Abstract: A network device includes a plurality of physical ports configured to be coupled to one or more networks, and a processor device configured to process packets. The processor device includes a processor configured to implement a logical port assignment mechanism to assign source logical port information to a data packet received via a source physical port of the plurality of physical ports. The source logical port information is assigned based on one or more characteristics of the data packet, and the source logical port information corresponds to a logical entity that is different from any physical port. The processor device also includes a forwarding engine processor configured to determine one or more egress logical ports for forwarding the data packet, map the egress logical port(s) to respective egress physical port(s) of the plurality of physical ports, and forward the data packet to the egress physical port(s) based on the mapping.

Abstract: A plurality of forwarding devices are configured to couple to respective pluralities of ports to ingress and egress network traffic. Ones of the plurality of forwarding devices are coupled to respective forwarding databases and each one forwarding device is configured to maintain the respective forwarding database, and send messages to and receive message from other ones of the plurality of forwarding devices to synchronize the plurality of forwarding databases.

Abstract: Data packets are received at a network interface. A source address and a destination address are extracted from each data packet. Thereafter, a first query is performed in an address database to retrieve access group information associated with the source address. A second query is performed in the address database to retrieve resource group information associated with the destination address. Based upon the access group and the resource group, a command is assigned to the data packet. Optionally, the access group information and resource group information are used in connection with an access matrix to assign the command to the data packet.

Abstract: A network device including a processor having an internet protocol (IP) address, and a processor port configured to communicate exclusively with the processor. The network device also includes a plurality of network ports configured to communicate with network nodes external to the network device. In addition, the network device includes a forwarding engine configured to selectively transfer packets (i) among the plurality of network ports, and (ii) between the processor port and the plurality of network ports; receive a broadcast packet from one of the plurality of network ports, the broadcast packet including a target IP address; and forward the broadcast packet to the processor, via the processor port, only when both (i) the broadcast packet is a control packet, and (ii) the target IP address of the broadcast packet matches the IP address of processor.

Abstract: A network device includes a plurality of physical ports configured to be coupled to one or more networks, and a processor device configured to process packets. The processor device includes a processor configured to implement a logical port assignment mechanism to assign source logical port information to a data packet received via a source physical port of the plurality of physical ports. The source logical port information is assigned based on one or more characteristics of the data packet, and the source logical port information corresponds to a logical entity that is different from any physical port. The processor device also includes a forwarding engine processor configured to determine one or more egress logical ports for forwarding the data packet, map the egress logical port(s) to respective egress physical port(s) of the plurality of physical ports, and forward the data packet to the egress physical port(s) based on the mapping.

Abstract: A network switch device includes network interfaces configured to receive and transmit packet based communications within a computer network, a virtual router classification engine, and a packet forwarding engine. The virtual router classification engine is configured to generate a search key for a packet received at a first network interface using header information, and additional information associated with the packet, to select a rule corresponding to the generated search key, and to apply an action associated with the selected rule to the packet. The virtual router classification engine is configured to apply an action associated with the selected rule to the packet at least by assigning a virtual router identifier to the packet. The packet forwarding engine is configured to serve organizations forming the computer network, and segregate packet communications of the first organization from packet communications traffic of other organizations based on the assigned virtual router identifier.

Abstract: A network device includes at least one source physical port configured to be coupled to a network, a plurality of egress ports, and a packet processor. The packet processor includes a processing stage configured to implement a logical port assignment mechanism to assign source logical port information to a data packet received via one of the at least one source physical port, wherein the source logical port information is based on characteristics of the data packet, wherein the source logical port information corresponds to a logical entity that is different from any source physical port, and a forwarding engine to determine one or more egress ports for forwarding the data packet based on at least the assigned source logical port information.

Abstract: An apparatus includes a plurality of ports to receive a packet. A scope circuit determines a source scope level for a source Internet protocol version 6 (IPv6) address of the received packet. A command circuit determines whether to forward the received packet based on the source scope level. The source scope level is indicative of whether a source address is a global address or a local address.

Abstract: A network device includes at least one source physical port configured to be coupled to a network, a plurality of egress ports, and a packet processor. The packet processor includes a processing stage configured to implement a logical port assignment mechanism to assign source logical port information to a data packet received via one of the at least one source physical port, wherein the source logical port information is based on characteristics of the data packet, wherein the source logical port information corresponds to a logical entity that is different from any source physical port, and a forwarding engine to determine one or more egress ports for forwarding the data packet based on at least the assigned source logical port information.

Abstract: A method of controlling a plurality of forwarding databases provided in an Ethernet bridge having a plurality of devices. The method includes aging a first set of entries in a first forwarding database maintained by a first one of the plurality of devices. The first set of entries are owned by the first one of the plurality of devices. The method also includes transmitting one or more new address messages from the first one of the plurality of devices to a second one of the plurality of devices. The method further includes aging a second set of entries in the first forwarding database. The second set of entries are owned by the second one of the plurality of devices.

