Abstract: A method, system, and logic for upgrading mesh points of a wireless mesh network. One method includes maintaining a mesh topology data structure containing information on the tree topology of a wireless mesh network. The method further includes using a tree-walking method to send an upgrade message to the root access point and to each other mesh point in the wireless mesh network until each mesh point has received the upgrade message. Receiving the upgrade message enables the receiving mesh point to upgrade according to the contents of the upgrade message without necessarily disrupting the mesh network.

Abstract: An IP (Internet Protocol) session for a mobile node is carried out through the use of a virtual care-of address. A foreign agent sends an agent advertisement to the mobile node to allow the mobile node to choose from a list of IP addresses of the foreign agent. The foreign agent ties a virtual care-of address to a mobile node so that an intelligent and dynamic selection of tunnels to be used for the IP session can occur. Therefore, traffic for an IP session is not limited to transmission over the single particular tunnel that corresponds to an IP address initially selected by the mobile node. Rather, the virtual care-of address shifts the tunneling decision from the mobile node to the foreign agent. Supporting multiple tunnels between home agent and foreign agent allows resilience, redundancy, and service-level differentiation to mobile node traffic without involving the mobile node in the process.

Abstract: A method, system, and logic for upgrading mesh points of a wireless mesh network. One method includes maintaining a mesh topology data structure containing information on the tree topology of a wireless mesh network. The method further includes using a tree-walking method to send an upgrade message to the root access point and to each other mesh point in the wireless mesh network until each mesh point has received the upgrade message. Receiving the upgrade message enables the receiving mesh point to upgrade according to the contents of the upgrade message without necessarily disrupting the mesh network.

Abstract: A method, system, and logic for upgrading mesh points of a wireless mesh network. One method includes maintaining a mesh topology data structure containing information on the tree topology of a wireless mesh network. The method further includes using a tree-walking method to send an upgrade message to the root access point and to each other mesh point in the wireless mesh network until each mesh point has received the upgrade message. Receiving the upgrade message enables the receiving mesh point to upgrade according to the contents of the upgrade message without necessarily disrupting the mesh network.

Abstract: A plurality of flow network elements monitors network flows at the subscriber level for a plurality of subscribers. The flow network elements export flow records to a collector, which organizes the flow records. A policy client correlates the flow records and determines whether any network flows are violating a flow policy definition. If a flow policy definition is violated, the policy client transmits a policy action to a policy server which indicates what action to take for a given violating flow. The policy server assigns a flow policy for the subscriber corresponding with the violating flow. The assigned flow policy is then transmitted to the flow network element having that violating flow, and that flow network element installs the flow policy.

Abstract: An IP (Internet Protocol) session for a mobile node is carried out through the use of a virtual care-of address. A foreign agent sends an agent advertisement to the mobile node to allow the mobile node to choose from a list of IP addresses of the foreign agent. The foreign agent ties a virtual care-of address to a mobile node so that an intelligent and dynamic selection of tunnels to be used for the IP session can occur. Therefore, traffic for an IP session is not limited to transmission over the single particular tunnel that corresponds to an IP address initially selected by the mobile node. Rather, the virtual care-of address shifts the tunneling decision from the mobile node to the foreign agent. Supporting multiple tunnels between home agent and foreign agent allows resilience, redundancy, and service-level differentiation to mobile node traffic without involving the mobile node in the process.

Abstract: An IP (Internet Protocol) session for a mobile node is carried out through the use of a virtual care-of address. A foreign agent sends an agent advertisement to the mobile node to allow the mobile node to choose from a list of IP addresses of the foreign agent. To perform virtual care-of address services, the foreign agent ties the virtual care-of address to a mobile node so that an intelligent and dynamic selection of tunnels to be used for the IP session can occur. Therefore, traffic for an IP session is not limited to transmission over the single particular tunnel that corresponds to an IP address initially selected by the mobile node. Rather, the virtual care-of address shifts the tunneling decision from the mobile node to the foreign agent. Supporting multiple tunnels between home agent and foreign agent allows resilience, redundancy, and service-level differentiation to mobile node traffic without involving the mobile node in the process.

