JUNIPER NETWORKS, INC. Patent applications |
Patent application number | Title | Published |
20160134565 | METHODS AND APPARATUS FOR AUTOMATICALLY PROVISIONING RESOURCES WITHIN A DISTRIBUTED CONTROL PLANE OF A SWITCH - In some embodiments, a network management module is operatively coupled to a set of edge devices that are coupled to a set of peripheral processing devices. The network management module can receive a signal associated with a broadcast protocol from an edge device from the set of edge devices in response to that edge device being operatively coupled to a switch fabric. The network management module can provision that edge device in response to receiving the signal. The network management module can define multiple network control entities at the set of edge devices such that each network control entity from the multiple network control entities can provide forwarding-state information associated with at least one peripheral processing device from the set of peripheral processing devices to at least one remaining network control entity from the multiple network control entities using a selective protocol. | 05-12-2016 |
20160119286 | IDENTIFYING MALICIOUS DEVICES WITHIN A COMPUTER NETWORK - This disclosure describes techniques for proactively identifying possible attackers based on a profile of a device. For example, a device includes one or more processors and network interface cards to receive, from a remote device, network traffic directed to one or more computing devices protected by the device, determine, based on content of the network traffic, a first set of data points for the device, send a response to the remote device to ascertain a second set of data points for the device, and receive, from the remote device, at least a portion of the second set of data points. The device also includes a security module operable by the processors to determine a maliciousness rating, and selectively manage, based on the maliciousness rating, additional network traffic directed to the one or more computing devices protected by the security device and received from the remote device. | 04-28-2016 |
20160113006 | METHODS AND APPARATUS FOR CONTROLLING WIRELESS ACCESS POINTS - In some embodiments, an apparatus comprises of a first Control And Provisioning of Wireless Access Points (CAPWAP) module implemented in at least one of a memory or a processing device that is configured to be designated as a backup control module for a wireless access point during a first time period. The first CAPWAP control module is configured to receive state information associated with the wireless access point during the first time period from a second CAPWAP control module. The second CAPWAP control module is designated as a primary control module for the wireless access point during the first time period. The first CAPWAP control module is configured to be automatically designated as the primary control module during a second time period after the first time period and in response to the second CAPWAP control module not operating according to at least one predefined criterion. | 04-21-2016 |
20160112271 | CONTROLLER-TO-CONTROLLER INTERFACE FOR MULTI-LAYER NETWORK ABSTRACTION - A controller at an IP (e.g., client) layer in a multi-layer network can request a network topology map from another controller at an optical (e.g., server) layer in the multi-layer network. The controller at the optical layer of the network can use a layer mapping function and common attributes between the formats used to describe the network topology map at the two layers to generate a common layer abstraction model representing the network topology map stored at the controller at the optical layer of the network. A controller-to-controller interface can translate and/or send the common layer abstraction model to the controller at the IP layer for processing data on the network. | 04-21-2016 |
20160100416 | METHODS AND APPARATUS FOR CHANNEL SELECTION WITHIN A WIRELESS NETWORK - In some embodiments, a method includes calculating, at a wireless access point (WAP) from a set of WAPs within a network, an interference value for each channel from a set of channels of the WAP. The method includes calculating, based on the interference value for each channel, a total move weight of the WAP. The method includes receiving, at the WAP, a total move weight from each remaining WAP. The method includes selecting one WAP from the set of WAPs based on a random number, the total move weight of the WAP, the total move weights from the remaining WAPs, and a rank of the WAPs. The method further includes changing, if the WAP is selected, a designated channel of the WAP to one of the remaining channels; and sending a signal to modify an active channel of the WAP to correspond with the designated channel. | 04-07-2016 |
20150301571 | METHODS AND APPARATUS FOR DYNAMIC MAPPING OF POWER OUTLETS - In some embodiments, an apparatus includes a network management module. The network management module is configured to send a request for power output data from a first network element having a first power supply configured to be coupled to a first power outlet, and a second power supply configured to be coupled to a second power outlet. The network management module is configured to receive a first confirmation from the first network element that the first power supply and the second power supply are receiving power. The network management module is configured to send a request to disable a third power outlet and to receive, after sending the request to disable the third power outlet, a second confirmation from the first network element that the first power supply and the second power supply are receiving power. The network management module is configured to define a power distribution table after receiving the second confirmation, the power distribution table designating the third power outlet as unused. | 10-22-2015 |
20150281276 | MONITORING COMPLIANCE WITH SECURITY POLICIES FOR COMPUTER NETWORKS - In one example, a server device for monitoring security policy compliance for a network includes a network interface and a control unit configured to determine that a target endpoint device is attempting to access the network, send, via the network interface, instructions to a trusted endpoint device of the network to cause the trusted endpoint device to determine whether the target endpoint device complies with at least one security policy, and grant the target endpoint device access to the network when the trusted endpoint device indicates that the target endpoint device complies with the at least one security policy. | 10-01-2015 |
20150281090 | SYSTEMS AND METHODS FOR LOAD BALANCING MULTICAST TRAFFIC - A computer-implemented method for load balancing multicast traffic may include (1) identifying a plurality of switches that include at least a first switch that is connected to a second switch by a first path and a second path, (2) calculating a plurality of multicast distribution trees for distributing multicast traffic among the plurality of switches that includes (i) a first tree that includes the first path and whose root is different than the root of a second tree and (ii) the second tree that includes the second path, (3) receiving a plurality of multicast packets ingress to the plurality of switches at the first switch, and (4) using at least two of the plurality of multicast distribution trees to transmit the plurality of multicast packets from the first switch to the second switch. Various other methods, systems, and computer-readable media are also disclosed. | 10-01-2015 |
20150281088 | SYSTEMS AND METHODS FOR MULTIPATH LOAD BALANCING - A computer-implemented method for multipath load balancing may include (1) identifying a plurality of paths from a source switch to a destination switch, (2) determining, for each of the plurality of paths, a limiting bandwidth of the path based at least in part on the lowest link bandwidth of one or more data links in the path, and (3) balancing network traffic that is transmitted from the source switch to the destination switch across the plurality of paths based at least in part on the limiting bandwidth of each of the plurality of paths. Various other methods, systems, and computer-readable media are also disclosed. | 10-01-2015 |
20150281045 | APPARATUS, SYSTEM, AND METHOD FOR RECONFIGURING POINT-TO-MULTIPOINT LABEL-SWITCHED PATHS - An apparatus may include a processor and a control plane that directs the processor to ( | 10-01-2015 |
20150271102 | SELECTABLE SERVICE NODE RESOURCES - In one example, a method includes receiving, by a service node, a request from an access node to establish a pseudowire to be used for sending subscriber traffic to the service node for application of services to the subscriber traffic at the service node, and, in response to receiving the request, sending a request message from the service node to a central server requesting both subscriber authentication and assignment of a forwarding component of the service node to which to anchor the pseudowire. The method also includes receiving, by the service node and from the central server, an authentication message in response to the request message, wherein the authentication message confirms subscriber authentication and indicates a forwarding component of the service node to which the service node should anchor the pseudowire. | 09-24-2015 |
20150245115 | METHODS AND APPARATUS TO ROUTE FIBRE CHANNEL FRAMES USING REDUCED FORWARDING STATE ON AN FCOE-TO-FC GATEWAY - In one embodiment, an apparatus includes a switching policy module configured to define a switching policy associating a Fibre Channel port with a destination Media Access Control (MAC) address. The switching module can be configured to receive a Fibre Channel over Ethernet (FCoE) frame from a network device and send a Fibre Channel frame encapsulated in the FCoE frame to the Fibre Channel port based at least in part on the switching policy and a destination MAC address of the FCoE frame. | 08-27-2015 |
20150244633 | METHODS AND APPARATUS FOR PATH SELECTION WITHIN A NETWORK BASED ON FLOW DURATION - In some embodiments, an apparatus includes a forwarding module that is configured to receive a group of first data packets. The forwarding module is configured to modify a data flow value in response to receiving each first data packet. The forwarding module is also configured to store each first data packet in a first output queue based on the data flow value not crossing a data flow threshold after being modified. Furthermore, the forwarding module is configured to receive a second data packet. The forwarding module is configured to modify the data flow value in response to receiving the second data packet, such that the data flow value crosses the data flow threshold. The forwarding module is configured to store the second data packet in a second output queue based on the data flow value having crossed the data flow threshold. | 08-27-2015 |
20150244615 | NEIGHBOR-LABEL DISTRIBUTION WITH LABEL DISTRIBUTION PROTOCOL - Label Distribution Protocol (LDP) extensions are described that enable distribution of neighbor-label mappings for directly connected neighbor routers. A router capable of supporting the LDP extensions distributes neighbor-labels to be used by the router to label switch traffic destined for the directly connected neighbor router irrespective of a hop-by-hop Interior Gateway Protocol (IGP) path determined based on link metrics. In some examples, the neighbor-labels may increase backup coverage, e.g., link protection and/or node protection, in a network that, due to link metrics, does not have a viable loop-free alternate (LFA) path between an ingress router and an egress router of a label switched path (LSP). In other examples, the neighbor-labels may improve load balancing by enabling an ingress router in a first autonomous system (AS) to select a particular remote link on which to send traffic destined for remote routers in a second AS. | 08-27-2015 |
20150237749 | RETENTION-EXTRACTION DEVICE FOR REMOVABLE CARDS IN A CHASSIS - A retention-extraction device is provided for a removable card in a chassis. The device includes an actuation rod having a cam slot, the actuation rod configured to provide linear movement along the length of the actuation rod, and an extraction lever operatively connected to a proximal end of the actuation rod and pivotally secured to the chassis. The device also includes a bell crank with a cam follower that is configured to ride in the cam slot and a latch hook that pivots between an open and closed position based on the motion of the bell crank. The linear movement of the actuation rod causes the extraction lever to apply a force to a portion of the card and causes the latch hook to pivot to an open position to allow removal of the card. | 08-20-2015 |
20150222650 | INTERMEDIATE RESPONSES FOR NON-HTML DOWNLOADS - A security device may receive an object destined for a user device. The object may be of an object type that does not describe a web page. The security device may determine that the user device is to be warned regarding the object. The security device may determine a warning object based on determining that the user device is to be warned. The warning object may include information associated with a reason for determining that the user device is to be warned regarding the object, and may include information that allows the user device to receive the object. The security device may provide the warning object. The security device may receive, after providing the warning object, an indication associated with the user device obtaining the object. The security device may allow the user device to obtain the object based on receiving the indication. | 08-06-2015 |
20150222545 | LOOP FREE ALTERNATE SELECTION FOR MULTI-HOMED NETWORKS - In one example, a network device determines a set of candidate loop-free alternate (LFA) next hops for forwarding network traffic from the network device to a multi-homed network by taking into account a first cost associated with a second path from a first border router to the multi-homed network and a second cost associated with a second border router to the multi-homed network, wherein the multi-homed network is external to an interior routing domain in which the network device is located. The network device selects an LFA next hop from the set of candidate LFA next hops, to be stored as an alternate next hop for forwarding network traffic to the multi-homed network, and updates forwarding information stored by the network device to install the selected LFA next hop as the alternate next hop for forwarding network traffic from the network device to the multi-horned network. | 08-06-2015 |
20150200838 | DYNAMIC END-TO-END NETWORK PATH SETUP ACROSS MULTIPLE NETWORK LAYERS WITH NETWORK SERVICE CHAINING - In general, techniques are described for improving network path computation for requested paths that include a chain of service points that provide network services to traffic flows traversing the requested path through a network along the service chain. In some examples, a controller network device receives a request for network connectivity between a service entry point and a service exit point for a service chain for application to packet flows associated to the service chain. The device, for each pair of the service points in the particular order and using the active topology information, computes at least one end-to-end sub-path through the sub-network connecting the pair of the service points according to a constraint and computes, using the at least one end-to-end sub-path for each pair of the service points, a service path between the service entry point and the service exit point for the service chain. | 07-16-2015 |
20150193631 | DETECTING AND BREAKING CAPTCHA AUTOMATION SCRIPTS AND PREVENTING IMAGE SCRAPING - A security device may receive a request from a client device and intended for a server device. The security device may identify the request as being associated with a malicious activity. The malicious activity may include one or more undesirable tasks directed to the server device. The security device may generate a challenge-response test based on identifying the request as being associated with the malicious activity. The challenge-response test may be generated using one or more construction techniques. The security device may provide the challenge-response test to the client device. The security device may receive, from the client device, a proposed solution to the challenge-response test. The security device may identify the proposed solution as being generated using an optical character recognition (OCR) program. The security device may protect the server device from the client device based on identifying the solution as being generated using an OCR program. | 07-09-2015 |
20150180570 | METHODS AND APPARATUS FOR MONITORING AND CONTROLLING THE PERFORMANCE OF OPTICAL COMMUNICATION SYSTEMS - In some embodiments, an apparatus includes an optical detector that can sample asynchronously an optical signal from an optical component that can be either an optical transmitter or an optical receiver. In such embodiments, the apparatus also includes a processor operatively coupled to the optical detector, where the processor can calculate a metric value of the optical signal without an extinction ratio of the optical signal being measured. The metric value is proportional to the extinction ratio of the optical signal. In such embodiments, the processor can define an error signal based on the metric value of the optical signal and the processor can send the error signal to the optical transmitter such that the optical transmitter modifies an output optical signal. | 06-25-2015 |
20150163171 | METHODS AND APPARATUS RELATED TO A FLEXIBLE DATA CENTER SECURITY ARCHITECTURE - In one embodiment, edge devices can be configured to be coupled to a multi-stage switch fabric and peripheral processing devices. The edge devices and the multi-stage switch fabric can collectively define a single logical entity. A first edge device from the edge devices can be configured to be coupled to a first peripheral processing device from the peripheral processing devices. The second edge device from the edge devices can be configured to be coupled to a second peripheral processing device from the peripheral processing devices. The first edge device can be configured such that virtual resources including a first virtual resource can be defined at the first peripheral processing device. A network management module coupled to the edge devices and configured to provision the virtual resources such that the first virtual resource can be migrated from the first peripheral processing device to the second peripheral processing device. | 06-11-2015 |
20150146536 | AUTOMATIC TRAFFIC MAPPING FOR MULTI-PROTOCOL LABEL SWITCHING NETWORKS - In general, techniques are described for automated traffic mapping for multi-protocol label switching (MPLS) networks. A network device comprising a processor and an interface card may perform the techniques. The processor may generate an advertisement that conforms to a routing protocol. The advertisement may advertise a mapping between a network flow and a label switched path (LSP) tag. The processor may also generate a communication associating the label switched path tag with an LSP. The interface card may transmit the advertisement to a head-end label edge router that admits traffic into the LSP identified by the LSP tag. The interface card may also transmit the communication to the label edge router such that the label edge router is able to process the communication in conjunction with the advertisement to map the network flow to the LSP identified by the LSP tag. | 05-28-2015 |
