Abstract: Routes advertised in a network may include an Internet Protocol (IP) address and one or more values to distinguish the route from other route(s) including the same IP address. Routes in a same context (e.g., within a same Virtual Private Network or for an entire network) with a same IP address are considered to refer to a same destination. When these routes are associated with different paths through a network, these different paths can be used to forward traffic for packets associated with routes including a same IP address (in a same context), particularly in response to a network problem.

Abstract: A filtered Forwarding Information Base (FIB) (the “complete local FIB”) is used to determine how to forward packets, typically on line cards. The complete local FIB is generated by filtering (i.e., dropping or removing) extraneous entries in the standard global FIB of a router. This smaller FIB is then installed within the memory of a forwarding engine, possibly implemented as a single application-specific integrated circuit (ASIC), for use in determining how to forward packets, with the router forwarding packets accordingly.

Abstract: Advertised routes are associated with a particular tag in a routing database in a second router. A first router subsequently sends one or more messages associated with a route withdraw operation that specifies the particular tag, such that second router can identify, based on the particular tag, a set including multiple routes, and remove those multiple routes from its routing database. For example, the tag may be a Border Gateway Protocol attribute, a Border Gateway Protocol communities attribute, or some other indication, numeric quantity, or opaque value.

Abstract: The designated forwarding device functionality for forwarding of packets originated on a broadcast link among layer 2 is shared among multiple forwarding devices of different adjacency networks. As these networks do not form adjacencies, the forwarding devices do not natively participate in a same spanning tree for determining how to forward packets, and a designated forwarding device is used for forwarding packets originated on the common broadcast link. Distributing the role of a designated forwarding device among multiple of the forwarding devices provides a means for more efficiently forwarding packets to their destinations.

Abstract: Methods, apparatus, computer-storage media, mechanisms, and means associated therewith are used to limit network device resources based on the identification of the Internet Protocol version 6 (IPv6) originating entity (e.g., subscriber of a network carrier). As an IPv6 originating entity will typically be assigned 264 or more valid IPv6 addresses, the originating entity may send packets with a source address of any of these valid IPv6 addresses and still be compliant with Internet standards and/or other specifications (e.g., RFCs). By determining the originating entity and controlling the allocation of network device resources based on the originating entity (in contrast to on a per valid IPv6 address basis), a network service provider can manage its network device resources, such as in a manner to prevent a depletion of resources caused by an originating entity using a plethora valid IPv6 addresses, or a malicious denial-of-service attack.

Abstract: The size and location of an envelope of a data block are included in the posting to a second device of a descriptor list entry for the data block, thus allowing the second device to read the data block without having to first read the descriptor list entry. This envelope may be the same size and location of the data block, or this envelope may be larger than the data block. For example, as the size of the posted register may not be large enough to also store all of the bits required to specify the exact size and position of the data block, a larger data block envelope is defined without specifying the exact low order bits of the size and/or location of the data block envelope.

Abstract: Disclosed are, inter alia, methods, apparatus, computer-storage media, mechanisms, and means associated with subsets of the Forward Information Base (FIB) distributed among line cards in a switching device; especially wherein one or more of the line cards does not contain the complete FIB, and this line card forwards packets, for which it does not have the forwarding information, to another line card which has the forwarding information for the packet.

Abstract: Digital data, such as images on a digital camera, is typically protected (e.g., encrypted and/or authenticated) based on a master key stored off the device. The original master key can be acquired in a number of different ways, including being generated by the device or by another device. A one-way, progressive series of keys are derived from the master key such that only images or data of a same session can be authenticated or decrypted for viewing, export or manipulation of the decrypted image/data. In order to decrypt images or data of a previous session on the device, the master key must be imported to the device, such as by, but not limited to, taking a picture of a representation of the key and interpreting the image to reacquire the master key.

Abstract: Disclosed are, inter alia, methods, apparatus, computer-storage media, mechanisms, and means associated with a protected device initiating a pinhole through a network address translator and/or firewall to allow access to the protected device in response to a Domain Name System (DNS) query. In response to a received DNS query from a domain name system (DNS) server, an apparatus requests a traffic pinhole be created in a firewall or network address translator for allowing traffic initiated from a device, on another side of the firewall or said network address translator from the apparatus, to reach the apparatus.

Abstract: Disclosed are, inter alia, methods, apparatus, computer-storage media, mechanisms, and means associated with registration of optical device characteristics of optical network devices with an optical control layer of the optical network for use in establishing compatible connections through the optical network. Especially end network devices and internal network optical devices that regenerate the optical signal register their communication capabilities of their optical interfaces with the optical control layer of an optical network. This registration allows a light path to be established through the optical network which is compatible with the registered capabilities. The optical control layer may be centralized in an optical layer server and/or distributed among optical devices in the optical network, such as on control processors in multiple, optical layer devices.

