Foundry Networks, LLC Patent applications |
Patent application number | Title | Published |
20140187241 | METHODS AND APPARATUS FOR HANDLING WIRELESS ROAMING AMONG AND ACROSS WIRELESS AREA NETWORKS - Wireless roaming in a computer network may be handled through a solution provided on one or more switches in the network. A roam request sent by a switch corresponding to the user's new location may be received by the other switches in the network. If the user is known to any of these switches, then they may execute steps to accommodate the roaming. The tasks performed may vary based on whether the roaming is on layer 2 or layer 3, whether the switch is a home agent for the client, and/or whether the switch already corresponds to the user's new location. | 07-03-2014 |
20140153567 | System and Method for Implementation of Layer 2 Redundancy Protocols Across Multiple Networks - The system, method, and article of manufacture of the present invention allows multiple customers connected to a common external network to each implement a layer 2 redundancy protocol, such as the spanning tree protocol, in order to prevent layer 2 loops. Accordingly, a method is presented for providing an independent loop free layer 2 topology between a external network and a customer network comprising tagging control packets originating on the customer network with a unique identifier and tunneling the control packets received from the customer network between a plurality of boundary interface devices at the external network such that the control packets are routed back to the customer network based on the presence of the unique identifier in the control packet. The layer 2 redundancy protocol on the customer network converges based at least in part on the presence of control packets appearing on more than one port on the customer network. | 06-05-2014 |
20140022916 | DUPLICATING NETWORK TRAFFIC THROUGH TRANSPARENT VLAN FLOODING - An approach to duplicating network traffic is described. In one approach, a method of creating multiple copies of network traffic is detailed. The method involves receiving network traffic, producing a duplicate copy of the network traffic, and forwarding the duplicate copy to a monitoring port. The monitoring port forwards copies to a number of indicated ports. | 01-23-2014 |
20130343199 | TECHNIQUES FOR PROCESSING INCOMING FAILURE DETECTION PROTOCOL PACKETS - Techniques that assist in processing of failure detection protocol (FDP) packets. Techniques are provided that assist a CPU of a network device in processing incoming FDP packets. In one embodiment, only a subset of FDP packets received by the network device is forwarded to the CPU for processing, the other FDP packets are dropped and not forwarded to the CPU. In this manner, the amount of processing that a CPU of the network device has to perform for incoming FDP packets is reduced. This enables the network device to support newer FDPs with shorter periodic interval requirements. | 12-26-2013 |
20130305236 | HITLESS SOFTWARE UPGRADES - Disclosed is a technique for facilitating software upgrade for a switching system comprising a first management processor and a second management processor and a set of one or more line processors, the techniques comprising receiving a signal to perform a software upgrade for a line processor from the set of line processors, and performing a software upgrade for the line processor without substantially affecting packet switching performed by the switching system. | 11-14-2013 |
20130182562 | TECHNIQUES FOR DETERMINING LOCAL REPAIR PATHS USING CSPF - Techniques for computing a path for a local repair connection to be used to protect a connection traversing an original path from an ingress node to an egress node. The computed path originates at a node (start node) in the original path and terminates at another node (end node) in the original path that is downstream from the start node. A Constraint Shortest Path First (CSPF) algorithm may be used to compute the path. The computed path is such that it satisfies one or more constraints and does not traverse a path from a first node in the original path to a second node in the original path, wherein the first and second nodes are upstream from the start node in the original path and the second node is downstream from the first node in the original path. A local repair connection may then be signaled using the computed path. | 07-18-2013 |
20130034098 | FLEXIBLE METHOD FOR PROCESSING DATA PACKETS IN A NETWORK ROUTING SYSTEM FOR ENHANCED EFFICIENCY AND MONITORING CAPABILITY - According to an embodiment of the invention, a network device such as a router or switch provides efficient data packet handling capability. The network device includes one or more input ports for receiving data packets to be routed, as well as one or more output ports for transmitting data packets. The network device includes an integrated port controller integrated circuit for routing packets. The integrated circuit includes an interface circuit, a received packets circuit, a buffer manager circuit for receiving data packets from the received packets circuit and transmitting data packets in one or more buffers and reading data packets from the one or more buffers. The integrated circuit also includes a rate shaper counter for storing credit for a traffic class, so that the integrated circuit can support input and/or output rate shaping. | 02-07-2013 |
20120311355 | MANAGING POWER ALLOCATION TO ETHERNET PORTS IN THE ABSENCE OF MUTUALLY EXCLUSIVE DETECTION AND POWERING CYCLES IN HARDWARE - A method of allocating power to ports in an Ethernet switch, including: ( | 12-06-2012 |
20120297447 | AUTHENTICATION TECHNIQUES - Techniques for authenticating clients of differing capabilities in an efficient manner. Two or more authentication techniques, including one preferred authentication technique, are initiated to run in parallel to authenticate a client. Upon determining that the client can support the preferred authentication technique, the preferred technique is used to authenticate the client and the other authentication techniques are aborted. If it is determined that the client cannot support the preferred authentication technique, then one of the other authentication techniques is used to authenticate the client. In this manner, based upon the capabilities of the client, an appropriate authentication technique is used to authenticate the client in an efficient manner. | 11-22-2012 |