20150139222 | METHODS AND APPARATUS RELATED TO A DISTRIBUTED SWITCH FABRIC - A method of sending data to a switch fabric includes assigning a destination port of an output module to a data packet based on at least one field in a first header of the data packet. A module associated with a first stage of the switch fabric is selected based on at least one field in the first header. A second header is appended to the data packet. The second header includes an identifier associated with the destination port of the output module. The data packet is sent to the module associated with the first stage. The module associated with the first stage is configured to send the data packet to a module associated with a second stage of the switch fabric based on the second header. | 05-21-2015 |
20150139193 | METHODS AND APPARATUS FOR VIRTUAL SOFT HANDOFF - In some embodiments, a non-transitory processor-readable medium includes code to cause a processor to receive at a tunnel server, a data unit addressed to a communication device, and define, a first instance of the data unit and a second instance of the data unit. The first instance of the data unit is sent to the communication device via a first tunnel defined between at least the tunnel server and a first base station associated with a first network. The second instance of the data unit is sent to the communication device via a second tunnel defined between at least the tunnel server and a second base station associated with a second network. The second instance of the data unit is dropped by the communication device when the first instance of the data unit is received before the second instance of the data unit. | 05-21-2015 |
20150131670 | METHODS AND APPARATUS FOR CENTRALIZED VIRTUAL SWITCH FABRIC CONTROL - In some embodiments, an apparatus comprises a processing module, disposed within a first switch fabric element, configured to detect a second switch fabric element having a routing module when the second switch fabric element is operatively coupled to the first switch fabric element. The processing module is configured to define a virtual processing module configured to be operatively coupled to the second switch fabric element. The virtual processing module is configured to receive a request from the second switch fabric element for forwarding information and the virtual processing module is configured to send the forwarding information to the routing module. | 05-14-2015 |
20150123473 | UNINTERRUPTABLE POWER SUPPLY FOR DEVICE HAVING POWER SUPPLY MODULES WITH INTERNAL AUTOMATIC TRANSFER SWITCHES - Techniques are described for determining whether power from a first power source is unavailable to a power supply module. In response to determining that power from the first power source is unavailable, the techniques de-couple the first power source from one or more components of an electronic device connected to an output of the power supply module with one or more de-coupling components of the power supply module that connect an automatic transfer switch (ATS) of the power supply module to an output of the power supply module. Subsequent to de-coupling the first power source from the one or more components of the electronic device, the techniques de-couple a power supply module from the first power source. The techniques couple the power supply module to a second power source for delivering power to the one or more components of the electronic device. | 05-07-2015 |
20150096035 | POLLUTING RESULTS OF VULNERABILITY SCANS - A security device may receive, from a server device, a response to a request. The request may be provided by an attacker device and may include a plurality of input values. The security device may determine the plurality of input values, included in the request, based on receiving the response. The security device may modify the response to form a modified response. The response may be modified to include information associated with the plurality of input values. The response may be modified in an attempt to prevent the attacker device from identifying a vulnerability, associated with the server device, based on the plurality of input values being included in the response. The security device may provide the modified response to the attacker device. | 04-02-2015 |
20150096020 | LIMITING THE EFFICACY OF A DENIAL OF SERVICE ATTACK BY INCREASING CLIENT RESOURCE DEMANDS - A device may detect an attack. The device may receive, from a client device, a request for a resource. The device may determine, based on detecting the attack, a computationally expensive problem to be provided to the client device, where the computationally expensive problem requires a computation by the client device to solve the computationally expensive problem. The device may instruct the client device to provide a solution to the computationally expensive problem. The device may receive, from the client device, the solution to the computationally expensive problem. The device may selectively provide the client device with access to the resource based on the solution. | 04-02-2015 |
20150095981 | BLOCKING VIA AN UNSOLVABLE CAPTCHA - A security device may receive a request from an attacker device and intended for a server device. The security device may identify the request as being associated with a malicious activity. The malicious activity may include one or more undesirable tasks directed to the server device. The security device may generate an unsolvable challenge-response test based on identifying the request as being associated with the malicious activity. The unsolvable challenge-response test may be generated using at least one construction technique and may be configured in an attempt to block the attacker device without making the attacker device aware that the attacker device is being blocked. The security device may provide the unsolvable challenge-response test to the attacker device, and may receive a solution associated with the unsolvable challenge-response test. The security device may notify the attacker device that the solution is incorrect regardless of whether the solution is actually correct. | 04-02-2015 |
20150095643 | ENCRYPTING IMAGES ON A CLIENT DEVICE FOR SECURE TRANSMISSION AND STORAGE ON A STORAGE DEVICE - A device may identify an image to be encrypted, and may convert the image to a first string in a first format. The first string may represent the image. The device may receive information that identifies a key for encrypting the first string, and may generate a first encrypted string by encrypting the first string using the key. The device may convert the first encrypted string, in the first format, to a second encrypted string in a second format. The device may provide the second encrypted string to a storage device without providing the key or the image to the storage device. The storage device may be unable to recover the image using the second encrypted string. | 04-02-2015 |
20150095507 | FUZZING SERVER RESPONSES TO MALICIOUS CLIENT DEVICES - A security device may receive a request, from a client device and intended for a server device, to provide a resource. The resource may be associated with information stored by the server device. The security device may identify the request as being associated with a malicious script. The malicious script may execute on the client device and may include a script that performs one or more undesirable tasks directed to the server device. The security device may receive, from the server device, a response to the request. The response may include information associated with the requested resource. The security device may modify the response to form a modified response. The response may be modified in an attempt to cause the malicious script to experience an error. The security device may provide the modified response to the client device. | 04-02-2015 |
20150092785 | DYNAMIC AREA FILTERING FOR LINK-STATE ROUTING PROTOCOLS - In general, techniques are described for dynamically filtering, at area border routers (ABRs) of a multi-area autonomous system, routes to destinations external to an area by advertising to routers of the area only those routes associated with a destination address requested by at least one router of the area. In one example, a method includes receiving, by an ABR that borders a backbone area and a non-backbone area of a multi-area autonomous system that employs a hierarchical link state routing protocol to administratively group routers of the autonomous system into areas, a request message from the non-backbone area that requests the ABR to provide routing information associated with a service endpoint identifier (SEI) to the non-backbone area. The request message specifies the SEI. The method also includes sending, in response to receiving the request and by the ABR, the routing information associated with the SEI to the non-backbone area. | 04-02-2015 |
20150092605 | METHODS AND APPARATUS FOR CONFIGURING A VIRTUAL NETWORK SWITCH - In one embodiment, a method includes sending a configuration signal to a virtual network switch module within a control plane of a communications network. The configuration signal is configured to define a first network rule at the virtual network switch module. The method also includes configuring a packet forwarding module such that the packet forwarding module implements a second network rule, and receiving status information from the virtual network switch module and status information from the packet forwarding module. The status information is received via the control plane. | 04-02-2015 |
20150092594 | TWO-PART METRIC FOR LINK STATE ROUTING PROTOCOLS - Techniques are described for utilizing two-part metrics with link state routing protocols of computer networks. For example, link state advertisements communicated by a router convey outbound cost metrics representative of outbound costs for the router to send network traffic to a network, and inbound cost metrics representative of inbound costs to receive network traffic from the network. The techniques may be particularly useful with respect to shared access networks, including broadcast or non-broadcast multi-access networks. | 04-02-2015 |
20150092551 | SESSION-AWARE SERVICE CHAINING WITHIN COMPUTER NETWORKS - Techniques are described for providing session-aware, stateful network services to subscriber packet flows. Devices within a service provider network direct subscriber packets along service chains. Each tunnel is established to direct traffic according a particular ordered set of network services for the corresponding service chain. An ingress device for the tunnels encapsulate the subscriber packets and embed opaque session cookies that each uniquely identifies a collection of packet flows of a subscriber session amongst other packet flows transported by a given service tunnel. Each service node need only identify the tunnel on which a tunnel packet was received and the session cookie embedded within the tunnel packet to uniquely associate the encapsulated subscriber packet with a subscriber session, without needing to further inspect the encapsulated subscriber packet, and to index or otherwise retrieve state and statistics required to enforce the network service the service nod is programmed to deliver. | 04-02-2015 |
20150071116 | MOBILE NODE HOST ROUTE INSTALLATION AND WITHDRAWAL - In general, techniques are described for atomically installing and withdrawing host routes along paths connecting network routers to attenuate packet loss for mobile nodes migrating among wireless LAN access networks and a mobile network. In some examples, whenever the mobile node moves from one attachment point to the next, it triggers the distribution of its host route from the new attachment point toward the service provider network hub provider edge (PE) router that anchors the mobile node on a service provider network. Routers participating in the Mobile VPN install the host route “atomically” from the attachment point to the mobile gateway so as to ensure convergence of the network forwarding plane with the host route toward the new attachment point prior to transitioning mobile node connectivity from a previous attachment point. | 03-12-2015 |
20150067866 | IDENTIFYING MALICIOUS DEVICES WITHIN A COMPUTER NETWORK - This disclosure describes techniques for proactively identifying possible attackers based on a profile of a device. For example, a device includes one or more processors and network interface cards to receive, from a remote device, network traffic directed to one or more computing devices protected by the device, determine, based on content of the network traffic, a first set of data points for the device, send a response to the remote device to ascertain a second set of data points for the device, and receive, from the remote device, at least a portion of the second set of data points. The device also includes a security module operable by the processors to determine a maliciousness rating, and selectively manage, based on the maliciousness rating, additional network traffic directed to the one or more computing devices protected by the security device and received from the remote device. | 03-05-2015 |
20150063802 | DYNAMIC END-TO-END NETWORK PATH SETUP ACROSS MULTIPLE NETWORK LAYERS - A centralized controller provides dynamic end-to-end network path setup across multiple network layers. In particular, the centralized controller manages end-to-end network path setup that provisions a path at both the transport network layer (e.g., optical) and the service network layer (e.g., IP/MPLS). The centralized controller performs path computation for an optical path at the transport network layer and for a path at the service network layer that transports network traffic on the underlying optical transport path, based on information obtained by the centralized controller from the underlying network components at both layers. | 03-05-2015 |
20150058493 | PREVENTING EXTRACTION OF SECRET INFORMATION OVER A COMPROMISED ENCRYPTED CONNECTION - A device may receive, from a first device, a first message that includes a first random cookie and a session cookie. The device may provide the first message to a second device. The device may receive, from the second device, a second message that includes a response to the first message. The device may generate a second random cookie. The second random cookie may be different from the first random cookie. The device may provide, to the first device, the second random cookie, the session cookie, and the response. | 02-26-2015 |
20140348111 | METHODS AND APPARATUS FOR ENFORCING A COMMON USER POLICY WITHIN A NETWORK - In some embodiments, an apparatus includes a core network node configured to be operatively coupled to a set of wired network nodes and a set of wireless network nodes. The core network node is configured to receive, at a first time, a first data packet to be sent to a wired device operatively coupled to a wired network node from the set of wired network nodes. The core network node is configured to also receive, at a second time, a second data packet to be sent to a wireless device operatively coupled to a wireless network node from the set of wireless network nodes. The core network node is configured to apply a common policy to the first data packet and the second data packet based on an identifier of a user associated with both the wireless device and the wired device. | 11-27-2014 |
20140341045 | METHODS AND APPARATUS FOR STANDARD PROTOCOL VALIDATION MECHANISMS DEPLOYED OVER A SWITCH FABRIC SYSTEM - An apparatus includes a destination edge device configured to receive a first validation packet according to a switch fabric validation protocol. The destination edge device is configured to validate multiple data paths through a distributed switch fabric from a source edge device to the destination edge device based on the first validation packet. The destination edge device is configured to send, in response to receiving the first validation packet, a second validation packet to a peripheral processing device. The destination edge device is also configured to send the second validation packet according to a validation protocol different from the first validation protocol. | 11-20-2014 |
20140339901 | APPARATUS, SYSTEM, AND METHOD FOR CONTROLLING POWER WITHIN A POWER-REDUNDANT SYSTEM - An apparatus may include a bus that electrically couples an electrical load to redundant power feeds. The apparatus may also include at least one capacitive component electrically coupled between first and second rails of the bus via both a conductive path and a resistive path that has substantially greater resistance than the conductive path. In addition, the apparatus may include a switching mechanism electrically coupled between the first and second rails of the bus that causes the capacitive component to charge through the conductive path until a threshold voltage on the first rail of the bus is reached. When the threshold voltage on the first rail of the bus is reached, the switching mechanism may close the conductive path and force the capacitive component to charge through the resistive path. Various other systems and methods are also disclosed. | 11-20-2014 |
20140298067 | METHODS AND APPARATUS FOR REDUCING ENERGY CONSUMPTION OF NETWORK EQUIPMENT - In some embodiments, an equipment unit has a set of visual indicators, a power switch, and a set of compute components. The power switch receives a signal representing a status such that when the status is in a first mode, the power switch provides power to the set of visual indicators and when the status is in a second mode the power switch does not provide power to the set of visual indicators. The compute components are configured to receive power when the power switch does not provide power to the set of visual indicators. | 10-02-2014 |
20140269707 | SELECTION OF MULTICAST ROUTER INTERFACES IN AN L2 SWITCH CONNECTING END HOSTS AND ROUTERS, WHICH IS RUNNING IGMP AND PIM SNOOPING - Multicast traffic received by a subnet that uses IGMP/PIM snooping may be efficiently processed so that only required multicast router interfaces are used. A router may, for example, receive a source-specific PIM join/prune message indicating that a multicast receiver of the multicast traffic is to join/leave a multicast group to receive/stop traffic from a multicast source; determine whether the router is a first hop router relative to a subnet of the multicast source; and forward, when the router is a first hop router relative to the subnet of the multicast source and is a non-designated router, the source-specific PIM join/prune message towards the subnet. | 09-18-2014 |
20140259146 | INTELLIGENT INTEGRATED NETWORK SECURITY DEVICE - Methods, computer program products and apparatus for processing data packets are described. Methods include receiving the data packet, examining the data packet, determining a single flow record associated with the packet and extracting flow instructions for two or more devices from the single flow record. | 09-11-2014 |
