Abstract: In one embodiment, a method includes sending an adjacency discovery message 1 from a local router over a direct link to a first neighbor router. An adjacency discovery message is not forwarded and includes a repair address. The repair address indicates the local router but is not advertised as reachable over the direct link. An outbound routing update message is sent to a different second neighbor router. The outbound routing update message is forwarded and includes reachability data that indicates the repair address is reachable. A payload of an inbound tunneled packet received at the local router and directed to the repair address is forwarded based on a destination indicated in the payload.

Abstract: In one embodiment, a method includes identifying at a node, a destination for which a primary path is defined between the node and the destination, transmitting a request message to a neighbor node for routing information for a backup path between the node and the destination, receiving a reply message containing an address identifying the backup path, and building a backup tunnel to the address. The request message includes at least one node identified as a node to be avoided in the backup path and a request cost. An apparatus for building backup tunnels is also disclosed.

Abstract: A method and apparatus for sharing routing information include receiving first domain data that indicates domains of a first mobile router. A domain is a collection of routers that share uniform routing information at a particular level of detail. An inbound data packet is received from a second mobile router over a particular link. The inbound control plane packet lists second domain data that indicates domains of the second mobile router. The first domain data and the second domain data together include multiple domains. A particular domain is automatically selected from the first domain data and the second domain data. The second mobile router independently selects the same particular domain. The particular link is assigned to the particular domain; and routing information for the particular domain is shared between the first mobile router and the second mobile router over the particular link.

Abstract: Techniques for detecting loops in routes that cross route information boundaries include receiving a control message at a first edge node on one side of the boundary that is connected to a different second edge node on another side of the boundary. The control message indicates a particular network address of a particular node that is reachable from the first edge node. Distinguisher data is determined that indicates if a node in the first collection can reach the first edge node without leaving the first collection. An advertising message is sent from the first edge node to the second edge node that includes route data that indicates the particular network address and the distinguisher data. Based on the distinguisher data, a testing edge node in the first collection can determine whether there is a loop comprising both an internal path and an external path to the first edge node.

Abstract: Group key management in a mobile ad-hoc network (MANET) may be provided. Each network node associated with the MANET may comprise a group distribution key and a list of authorized member nodes from which a group key manager may be elected. The group key manager may periodically issue a new group key to be used in protecting communications among the network nodes. A compromised node may be excluded from receiving updated group keys and thus isolated from the MANET.

Abstract: In one embodiment, a method includes receiving authenticated site data that includes site ID data and address data. The site ID data indicates a unique site ID for each site among multiple sites for a first network that uses an internal routing protocol. Multiple edge sites of those sites are separate from each other and connected to a second network that is under separate administrative control of at least one different party. The address data indicates network addresses associated with each site of the plurality of sites. An external routing protocol message is discounted based on the authenticated site data.

Abstract: Techniques for synchronizing routing data include determining whether conditions are satisfied for one-way transfer with an adjacent router. If it is determined that conditions are satisfied for one-way transfer of routing table data with the adjacent router, then a refresh-notice message is sent from the initiating router to the adjacent router. The refresh-notice message includes data that indicates a particular direction for transfer of routing table data. If the particular direction is inbound, then a copy of an adjacent routing table is received without sending a copy of the initiating router's own routing table. If the particular direction is outbound, then a copy of the own routing table is sent without receiving a copy of the adjacent routing table.

Abstract: In one embodiment, a method includes identifying at a node, a destination for which a primary path is defined between the node and the destination, transmitting a request message to a neighbor node for routing information for a backup path between the node and the destination, receiving a reply message containing an address identifying the backup path, and building a backup tunnel to the address. The request message includes at least one node identified as a node to be avoided in the backup path and a request cost. An apparatus for building backup tunnels is also disclosed.

Abstract: In one embodiment, a method includes receiving topology data that indicates multiple communication links and multiple intermediate network nodes in communication based on the communication links. The intermediate network nodes include multiple leaf nodes that terminate communications and multiple transit nodes that facilitate the passage of information between leaf nodes. Aggregation point data is also received, which indicates all aggregation points on the intermediate network nodes. An aggregation point is an interface between a network node and a communication link, through which is output data that is a combination of data received through multiple different interfaces upstream of the interface. A set of paths is determined for which each path in the set connects a different pair of leaf nodes. A measure of aggregation is determined based on a number of aggregated paths of the set of paths. An aggregated path passes through an aggregation point.

Abstract: In one embodiment, a method for using a two-hop relay includes receiving an update message for a distance vector routing protocol from a first neighbor. The update message is sent to a different neighbor. Often, it is first determined whether the receiving node is a relay node for the first neighbor in the protocol. The relay node is a node preferred to update a particular node two hops from the first neighbor. In another embodiment, a method for serving as the two-hop relay includes receiving from each neighbor a first message that includes neighbor data that indicates nodes that are in direct communication with the neighbor. A relay set of fewer than all neighbors is determined. Every node two hops from the first node is updated using only the relay set of neighbors. The relay set is sent in a second message for the protocol.

