Abstract: A method and apparatus for communicating a COPS protocol policy to a non-COPS-enabled network device (i.e., a device or one or more interfaces included in the device) is provided. A COPS proxy is networked with a policy server and a non-COPS-enabled network device such that the COPS proxy can communicate with the policy server and the non-COPS-enabled network device. The policy server is configured to communicate COPS protocol policies to the COPS proxy, which, in turn, is configured to translate the COPS protocol policy into a policy that is in accordance with a policy protocol that the non-COPS-enabled network device can receive and correctly interpret (a “non-COPS protocol”). The translation of the policy utilizes a mapping database that delineates predetermined relationships between COPS protocol policies and the non-COPS protocol policies.

Abstract: A shared spanning tree protocol (SSTP) creates a plurality of spanning trees (i.e., loop-free paths) which are shared among one or more virtual local area network (VLAN) designations for data transmission within a computer network. Each shared spanning tree includes and is defined by a primary VLAN and may be associated with one or more secondary VLANs. In order to associate VLAN designation(s) with a single shared spanning tree, network devices exchange novel shared spanning tree protocol data units (SST-PDUs). Each SST-PDU corresponds to a given primary VLAN and preferably includes one or more fields which list the secondary VLAN designations associated with the given primary VLAN. The association of VLAN designations to shared spanning trees, moreover, preferably depends on which path traffic is to follow as well as the anticipated load characteristics of the various VLANs. The association of VLAN designations to shared spanning trees thus provides a degree of load balancing within the network.

Abstract: Methods and apparatus are provided for selecting a server that can provider content to a client in an optimal manner. A server selection system is coupled to a network node that can identify servers that can provide client reqeusted content. Performance metrics of the servers and their associated priorities are obtained. Servers with metrics that are worse than all the metrics of any other server are optionally eliminated from consideration for best server. Priorities for the metrics are obtained. The metric with the highest priority is applied to analyze the group of servers. The server with the best value for the metric and all servers with metric values falling within a significance window are retained. All others are eliminated from consideration. The other metrics are applied until no metrics remain or only one server remains. If no metrics remain, a best server is identified from the remaining group.

Abstract: A method for generating notification based expressions includes identifying notifications supported by an agent and specifying objects for at least one of the notifications. One or more expressions are defined based on objects specified for the notification. The method further includes sending a list of objects and expressions to the agent to configure the notifications received at a management station upon occurrence of an event at the agent.

Abstract: A method of operating a fault tolerant connection in a network is described. The network includes a number of network elements and a number of links. Each of the network elements is coupled to at least one other of the network elements by at least one of the links. The method identifies a first path and a second path. The first path is between a first one of the network elements and a second one of the network elements, as is the second path. Moreover, the first path and the second path are disjoint. This disjointedness can be any difference between the two paths (e.g., any combination of different network elements or links). A packet is sent from the first one of the network elements via the first path, while a duplicate packet is sent from the first one of the network elements via the second path. The duplicate packet is a duplicate of the packet. Once these packets have been sent, at least one of the packet and the duplicate packet are received at the second one of the network elements.

Abstract: A method and apparatus for auto-configuring layer 3 intermediate devices in computer networks by extending the Dynamic Host Configuration Protocol (DHCP). The devices generate, transmit and receive DHCP messages having novel options embedded therein. The options permit a layer 3 device to request and receive from a DHCP server a unique, overall IP address that may be assigned to the device. The device may also request and receive one or more IP subnets and corresponding IP addresses for each of its interfaces. The device may further receive the routing protocols to be used on the various subnets. The layer 3 device can thus be auto-configured with IP configuration parameters, including IP subnets, IP addresses and routing protocols without the time-consuming, manual involvement of a network administrator.

Abstract: A system for rapidly switching at least one virtual local area network (VLAN) from a first loop-free topology to a second loop-free topology in response to a failure within the first loop-free topology. Each VLAN has one “logical” VLAN which represents the network entities organized into the VLAN and a set of “physical” VLANs each having its own VLAN designation. For each physical VLAN, a different loop-free topology is defined, although only one physical VLAN is “active” at any given time. Messages associated with the logical VLAN are tagged with the designation of the currently active physical VLAN, and forwarded along its loop-free topology. Upon detecting a failure in the loop-free topology, the logical VLAN is rapidly switched to the loop-free topology defined by a second, back-up physical VLAN. Following the switch messages associated with the logical VLAN are tagged with the designation of this back-up VLAN and are forwarded along its loop-free topology.