20140254379 | TRAFFIC CLASSIFICATION AND CONTROL ON A NETWORK NODE - A system is configured to receive traffic being transported via a network; obtain, as a result of receiving the traffic, content from one or more packets associated with the traffic; analyze the content to identify one or more attributes associated with the content, where the one or more attributes correspond to at least one of: a network address, information associated with an application with which the traffic is associated, information associated with message content, or information associated with software content; determining that at least one attribute, of the one or more attributes, matches an attribute, of a set of attributes that are stored within a memory, where the set of attributes corresponds to a set of categories of traffic; identify a category, of the set of categories, that corresponds to the attribute; associate the category and the traffic; and process the traffic based on the associated category. | 09-11-2014 |
20140254074 | CONNECTIVITY SCHEME AND COOLING SCHEME FOR A LARGE RACK SYSTEM - A rack system may include a first plurality of line cards, where a particular one of the first plurality of line cards receives or sends packets via ports; a plurality of fabric cards, where a particular one of the plurality of fabric cards includes a switching fabric; a second plurality of line cards, where a particular one of the second plurality of line cards receives or sends packets via ports; a first backplane that connects the first plurality of line cards to the plurality of fabric cards; and a second backplane that connects the second plurality of line cards to the plurality of fabric cards. | 09-11-2014 |
20140245035 | N+1 POWER SUPPLY SYSTEM UPGRADE USING DUAL OUTPUT POWER SUPPLIES - A system may include a power module that includes a group of power supplies, particular ones of the group of power supplies being operable at a group of voltages ranging from a first voltage to a second voltage. The system may further include a controller coupled to the particular ones of the group of power supplies, the controller being to ramp up an output voltage, associated with the group of power supplies, from the first voltage to the second voltage in a group of discrete steps; where ramping up the output voltage by a particular one of the group of discrete steps is performed while a load is receiving power from the group of power supplies; and where ramping up the output voltage by a particular one of the group of discrete steps prevents over-current protection on the group of power supplies from being activated. | 08-28-2014 |
20140237541 | SCALABLE SECURITY SERVICES FOR MULTICAST IN A ROUTER HAVING INTEGRATED ZONE-BASED FIREWALL - A multicast-capable firewall allows firewall security policies to be applied to multicast traffic. The multicast-capable firewall may be integrated within a routing device, thus allowing a single device to provide both routing functionality, including multicast support, as well as firewall services. The routing device provides a user interface by which a user specifies one or more zones to be recognized by the integrated firewall when applying stateful firewall services to multicast packets. The user interface supports a syntax that allows the user to define subsets of the plurality of interfaces associated with the zones, and define a single multicast policy to be applied to multicast sessions associated with a multicast group. The multicast policy identifies common services to be applied pre-replication, and exceptions specifying additional services to be applied post-replication to copies of the multicast packets for the one or more zones. | 08-21-2014 |
20140237031 | MANAGING TCP ANYCAST REQUESTS - Managing TCP anycast requests at content delivery network nodes is disclosed. In some embodiments, serving a request includes receiving a request at a node of a plurality of nodes comprising a content delivery network, wherein each of the plurality of nodes share a same anycast IP address to which the request is directed and servicing the request at the node. | 08-21-2014 |
20140215600 | ROUTING A PACKET BY A DEVICE - Methods and apparatus for transferring packets in a packet switched communication system. A system is provided that includes an L2 device including a controller determining for each packet received whether the received packet is to be inspected, an inspection device operable to inspect and filter packets identified by the controller including using a zone specific policy and an L2 controller for transferring inspected packets in accordance with L2 header information using L2 protocols. | 07-31-2014 |
20140215598 | NETWORK SECURITY DEVICE - Methods and apparatus, including computer program products, implementing and using techniques for processing a data packet. An input port receives a data packet, a switching board classifies the data packet, determines whether the data packet should be accepted, and switches the data packet to a management board if the data packet is a first data packet in a session, and to a processing board if the data packet is not a first data packet in a session. A management board receives a data packet from the switching board, examines the data packet and forwards the data packet to one of the processing boards. One or more processing boards receives non-first data packets from the switching board and data packets from the management board and processes the data packets. A firewall and a secure gateway with firewall and virtual private network functionality for processing a data packet are also described. | 07-31-2014 |
20140215079 | APPLICATION-LAYER TRAFFIC OPTIMIZATION SERVICE SPANNING MULTIPLE NETWORKS - Using the ALTO Service, networking applications can request through the ALTO protocol information about the underlying network topology from the ISP or Content Provider. The ALTO Service provides information such as preferences of network resources with the goal of modifying network resource consumption patterns while maintaining or improving application performance. This document describes, in one example, an ALTO server that intersects network and cost maps for a first network with network and cost maps for a second network to generate a master cost map that includes one or more master cost entries that each represent a cost to traverse a network from an endpoint in the first network to an endpoint in the second network. Using the master cost map, a redirector may select a preferred node in the first network with which to service a content request received from a host in the second network. | 07-31-2014 |
20140212138 | OPTICAL ACCESS NETWORK HAVING EMITTER-FREE CUSTOMER PREMISE EQUIPMENT AND ADAPTIVE COMMUNICATION SCHEDULING - An access network includes an access device having an optical interface module that outputs a plurality of pairs of optical communication signals, each of the pairs of optical communication signals comprising a modulated optical transmit signal and an unmodulated optical receive signal, each of the pairs of optical communication signals having a different wavelength. A customer premise equipment (CPE) comprises an optical interface module to receive the modulated optical transmit signal and the unmodulated optical receive signal for any of the plurality of pairs of optical communication signals. The optical interface module includes a receive module to demodulate the modulated optical transmit signal into inbound symbols and a transmit module having an optical modulator and reflective optics to modulate the unmodulated optical receive signal in accordance with a data signal and reflect a modulated optical receive signal to communicate outbound data symbols to the access device. | 07-31-2014 |
20140211797 | MANAGING MULTICAST DISTRIBUTION USING MULTICAST TREES - A method includes receiving multicast traffic intended for host devices; identifying a flow associated with the multicast traffic; retrieving information associated with a group of multicast trees, where the group of multicast trees includes information associated with a group of I/O units, associated with a network node; identifying a particular tree that corresponds to the identified flow, where the particular tree includes information associated with a set of I/O units; and transferring the multicast traffic to an I/O unit, of the set of I/O units, based on the identification of the particular tree, where the transferring enables the I/O unit to send a copy of the multicast traffic to other I/O units of the set of I/O units, and the set of I/O units to process the multicast traffic in a manner that utilizes bandwidth or processing resources in a controlled manner and to send a copy of the multicast traffic to each of the host devices. | 07-31-2014 |
20140211615 | AGGREGATION NETWORK WITH CENTRALIZED CONTROL - An access network is described in which a centralized controller provides seamless end-to-end service from a core-facing edge of a service provider network through aggregation and access infrastructure out to access nodes located proximate the subscriber devices. The controller operates to provide a central configuration point for configuring aggregation nodes (AGs) of a network of the service provider so as to provide transport services to transport traffic between access nodes (AXs) and edge routers on opposite borders of the network. | 07-31-2014 |
20140201398 | RATE CONTROLLED FIRST IN FIRST OUT (FIFO) QUEUES FOR CLOCK DOMAIN CROSSING - First in, first out (FIFO) queues may be used to transfer data between a producer clock domain and a number of consumer clock domains. In one implementation, a control component for the FIFO queues may include a number of counters, corresponding to each of the consumer clock domains, each of the counters maintaining a count value relating to an amount of data read by the corresponding consumer clock domain. The control component may additionally include a credit deduction component coupled to the count values of the counters, the credit deduction component determining whether any of the count values is above a threshold, and in response to the determination that any of the count values is above the threshold, reducing the count value of each of the counters and issuing a write pulse signal to the producer clock domain, the write pulse signal causing the producer clock domain to perform a write operation to the FIFO queues. | 07-17-2014 |
20140189050 | DYNAMIC NETWORK DEVICE PROCESSING USING EXTERNAL COMPONENTS - A network device may receive information regarding a service set identifying service to apply to a data flow received via a particular interface of the network device; receive the data flow via the particular interface; identify a service to provide to the data flow based on the information regarding the service set; identify a processing device to process the data flow; and provide the data flow to the processing device. The processing device may be different than the network device and may process the data flow, on behalf of the network device, to form a processed data flow. The processed data flow may include the data flow with the service applied to the data flow. The network device may further receive the processed data flow from the processing device and transmit the processed data flow toward a destination device. | 07-03-2014 |
20140181796 | AUTOMATED PARALLEL SOFTWARE CODE IMPACT ANALYSIS - A server device is configured to receive a request to identify a manner in which changed code propagates within an application; generate a group of blocks that correspond to code associated with a parent function corresponding to the application and which includes the changed code; perform an intra-procedural analysis on the group of blocks to identify a block that is affected by the changed code included within an epicenter block; perform an inter-procedural analysis on functions associated with the block, where, when performing the inter-procedural analysis, the server device is to generate another group of blocks associated with the functions, and identify another block that is affected by the changed code included within the epicenter block; and present, for display, information associated with the block or the other block that enables the application to be tested based on the block or the other block. | 06-26-2014 |
20140181778 | INTEGRATED CIRCUIT OPTIMIZATION - A device may identify signal channels for connecting circuit blocks, where each circuit block is associated with a block implementation area corresponding to a substrate. The device may assign a channel priority to each of the signal channels based on at least one channel criteria. The device may allocate a channel implementation area, corresponding to the substrate, for each of a plurality of signal channels, based on the channel priority assigned to the signal channel and based on the block implementation areas. The device may generate an integrated circuit design comprising the channel implementation area allocated for each of the plurality of signal channels. | 06-26-2014 |
20140181235 | SEPARATION OF DATA AND CONTROL IN A SWITCHING DEVICE - A method and apparatus for switching a data packet between a source and destination in a network. The data packet includes a header portion and a data portion. The header portion includes routing information for the data packet. The method includes defining a data path in the router comprising a path through the router along which the data portion of the data packet travels and defining a control path comprising a path through the router along which routing information from the header portion travels. The method includes separating the data path and control path in the router such that the routing information can be separated from the data portion allowing for the separate processing of each in the router. The data portion can be stored in a global memory while routing decisions are made on the routing information in the control path. | 06-26-2014 |
20140177471 | VIRTUAL NETWORK PROTOTYPING ENVIRONMENT - A system includes a storage device to store information associated with virtual nodes that correspond to network nodes. The system also includes a server to install a virtual node that corresponds to one of the network nodes, based on the information associated with the virtual node, where installing the virtual node includes creating a logical interface via which traffic is to be sent to, or received from, other virtual nodes; start the virtual node to create an operating virtual node based on a copy of an operating system that is run on the network node, where starting the virtual node causes the operational virtual node to execute the copy of the operating system; and cause the operating virtual node to communicate with a virtual network that includes the virtual nodes, where causing the operating virtual node to communicate with the virtual network enables the operating virtual node to receive or forward traffic associated with the virtual network. | 06-26-2014 |
20140177440 | DEQUEUING AND CONGESTION CONTROL SYSTEMS AND METHODS FOR SINGLE STREAM MULTICAST - A system that processes single stream multicast data includes multiple queues, a dequeue engine, and/or a queue control engine. The queues temporarily store data. At least one of the queues stores single stream multicast data. A multicast count is associated with the single stream multicast data and corresponds to a number of destinations to which the single stream multicast data is to be sent. The dequeue engine dequeues data from the queues. If the data corresponds to the single stream multicast data, the dequeue engine examines the multicast count associated with the single stream multicast data and dequeues the single stream multicast data based on the multicast count. The queue control engine examines one of the queues to determine whether to drop data from the queue and marks the data based on a result of the determination. | 06-26-2014 |
20140169220 | DECOUPLING FUNCTIONALITY RELATED TO PROVIDING A TRANSPARENT LOCAL AREA NETWORK SEGMENT SERVICE - A transport LAN segment service is provided over a transport network. Responsibilities for configuring, provisioning and forwarding over a transport LAN segment are divided between layer 2 and 3 service provider edge devices, where the layer 3 edge device handles discovery and tunneling responsibilities, the layer 2 edge device handles learning and flooding responsibilities, and information can be exchanged between the layer 2 and 3 edge devices. Configuration is simplified by advertising TLS-label information, layer 2 address learning, and flooding when the needed configuration information has not yet been learned or discovered. | 06-19-2014 |
20140160981 | TRANSPORT NETWORKS SUPPORTING VIRTUAL PRIVATE NETWORKS, AND CONFIGURING SUCH NETWORKS - A layer 2 transport network, and components thereof, supporting virtual network functionality among customer edge devices. Virtual private network configuration can be accomplished with merely local intervention by preprovisioning extra channel (or circuit) identifiers at each customer edge device and by advertising label base and range information corresponding to a list of channel (or circuit) identifiers. | 06-12-2014 |
20140160933 | SYSTEMS AND METHODS FOR DROPPING DATA USING A DROP PROFILE - A system selectively drops data from queues. The system includes a drop table that stores drop probabilities. The system selects one of the queues to examine and generates an index into the drop table to identify one of the drop probabilities for the examined queue. The system then determines whether to drop data from the examined queue based on the identified drop probability. | 06-12-2014 |
20140150053 | COMBINING NETWORK ENDPOINT POLICY RESULTS - An endpoint integrity system controls access to resources of a protected network for endpoint devices attempting to access the protected network. The system may include a number of evaluation modules that communicate with an endpoint device. The evaluation modules generate policy results for the endpoint device, in which each of the policy results assume one of three or more states, called a multi-state policy result. The multi-state policy results are combined to produce a combined Boolean policy result. | 05-29-2014 |
20140140245 | CONFIGURING NETWORKS INCLUDING SPANNING TREES - A method may include receiving a reconfiguration to a first Virtual Local Area Network (VLAN)/spanning tree table, where the first VLAN/spanning tree table has a first identifier and is associated with a region of a network; updating the first VLAN/spanning tree table to generate a second VLAN/spanning tree table based on the reconfiguration; determining a second identifier of the second VLAN/spanning tree table; and generating a list of identifiers associated with the region of the network, the list including the first identifier and the second identifier. | 05-22-2014 |
20140139764 | USING A WAVEGUIDE TO DISPLAY INFORMATION ON ELECTRONIC DEVICES - An electronic device includes an instrument panel that includes a display opening, where the instrument panel is located in a first plane; a circuit board located inside the electronic device, where the circuit board includes a display device that includes a display area, and where the display area is located in a second plane that is different from the first plane; and a waveguide that couples the display area to the display opening and guides light, and/or an image displayed in the display area, from the display area to the display opening. | 05-22-2014 |
