Abstract: A method is described and in one embodiment includes receiving at a first network element of a communications network a first packet corresponding to a first traffic flow from a first end user device to a second end user device at a time T1; receiving at the first network element a second packet corresponding to a second traffic flow from the second end user device to the first end user device at a time T2; calculating by the first network element a difference ?1 between the time T1 and the time T2; creating at the first network element a first record including the calculated difference ?1; and providing the first record to a network collector device, wherein the network collector device compares the first record with a second record received from a second network element to determine a Round Trip Time (“RTT”) delay for the communications network.

Abstract: A method is described and in one embodiment includes receiving at a first network element of a communications network a first packet corresponding to a first traffic flow from a first end user device to a second end user device at a time T1; receiving at the first network element a second packet corresponding to a second traffic flow from the second end user device to the first end user device at a time T2; calculating by the first network element a difference ?1 between the time T1 and the time T2; creating at the first network element a first record including the calculated difference ?1; and providing the first record to a network collector device, wherein the network collector device compares the first record with a second record received from a second network element to determine a Round Trip Time (“RTT”) delay for the communications network.

Abstract: Techniques for scalable performance monitoring using dynamic flow sampling are described. According to one approach, a method comprises intercepting, at an intermediary network device, one or more packets traveling between a source device and a destination device; identifying, at the intermediary network device, a traffic flow based on the one or more packets; determining, at the intermediary network device, whether to collect one or more metrics from the traffic flow based on one or more performance factors of the intermediary network device; in response to a determination to collect the one or more metrics from the traffic flow, the intermediary network collecting the one or more metrics from subsequently intercepted packets belonging to the traffic flow; wherein the method is performed by one or more computing devices.

Abstract: In one embodiment, accurate packet metrics are recorded despite delayed resolution of one or more traffic monitors that maintain the metrics for the packet flow. One or more metrics related to an initial plurality of packets of a packet flow are stored in a temporary metrics data structure. One or more monitors are subsequently resolved based on information included in packets of at least the initial plurality of packets. For example, an application or Wide Area Application Services (WAAS) segment that is to be monitored may not be identified until after numerous packets have passed. The monitor(s) are updated with metrics related to the packet flow based on said one or more metrics related to the initial plurality of packets from the metrics data structure and packets of the packet stream subsequent to the first one or more packets.

Abstract: System and methods for identifying and managing applications over compressed or encrypted traffic in a network are described. The first and second embodiments, which provides a method for managing applications over compressed or encrypted traffic respectively, comprise identifying applications on the traffic, saving the application classification per connection, and propagating the application classification to the network. A method for providing application identification over compressed or encrypted traffic is also disclosed, which includes an application recognition module configured to, among other functions, determine an application classifier for compressed or encrypted traffic without applying an application classification process, and utilize the application classification for previous packets originating from the connection for the current packets from the same connection.

Abstract: System and methods for identifying and managing applications over compressed or encrypted traffic in a network are described. The first and second embodiments, which provides a method for managing applications over compressed or encrypted traffic respectively, comprise identifying applications on the traffic, saving the application classification per connection, and propagating the application classification to the network. A method for providing application identification over compressed or encrypted traffic is also disclosed, which includes an application recognition module configured to, among other functions, determine an application classifier for compressed or encrypted traffic without applying an application classification process, and utilize the application classification for previous packets originating from the connection for the current packets from the same connection.

Abstract: One example method is provided for detecting end-to-end packet loss and retransmission occurring in a connection of a network environment. The method can include monitoring packets transmitted from a sender to a receiver and acknowledgement packets from the receiver to the sender using a probe located in a path between the sender and the receiver in the network environment; identifying, by the probe, a first packet as a possibly-retransmitted packet if the first packet has a fall back sequence number; classifying, by the probe, the first packet as a retransmitted packet using one or more conditions based, at least in part, on one or more of the following: characteristic(s) of the possibly-retransmitted packet, characteristic(s) of sequence numbers observed by the probe, and characteristic(s) of acknowledgements observed by the probe.

Abstract: One example method is provided for detecting end-to-end packet loss and retransmission occurring in a connection of a network environment. The method can include monitoring packets transmitted from a sender to a receiver and acknowledgement packets from the receiver to the sender using a probe located in a path between the sender and the receiver in the network environment; identifying, by the probe, a first packet as a possibly-retransmitted packet if the first packet has a fall back sequence number; classifying, by the probe, the first packet as a retransmitted packet using one or more conditions based, at least in part, on one or more of the following: characteristic(s) of the possibly-retransmitted packet, characteristic(s) of sequence numbers observed by the probe, and characteristic(s) of acknowledgements observed by the probe.

Abstract: Techniques for scalable performance monitoring using dynamic flow sampling are described. According to one approach, a method comprises intercepting, at an intermediary network device, one or more packets traveling between a source device and a destination device; identifying, at the intermediary network device, a traffic flow based on the one or more packets; determining, at the intermediary network device, whether to collect one or more metrics from the traffic flow based on one or more performance factors of the intermediary network device; in response to a determination to collect the one or more metrics from the traffic flow, the intermediary network collecting the one or more metrics from subsequently intercepted packets belonging to the traffic flow; wherein the method is performed by one or more computing devices.