Abstract: Techniques for recovering lost routes include receiving reported costs for transmitting data to a destination from neighboring nodes; and determining total costs as a sum of costs for transmitting data packets to the neighboring nodes and a corresponding reported cost. A selected neighboring node with a minimum total cost is determined as the next hop for the route to the destination. A feasible successor set of neighboring nodes which have reported costs less than the total cost of the selected neighboring node and excluding the selected neighboring node, and successor data about the feasible successor set, are determined. The successor data is sent to the neighboring nodes. A neighboring node that loses a route to the particular destination node is able to determine whether to query the sending node while recovering a lost route to the destination based on the successor data, thereby reducing network resource consumption.

Abstract: Techniques for sharing routing information over a network include determining whether the scale of a flooding domain exceeds a threshold. If so, then a router announcement message is sent over a particular link. The message indicates the local router is a flooding domain border router (FDBR). Summary routing information is determined with less than a certain level of detail used in the flooding domain for routers connected to the local router through links different from the particular link. The summary routing information is sent over the particular link in a link state message that includes type data that indicates summary routing information that crosses a FDBR. These techniques allow automatic favorable scaling of domains of shared routing information as the size of a mobile ad hoc network grows.

Abstract: Techniques for sharing routing information over a network include determining whether the scale of a flooding domain exceeds a threshold. If so, then a router announcement message is sent over a particular link. The message indicates the local router is a flooding domain border router (FDBR). Summary routing information is determined with less than a certain level of detail used in the flooding domain for routers connected to the local router through links different from the particular link. The summary routing information is sent over the particular link in a link state message that includes type data that indicates summary routing information that crosses a FDBR. These techniques allow automatic favorable scaling of domains of shared routing information as the size of a mobile ad hoc network grows.

Abstract: A static neighbor configured network device is configured with a static neighbor feature including a static neighbor list of network devices. The static neighbor configured network device is in a network segment that includes a dynamically configured network device. The static neighbor configured network device receives a multicast packet from the dynamically configured network device. It is determined if the dynamically configured network device is included in the static neighbor list of the static neighbor configured network device. The multicast packet is accepted if the dynamically configured network device is found in the neighbor list for the static neighbor configured network device. Also, adjacency for the static neighbor configured network device is not lost with any other currently adjacent network devices when the multicast packet is received.

Abstract: Techniques for implementing forwarding in network devices are provided. Proxy addresses are used in place of next hop addresses so that a large routing table is not required. Pairs of proxy IP and MAC addresses can be used to allow this optimization to occur completely transparent to any other device in the network. One or more smaller tables can be utilized in place of a large routing table to more efficiently implement forwarding. Additionally, the technique can be utilized without requiring modification of other hardware devices in the network.

Abstract: A method and apparatus are presented supporting shortest path first (SPF) routing of data packets over a network by establishing link-state data at an router. Link-state data indicates direct links between the router and a different router and establishes an adjacency relationship with the different node. Initial link-state data is stored at a first router. After the initial link-state data is stored, a hello message is received at the first router. The hello message indicates a direct connection with a different second router on one network segment. Based on the initial link-state data, it is determined whether establishing an adjacency relationship with the second router is sufficiently valuable. If not, then an adjacency relationship is not established with the second router in response to the hello message. A shortest path first routing for a data packet traversing the network is determined based on one or more adjacency relationships indicated in link-state data stored at the first router.

Abstract: In one embodiment, a method includes receiving topology data that indicates multiple communication links and multiple intermediate network nodes in communication based on the communication links. The intermediate network nodes include multiple leaf nodes that terminate communications and multiple transit nodes that facilitate the passage of information between leaf nodes. Aggregation point data is also received, which indicates all aggregation points on the intermediate network nodes. An aggregation point is an interface between a network node and a communication link, through which is output data that is a combination of data received through multiple different interfaces upstream of the interface. A set of paths is determined for which each path in the set connects a different pair of leaf nodes. A measure of aggregation is determined based on a number of aggregated paths of the set of paths. An aggregated path passes through an aggregation point.

Abstract: In one embodiment, a method includes sending an adjacency discovery message 1 from a local router over a direct link to a first neighbor router. An adjacency discovery message is not forwarded and includes a repair address. The repair address indicates the local router but is not advertised as reachable over the direct link. An outbound routing update message is sent to a different second neighbor router. The outbound routing update message is forwarded and includes reachability data that indicates the repair address is reachable. A payload of an inbound tunneled packet received at the local router and directed to the repair address is forwarded based on a destination indicated in the payload.

Abstract: In one embodiment, a method includes receiving authenticated site data that includes site ID data and address data. The site ID data indicates a unique site ID for each site among multiple sites for a first network that uses an internal routing protocol. Multiple edge sites of those sites are separate from each other and connected to a second network that is under separate administrative control of at least one different party. The address data indicates network addresses associated with each site of the plurality of sites. An external routing protocol message is discounted based on the authenticated site data.

Abstract: In one embodiment, a method includes receiving on a first communication link at a local router all routing information at a certain level of detail for each router of multiple routers communicating in a first flooding domain. A measure of distance is determined from a particular router in the first flooding domain to the local router. It is determined whether the measure of distance exceeds a threshold. If the measure of distance exceeds the threshold, then summary routing information with less than the certain level of detail is determined for the particular router. Also, certain routing information is sent over a different second communication link at the local router. The certain routing information includes the summary information for the particular router, and all routing information at the certain level of detail for a subset of routers communicating in the first flooding domain, which subset excludes the particular router.