Abstract: A method is disclosed for authenticating multiple network elements that access a network through a single network switch port. Certain authentication protocols, such as EAPoE, leave a port of a network switch indefinitely opened when one particular host is authenticated and authorized to transmit network frames through the port. In one embodiment of the invention, a network frame from a second host that is received by the open port is not automatically transmitted to the network. Instead, techniques are employed locally by the network switch to grant or deny transmission of the network frame received from the second host. An authentication server is contacted only when the network switch cannot locally employ techniques to authorize the transmission of the network frame received from the second host.

Abstract: The invention relates to a method for requesting access to services across a computer network, preferably although not exclusively to a network in which access is controlled by a AAA server. Instead of defining on the AAA server all possible network devices that may require or provide access, along with the respective services they may need, in the present invention the network devices submit access request messages which include information both identifying the device and also specifying explicitly which services are needed. On receipt of such requests, the AAA server uses its internal policies to confirm or deny access, to select appropriate services from those requested, and to instruct the provisioning of those services. The invention provides additional granularity in authentication/authorization, and also significantly reduces the amount of work required to set up and maintain the AAA server.

Abstract: A method and apparatus are disclosed for improving service accounting in a network. After a client is authorized and authenticated, an accounting record is sent with the authorization accept message, and the account record is logged.

Abstract: Techniques for adaptive load balancing using behavior modification hints are disclosed, including, in at least one embodiment, monitoring a server's operating conditions; determining, based on the server's operating conditions, when to send a behavior modification hint to one or more clients that are being served by the server; generating the behavior modification hint based on the server's operating conditions; and sending the behavior modification hint to the one or more clients. In at least one embodiment, a client receives the behavior modification hint and, based on the behavior modification hint, alters a timeout value related to the server or alters its preferred server.

Abstract: Techniques are provided for controlling access message flow. The techniques include receiving one or more access messages; determining one or more sets of features, one for each access message; receiving a particular access message; determining a particular set of one or more features for the particular access message; determining whether the particular access message satisfies a particular condition based on the particular set of one or more features and the one or more sets of features; and if the particular access message satisfies the particular condition, performing a responsive action based on the particular condition.

Abstract: Techniques for adaptive load balancing using behavior modification hints are disclosed, including, in at least one embodiment, monitoring a server's operating conditions; determining, based on the server's operating conditions, when to send a behavior modification hint to one or more clients that are being served by the server; generating the behavior modification hint based on the server's operating conditions; and sending the behavior modification hint to the one or more clients. In at least one embodiment, a client receives the behavior modification hint and, based on the behavior modification hint, alters a timeout value related to the server or alters its preferred server.

Abstract: The invention provides techniques for adaptive load balancing. Techniques are provided for monitoring a server's operating conditions; determining, based on the server's operating conditions, when to send a behavior modification hint to one or more clients that are being served by the server; generating the behavior modification hint based on the server's operating conditions; and sending the behavior modification hint to the one or more clients. A client receives the behavior modification hint and, based on the behavior modification hint, alters a timeout value related to the server or alters its preferred server.

Abstract: A method is disclosed for providing multiple authentication types within an authentication protocol that supports a single type of authentication for a client in communication with an authorization server over a network. One or more authentication request packets compliant with an authentication protocol are sent to the client. Each of the packets comprises a type value that specifies multiple authentication, and a data field having a value that is structured in compliance with the authentication protocol. Each of the packets is associated with one of a plurality of different authentication conversations with the client. A plurality of responses is received from the client for each of the authentication conversations. The sending and receiving steps are repeated until results are determined for the authentication conversations. The client is authenticated based on results of each of the plurality of authentication conversations.

Abstract: A method is disclosed for authenticating multiple network elements that access a network through a single network switch port. Certain authentication protocols, such as EAPoE, leave a port of a network switch indefinitely opened when one particular host is authenticated and authorized to transmit network frames through the port. In one embodiment of the invention, a network frame from a second host that is received by the open port is not automatically transmitted to the network. Instead, techniques are employed locally by the network switch to grant or deny transmission of the network frame received from the second host. An authentication server is contacted only when the network switch cannot locally employ techniques to authorize the transmission of the network frame received from the second host.

Abstract: Techniques are provided for controlling access message flow. The techniques include receiving one or more access messages; determining one or more sets of features, one for each access message; receiving a particular access message; determining a particular set of one or more features for the particular access message; determining whether the particular access message satisfies a particular condition based on the particular set of one or more features and the one or more sets of features; and if the particular access message satisfies the particular condition, performing a responsive action based on the particular condition.

Abstract: The invention provides techniques for adaptive load balancing. Techniques are provided for monitoring a server's operating conditions; determining, based on the server's operating conditions, when to send a behavior modification hint to one or more clients that are being served by the server; generating the behavior modification hint based on the server's operating conditions; and sending the behavior modification hint to the one or more clients. A client receives the behavior modification hint and, based on the behavior modification hint, alters a timeout value related to the server or alters its preferred server.