20140137225 | SINGLE SIGN-ON FOR NETWORK APPLICATIONS - A method may include authenticating a device to a first server, where the device includes an agent; receiving a request, in the first server from a second server, to verify the authenticity of the device, where the device is not authenticated to the second server; sending a browser plug-in to the device to communicate with the agent for verifying the authenticity of the device; receiving, in the first server, a message from the agent verifying the authenticity of the device; and sending a message from the first server to the second server to authenticate the device to the second server. | 05-15-2014 |
20140130146 | MEDIA ACCESS CONTROL ADDRESS TRANSLATION IN VIRTUALIZED ENVIRONMENTS - A method and a network device are provided to transmit network packets through a network security device. The method, performed by the network device, receives a request to send a network packet from a first computing device to a second computing device over a network that includes the network device and the network security device. The network packet includes a first network interface identifier for identifying the first computing device and a second network interface identifier for identifying the second computing device. The method identifies third and fourth network interface identifiers that cause the network packet to be transmitted through the network security device. The method transmits the network packet over the network through the network security device using the third and fourth network interface identifiers. The method transmits the network packet to the second computing device using the first and second network interface identifiers. | 05-08-2014 |
20140129700 | CREATING SEARCHABLE AND GLOBAL DATABASE OF USER VISIBLE PROCESS TRACES - In one example, a controller device includes one or more network interfaces communicatively coupled to one or more devices of a virtual network, and a processor configured to determine, for the virtual network, a set of two or more related processes executed by respective devices in the virtual network, receive via the network interfaces data for the set of two or more related processes, and aggregate the data for the set of two or more related processes to form aggregated data for the set of two or more related processes. | 05-08-2014 |
20140123217 | PROVISIONING LAYER THREE ACCESS FOR AGENTLESS DEVICES - A method may include obtaining a layer two identification of an endpoint that is seeking access to a network, the endpoint omitting an agent to communicate a layer three address of the endpoint to a policy node, applying one or more authentication rules based on the layer two identification of the endpoint, assigning the layer three address to the endpoint, learning, by the policy node, the layer three address of the endpoint, and provisioning layer three access for the endpoint to the network based on the learned layer three address. | 05-01-2014 |
20140122826 | DETECTING MEMORY CORRUPTION - A device identifies, based on a program code instruction, an attempted write access operation to a fenced memory slab, where the fenced memory slab includes an alternating sequence of data buffers and guard buffers. The device assigns read-only protection to the fenced slab and invokes, based on the attempted write access operation, a page fault operation. When a faulting address of the attempted write operation is not an address for one of the multiple data buffers, the device performs a panic routine. When the faulting address of the attempted write operation is an address for one of the multiple data buffers, the device removes the read-only protection for the fenced slab and performs a single step processing routine for the program code instruction. | 05-01-2014 |
20140119238 | MULTI-CHASSIS TOPOLOGY DISCOVERY USING IN-BAND SIGNALING - A multi-chassis network device may automatically detect whether cables connected between chassis devices are correctly inserted. The device may insert, into a first data stream output from a first port of the device, control information identifying the first port. The device may receive, from a second data stream received by the first port of the device, second control information identifying a second port, at another device connected to the device via a cable. The device may determine, based on the second control information, whether the connection of the first port to the second port, via the cable, is valid and cause, when the connection of the first port to the second port is determined to not be valid, the device to output an indication that the connection is not valid or to reconfigure the device to make the connection of the first port to the second port valid. | 05-01-2014 |
20140115688 | MULTI-METHOD GATEWAY-BASED NETWORK SECURITY SYSTEMS AND METHODS - Systems and methods for detecting and preventing network security breaches are described. The systems and methods present a gateway-based packet-forwarding network security solution to not only detect security breaches but also prevent them by directly dropping suspicious packets and connections. The systems and methods employ multiple techniques to detect and prevent network security breaches, including stateful signature detection, traffic signature detection, and protocol anomaly detection. | 04-24-2014 |
20140115379 | INTELLIGENT INTEGRATED NETWORK SECURITY DEVICE FOR HIGH-AVAILABILITY APPLICATIONS - Methods and apparatuses for inspecting packets are provided. A primary security system may be configured for processing packets. The primary security system may be operable to maintain flow information for a group of devices to facilitate processing of the packets. A secondary security system may be designated for processing packets upon a failover event. Flow records may be shared from the primary security system with the secondary security system. | 04-24-2014 |
20140115160 | HIGH-AVAILABILITY REMOTE-AUTHENTICATION DIAL-IN USER SERVICE - A method may include receiving, in a first server from a second server, a request for a service of a network by a device; sending, from the first server to the second server, a response to the request for the service to permit access to the service; and sending state information about the response to a third server for storage in a database. | 04-24-2014 |
20140109196 | PRESERVING AN AUTHENTICATION STATE BY MAINTAINING A VIRTUAL LOCAL AREA NETWORK (VLAN) ASSOCIATION - A method may include detecting a presence of a first server device; communicating, with the first server device, to obtain information associated with the first server device; sending, to a second server device, a request for authentication services, where the request includes the information associated with the first server device; receiving, from the second server device, a notification that the first server device has been authenticated, where the notification includes a session threshold; and establishing, based on the notification, a session with the first server device by associating the first server device with a virtual local area network (VLAN), where the associating permits network traffic to be received from or sent to the first server device via the VLAN, and where the network node uses the session threshold received from the second server device, instead of a threshold associated with the VLAN, to determine a duration permitted for the session. | 04-17-2014 |
20140101254 | APPLICATION-LAYER TRAFFIC OPTIMIZATION SERVICE MAP UPDATES - Using the ALTO Service, networking applications can request through the ALTO protocol information about the underlying network topology from the ISP or Content Provider. The ALTO Service provides information such as preferences of network resources with the goal of modifying network resource consumption patterns while maintaining or improving application performance. This document describes, in one example, an ALTO server that implements enhancements to the ALTO service to enable initiating incremental updates of network and cost maps to ALTO clients upon receiving status information from a content delivery network (CDN) node. | 04-10-2014 |
20140096229 | VIRTUAL HONEYPOT - A virtual honeypot is configured within a security appliance by configuring one or more network addresses associated with the virtual honeypot. The security appliance receives network traffic destined for the virtual honeypot sent to the one or more network addresses associated with the virtual honeypot, and forwards the traffic to a remote honeypot such that the remote honeypot appears to be connected to a network local to the security appliance. | 04-03-2014 |
20140092899 | NETWORK ADDRESS TRANSLATION FOR APPLICATION OF SUBSCRIBER-AWARE SERVICES - In general, techniques are described for informing services nodes of private network address information in order to apply subscriber-aware services with the services node. In some examples, a services node includes an Authentication, Authorization, and Accounting (AAA) interface to receive a AAA message, wherein the AAA message has been extended from a AAA protocol to specify a private network address of a subscriber device authenticated to an access network by the AAA server and assigned the private network address that is not routable external to the access network. A mapping module associates the public network address of subscriber data traffic with the private network address received by the AAA message. One or more service modules select one or more of a plurality of subscriber policies using the associated private network address and apply services to the subscriber data traffic in accordance with the selected subscriber policies. | 04-03-2014 |
20140092884 | METHODS AND APPARATUS FOR A COMMON CONTROL PROTOCOL FOR WIRED AND WIRELESS NODES - In some embodiments, an apparatus comprises of a control module implemented in at least one of a memory or a processing device that is configured to receive, via a network and from a wireless access point or an access network node, a control packet defined based on a control protocol. The control packet is associated with at least one control function of the wireless access point or access network node. The control module is configured to determine a status of an access network node based on the control packet from the access network node. The control module is configured to send via the network, a response to the access network node based on the status of the access network node. | 04-03-2014 |
20140092738 | MAINTAINING LOAD BALANCING AFTER SERVICE APPLICATION WITH A NETWOK DEVICE - In general, techniques are described for maintaining load balancing after service application. A network device comprising ingress and egress forwarding components and a service card may implement the techniques. An ingress forwarding component receives a packet and, in response to a determination that the service is to be applied to the packet, updates the packet to include an ingress identifier that identifies the ingress forwarding component, thereafter transmitting the updated packet to the service card. The service card applies the service to the updated packet to generate a serviced packet and transmits the serviced packet to the ingress forwarding component identified by the ingress identifier so as to maintain load balancing of packet flows across the plurality of forwarding components. The ingress forwarding component determines a next hop to which to forward the serviced packet and the egress forwarding component forwards the serviced packet to the determined next hop. | 04-03-2014 |
20140092723 | METHODS AND APPARATUS FOR CONTROLLING WIRELESS ACCESS POINTS - In some embodiments, an apparatus comprises of a first Control And Provisioning of Wireless Access Points (CAPWAP) module implemented in at least one of a memory or a processing device that is configured to be designated as a backup control module for a wireless access point during a first time period. The first CAPWAP control module is configured to receive state information associated with the wireless access point during the first time period from a second CAPWAP control module. The second CAPWAP control module is designated as a primary control module for the wireless access point during the first time period. The first CAPWAP control module is configured to be automatically designated as the primary control module during a second time period after the first time period and in response to the second CAPWAP control module not operating according to at least one predefined criterion. | 04-03-2014 |
20140086090 | DISTRIBUTED ADMISSION CONTROL - A first network client requests initiation of a data transfer with a second network client. An admission control facility (ACF) responds to the initiation request by performing admission analysis to determine whether to initiate the data transfer. The ACF sends one or more packets to the second network client. In response, the second network client sends acknowledgment packets back to the ACF. The ACF performs admission analysis based on the packets sent and the acknowledgment packets, and determines whether the data transfer should be initiated based on the analysis. The admission analysis may be based on a variety of factors, such as the average time to receive an acknowledgment for each packet, the variance of the time to receive an acknowledgment for each packet, a combination of these factors, or a combination of these and other factors. | 03-27-2014 |
20140078884 | COMMUNICATING NETWORK PATH AND STATUS INFORMATION IN MULTI-HOMED NETWORKS - An example network system includes a layer two (L2) device and a layer three (L3) device. The L2 device includes a control unit is configured to determine a preferred network path from a first L2 network in which the L2 device resides to an intermediate L3 network in which the L3 device resides that couples the first L2 network to a second L2 network having a second L2 device. The control unit includes a management endpoint (MEP) module. The MEP module executes an operations, administration, and management (OAM) protocol to monitor the first L2 network and output an L2 frame in accordance with the OAM protocol to the L3 device to notify the L3 device that it is within the preferred network path. A MEP module of the L3 device executes an OAM protocol that outputs L2 frames to the L2 device indicating the status of the L3 network. | 03-20-2014 |
20140053239 | DYNAMIC ACCESS CONTROL POLICY WITH PORT RESTRICTIONS FOR A NETWORK SECURITY APPLIANCE - A network security appliance supports definition of a security policy to control access to a network. The security policy is defined by match criteria including a layer seven network application, a static port list of layer four ports for a transport-layer protocol, and actions to be applied to packet flows that match the match criteria. A rules engine dynamically identifies a type of layer seven network application associated with the received packet flow based on inspection of application-layer data within payloads of packets of the packet flow without basing the identification solely on a layer four port specified by headers within the packets. The rules engine is configured to apply the security policy to determine whether the packet flow matches the static port lists specified by the match criteria. The network security appliance applies the actions specified by the security policy to the packet flow. | 02-20-2014 |
20140029750 | MULTI-SERVICE VPN NETWORK CLIENT FOR MOBILE DEVICE HAVING INTEGRATED ACCELERATION - An integrated, multi-service virtual private network (VPN) network client for cellular mobile devices is described. The multi-service network client can be deployed as a single software package on cellular mobile network devices to provide integrated services including secure enterprise VPN connectivity, acceleration, security management including monitored and enforced endpoint compliance, and collaboration services. The multi-service client integrates with an operating system of the device to provide a VPN handler to establish a VPN connection with a remote VPN security device. The VPN network client includes to data acceleration module exchange network packets with the VPN handler and apply at least one acceleration service to the network packets, and a VPN control application that provides a unified user interface that allows a user to configure both the VPN handler and the data acceleration module. | 01-30-2014 |
20140010114 | NETWORK ROUTING USING INDIRECT NEXT HOP DATA - A router maintains routing information including (i) route data representing destinations within a computer network, (ii) next hop data representing interfaces to neighboring network devices, and (iii) indirect next hop data that maps a subset of the routes represented by the route data to a common one of the next hop data elements. In this manner, routing information is structured such that routes having the same next hop use indirect next hop data structures to reference common next hop data. In particular, in response to a change in network topology, the router need not change all of the affected routes, but only the common next hop data referenced by the intermediate data structures. This provides for increased efficiency in updating routing information after a change in network topology, such as link failure. | 01-09-2014 |
20140007202 | BEHAVIOR-BASED TRAFFIC PROFILING BASED ON ACCESS CONTROL INFORMATION | 01-02-2014 |
20140007089 | MIGRATING VIRTUAL MACHINES BETWEEN COMPUTING DEVICES | 01-02-2014 |
20140006549 | METHODS AND APPARATUS FOR PROVIDING SERVICES IN DISTRIBUTED SWITCH | 01-02-2014 |
20140003433 | METHODS AND APPARATUS FOR PROVIDING SERVICES IN DISTRIBUTED SWITCH | 01-02-2014 |
20140003232 | FEEDBACK LOOP FOR SERVICE ENGINEERED PATHS | 01-02-2014 |
20140003227 | SELECTIVE BGP GRACEFUL RESTART IN REDUNDANT ROUTER DEPLOYMENTS | 01-02-2014 |
20130346574 | FILTERING WITHIN DEVICE MANAGEMENT PROTOCOL QUERIES - An example device includes an interface to receive, from a device management system, a request message that conforms to a network management protocol, a control unit that provides an execution environment for a management agent, and a data repository. The request message includes a set of managed object identifiers and a set of filter operator object identifiers. The management agent is operable to generate at least one filter criterion based on the managed object identifiers and the filter operator object identifiers, to retrieve managed object values stored in the data repository based on the managed object identifiers, each corresponding to a respective managed object identifier specified in the request message, to generate and output to the device management system a response message based on the managed object identifiers of the request message and the retrieved managed object values that satisfy one or more of the at least one filter criterion. | 12-26-2013 |
20130346470 | DISTRIBUTED PROCESSING OF NETWORK DEVICE TASKS - Techniques are described for distributing network device tasks across virtual machines executing in a computing cloud. A network device includes a network interface to send and receive messages, a routing unit comprising one or more processors configured to execute a version of a network operating system, and a virtual machine agent. The virtual machine agent is configured to identify a virtual machine executing at a computing cloud communicatively coupled to the network device, wherein the identified virtual machine executes an instance of the version of the network operating system, to send, using the at least one network interface and to the virtual machine, a request to perform a task, and to receive, using the at least one network interface and from the virtual machine, a task response that includes a result of performing the task. The routing unit is configured to update the network device based on the result. | 12-26-2013 |
