus for supporting broadcast traffic in Mobile IP are disclosed. When a Mobile Node registers via a Foreign Agent supporting Mobile IP, the Foreign Agent receives a registration request from a Mobile Node and sends the registration request to a Home Agent. A registration reply received from the Home Agent has a network mask extension including a network mask associated with the home address of the Mobile Node. The Foreign Agent then sends the registration reply to the Mobile Node. Alternatively, the Mobile Node may register via a collocated care-of address, in which case the registration reply is received directly from the Home Agent. Once the Mobile Node has obtained its network mask, it may send packets such as broadcast packets, as well as roam to its Home Agent. Additionally, in accordance with various embodiments, the Foreign Agent duplicates broadcast packets for transmission to Mobile Nodes, rather than receiving the duplicated packets from the Home Agent. In this manner, broadcast traffic in a Mobile IP environment is optimized. | 08-21-2008 |