Abstract: Techniques for managing queues of packets are provided. Once the average queue size crosses a minimum threshold, packets are dropped according to a probability. Once a packet is dropped, the minimum threshold is increased in order to decrease the likelihood that a subsequent packet will be dropped. As packets are accepted, the minimum threshold is decreased gradually to its original value so that the distribution of dropped packets is very uniform.

Abstract: A system for efficiently organizing data or information into an associative memory device, such as a ternary content addressable memory (TCAM), for subsequent searching divides the TCAM is divided into a plurality of individual stages that are interconnected in a cascading fashion. The data or information that is to be stored into the TCAM for subsequent searching is initially translated into a first Boolean representation, such as a binary decision diagram (BDD), that is partitioned into a plurality of segments. Each segment defines one or more outputs, and the outputs from one segment define the inputs to the next segment. After partitioning the BDD and identifying the resulting outputs, each BDD segment along with its corresponding outputs is mapped into a particular stage of the TCAM.

Abstract: The invention relates to a method and apparatus for efficiently organizing, storing and evaluating access control lists (ACLs) for use by an intermediate network device of a computer network. The intermediate network device includes an ACL converter which, in turn, includes a boolean transformation engine that is operatively coupled to a boolean manipulation engine. The boolean transformation engine is configured to access the ACLs in first format and to translate them into a first boolean representation, such as binary decision diagram (BDD) format. The boolean manipulation engine is configured to perform one or more operations on the ACLs specified for a given interface, including a merge operation, so as to generate a single, unified ACL for the given interface. In order to resolve possibly conflicting actions output by the multiple ACLs, the ACL converter may utilize one or more predefined conflict resolution tables during the merging process.

Abstract: A system within a computer network identifies specific traffic flows originating from a given network entity and requests and applies appropriate policy rules or service treatments to the traffic flows. A network entity includes a flow declaration component that communicates with one or more application programs executing on the entity. The flow declaration component includes a message generator and an associated memory for storing one or more traffic flow data structures. For a given traffic flow, the application program issues one or more calls to the flow declaration component providing it with information identifying the traffic flows. The flow declaration component then opens a flow management session with a local policy enforcer that obtains policy rules or service treatments for the identified flow from a policy server and applies those rules or treatments to the specific traffic flows from the network entity.

Abstract: A method that rapidly reconfigures a computer network having a plurality of devices executing the spanning tree algorithm. First, one or more devices are configured and arranged so that one port, providing connectivity to the root, is in the forwarding state and the remaining ports, providing connectivity to the root, are in the blocked state. Next, one or more of the blocked ports are designated as back-up ports. Upon detection of a failure at the active forwarding port, one of the back-up ports immediately transitions from blocked to forwarding, thereby becoming the new active port for the device. Following the transition to a new active port, dummy multicast messages are transmitted, each containing the source address of an entity directly coupled to the affected device or downstream thereof. By examining the dummy multicast messages, other devices in the network learn to use to the new forwarding port of the affected device.

Abstract: A method that rapidly reconfigures a computer network having a plurality of devices executing the spanning tree algorithm. First, one or more devices are configured and arranged so that one port, providing connectivity to the root, is in the forwarding state and the remaining ports, providing connectivity to the root, are in the blocked state. Next, one or more of the blocked ports are designated as back-up ports. Upon detection of a failure at the active forwarding port, one of the back-up ports immediately transitions from blocked to forwarding, thereby becoming the new active port for the device. Following the transition to a new active port, dummy multicast messages are transmitted, each containing the source address of an entity directly coupled to the affected device or downstream thereof. By examining the dummy multicast messages, other devices in the network learn to use to the new forwarding port of the affected device.

Abstract: A system within a computer network identifies specific traffic flows originating from a given network entity and requests and applies appropriate policy rules or service treatments to the traffic flows. A network entity includes a flow declaration component that communicates with one or more application programs executing on the entity. The flow declaration component includes a message generator and an associated memory for storing one or more traffic flow data structures. For a given traffic flow, the application program issues one or more calls to the flow declaration component providing it with information identifying the traffic flows. The flow declaration component then opens a flow management session with a local policy enforcer that obtains policy rules or service treatments for the identified flow from a policy server and applies those rules or treatments to the specific traffic flows from the network entity.