20130343174 | SERVICE PLANE TRIGGERED FAST REROUTE PROTECTION - Techniques are described for detecting failure or degradation of a service enabling technology function independent from an operational state of a service node hosting the service enabling technology function. For example, a service node may provide one or more service enabling technology functions, and service engineered paths may be traffic-engineered through a network to service node network devices that host a service enabling technology function. A monitor component at the service layer of the service node can detect failure or degradation of one or more service enabling technology functions provided by the service node. The monitor component reports detection of failure or degradation to a fault detection network protocol in a forwarding plane of the service node. The fault detection network protocol communicates with an ingress router of a service engineered path to trigger fast reroute by the ingress of traffic flows to bypass the affected service enabling technology function. | 12-26-2013 |
20130336315 | ALLOCATING AND DISTRIBUTING LABELS FOR PACKET ENCAPSULATION - In one example, a network device receives a packet to be forwarded according to a label switching protocol, determines a service to be performed on the packet by a service network device, sends a label request message to the service network device, wherein the label request message indicates support for labels having a particular length, wherein the particular length is larger than twenty bits (e.g., forty bits), and wherein the label request message specifies the service to be performed on the packet, receives, in response to the label request message, a label mapping message defining a label of the particular length, appends the label to the packet to form a Multi-Protocol Label Switching (MPLS)-encapsulated packet, and forwards the MPLS-encapsulated packet according to the label switching protocol. | 12-19-2013 |
20130332638 | SELF CLOCKING INTERRUPT GENERATION IN A NETWORK INTERFACE CARD - A network interface card may issue interrupts to a host in which the determination of when to issue an interrupt to the host may be based on the incoming packet rate. In one implementation, an interrupt controller of the network interface card may issue interrupts to that informs a host of the arrival of packets. The interrupt controller may issue the interrupts in response to arrival of a predetermined number of packets, where the interrupt controller re-calculates the predetermined number based on an arrival rate of the incoming packets. | 12-12-2013 |
20130332577 | MULTITENANT SERVER FOR VIRTUAL NETWORKS WITHIN DATACENTER - In general, techniques are described for facilitating multi-tenancy of a server accessed by virtual networks of a data center. A device included within a data center comprising one or more processors may perform the techniques. The processors may be configured to execute a virtual switch that supports a number of virtual networks executing within the data center. The virtual switch may be configured to receive a request regarding data associated with an identifier that is unique within one of the virtual networks that originated the request. The virtual switch may then translate the identifier included within the request to generate a globally unique identifier that is unique within the plurality of virtual networks, update the request to replace the identifier included within the request with the globally unique identifier, and transmit the updated request to a server of the data center. | 12-12-2013 |
20130329725 | FACILITATING OPERATION OF ONE OR MORE VIRTUAL NETWORKS - Techniques for facilitating the operation of one or more virtual networks are described. In some examples, a system may include a first controller node device configured to control operation of a first set of elements in the one or more virtual networks, wherein the first set of elements includes a first server device. The system may also include a second controller node device configured to control operation of a second set of elements in the one or more virtual networks, wherein the second set of elements includes the second server device. The first controller node device and the second controller node device are peers according to a peering protocol by which the first controller node device and the second controller node device exchange information relating to the operation of the first set of elements and the second set of elements. | 12-12-2013 |
20130329605 | MULTICAST SERVICE IN VIRTUAL NETWORKS - Techniques are described to provide multicast service within a virtual network using a virtual network controller and endpoint replication without requiring multicast support in the underlying network. The virtual network controller is configured to create a multicast tree for endpoint devices of a multicast group in the virtual network at a centralized location instead of in a distributed fashion. The virtual network controller communicates the multicast tree to one or more of the endpoint devices of the multicast group to instruct the endpoint devices to replicate and forward multicast packets to other endpoint devices according to the multicast tree. The replication and forwarding of multicast packets is performed by virtual switches executed on the endpoint devices in the virtual network. No replication is performed within the underlying network. The techniques enable multicast service within a virtual network without requiring multicast support in the underlying network. | 12-12-2013 |
20130329603 | NEXT HOP CHAINING FOR FORWARDING DATA IN A NETWORK SWITCHING DEVICE - A route for a data unit through a network may be defined based on a number of next hops. Exemplary embodiments described herein may implement a router forwarding table as a chained list of references to next hops. In one implementation, a device includes a forwarding table that includes: a first table configured to store, for each of a plurality of routes for data units in a network, a chain of links to next hops for the routes; and a second table configured to store the next hops. The device also includes a forwarding engine configured to assemble the next hops for the data units based on using the chain of links in the first table to retrieve the next hops in the second table and to forward the data units in the network based on the assembled next hops. | 12-12-2013 |
20130322236 | CONGESTION MANAGMENT FOR FIBRE CHANNEL OVER ETHERNET OVER WIDE AREA NETWORKS - In general, techniques are described for mapping WAN conditions to appropriate back-pressure mechanisms at the WAN edges to improve the performance of delay and/or loss-sensitive applications. In one example, a system includes a wide area network having a provider edge (PE) router to establish a Fibre Channel over Ethernet (FCoE) pseudowire over the wide area network. A Lossless Ethernet network attaches, by an attachment circuit, to the FCoE pseudowire at the PE router. A Fibre Channel Fabric connects to the Lossless Ethernet network and to a storage device that provides data for transmission over the wide area network by the FCoE pseudowire. The PE router detects a defect in the FCoE pseudowire and, in response to detecting the defect in FCoE pseudowire, injects an FCoE flow control extension into the Lossless Ethernet network by the attachment circuit. | 12-05-2013 |
20130315060 | METHODS AND APPARATUS FOR CONFIGURING A VIRTUAL NETWORK SWITCH - In one embodiment, a method includes sending a configuration signal to a virtual network switch module within a control plane of a communications network. The configuration signal is configured to define a first network rule at the virtual network switch module. The method also includes configuring a packet forwarding module such that the packet forwarding module implements a second network rule, and receiving status information from the virtual network switch module and status information from the packet forwarding module. The status information is received via the control plane. | 11-28-2013 |
20130315056 | METHOD AND APPARATUS FOR FAST REROUTE IN A CONNECTION-ORIENTED NETWORK - A method and an apparatus for rapidly resuming, at times of failures, network traffic in a connection-oriented network by using an alternative route pre-computed and stored locally in nodes along an initial route without requiring signaling of upstream nodes or a master server. | 11-28-2013 |
20130308644 | FILTERING AND ROUTE LOOKUP IN A SWITCHING DEVICE - Methods and devices for processing packets are provided. The processing device may Include an input interface for receiving data units containing header information of respective packets; a first module configurable to perform packet filtering based on the received data units; a second module configurable to perform traffic analysis based on the received data units; a third module configurable to perform load balancing based on the received data units; and a fourth module configurable to perform route lookups based on the received data | 11-21-2013 |
20130308597 | METHODS AND APPARATUS FOR VIRTUAL SOFT HANDOFF - In some embodiments, a non-transitory processor-readable medium includes code to cause a processor to receive at a tunnel server, a data unit addressed to a communication device, and define, a first instance of the data unit and a second instance of the data unit. The first instance of the data unit is sent to the communication device via a first tunnel defined between at least the tunnel server and a first base station associated with a first network. The second instance of the data unit is sent to the communication device via a second tunnel defined between at least the tunnel server and a second base station associated with a second network. The second instance of the data unit is dropped by the communication device when the first instance of the data unit is received before the second instance of the data unit. | 11-21-2013 |
20130301660 | Apparatus and Method of Compensating for Clock Frequency and Phase Variations by Processing Packet Delay Values - An apparatus and method are described for compensating for frequency and phase variations of electronic components by processing packet delay values. In one embodiment, a packet delay determination module determines packet delay values based on time values associated with a first and a second electronic component. A packet delay selection module selects a subset of the packet delay values based on the maximum frequency drift of the first electronic component. A statistical parameter determination module evaluates a first and a second parameter based on portions of the subset of packet delay values. A validation module validates the parameters when each portion the subset of packet delay values includes a minimum of at least two packet delay values. An adjustment module compensates for at least one of a frequency variation and a phase variation of the first electronic component based on the parameters if the parameters are both validated. | 11-14-2013 |
20130301522 | INLINE NETWORK ADDRESS TRANSLATION WITHIN A MOBILE GATEWAY ROUTER - Techniques are described for performing inline NAT functions in a forwarding element of a mobile gateway router or other device in which subscriber sessions of a mobile access network are distributed across a plurality of session management cards. The session management cards pre-allocate a public network address and port range for subscribers at the time a network connection is established in response to connection request prior to receiving any data traffic associated with the subscriber. NAT profiles are programmed into hardware forwarding elements of the mobile gateway router for inline NAT when routing subscriber traffic for the mobile access network. | 11-14-2013 |
20130301403 | FAST REROUTE USING LOOP FREE ALTERNATE NEXT HOPS FOR MULTIPOINT LABEL SWITCHED PATHS - The techniques of this disclosure provide local protection for network traffic in multipoint label switched paths (LSPs) due to link or node failure using loop-free alternate (LFA) next hops. The techniques include establishing a vanilla or point-to-point (P2P) LSP with LFA next hops between routers of a multipoint LSP for use in the event of link or node failure in the multipoint LSP. Upon a failure, the multicast traffic is tunneled between the routers using the P2P LSP with LFA to an alternate next hop with an associated label stack. The techniques of this disclosure define the label stack as including a P2P LSP label as well as a multipoint LSP label. In this way, the P2P LSP with LFA may be used for fast reroute (FRR) of traffic in the multipoint LSP until a convergence process completes for a new multipoint branch of the multipoint LSP. | 11-14-2013 |
20130290544 | ROUTING PROXY FOR RESOURCE REQUESTS AND RESOURCES - A device receives, from a client device, a request for a resource, where the request provides an identifier of the client device. The device selects a target device for the resource, connects with the selected target device, and provides a proxy of the request to the selected target device, where the proxy of the request hides the identifier of the client device. The device receives the resource from the selected target device, where the resource provides an identifier of the target device. The device provides a proxy of the resource to the client device, where the proxy of the resource hides the identifier of the target device. | 10-31-2013 |
20130288644 | NON-MOBILE AUTHENTICATION FOR MOBILE NETWORK GATEWAY CONNECTIVITY - In general, techniques are described for emulating mobile authentication methods to establish authenticated connectivity between a mobile service provider gateway and a wireless device attached to an alternate access network. For example, a system operating according to the described techniques includes a mobile service provider network, an alternate access network having an access gateway, and an authentication server of the mobile service provider network that receives a network access request. A subscriber database responds to the network access request with virtual mobility information, wherein the network access request does not include an International Mobile Subscriber Identity (IMSI), and wherein the virtual mobility information comprises a virtual IMSI. The access gateway uses the virtual mobility information to signal a mobile network gateway of the mobile service provider network to establish a service session for the wireless device over the alternate access network that is anchored by the mobile network gateway. | 10-31-2013 |
20130286847 | OPTICAL COMMUNICATION LINK EMPLOYING COHERENT DETECTION AND OUT OF BAND CHANNEL IDENTIFICATION - An optical system may include: a demultiplexer to receive an optical signal and to demultiplex the optical signal into a plurality of optical channels; a detector circuit to: receive the plurality of optical channels, and identify a predetermined channel identification trace tone frequency for an optical channel of the plurality of optical channels; and a receiver to: receive the optical channel with the identified predetermined channel identification trace tone frequency from the detector circuit, and process the optical channel. | 10-31-2013 |
20130286846 | PATH WEIGHTED EQUAL-COST MULTIPATH - Routers balance network traffic among multiple paths through a network according to an amount of bandwidth that can be sent on an outgoing interface computed for each of the paths. For example, a router receives a link bandwidth for network links that are positioned between the first router and a second router of the network, and selects a plurality of forwarding paths from the first router to the second router. Upon determining that one of the network links is shared by multiple of the plurality of forwarding paths, the router computes a path bandwidth for each of the plurality of forwarding paths so as to account for splitting of link bandwidth of the shared network link across the multiple forwarding paths that share the network link. The router assigns packet flows to the forwarding paths based at least on the computed amount of bandwidth for each of the forwarding paths. | 10-31-2013 |
20130262651 | METHODS AND APPARATUS FOR IMPROVING COMPATIBILITY BETWEEN NETWORK DEVICES - In some embodiments, an apparatus includes a network device configured to receive an anomaly database of a first image that stores a set of differences between the first image and a base image. The network device is configured to compare the anomaly database of the first image with an anomaly database of a second image storing a set of differences between the second image and the base image to determine if the first and second images include at least one incompatible critical feature or incompatible non-critical feature. The network device is configured to send a signal associated with a first action if the first and second images include the at least one incompatible critical feature. The network device is configured to send a signal associated with a second action different from the first action if the first and second images include the at least one incompatible non-critical feature. | 10-03-2013 |
20130259490 | PROCESSING DATA IN A COHERENT OPTICAL COMMUNICATION SYSTEM - This disclosure describes techniques to sample electrical data streams in coherent receivers. For instance, an analog-to-digital converter (ADC) samples the received electrical data stream at a sampling rate that is nominally twice or greater than twice the symbol rate of the electrical data stream that the ADC receives. A digital filter receives the digital data stream from the ADC, and digitally filters the digital data streams to output a filtered digital electrical data stream at an effective sampling rate that is less than the sampling rate and less than twice the symbol rate, and greater than or equal to the symbol rate. | 10-03-2013 |
20130259058 | REDUCED TRAFFIC LOSS FOR BORDER GATEWAY PROTOCOL SESSIONS IN MULTI-HOMED NETWORK CONNECTIONS - This disclosure describes techniques to reduce traffic loss for a Border Gateway Protocol (BGP) session by delaying re-advertisement of routes received from a newly re-established multi-homed router by a primary router until all the routes are installed in a forwarding plane of the primary router. The techniques of this disclosure make use of a BGP marker received from the multi-homed router that indicates the end of a route download for an address family. Upon receiving the BGP marker, a control plane of the primary router requests a route acknowledgement message (Route-ACK) from the forwarding plane for only the last route of the address family received before the BGP marker. When the control plane receives the Route-ACK indicating that the last route has been installed in the forwarding plane, the primary router initiates re-advertisement of the routes to other BGP peer routers. | 10-03-2013 |