Abstract: One or more firewalls are used to perform firewall functionality on packets based on the entry and exit accesses of each of the one or more firewalls being applied to a packet. For example, when firewalls are included in a router, the interfaces of the router are typically mapped to virtual firewalls and access thereof. Based on the determined routing of a particular packet, the firewalls to apply and their corresponding entry and exit accesses are identified. In order to decouple the application by the firewall itself of the security policies from the network topology and routing architecture (e.g., the network routing address information which is typically relied upon by current firewalls), the firewall functionality is defined based on the identified entry and exit accesses of a firewall, rather than based on network defined addresses, for example.

Abstract: In one embodiment, a router receives a call request for establishing a multimedia exchange between two remote endpoints. The router selects a processing entity to manage a subset of connections with the remote endpoints according to an endpoint identification such as a remote address included in the call request. A different processing entity manages the remaining connections with the remote endpoints. Accordingly, the load of managing signaling for establishing the multimedia exchange is balanced between a plurality of processing elements that appear externally as a single entity such that modification of remote endpoint behavior is not required.

Abstract: Disclosed are, inter alia, methods, apparatus, data structures, computer-readable media, mechanisms, and means for applying features to packets in an order specified by a selected feature order template. By providing multiple feature order templates, a network device manufacturer can provide the user of the network device the ability to select among a variety of orders in which features are applied, while limiting the possible selectable orderings such as to those capable by the hardware and software of the network device, and/or to a subset of orderings thereof which has been thoroughly tested. Some devices further allow a user to define new feature order templates via a user interface.

Abstract: Packets are communicated between forwarding contexts (e.g., virtual routers, logical routers, and/or private networks) using virtual interfaces in communications and computing systems, especially routers, packet switching systems, and other devices. A virtual interface refers to the interface infrastructure (e.g., buffers, memory locations, other data structures), but does not connect to an external cable or other communications mechanism such as is a physical interface. Packets are moved between forwarding contexts by automatically moving a packet placed in a first virtual interface associated with a first forwarding context to a second virtual interface associated with a second forwarding context (assuming the packet is not dropped by a feature applied to the packet at the first virtual interface).

Abstract: In one embodiment, a router receives a call request for establishing a multimedia exchange between two remote endpoints. The router selects a processing entity to manage a subset of connections with the remote endpoints according to an endpoint identification such as a remote address included in the call request. A different processing entity manages the remaining connections with the remote endpoints. Accordingly, the load of managing signaling for establishing the multimedia exchange is balanced between a plurality of processing elements that appear externally as a single entity such that modification of remote endpoint behavior is not required.

Abstract: A novel and useful mechanism for optical ring networks providing concentrator redundancy in the event of a failure of a concentrator. The nodes in a network are connected to dual concentrators to form bi-directional dual counter-rotating optical rings. The failure of one of the concentrators is detected and the internal connections of the surviving concentrator are reconfigured to form a single ring that provides an alternate communication path thus preventing the collapse of the ring. Reliability of optical rings is improved by enabling the ring to continue to function in the event of a concentrator failure.

Abstract: Packets are communicated between forwarding contexts (e.g., virtual routers, logical routers, and/or private networks) using virtual interfaces in communications and computing systems, especially routers, packet switching systems, and other devices. A virtual interface refers to the interface infrastructure (e.g., buffers, memory locations, other data structures), but does not connect to an external cable or other communications mechanism such as is a physical interface. Packets are moved between forwarding contexts by automatically moving a packet placed in a first virtual interface associated with a first forwarding context to a second virtual interface associated with a second forwarding context (assuming the packet is not dropped by a feature applied to the packet at the first virtual interface).

Abstract: One or more firewalls are used to perform firewall functionality on packets based on the entry and exit accesses of each of the one or more firewalls being applied to a packet. For example, when firewalls are included in a router, the interfaces of the router are typically mapped to virtual firewalls and access thereof. Based on the determined routing of a particular packet, the firewalls to apply and their corresponding entry and exit accesses are identified. In order to decouple the application by the firewall itself of the security policies from the network topology and routing architecture (e.g., the network routing address information which is typically relied upon by current firewalls), the firewall functionality is defined based on the identified entry and exit accesses of a firewall, rather than based on network defined addresses, for example.

Abstract: Disclosed are, inter alia, methods, apparatus, data structures, computer-readable media, mechanisms, and means for applying features to packets in an order specified by a selected feature order template. By providing multiple feature order templates, a network device manufacturer can provide the user of the network device the ability to select among a variety of orders in which features are applied, while limiting the possible selectable orderings such as to those capable by the hardware and software of the network device, and/or to a subset of orderings thereof which has been thoroughly tested. Some devices further allow a user to define new feature order templates via a user interface.