Abstract: A method that rapidly reconfigures a computer network having a plurality of devices executing the spanning tree algorithm. First, one or more devices are configured and arranged so that one port, providing connectivity to the root, is in the forwarding state and the remaining ports, providing connectivity to the root, are in the blocked state. Next, one or more of the blocked ports are designated as back-up ports. Upon detection of a failure at the active forwarding port, one of the back-up ports immediately transitions from blocked to forwarding, thereby becoming the new active port for the device. Following the transition to a new active port, dummy multicast messages are transmitted, each containing the source address of an entity directly coupled to the affected device or downstream thereof. By examining the dummy multicast messages, other devices in the network learn to use to the new forwarding port of the affected device.

Abstract: A method that rapidly reconfigures a computer network having a plurality of devices executing the spanning tree algorithm. First, one or more devices are configured and arranged so that one port, providing connectivity to the root, is in the forwarding state and the remaining ports, providing connectivity to the root, are in the blocked state. Next, one or more of the blocked ports are designated as back-up ports. Upon detection of a failure at the active forwarding port, one of the back-up ports immediately transitions from blocked to forwarding, thereby becoming the new active port for the device. Following the transition to a new active port, dummy multicast messages are transmitted, each containing the source address of an entity directly coupled to the affected device or downstream thereof. By examining the dummy multicast messages, other devices in the network learn to use to the new forwarding port of the affected device.

Abstract: A system in which a single VLAN architecture spans multiple VLAN transport protocols and technologies, including a method and system in which multiple different VLANs may be combined in a single enterprise network. Each LAN-switch in the system identifies each frame with an identifier, and associates that identifier with particular VLAN identifiers for each type of VLAN technology. When a frame is bridged or routed from a first type of VLAN to a second type of VLAN, the first VLAN encapsulation is removed and the second VLAN encapsulation is added, with appropriate change in the VLAN identifier for the frame or packet. The identifier may also be implicit for the frame, such as when a particular set of sender's MAC addresses are identified with a particular VLAN. Individual VLANs, of whatever architecture, may be added, configured or reconfigured, modified, or deleted, using control tools associated with the multiple VLAN architecture system.

Abstract: A system within a computer network identifies specific traffic flows originating from a given network entity and requests and applies appropriate policy rules or service treatments to the traffic flows. A network entity includes a flow declaration component that communicates with one or more application programs executing on the entity. The flow declaration component includes a message generator and an associated memory for storing one or more traffic flow data structures. For a given traffic flow, the application program issues one or more calls to the flow declaration component providing it with information identifying the traffic flows. The flow declaration component then opens a flow management session with a local policy enforcer that obtains policy rules or service treatments for the identified flow from a policy server and applies those rules or treatments to the specific traffic flows from the network entity.

Abstract: A system in which a single VLAN architecture spans multiple VLAN transport protocols and technologies, including a method and system in which multiple different VLANs may be combined in a single enterprise network. Each LAN-switch in the system identifies each frame with an identifier, and associates that identifier with particular VLAN identifiers for each type of VLAN technology. When a frame is bridged or routed from a first type of VLAN to a second type of VLAN, the first VLAN encapsulation is removed and the second VLAN encapsulation is added, with appropriate change in the VLAN identifier for the frame or packet. The identifier may also be implicit for the frame, such as when a particular set of sender's MAC addresses are identified with a particular VLAN. Individual VLANs, of whatever architecture, may be added, configured or reconfigured, modified, or deleted, using control tools associated with the multiple VLAN architecture system.

Abstract: The Spanning Tree Protocol converges to a new configuration after the loss of a link. A new frame, known as a root link query request BPDU is transmitted to the root bridge in the spanning tree when a bridge detects an indirect link failure through the reception of an inferior BPDU on a blocked port. Each bridge forwards this root link query until the root link query reaches the last reachable upstream bridge or a bridge which has a different Tx_Root_Id than the one identified in the RLQ-REQ-BPDU. If the last reachable bridge is the root bridge identified in the RLQ-REQ-BPDU, then a second new frame known as an RLQ-ACK-BPDU is sent, and the bridge port receiving this acknowledgment BPDU is changed from a blocked port to a designated port. If the RLQ-REQ-BPDU reaches a bridge with a different Tx_Root_Id than the one in RLQ-REQ-BPDU, a third new frame known as RLQ-NAK-BPDU is sent.