20130259056 | OAM LABEL SWITCHED PATH FOR FAST REROUTE OF PROTECTED LABEL SWITCHED PATHS - In response to receiving a reply message for reserving bandwidth along a primary path for a first label switched path (LSP) for carrying data traffic from an ingress network device to an egress network device, a point of local repair (PLR) network device establishes a second LSP from the PLR to a merge point (MP) network device along a subset of the primary path. The second LSP is dedicated to carrying operations, administration and management (OAM) messages to verify connectivity of the subset of the primary path, and is not used for sending data traffic. The PLR sends an OAM message to verify connectivity of at least one protected resource along the subset of the primary path to a next hop along the second LSP, wherein the OAM message is encapsulated by a second label associated with the second LSP. | 10-03-2013 |
20130258859 | METHODS AND APPARATUS FOR SPECTRAL SCANNING WITHIN A NETWORK - In some embodiments, an apparatus includes a spectral scanning controller configured to interrupt service at a wireless access point (WAP) such that the WAP performs spectral scanning during service interruption. The spectral scanning controller is configured to interrupt service at the WAP at a first scanning frequency when the spectral scanning controller is in a first configuration. The spectral scanning controller is configured to interrupt service at the WAP at a second scanning frequency different from the first scanning frequency when the spectral scanning controller is in a second configuration. The spectral scanning controller is configured to move from the first configuration to the second configuration in response to a change in at least one of a service demand, a service quality, a spectral scanning demand or a spectral scanning quality. | 10-03-2013 |
20130258853 | SYSTEMS AND METHODS FOR SELECTIVELY PERFORMING EXPLICIT CONGESTION NOTIFICATION - A system provides congestion control and includes multiple queues that temporarily store data and a drop engine. The system associates a value with each of the queues, where each of the values relates to an amount of memory associated with the queue. The drop engine compares the value associated with a particular one of the queues to one or more programmable thresholds and selectively performs explicit congestion notification or packet dropping on data in the particular queue based on a result of the comparison. | 10-03-2013 |
20130252653 | METHODS AND APPARATUS FOR CHANNEL SELECTION WITHIN A WIRELESS NETWORK - In some embodiments, a method includes calculating, at a wireless access point (WAP) from a set of WAPs within a network, an interference value for each channel from a set of channels of the WAP. The method includes calculating, based on the interference value for each channel, a total move weight of the WAP. The method includes receiving, at the WAP, a total move weight from each remaining WAP. The method includes selecting one WAP from the set of WAPs based on a random number, the total move weight of the WAP, the total move weights from the remaining WAPs, and a rank of the WAPs. The method further includes changing, if the WAP is selected, a designated channel of the WAP to one of the remaining channels; and sending a signal to modify an active channel of the WAP to correspond with the designated channel. | 09-26-2013 |
20130247071 | SYSTEM AND METHOD FOR EFFICIENT SHARED BUFFER MANAGEMENT - A method for managing a shared buffer between a data processing system and a network. The method provides a communication interface unit for managing bandwidth of data between the data processing system and an external communicating interface connecting to the network. The method performs, by the communication interface unit, a combined de-queue and head drop operation on at least one data packet queue within a predefined number of clock cycles. The method also performs, by the communication interface unit, an en-queue operation on the at least one data packet queue in parallel with the combined de-queue operation and head drop operation within the predefined number of clock cycles. | 09-19-2013 |
20130246651 | LONGEST PREFIX MATCH SEARCHES WITH VARIABLE NUMBERS OF PREFIXES - An example network device includes a control plane and a filter lookup module that includes a Bloom filter that supports parallel lookup of a maximum number of different prefix lengths. The filter lookup module accesses the Bloom filter to determine a longest length prefix that matches an entry in a set of prefixes. The control plane receives prefix lengths that include more than the maximum number of different prefix lengths supported by the Bloom filter, wherein the set of prefix lengths is associated with one application, generates, based on the received set of prefix lengths, two or more groups of different prefix lengths, wherein each of the two or more groups of different prefix lengths includes no more than the maximum number of different prefix lengths, and programs the filter lookup module with the two or more groups of different prefix lengths associated with the one application. | 09-19-2013 |
20130243008 | VIRTUAL LINK AGGREGATION OF NETWORK TRAFFIC IN AN AGGREGATION SWITCH - Access switches in a switching system may use virtual aggregated links. When a link between an aggregation switch and an access switch fails, the link failure may be reflected in the virtual aggregated link and data traffic to another access switch may be switched away from the failed switch. A forwarding table in the access switch stores a number of entries that each define a correspondence between destination addresses and an output identifier for the switch. At least a first output identifier includes an aggregated link that represents a first set of possible output links. At least a second output identifier includes a virtual aggregated link, associated with a second network switch that represents a second set of possible output links. Destination addresses in the forwarding table for the virtual aggregated link correspond to network devices connected to the second network switch. | 09-19-2013 |
20130242753 | CELL TRANSFER APPARATUS WITH HARDWARE STRUCTURE FOR OAM CELL GENERATION - An ATM (asynchronous transfer mode) cell transfer apparatus includes an input interface, a switch block, and an OAM cell processing hardware block having a memory unit. The input interface receives an SDH/SONET signal on each of a plurality of first transfer paths to output an input OAM cell corresponding to the SDH/SONET signal to one of a plurality of input ports of the switch block corresponding to the first transfer path for the SDH/SONET signal to be transferred. The switch block receives the input OAM (operation and maintenance) cell from the corresponding input port as an OAM input port to output to the OAM cell processing hardware block together with a port number of the OAM input port, and receives at least one output OAM cell from the OAM cell processing hardware block to output to at least one of the plurality of output ports based on the received output OAM cell. The OAM cell processing hardware block reads out the at least one output OAM cell corresponding to the input OAM cell from the memory unit based on the input OAM cell and the port number supplied from the switch block, and outputs the at least one output OAM cell to the switch block. | 09-19-2013 |
20130238810 | ENCAPSULATING/DECAPSULATING DATA IN HARDWARE - A forwarding node decapsulates and encapsulates data. The decapsulation may be performed using pattern matching techniques and the encapsulation may be performed using pattern insertion techniques. The decapsulation and encapsulation are preferably performed by hardware devices such as application specific integrated circuits (ASICs) to enhance the speed of such operations. The decapsulation and encapsulation may be independent of each other and performed on a per virtual circuit basis. | 09-12-2013 |
20130238794 | ENHANCED HIGH AVAILABILITY FOR GROUP VPN IN BROADCAST ENVIRONMENT - A light-weight resilient mechanism is used to synchronize server secure keying data with member devices in a highly-scalable distributed group virtual private network (VPN). A server device generates an initial secure keying data set, for the VPN, that includes a first version identifier, and sends, to member devices and via point-to-point messages, the secure keying data set. The server device sends, to the member devices, heartbeat push messages including the first version identifier. The server device generates an updated secure keying data set with a second version identifier and sends, to the member devices, a key push message that includes the updated data set. The server device sends, to the member devices, heartbeat push messages including the second version identifier. Member devices may use the first and second version identifiers to confirm that secure keying data sets are current and quickly identify if updates are missed. | 09-12-2013 |
20130238766 | LEARNING VALUES OF TRANSMISSION CONTROL PROTOCOL (TCP) OPTIONS - A system includes a storage device and a processor. The storage device is configured to store a first set of values of TCP options for a first group of servers. The processor is configured to: transmit first requests to the first group of servers; receive first replies, in response to the first requests, from the first group of servers; determine the first set of values of the TCP options for the first group based on values in the first replies; store the first set of values in the storage device; receive a first message from a client to establish a connection between the client and a server in the first group of servers, and transmit, in response to the first message, a second message to the client. | 09-12-2013 |
20130235880 | APPLYING BACKPRESSURE TO A SUBSET OF NODES IN A DEFICIT WEIGHTED ROUND ROBIN SCHEDULER - A scheduler in a network element may include a dequeuer to dequeue packets from a set of scheduling nodes using a deficit weighted round robin process, where the dequeuer is to determine whether a subset of the set of scheduling nodes is being backpressured. The dequeuer may set a root rich most negative credits (MNC) value, associated with a root node, to a root poor MNC value, associated with the root node, and set the root poor MNC value to zero, when the subset is not being backpressured, and may set the rich MNC value to a maximum of the root poor MNC value and a root backpressured rich MNC value, associated with the subset, and set the root poor MNC value to a root backpressured poor MNC value, associated with the subset, when the subset is being backpressured. | 09-12-2013 |
20130235867 | HYBRID TYPE TELEPHONY SYSTEM - A hybrid type telephony system capable of establishing a connection between conventional type telephone sets contained in an exchange unit and LAN type telephone sets contained in an IP network, the system comprising: a gateway circuit connected between the exchange unit and the IP network and performing voice data format conversion, and a central control unit connected to the LAN of the. IP network for establishing a communication path to the exchange unit via a control bus, controlling switching of IP packets of the IP network, managing IP address information of the LAN type telephone sets and the gateway circuit via the LAN, and controlling connection between the LAN type telephone sets and connection between the LAN type telephone sets and the gateway circuit. | 09-12-2013 |
20130235725 | PSEUDO-RELATIVE MODE WRED/TAIL DROP MECHANISM - A buffer memory can be configured to temporarily store data in a number of queues. A processor can be configured to measure a fullness of the buffer memory. The processor can be configured to adjust thresholds and drop profiles based on a measured global resource usage for a weighted random early detection (WRED) technique with less resources than a conventional. | 09-12-2013 |
20130230322 | MULTI-CHASSIS ROUTER WITH MULTIPLEXED OPTICAL INTERCONNECTS - A multi-chassis network device includes a plurality of nodes that operate as a single device within the network and a switch fabric that forwards data plane packets between the plurality of nodes. The switch fabric includes a set of multiplexed optical interconnects coupling the nodes. For example, a multi-chassis router includes a plurality of routing nodes that operate as a single router within a network and a switch fabric that forwards packets between the plurality of routing nodes. The switch fabric includes at least one multiplexed optical interconnect coupling the routing nodes. The nodes of the multi-chassis router may direct portions of the optical signal over the multiplexed optical interconnect to different each other using wave-division multiplexing. | 09-05-2013 |
20130227022 | PEER DISCOVERY AND SECURE COMMUNICATION IN FAILOVER SCHEMES - A system discovers peer nodes in a failover system, establishes a secure channel between at least two of the peer nodes, and exchanges state information over the secure channel. | 08-29-2013 |
20130223283 | SYSTEMS AND METHODS FOR EQUAL-COST MULTI-PATH VIRTUAL PRIVATE LAN SERVICE - A provider edge device, associated with a virtual private local area network service (VPLS) system, includes a memory to store instructions to implement a pseudowire mechanism to receive a first data frame from a source customer edge (CE) device associated with the VPLS system, incorporate the first data frame into a first VPLS packet, determine whether the source CE device is a single-homed CE device or a multi-homed CE device, and incorporate, into the first VPLS packet, a first pseudowire label, if the source CE device is a single-homed CE device, and incorporate, into the first VPLS packet, a second pseudowire label, different from the first pseudowire label, if the source CE device is a multi-homed CE device; and a processor to execute the instructions. | 08-29-2013 |
20130223224 | PACKET SPRAYING FOR LOAD BALANCING ACROSS MULTIPLE PACKET PROCESSORS - A network device includes multiple packet processing engines implemented in parallel with one another. A spraying component distributes incoming packets to the packet processing engines using a spraying technique that load balances the packet processing engines. In particular, the spraying component distributes the incoming packets based on queue lengths associated with the packet processing engines and based on a random component. In one implementation, the random component is a random selection from all the candidate processing engines. In another implementation, the random component is a weighted random selection in which the weights are inversely proportional to the queue lengths. | 08-29-2013 |
20130215911 | MULTI-INTERFACE COMPATIBLE BUS OVER A COMMON PHYSICAL CONNECTION - A multi-interface bus allows for different bus standards to be implemented over the same set of physical bus lines. More particularly, in one implementation, the system includes a first circuit board, a second circuit board, and a bus connecting the first and second circuit boards. The second circuit board is configured to communicate with the first circuit board using either a synchronous or an asynchronous bus protocol determined based on a bus protocol used by the first circuit board. | 08-22-2013 |
20130215892 | NETWORK PROVIDER BRIDGE MMRP REGISTRATION SNOOPING - A provider edge bridge in a service provider network receives multiple media access control (MAC) Registration Protocol (MMRP) registration messages from customer networks via tunnels. The provider edge bridge snoops the MMRP registration messages to obtain multicast MAC addresses from the registration messages, and tunnels the MMRP registration messages toward one or more other bridges. The provider edge bridge constructs multicast forwarding tables based on the multicast addresses obtained from snooping the MMRP registrations, and uses the multicast forwarding tables for forwarding data units from the provider edge bridge towards destinations. | 08-22-2013 |
20130215886 | MEMORY ORGANIZATION IN A NETWORK DEVICE - A router for switching data packets from a source to a destination in a network in which the router includes a distributed memory. The distributed memory includes two or more memory banks. Each memory bank is used for storing uniform portions of a data packet received from a source and linking information for each data packet to allow for the extraction of the uniform portions of a data packet from distributed locations in memory in proper order after a routing determination has been made by the router. | 08-22-2013 |
20130213909 | CHASSIS SYSTEM WITH FRONT COOLING INTAKE - A line card includes a metal frame that includes a front section, and a bottom section connected to the front section via an angled section, where the angled section results in an opening between the line card and a second line card, when the line card is installed above the second line card in a rack, and where the opening allows directed air to enter the rack from a front direction; a printed circuit board attached to the metal frame; and a group of front panel connectors attached to the front section of the metal frame. | 08-22-2013 |
20130212296 | FLOW CACHE MECHANISM FOR PERFORMING PACKET FLOW LOOKUPS IN A NETWORK DEVICE - An example network device includes a network interface configured to receive a packet of a packet flow, wherein the packet flow is one of a plurality of packet flows processed by the network device, a flow cache configured to receive a lookup key associated with the packet flow, and a Bloom filter configured to process the lookup key. The flow cache is further configured to store information about a portion of the plurality of packet flows processed by the network device, and determine whether to store information about the packet flow by at least applying a selection criterion to processing of the lookup key by the Bloom filter. The flow cache is configured to determine whether the lookup key is stored in the flow cache, and, when the lookup key is stored in the flow cache, retrieve a stored result associated with the lookup key and output the stored result. | 08-15-2013 |
20130205361 | DYNAMIC THREAT PROTECTION IN MOBILE NETWORKS - In general, techniques are described for dynamic threat protection in mobile networks. A network system comprising a network security device and a management system may implement the techniques. The management system includes a network server having a shared database. A mobile device manager (MDM) of the management system receives a report message from a mobile device, specifying a threat to a mobile network. The MDM publishes the threat to the shared database. A network management system (NMS) of the management system receives data from the shared database identifying the threat and generates a security policy that specifies actions to address the threat. The NMS then installs the security policy in the network security device so that the network security device performs the actions of the security policy to address the threat. | 08-08-2013 |
20130201909 | MOBILE NODE HOST ROUTE INSTALLATION AND WITHDRAWAL - In general, techniques are described for atomically installing and withdrawing host routes along paths connecting network routers to attenuate packet loss for mobile nodes migrating among wireless LAN access networks and a mobile network. In some examples, whenever the mobile node moves from one attachment point to the next, it triggers the distribution of its host route from the new attachment point toward the service provider network hub provider edge (PE) router that anchors the mobile node on a service provider network. Routers participating in the Mobile VPN install the host route “atomically” from the attachment point to the mobile gateway so as to ensure convergence of the network forwarding plane with the host route toward the new attachment point prior to transitioning mobile node connectivity from a previous attachment point. | 08-08-2013 |