20120294312 | PIPELINE METHOD AND SYSTEM FOR SWITCHING PACKETS - A switching device comprising one or more processors coupled to a media access control (MAC) interface and a memory structure for switching packets rapidly between one or more source devices and one or more destination devices. Packets are pipelined through a series of first processing segments to perform a plurality of first sub-operations involving the initial processing of packets received from source devices to be buffered in the memory structure. Packets are pipelined through a series of second processing segments to perform a plurality of second sub-operations involved in retrieving packets from the memory structure and preparing packets for transmission. Packets are pipelined through a series of third processing segments to perform a plurality of third sub-operations involved in scheduling transmission of packets to the MAC interface for transmission to one or more destination devices. | 11-22-2012 |
20120275294 | RECOVERING FROM FAILURES WITHOUT IMPACT ON DATA TRAFFIC IN A SHARED BUS ARCHITECTURE - Methods of detecting and recovering from communication failures within an operating network switching device that is switching packets in a communication network, and associated structures. The communication failures addressed involve communications between the packet processors and a host CPU over a shared communications bus, e.g., PCI bus. The affected packet processor(s)—which may be all or a subset of the packet processors of the network switch—may be recovered without affecting hardware packet forwarding through the affected packet processors. This maximizes the up time of the network switching device. Other packet processor(s), if any, of the network switching device, which are not affected by the communication failure, may continue their normal packet forwarding, i.e., hardware forwarding that does not involve communications with the host CPU as well as forwarding or other operations that do involve communications with the host CPU. | 11-01-2012 |
20120236722 | Backplane Interface Adapter with Error Control and Redundant Fabric - A backplane interface adapter with error control and redundant fabric for a high-performance network switch. The error control may be provided by an administrative module that includes a level monitor, a stripe synchronization error detector, a flow controller, and a control character presence tracker. The redundant fabric transceiver of the backplane interface adapter improves the adapter's ability to properly and consistently receive narrow input cells carrying packets of data and output wide striped cells to a switching fabric. | 09-20-2012 |
20120120952 | METHOD FOR PROVIDING SCALABLE MULTICAST SERVICE IN A VIRTUAL PRIVATE LAN SERVICE - Multicast capability in a virtual private LAN service (VPLS) is provided in a provider IP/MPLS infrastructure without headend replications by encapsulating a customer data packet to use an established multicast protocol, such as IP multicast. In one example, the customer data packet is encapsulated by an IP header having an IP multicast group address and an Ethernet header. In one implementation, a DNS type mechanism is provided to distribute the IP multicast addresses for VPLS use. Such IP multicast group address can be set aside from an administratively scoped address range. An efficient IP routing algorithm running on the provider's network provides an efficient distribution tree for routing IP-encapsulated customer packet for the VPLS. | 05-17-2012 |
20120033542 | TECHNIQUES FOR DETERMINING LOCAL REPAIR CONNECTIONS - Techniques for configuring a local repair connection for a protected connection including determining a path for the local repair connection. The path traversed by a local repair connection starts at a node in the path associated with the protected connection and ends at a merge point node in the path associated with the protected connection that is downstream from the start node. In one embodiment, the merge point node may even be more than two hops downstream from the start node in the path associated with the protected connection. The local repair path may include zero or more nodes that are not included in the path associated with the protected connection. Techniques are also described for optimizing the path associated with a local repair connection. | 02-09-2012 |
20120026868 | Backplane Interface Adapter - A backplane interface adapter for a network switch. The backplane interface adapter includes at least one receiver that receives input cells carrying packets of data; at least one cell generator that generates encoded cells which include the packets of data from the input cells; and at least one transmitter that transmits the generated cells to a switching fabric. The cell includes a destination slot identifier that identifies a slot of the switching fabric towards which the respective input cell is being sent. The generated cells include in-band control information. | 02-02-2012 |
20120011584 | SYSTEM AND METHOD FOR ARP ANTI-SPOOFING SECURITY - A system and method that provides for copying ARP replies, and generating data packets which include the ARP reply, and other information such as an identification of the port on the ARP reply was received. These data packets are then transmitted to an ARP collector which stores the ARP reply and port information. The ARP collector then uses this stored information, and analyzes future data packets relative to the stored information to detect occurrences of ARP spoofing. The ARP collector further provides for generating alerts and taking security actions when ARP reply spoofing is detected. | 01-12-2012 |