Abstract: Disclosed are, inter alia, methods, apparatus, computer-storage media, mechanisms, and means associated with validation of routes advertised by Border Gateway Protocol. One embodiment validates or invalidates a route received in a Border Gateway Protocol (BGP) update message. A route is validated in response to determining that the originating autonomous system specified in the AS_Path attribute for the route in a received BGP update message has authority to advertise the route and/or whether or not multiple autonomous systems identified in the AS_Path attribute of the update message is authorized to advertise the route, possibly in a particular order.

Abstract: Disclosed are, inter alia, methods, apparatus, computer-storage media, mechanisms, and means associated with a shift register with a dynamic entry point, which may particularly useful for aligning skewed data. The dynamic entry shift register typically includes a series of storage elements, with multiplexers distributed between the storage elements. Each of the multiplexers is configured to select between: (a) the output signal of a previous storage element, and (b) the input signal. A control is configured to configure the multiplexers for a data signal applied as the input signal to induce an appropriate delay of the data signal as the output signal. The dynamic entry shift register can be scaled to accommodate a longer delay while still using only 2:1 multiplexers between stages in the dynamic entry shift register(s).

Abstract: Disclosed are, inter alia, methods, apparatus, computer-storage media, mechanisms, and means associated with loss of reducing flooding in a bridged network, typically including a device directly connected to multiple upstream bridges. These bridges are configured such that the device receives broadcast/multicast traffic from a single interface of one of the bridges, while allowing unicast traffic over each of the communications links connecting the device to the bridges. In one configuration, the device implements virtual machine(s), each including a virtual network interface associated with a MAC address; and the directly connected bridges are configured, for each particular MAC address of these MAC addresses of the virtual interfaces, such that one and only one of the bridges will forward packets having the particular MAC address as its destination address over a communications link directly connected to the device.

Abstract: Disclosed are, inter alia, methods, apparatus, computer-storage media, mechanisms, and means associated with load balancing across multiple network address translation (NAT) instances and/or processors. N network address translation (NAT) processors and/or instances are each assigned a portion of the source address traffic in order to load balance the network address translation among them. Additionally, the address space of translated addresses is partitioned and uniquely assigned to the NAT processors and/or instances such that the identification of the assigned NAT processor and/or instance associated with a received translated address can be readily determined there from, and then used to network address translate that received packet.

Abstract: Disclosed are, inter alia, methods, apparatus, computer-storage media, mechanisms, and means associated with automated discovery of network devices supporting particular transport layer protocols, such as, but not limited to Stream Control Transmission Protocol (SCTP). Packet switching devices automatically discover peer packet switching devices supporting a particular transport layer protocol, and then establish a session using the particular transport layer protocol between them for subsequent use in transporting packets.

Abstract: Disclosed are, inter alia, methods, apparatus, computer-storage media, mechanisms, and means associated with determining and distributing routing paths for nodes in a network. For each route computational node of multiple route computational nodes in a network: a tree of paths between itself and each of multiple nodes in the network is determined. A particular tree of paths is determined for a particular node of these multiple nodes to the other nodes based on at least two of the determined trees of paths for the route computational nodes. The particular node then sends a packet towards a destination based on the particular tree of paths determined for the particular node.

Abstract: Disclosed are, inter alia, methods, apparatus, computer-storage media, mechanisms, and means associated with pre-dropping of a packet if its Time-To-Live (TTL) value is not large enough to reach a destination, such as, but not limited to, its destination if it is a unicast packet, or at least one more destination for a multicast packet. A packet switching device maintains associations between (a) nearest receiving node distances and (b) prefixes or complete addresses. If a packet does not have enough TTL to reach an intended recipient identified by a corresponding nearest receiving node distance, then the packet is dropped even though the TTL has not expired. In this manner, some bandwidth and other network resources are not wasted on traffic that will timeout via the TTL mechanism before reaching a subsequent intended recipient.

Abstract: Disclosed are, inter alia, methods, apparatus, computer-storage media, mechanisms, and means associated with cooperative flow locks distributed among multiple components, such as on different application-specific integrated circuits in a packet switching device. Flow locks are typically used for maintaining the order of packets and operations performed thereon by the coordination of a context (e.g., the processing of a packet by a packet processor) with a corresponding flow lock interface, and by the manner of communication performed among the flow lock interface and the distributed flow locks.

Abstract: Disclosed are, inter alia, methods, apparatus, computer-storage media, mechanisms, and means associated with content-addressable memory lookup operations with error detection. Lookup operations are performed on two identical sets of content-addressable memory entries to identify two lookup results. An error detection operation is performed on the highest-priority matching entry of each set of content-addressable memory entries. An overall lookup result is determined based on the lookup and error detection results.

Abstract: An Ethernet Connectivity Fault Management (CFM) Area Boundary Translator is configured to translate incompatible CFM messages being sent between networks operating according to different CFM versions which are not fully compatible. Such translation may include the Ethernet CFM area boundary translator acts as a proxy in forwarding translated the CFM messages.