20130194974 | NETCONF-ENABLED PROVISIONING IN ROLLBACK AGNOSTIC ENVIRONMENT - A method includes receiving configuration data for configuring network devices; generating remote procedure calls (RPCs) for configuring the network devices, which include provisioning and reverse provisioning RPCs, where each reverse provisioning RPC reverse provisions a particular pseudowire; providing to the network devices the provisioning RPCs; determining a success with respect to each of the provisioning RPCs, where the success indicates that all endpoints of a pseudowire have been successfully configured; providing the reverse provisioning RPCs to the network devices, when it is determined that the success has not been achieved; and storing an indication of success when it is determined that the success has been achieved with respect to the provisioning RPCs. | 08-01-2013 |
20130185767 | CLUSTERED AAA REDUNDANCY SUPPORT WITHIN A RADIUS SERVER - In general, techniques are described for supporting interchassis redundancy (ICR) by a plurality of network access servers (NASes) that are members of an ICR. For example, techniques may be used to associate, within a RADIUS server, multiple NAS identifiers for the NASes with a single NAS identifier alias. The RADIUS server is configured to handle RADIUS protocol messages from any member of the ICR cluster as though the RADIUS protocol messages issued from a single NAS having the NAS identifier alias. | 07-18-2013 |
20130177153 | USING FILE METADATA FOR DATA OBFUSCATION - A system and method may assist in securing data for transmission to a receiving entity. Received data may include metadata associated therewith. The data may be encrypted using an encryption key encoded within selected portions of the metadata, where the selection of the selected portions is based on a scheme shared with the receiving entity. The encrypted data including the metadata may be transferred to the receiving entity. The receiving entity may decrypt the encrypted data using the selected portions of the metadata. | 07-11-2013 |
20130176843 | ROUTING PROTOCOLS FOR ACCOMMODATING NODES WITH REDUNDANT ROUTING FACILITIES - Graceful restart in routers having redundant routing facilities may be accomplished by replicating network (state/topology) information. | 07-11-2013 |
20130173841 | CONVENIENT, FLEXIBLE, AND EFFICIENT MANAGEMENT OF MEMORY SPACE AND BANDWIDTH - A device may receive a request to read data from or write data to a memory that includes a number of memory banks. The request may include an address. The device may perform a mapping operation on the address to map the address from a first address space to a second address space, identify one of the memory banks based on the address in the second address space, and send the request to the identified memory bank. | 07-04-2013 |
20130173797 | CLOUD BASED CUSTOMER PREMISES EQUIPMENT - Network (cloud) based customer premises equipment may receive, over a broadband access circuit, layer 2 traffic from an access device at a customer premises; provide dynamic host configuration protocol (DHCP) services for computing devices at the customer premises, the DHCP services providing Internet Protocol (IP) addresses to the computing devices at the customer premises; and provide network address translation (NAT) services for the computing devices at the customer premises. | 07-04-2013 |
20130170497 | VOICE RELAYING APPARATUS AND VOICE RELAYING METHOD - A voice relaying apparatus includes a receiving section for receiving a cell from an asynchronous transfer mode (ATM) network, a plurality of cell assembling/disassembling units for assembling and disassembling the cells, and a transmitting section for transmitting the cells assembled by each of the plurality of cell assembling/disassembling units. | 07-04-2013 |
20130170381 | BAND CONTROL SYSTEM FOR A DIGITAL SUBSCRIBER NETWORK AND BAND CONTROL METHOD THEREFOR - A band control system of the present invention is applicable to a digital subscriber line network in which a first apparatus and a second apparatus situated at a subscriber station and a center, respectively, are interconnected by a metallic cable for interchanging at least a digital data signal with each other. The band control system includes a commanding device included in one of the first and said second apparatuses for monitoring the receipt of ATM (Asynchronous Transfer Mode) cells from the other apparatus and sending, based on the result of monitoring, a band variation command to the other apparatus to thereby cause it to vary a band by using a frequency band not used for signal transfer. A band varying device is included in the other apparatus for receiving the band variation command and varying the band in accordance with the command. | 07-04-2013 |
20130166859 | IDENTIFYING UNALLOCATED MEMORY SEGMENTS - A network device that includes a first memory to store packets in segments; a second memory to store pointers associated with the first memory; a third memory to store summary bits and allocation bits, where the allocation bits correspond to the segments. The network device also includes a processor to receive a request for memory resources; determine whether a pointer is stored in the second memory, where the pointer corresponds to a segment that is available to store a packet; and send the pointer when the pointer is stored in the second memory. The processor is further to perform a search to identify other pointers when the pointer is not stored in the second memory, where performing the search includes identifying a set of allocation bits, based on an unallocated summary bit, that corresponds to the other pointers; identify another pointer, of the other pointers, based on an unallocated allocation bit of the set of allocation bits; and send the other pointer in response to the request. | 06-27-2013 |
20130166856 | SYSTEMS AND METHODS FOR PRESERVING THE ORDER OF DATA - A device includes an input processing unit and an output processing unit. The input processing unit dispatches first data to one of a group of processing engines, records an identity of the one processing engine in a location in a first memory, reserves one or more corresponding locations in a second memory, causes the first data to be processed by the one processing engine, and stores the processed first data in one of the locations in the second memory. The output processing unit receives second data, assigns an entry address corresponding to a location in an output memory to the second data, transfers the second data and the entry address to one of a group of second processing engines, causes the second data to be processed by the second processing engine, and stores the processed second data to the location in the output memory. | 06-27-2013 |
20130163740 | ASYNCHRONOUS CALLS USING INTERMITTENT CALLBACK FOR DELAY SENSITIVE APPLICATIONS - A call handling system receives an asynchronous call request, from a call requester, requesting performance of an operation, where the call request includes a delay parameter specified by the call requester. The call handling system performs the requested operation, and sends a callback to the call requester, which includes partial results from performance of the requested operation, at selected intervals determined by the delay parameter. | 06-27-2013 |
20130163607 | METHODS AND APPARATUS FOR A DISTRIBUTED FIBRE CHANNEL CONTROL PLANE - In some embodiments, a system includes a set of network control entities associated with a distributed multi-stage switch. Each network control entity from the set of network control entities is configured to manage at least one edge device having a set of ports and coupled to the distributed multi-stage switch. Each network control entity from the set of network control entities is associated with a unique set of identifiers. A network control entity from the set of network control entities is configured to assign a unique identifier from its unique set of identifiers to a port from the set of ports of the at least one edge device in response to the network control entity receiving a login request associated with the port. | 06-27-2013 |
20130163591 | METHODS AND APPARATUS FOR A DISTRIBUTED FIBRE CHANNEL CONTROL PLANE - In some embodiments, an apparatus includes a management module configured to assign a unique set of identifiers to each network control entity from a set of network control entities. As a result, a network control entity from the set of network control entities can assign an identifier from its unique set of identifiers to a port in response to that network control entity receiving a login request from the port. The set of network control entities is associated with a distributed multi-stage switch. The management module is also configured to store a zone set database associated with the distributed multi-stage switch. The management module is configured to send an instance of an active zone set stored within the zone set database to each network control entity from the set of network control entities such that each network control entity can enforce the active zone set. | 06-27-2013 |
20130162499 | APPARATUS FOR IMPLEMENTING CROSS POLARIZED INTEGRATED ANTENNAS FOR MIMO ACCESS POINTS - An apparatus includes a processor disposed within an enclosure and configured to connect one or more wireless devices to a network. A first antenna has an orientation of polarization and is disposed within the enclosure. A second antenna has an orientation of polarization and is disposed within the enclosure at a non-zero distance from first antenna. A third antenna has an orientation of polarization and is disposed within the enclosure at a non-zero distance from each of the first antenna and the second antenna. The orientation of polarization of the first antenna is different from the orientation of polarization of the second antenna, and the orientation of polarization of the third antenna is different from the orientation of polarization of the first antenna and the orientation of polarization of the second antenna. | 06-27-2013 |
20130159549 | DEVICE COMMUNICATIONS OVER UNNUMBERED INTERFACES - A method and a network device for enabling communication between unnumbered interfaces are provided. A device level address may be assigned to a network device. The network device may announce the assigned device level address to a neighboring network device over a link. A corresponding device level address associated with the neighboring network device may be received over the link. A route may be stored including the received device level address associated with the neighboring network device and the link. In some implementations, the announcement of the assigned device level address is performed during protocol configuration. | 06-20-2013 |
20130156032 | DATA STRUCTURE-LESS DISTRIBUTED FABRIC MULTICAST - A network device receives a packet with a multicast nexthop identifier, and creates a mask that includes addresses of egress packet forwarding engines, of the network device, to which to provide the packet. The network device divides the mask into two portions, generates two copies of the packet, provides a first portion of the mask in a first copy of the packet, and provides a second portion of the mask in a second copy of the packet. The network device also forwards the first copy of the packet to an address of a first egress packet forwarding engine provided in the first portion of the mask, and forwards the second copy of the packet to an address of a second egress packet forwarding engine provided in the second portion of the mask. | 06-20-2013 |
20130155949 | METHODS AND APPARATUS FOR BALANCING BAND PERFORMANCE - An apparatus includes a processor disposed within an enclosure and configured to communicate with multiple wireless devices. A first and a second antenna are disposed within the enclosure. The first antenna is configured to operate within a first band, and the second antenna is configured to operate within a second band. The second band has a center frequency less than a center frequency of the first band. The first antenna is configured to send a signal having a signal strength at a wireless device and associated with the first band, and the second antenna is configured to send a signal having a signal strength at the wireless device and associated with the second band. The signal strength for the signal associated with the first band is greater than the signal strength associated with the second band such that the wireless device selects the first band to communicate with the processor. | 06-20-2013 |
20130155861 | CONTENT SERVICE AGGREGATION SYSTEM - A network content service apparatus includes a set of compute elements adapted to perform a set of network services; and a switching fabric coupling compute elements in said set of compute elements. The set of network services includes firewall protection, Network Address Translation, Internet Protocol forwarding, bandwidth management, Secure Sockets Layer operations, Web caching, Web switching, and virtual private networking. Code operable on the compute elements enables the network services, and the compute elements are provided on blades which further include at least one input/output port. | 06-20-2013 |
20130148659 | METHODS AND APPARATUS FOR IMPLEMENTING A FIBRE CHANNEL ZONE POLICY - In some embodiments, an apparatus includes a first network switch configured to be within a Fibre Channel over Ethernet (FCoE) network, which has a set of network switches including the first network switch. The first network switch is configured to receive, from a first network device, a login signal including a proposed logical identifier for the first network device. The first network switch is configured to send, in response to the login signal, a multicast signal including the proposed logical identifier to remaining network switches from the set of network switches. As a result, a second network switch from the set of network switches enforces a zone policy in response to receiving the multicast signal and prior to sending the proposed logical identifier to a second network device. | 06-13-2013 |
20130145421 | POLICY EVALUATION IN CONTROLLED ENVIRONMENT - A module may include interface logic to receive information identifying a state related to a client device via logic related to a controlled environment, and to send a valid policy result to a host device, where the valid policy result is related to the state. The module may include processing logic to process policy content according to a resource policy, where the processing is based on the information, and to produce the valid policy result based on the processing using the resource policy, where the valid policy result is adapted for use by the host device when implementing the network policy with respect to a destination device when the client device attempts to communicate with the destination device. | 06-06-2013 |
20130145356 | AUTOMATIC SOFTWARE UPDATE ON NETWORK DEVICES - A method may include contacting, by a network device, another device to obtain at least one of a network address, authentication, or authorization, receiving, from the other device, software update information that identifies an up-to-date software that the network device should have installed and location information that identifies a location from which to retrieve the up-to-date software, comparing, by the network device, the software update information to software information that identifies software currently installed on the network device, retrieving, by the network device, the up-to-date software based on the software update information and the location information when the software update information and the software information do not match, and auto-installing, by the network device, the up-to-date software. | 06-06-2013 |
20130144454 | INCREASING MEAN TIME BETWEEN FAILURES FOR POWER SUPPLIES - A redundant power supply may obtain a rule for increasing mean time between failures (MTBF) for a first internal power supply and a second internal power supply connected to an electronic device, apply the rule to the first and second power supplies, activate the second internal power supply based on the rule to permit the second internal power supply to provide power to the electronic device, and deactivate the first internal power supply based on the rule. | 06-06-2013 |
20130142199 | VIRTUAL LOCAL AREA NETWORK (VLAN)-BASED MEMBERSHIP FOR MULTICAST VLAN REGISTRATION - A network node that includes a memory to store a multicast forwarding table that contains entries that govern how multicast traffic is to be forwarded from a multicast virtual local area network (MVLAN) associated with the network node, to receiver VLANs associated with the network node, where each entry includes a multicast group, that is associated with a group of ports on the multicast VLAN via which the multicast traffic is received, and information associated with the receiver VLANs to which the received multicast traffic is to be sent. The network node also includes a processor to receive multicast traffic associated with a particular multicast group, via a particular port on the multicast VLAN; perform, using the multicast forwarding table, a look up operation, based on the particular multicast group, to determine to which of the receiver VLANs the multicast traffic is to be sent; and transmit the multicast traffic, associated with the particular multicast group, to user devices, via the receiver VLANs, based on a determination that the entry, associated with the particular multicast group, includes information associated with the receiver VLANs. | 06-06-2013 |
20130142197 | SYSTEMS AND METHODS FOR IMPLEMENTING VIRTUAL SWITCH PLANES IN A PHYSICAL SWITCH FABRIC - A switching device includes multiple interfaces and a switch fabric. The switch fabric includes switch integrated circuits arranged in a number of stages. Multiple virtual switch planes may be implemented in the switch fabric. Data traffic received at the interfaces is selectively assigned to different ones of the virtual switch planes. | 06-06-2013 |
20130136141 | WRR SCHEDULER CONFIGURATION FOR OPTIMIZED LATENCY, BUFFER UTILIZATION - A method includes receiving network information for calculating weighted round-robin (WRR) weights, calculating WRR weights associated with queues based on the network information, and determining whether a highest common factor (HCF) exists in relation to the calculated WRR weights. The method further includes reducing the calculated WRR weights in accordance with the HCF, when it is determined that the HCF exists, and performing a WRR scheduling of packets, stored in the queues, based on the reduced WRR weights. | 05-30-2013 |