Abstract: A method for increasing resolution of virtual router assignment in a computer network. An incoming packet may be parsed to obtain its source and destination IP addresses. With the obtained IP addresses, and in some cases other information about the packet, a classification engine may perform a multi-field classification in a memory such as a TCAM (Ternary Content-Addressable Memory). The classification result may point to an action entry in an action table in a memory, e.g., an SRAM (Static random access memory). The action entry may indicate policy-based setting of the virtual router, and the VRF-ID. A virtual router is then assigned according to the VRF-ID. A group based classification in layer 3 of the present invention may avoid using a table to define segregation policies between hosts pair by pair.

Abstract: A network device includes at least one source physical port coupled to a network, and a plurality of egress ports. A logical port assignment mechanism assigns source logical port information to a data packet received via one of the at least one physical port. The source logical port information is based on characteristics of the data packet, and the source logical port information corresponds to a logical entity that is different from any source physical port. A forwarding engine determines one or more egress ports for forwarding the data packet based on at least the assigned source logical port.

Abstract: A network device receives a packet at a network interface and determines whether the packet represents control traffic. The network device also determines whether the packet is received from a privileged node. To achieve this, a source address is extracted from the packet, a query of the source address is performed in an address database, and a node status attribute associated with the source address is returned from the address database. If the packet represents control traffic and is received from a privileged node, the network device may modify one or more attributes of associated with the packet. These attributes may include a traffic class, drop precedence, or bandwidth restriction. Packets that represent control traffic may be placed in a priority queue for further processing based upon their modified attributes.

Abstract: An embodiment of the present invention offloads the generation and monitoring of test packets from a Central processing Unit (CPU) to a dedicated network integrated circuit, such as a router, bridge or switch chip associated with the CPU. The CPU may download test routines and test data to the network IC, which then generates the test packets, identifies and handles received test packets, collects test statistics, and performs other test functions all without loading the CPU. The CPU may be notified when certain events occur, such as when throughput or jitter thresholds for the network are exceeded.

Abstract: A network device includes at least one source physical port coupled to a network, and a plurality of egress ports. A logical port assignment mechanism assigns source logical port information to a data packet received via one of the at least one physical port. The source logical port information is based on characteristics of the data packet, and the source logical port information corresponds to a logical entity that is different from any source physical port. A forwarding engine determines one or more egress ports for forwarding the data packet based on at least the assigned source logical port.

Abstract: An apparatus having a corresponding method and computer program comprises a processor; a plurality of ports to transmit and receive packets of data, the plurality of ports comprising a processor port in communication with the processor, the packets comprising broadcast packets and multicast packets; a memory to store a table that associates the processor port with one or more Internet protocol (IP) addresses; and a forwarding engine to transfer the packets between the ports, to transfer each of the broadcast packets to the processor port only when the table associates a target IP address of the broadcast packet with the processor port, and to transfer each of the multicast packets to the processor port only when the table associates a target IP address of the multicast packet with the processor port.

Abstract: An apparatus having a corresponding method and computer program comprises one or more ports each to transmit and receive packets of data; a classifier to determine one or more attributes for each of the packets of data; one or more counters for each of the ports, wherein each counter counts a number of the packets of data passing through the respective one of the ports and having a predetermined attribute, wherein a respective counter threshold is associated with each of the counters; and a security circuit to cause each of the ports to perform at least one of a plurality of predetermined actions when a count of a respective one of the counters exceeds a respective counter threshold.

Abstract: A method of managing network traffic. The method includes initializing a database in communication with a network device. The database includes a number of MAC address entries and a network flooding entry associated with each of the number of MAC address entries. Each of the number of MAC address entries is associated with a station known to the network. The method also includes receiving network traffic at the network device. The network traffic is associated with a MAC source address. The method further includes determining whether the MAC source address is included in the database, automatically learning a location associated with the MAC source address, and forwarding the network traffic over the network if the MAC source address is included in the database. Additionally, the method includes dropping or trapping the network traffic if the MAC source address is not included in the database. Dropping the network traffic is performed without interaction with a CPU.

Abstract: A system and method of extending a standard bridge to enable execution of logical bridging functionality are disclosed. In some implementations, a logical bridge may assign source logical port information to a data packet based on characteristics of the data packet, employ the source logical port information to learn the source address and to forward the data packet to a logical egress port, and map the logical egress port to a physical egress port at which the data packet is to be egressed. A tunnel interface may optionally be applied to a data packet upon egress.

Abstract: An embodiment of the present invention offloads the generation and monitoring of test packets from a Central processing Unit (CPU) to a dedicated network integrated circuit, such as a router, bridge or switch chip associated with the CPU. The CPU may download test routines and test data to the network IC, which then generates the test packets, identifies and handles received test packets, collects test statistics, and performs other test functions all without loading the CPU. The CPU may be notified when certain events occur, such as when throughput or jitter thresholds for the network are exceeded.