20110268108 | Backplane Interface Adapter with Error Control and Redundant Fabric - A backplane interface adapter with error control and redundant fabric for a high-performance network switch. The error control may be provided by an administrative module that includes a level monitor, a stripe synchronization error detector, a flow controller, and a control character presence tracker. The redundant fabric transceiver of the backplane interface adapter improves the adapter's ability to properly and consistently receive narrow input cells carrying packets of data and output wide striped cells to a switching fabric. | 11-03-2011 |
20110191459 | CONFIGURABLE GEOGRAPHIC PREFIXES FOR GLOBAL SERVER LOAD BALANCING - In a load balancing system, user-configurable geographic prefixes are provided. IP address prefix allocations provided by the Internet Assigned Numbers Authority (IANA) and associated geographic locations are stored in a first, static database in a load balancing switch, along with other possible default geographic location settings. A second, non-static database stores user-configured geographic settings. In particular, the second database stores Internet Protocol (IP) address prefixes and user-specified geographic regions for those prefixes. The specified geographic region can be continent, country, state, city, or other user-defined region. The geographic settings in the second database can override the information in the first database. These geographic entries help determine the geographic location of a client and host IP addresses, and aid in directing the client to a host server that is geographically the closest to that client. | 08-04-2011 |
20110122966 | SYSTEM AND METHOD TO ACCESS AND ADDRESS HIGH-SPEED INTERFACE CONVERTER DEVICES - High-speed transceiver devices, such as GBIC-type transceivers, are accessed and addressed. Identification information (including manufacturer name, model, compliance codes) is placed in data fields of the transceivers. An algorithm checks each port in each module of a host system to determine if a transceiver is present. If a particular transceiver is present, then algorithms store the port address of the transceiver in memory and enable the transceiver to be read from or written to. Reading from the transceiver includes reading the identification information, and writing to the transceiver includes writing the identification information. If a transceiver is initially determined not to be present or if the reading/writing/enabling processes fail, then a recovery process determines if the transceiver was present the last time it was checked. If it was present the last time, then the process continues to try to recover the transceiver data—otherwise, the port is marked as empty. | 05-26-2011 |
20110113490 | TECHNIQUES FOR PREVENTING ATTACKS ON COMPUTER SYSTEMS AND NETWORKS - Techniques for detecting and responding to attacks on computer and network systems including denial-of-service (DoS) attacks. A packet is classified as potentially being an attack packet if it matches an access control list (ACL) specifying one or more conditions. One or more actions may be performed responsive to packets identified as potential attack packets. These actions may include dropping packets identified as potential attack packets for a period of time, rate limiting a port over which the potential attack packets are received for a period of time, and other actions. | 05-12-2011 |
20110110237 | Method and Apparatus for Aggregating Input Data Streams - A method and apparatus aggregate a plurality of input data streams from first processors into one data stream for a second processor, the circuit and the first and second processors being provided on an electronic circuit substrate. The aggregation circuit includes (a) a plurality of ingress data ports, each ingress data port adapted to receive an input data stream from a corresponding first processor, each input data stream formed of ingress data packets, each ingress data packet including priority factors coded therein, (b) an aggregation module coupled to the ingress data ports, adapted to analyze and combine the plurality of input data steams into one aggregated data stream in response to the priority factors, (c) a memory coupled to the aggregation module, adapted to store analyzed data packets, and (d) an output data port coupled to the aggregation module, adapted to output the aggregated data stream to the second processor. | 05-12-2011 |
20110107399 | AUTHENTICATION TECHNIQUES - Techniques for authenticating clients of differing capabilities in an efficient manner. Two or more authentication techniques, including one preferred authentication technique, are initiated to run in parallel to authenticate a client. Upon determining that the client can support the preferred authentication technique, the preferred technique is used to authenticate the client and the other authentication techniques are aborted. If it is determined that the client cannot support the preferred authentication technique, then one of the other authentication techniques is used to authenticate the client. In this manner, based upon the capabilities of the client, an appropriate authentication technique is used to authenticate the client in an efficient manner. | 05-05-2011 |
20110044340 | SYSTEM AND METHOD FOR ECMP LOAD SHARING - A packet classifier and a method for routing a data packet are provided. The packet classifier includes a content addressable memory, a translation table and a parameter memory. The method includes looking up a content addressable memory for a base address into a parameter memory using a header of the data packet. The base address is related to the routes under ECMP for forwarding the data packet. From among these addresses, using multiple headers of the data packet, an adjustment to the base address is computed. The adjustment specifies an actual address to the parameter memory corresponding to a selected route for forwarding the data packet. The parameter memory is then accessed using the actual address to obtain parameter values relevant to the selected route. The data packet is then forwarded according to the parameter values thus obtained. | 02-24-2011 |