20130136137 | APPARATUS AND METHOD FOR DATA TRANSMISSION - Local concentration of accessing loads on a data buffer during data cell reading is reduced. Also, by providing sufficient time for a data cell reading operation with respect to data cell transmission timing, transmission rate fluctuation of CBR data cells in a transmitting side is reduced. When transmission of a new data stream is added, controller in a cell control unit refers to a transmitted data cell count of VC information processed through a slot immediately before. The controller determines whether a data cell transmitted through the slot immediately before is a head portion of a packet or not. If the data cell transmitted through the slot immediately before is the head portion of the packet, the controller only adds the VC information of the data stream to a shaper link list, and withholds transmission of the data cell. On the other hand, if the data cell transmitted through the slot immediately before is not the head portion of the packet, then the controller adds the VC information of the data stream, and transmits the data cell. | 05-30-2013 |
20130136134 | SEQUENCING PACKETS FROM MULTIPLE THREADS - A device may reserve a slot for a received packet in a packet ordering queue (POQ), convey the packet to one of a plurality of threads for processing, obtain the packet from the one of the plurality of threads after the packet has been processed, organize the packet in the POQ in accordance with a position of the reserved slot, and release the packet from the POQ if the reserved slot is a head of the POQ. | 05-30-2013 |
20130133027 | COMBINING NETWORK ENDPOINT POLICY RESULTS - An endpoint integrity system controls access to resources of a protected network for endpoint devices attempting to access the protected network. The system may include a number of evaluation modules that communicate with an endpoint device. The evaluation modules generate policy results for the endpoint device, in which each of the policy results assume one of three or more states, called a multi-state policy result. The multi-state policy results are combined to produce a combined Boolean policy result. | 05-23-2013 |
20130132773 | FAST RESOURCE RECOVERY AFTER THREAD CRASH - A resource recovery system may maintain a counter in memory that indicates a number of times one or more threads of execution, which use shared resources, have crashed. The system may associate a first value of the counter with a resource allocated to a thread of the one or more threads, and may set an indicator associated with the thread to indicate whether the thread has crashed. The system may determine whether to re-allocate the resource to the thread based on the first value of the counter associated with the resource and based on the indicator associated with the thread. | 05-23-2013 |
20130132763 | NETWORK DISRUPTION PREVENTION WHEN VIRTUAL CHASSIS SYSTEM UNDERGOES SPLITS AND MERGES - A method performed by network devices that includes operating in a normal mode, where the network devices form a virtual chassis that corresponds to a single logical network device; detecting when a failure within the virtual chassis occurs; executing a splitting process to form one or more new virtual chassis in correspondence to the failure; determining whether one of the one or more new virtual chassis operates as a functioning virtual chassis based on whether at least one of a set of criteria is satisfied, where the functioning virtual chassis operates according to resources configured for the virtual chassis; and operating as a nonfunctioning virtual chassis when it is determined that the one of the one or more virtual chassis does not satisfy the at least one of the set of criteria, where the nonfunctioning virtual chassis operates in a pass-through mode. | 05-23-2013 |
20130132569 | USING ENDPOINT HOST CHECKING TO CLASSIFY UNMANAGED DEVICES IN A NETWORK AND TO IMPROVE NETWORK LOCATION AWARENESS - A device receives, from a managed device, endpoint information associated with an unmanaged device connected to the managed device in a network. The device also receives unmanaged device information that partially identifies the unmanaged device, and completely identifies the unmanaged device based on the endpoint information and the unmanaged device information. | 05-23-2013 |
20130132504 | ADAPTIVE NETWORK CONTENT DELIVERY SYSTEM - A method and apparatus stores media content in a variety of storage devices, with at least a portion of the storage devices having different performance characteristics. The system can deliver media to a large number of clients while maintaining a high level of viewing experience for each client by automatically adapting the bit rate of a media being delivered to a client using the client's last mile bit rate variation. The system provides clients with smooth viewing of video without buffering stops. The client does not need a custom video content player to communicate with the system. | 05-23-2013 |
20130128901 | LAYER 1 FRAME CONSTRUCTION - A method includes appending, by a network device, a first layer | 05-23-2013 |
20130128736 | CALL ADMISSION CONTROL METHOD AND SYSTEM - A call admission control technique allowing flexible and reliable call admissions at an ATM switch in the case of an ATM network including both QoS-specified and QoS-unspecified virtual connections is disclosed. In the case where a QoS (Quality of Service) specified connection request occurs, an estimated bandwidth is calculated which is to be assigned to an existing QoS-unspecified traffic on the link associated with the QoS-specified connection request. A call control processor of the ATM switch determines whether the QoS-specified connection request is accepted, depending on whether a requested bandwidth is smaller than an available bandwidth that is obtained by subtracting an assigned bandwidth and the estimated bandwidth from a full bandwidth of the link. | 05-23-2013 |
20130128734 | SYSTEMS AND METHODS FOR DROPPING DATA USING A DROP PROFILE - A system selectively drops data from queues. The system includes a drop table that stores drop probabilities. The system selects one of the queues to examine and generates an index into the drop table to identify one of the drop probabilities for the examined queue. The system then determines whether to drop data from the examined queue based on the identified drop probability. | 05-23-2013 |
20130124837 | ANALYSIS OF SHORT TERM CPU SPIKES IN AN OPERATING SYSTEM KERNEL - A profiler may analyze processes being run by a processor. The profiler may include logic to periodically sample a value of an instruction pointer that indicates an instruction in the first process that is currently being executed by the processor and logic to update profile data based on the sampled value. The profiler may additionally include logic to determine, in response to a context switch that includes the operating system switching the active process from the first process to another of the plurality of processes, whether the first process executes for greater than a first length of time; logic to stop operation of the profiler when the first process executes for greater than the first length of time; and logic to clear the profile data when the first process fails to execute for greater than the first length of time. | 05-16-2013 |
20130121343 | METHODS AND APPARATUS FOR TRANSMISSION OF GROUPS OF CELLS VIA A SWITCH FABRIC - In one embodiment, a method can include receiving at an egress schedule module a request to schedule transmission of a group of cells from an ingress queue through a switch fabric of a multi-stage switch. The ingress queue can be associated with an ingress stage of the multi-stage switch. The egress schedule module can be associated with an egress stage of the multi-stage switch. The method can also include determining, in response to the request, that an egress port at the egress stage of the multi-stage switch is available to transmit the group of cells from the multi-stage switch. | 05-16-2013 |
20130121341 | MULTI-BANK QUEUING ARCHITECTURE FOR HIGHER BANDWIDTH ON-CHIP MEMORY BUFFER - A network device includes a main storage memory and a queue handling component. The main storage memory includes multiple memory banks which store a plurality of packets for multiple output queues. The queue handling component controls write operations to the multiple memory banks and controls read operations from the multiple memory banks, where the read operations for at least one of the multiple output queues alternates sequentially between the each of the multiple memory banks, and where the read operations and the write operations occur during a same clock period on different ones of the multiple memory banks. | 05-16-2013 |
20130121211 | FLOODING-BASED ROUTING PROTOCOL HAVING DATABASE PRUNING AND RATE-CONTROLLED STATE REFRESH - An enhanced, flooding-based link state routing protocol is described that provides pruning of link state data and, when needed, rate-controlled refresh of the pruned link state data from other routers of the flooding domain. A routing device comprises a network interface to send and receive packets over a layer-two (L2) communication medium. The routing device includes a control unit coupled to the network interface, and a flooding-based link state routing protocol executing on a processor of the control unit. The link-state routing protocol establishes an adjacency with a peer router. A database of the routing device includes entries that store a plurality of link state messages for a flooding domain of the link state routing protocol, wherein at least one of the entries in the database stores a partial link state message having a header portion and a payload having pruned link state data. | 05-16-2013 |
20130121201 | INCREASING THROUGHPUT BY ADAPTIVELY CHANGING PDU SIZE IN WIRELESS NETWORKS UNDER LOW SNR CONDITIONS - Feedback indicates low signal-to-noise ratio (SNR) conditions for a wireless communications link between a transmitter device and a receiver device. After attempting to achieve a target packet error rate (PER) by increasing transmission power for the wireless communications link, the transmitter device receives feedback that indicates a current PER, for data transmitted using an initial automatic repeat request (ARQ) block size, is above the target PER for the receiver device, and changes, based on the feedback, the current ARQ block size to a different ARQ block size for the wireless communications link. The different ARQ block size may be adaptively selected to provide a maximum PDU size that achieves the target PER at the receiver device under the low SNR conditions. | 05-16-2013 |
20130121144 | MULTIPLEXING APPARATUS AND DISCARD METHOD - An ATM multiplexing apparatus of the present invention is the apparatus for selectively performing cell discard processing in the case of congestion on the basis of a use state of the same connection formed by cells from the side of an ATM switching unit and subscribers without installing UPC units, and the ATM multiplexing apparatus, which is connected to the ATM switching unit and each of plural subscribers through ATM communication lines and performs multiplexing processing to ATM cells sent from the plural subscribers, comprises: detection means | 05-16-2013 |
20130117837 | FAST UPDATE FILTER - A method may include defining a filter for a network device, the filter including a rule and a particular number of prioritized fields, where at least one of the prioritized fields is formatted to accept input as a range of values. The method may also include receiving a rule modification for the filter, the rule modification including at least one input as a range of values, and performing a check for conflicts of the rule modification with the rule in the filter. The method may further include expanding the input range of values to form multiple rules equivalent to the rule modification with the input range of values, establishing backtracking links to integrate the multiple rules with the existing rule, and adding the multiple rules to the filter. | 05-09-2013 |
20130117450 | ARRANGEMENTS AND METHODS FOR ACCESS TO STORED DATA - An access server generates a handshake with storage servers resulting in more rapid access to the stored data, for example, video data, by a user. The handshake also results in load balancing effects. | 05-09-2013 |
20130114605 | ARBITER CIRCUIT AND METHOD OF CARRYING OUT ARBITRATION - A method of carrying out arbitration in a packet exchanger including an input buffer temporarily storing a packet having arrived at an input port, and a packet switch which switches a packet between a specific input port and a specific output port, includes the steps of (a) concurrently carrying out a first plurality of sequences in each of the sequences basic processes for at least one of the input buffer and the output port are carried out in a predetermined order, and (b) making an allowance in each of the sequences for packets to be output through output through output ports at different times from one another. | 05-09-2013 |
20130111156 | FLEXIBLE PIN ALLOCATION | 05-02-2013 |
20130107886 | TRANSFERRING DATA IN A NETWORK | 05-02-2013 |
20130100543 | USING A WAVEGUIDE TO DISPLAY INFORMATION ON ELECTRONIC DEVICES - An electronic device includes an instrument panel that includes a display opening, where the instrument panel is located in a first plane; a circuit board located inside the electronic device, where the circuit board includes a display device that includes a display area, and where the display area is located in a second plane that is different from the first plane; and a waveguide that couples the display area to the display opening and guides light, and/or an image displayed in the display area, from the display area to the display opening. | 04-25-2013 |
20130083782 | METHODS AND APPARATUS FOR A SCALABLE NETWORK WITH EFFICIENT LINK UTILIZATION - In some embodiments, an apparatus comprises a core network node configured to be operatively coupled to a set of network nodes. The core network node is configured to receive a broadcast signal from a network node from the set of network nodes, which is originated from a host device operatively coupled to the network node. The broadcast signal is sent via a tunnel from the network node to the core network node, such that other network nodes that are not included in the tunnel do not receive the broadcast signal. The core network node is configured to retrieve control information associated with the broadcast signal without sending another broadcast signal, and then send the control information to the network node. | 04-04-2013 |
20130083725 | METHODS AND APPARATUS FOR ENFORCING A COMMON USER POLICY WITHIN A NETWORK - In some embodiments, an apparatus includes a core network node configured to be operatively coupled to a set of wired network nodes and a set of wireless network nodes. The core network node is configured to receive, at a first time, a first data packet to be sent to a wired device operatively coupled to a wired network node from the set of wired network nodes. The core network node is configured to also receive, at a second time, a second data packet to be sent to a wireless device operatively coupled to a wireless network node from the set of wireless network nodes. The core network node is configured to apply a common policy to the first data packet and the second data packet based on an identifier of a user associated with both the wireless device and the wired device. | 04-04-2013 |
20130083724 | METHODS AND APPARATUS FOR A CONVERGED WIRED/WIRELESS ENTERPRISE NETWORK ARCHITECTURE - In some embodiments, an apparatus comprises a core network node and a control module within an enterprise network architecture. The core network node is configured to be operatively coupled to a set of wired network nodes and a set of wireless network nodes. The core network node is configured to receive a first tunneled packet associated with a first session from a wired network node from the set of wired network nodes. The core network node is configured to also receive a second tunneled packet associated with a second session from a wireless network node from the set of wireless network nodes through intervening wired network nodes from the set of wired network nodes. The control module is operatively coupled to the core network node. The control module is configured to manage the first session and the second session. | 04-04-2013 |
20130083700 | METHODS AND APPARATUS FOR CENTRALIZED MANAGEMENT OF ACCESS AND AGGREGATION NETWORK INFRASTRUCTURE - In some embodiments, an apparatus comprises a core network node configured to be operatively coupled to a set of network nodes. The core network node is configured to define configuration information for a network node from the set of network nodes based on a template, where the configuration information excludes virtual local area network (VLAN) information or IP subnet information. The core network node is further configured to send the configuration information to the network node. | 04-04-2013 |
20130083691 | METHODS AND APPARATUS FOR A SELF-ORGANIZED LAYER-2 ENTERPRISE NETWORK ARCHITECTURE - In some embodiments, an apparatus includes a network node operatively coupled within a network. The network node is configured to send a first authentication message upon boot up, and receive, in response to the first authentication message, a second authentication message configured to be used to authenticate the network node. The network node is configured to send a first discovery message, and receive, based on the first discovery message, a second discovery message configured to be used by the network node to identify an address of the network node and an address of a core network node within the network. The network node is configured to set up a control-plane tunnel to the core network node based on the address of the network node and the address for the core network node and receive configuration information from the core network node through the control-plane tunnel. | 04-04-2013 |
20130074184 | PACKET PROCESSING IN A MULTIPLE PROCESSOR SYSTEM - Packet processing is provided in a multiple processor system including a first processor to processing a packet and to create a tag associated with the packet. The tag includes information about the processing of the packet. A second processor receives the packet subsequent to the first processor and processes the packet using the tag information. | 03-21-2013 |
20130074177 | ROUTING DEVICE HAVING INTEGRATED MPLS-AWARE FIREWALL - An MPLS-aware firewall allows firewall security policies to be applied to MPLS traffic. The firewall, which may be integrated within a routing device, can be configured into multiple virtual security systems. The routing device provides a user interface by which a user specifies one or more zones to be recognized by the integrated firewall when applying stateful firewall services to the packets. The user interface allows the user to define different zones and policies for different ones of the virtual security systems. In addition, the user interface supports a syntax that allows the user to define the zones for the firewall by specifying the customer VPNs as interfaces associated with the zones. The routing device generates mapping information for the integrated firewall to map the customer VPNs to specific MPLS labels for the MPLS tunnels carrying the customer's traffic. | 03-21-2013 |
20130074144 | APPLICATION IDENTIFICATION - A method may include receiving a communication from a client device and identifying a port number, a protocol and a destination associated with the communication. The method may also include identifying a first application being executed by the first client device based on the port number, the protocol and the destination associated with the first communication. | 03-21-2013 |