Abstract: A plurality of flow network elements monitors network flows at the subscriber level for a plurality of subscribers. The flow network elements export flow records to a collector, which organizes the flow records. A policy client correlates the flow records and determines whether any network flows are violating a flow policy definition. If a flow policy definition is violated, the policy client transmits a policy action to a policy server which indicates what action to take for a given violating flow. The policy server assigns a flow policy for the subscriber corresponding with the violating flow. The assigned flow policy is then transmitted to the flow network element having that violating flow, and that flow network element installs the flow policy.

Abstract: Authentication in a mesh network controlled by a central controller, including using standard IEEE 802.11i mechanisms between a potential child mesh access point (AP) as supplicant and the controller as authenticator. Each mesh AP in the mesh network has a secure tunnel to a controller using a protocol for controlling the mesh AP, including AP capabilities, and a fast roaming method for re-establishing a secure layer-2 link with a new parent mesh AP including, while the mesh AP is a child mesh AP to the first parent mesh AP and has a secure layer-2 link to the first parent mesh AP, caching key information and wireless mesh network identity information in the controller.

Abstract: A mesh access point that includes an access point profile storing one ore more parameters in non-volatile memory, and a method of using the mesh access point having the access point profile to select and carry out mutual authentication on a wireless mesh network to establish itself to the mesh network using information in the access point profile, and further to provide services to wireless clients according to information in the access point profile. Access point profiles can be pre-configured/configured/updated suitably in order to adapt the mesh access point in a mesh network according to its capabilities and requirements.

Abstract: A mesh access point that includes an access point profile storing one ore more parameters in non-volatile memory, and a method of using the mesh access point having the access point profile to select and carry out mutual authentication on a wireless mesh network to establish itself to the mesh network using information in the access point profile, and further to provide services to wireless clients according to information in the access point profile. Access point profiles can be pre-configured/configured/updated suitably in order to adapt the mesh access point in a mesh network according to its capabilities and requirements.

Abstract: Authentication in a mesh network controlled by a central controller, including using standard IEEE 802.11i mechanisms between a potential child mesh access point (AP) as supplicant and the controller as authenticator. Each mesh AP in the mesh network has a secure tunnel to a controller using a protocol for controlling the mesh AP, including AP capabilities, and a fast roaming method for re-establishing a secure layer-2 link with a new parent mesh AP including, while the mesh AP is a child mesh AP to the first parent mesh AP and has a secure layer-2 link to the first parent mesh AP, caching key information and wireless mesh network identity information in the controller.

Abstract: A method and logic encoded in tangible media and apparatus for securing links between a mesh point and one or more identities of one or more parent mesh points of a wireless mesh network in order to secure the links. A first association is carried out to one of the identities of one of the parent mesh points. The first mesh point undergoes a mutual authentication with an authenticator and announces the possibility of multiple links and/or multiple paths. The authentication generates a first master key from which the root master key of the key hierarchy is derived so that other master keys for different identities are derivable using a hierarchy. The mesh point undergoes a 4-way handshake to derive a first transient key. Other transient keys are obtained by a fast roaming method without having to re-undergo a backend authentication, the other transient keys being for other links and/or paths and derived using the hierarchy.

Abstract: An authentication method in a mesh AP including using standard IEEE 802.11i mechanisms between the mesh AP and an authenticator for authenticating the mesh AP to become a child mesh AP with a secure layer-2 link to a first parent mesh AP that has a secure tunnel to a Controller, including, after a layer-2 link between the child mesh AP and the first parent mesh AP is secured, undergoing a join exchange for form a secure tunnel between the child mesh AP and the Controller. Further, a fast roaming method for re-establishing a secure layer-2 link with a new parent mesh AP including, while the mesh AP is a child mesh AP to the first parent mesh AP and has a secure layer-2 link to the first parent mesh AP, caching key information and wireless mesh network identity information, and using the cached information to establish a secure layer-2 link with a new parent mesh AP without having to undergo a 4-way authentication.

Abstract: An IP (Internet Protocol) session for a mobile node is carried out through the use of a virtual care-of address. A foreign agent sends an agent advertisement to the mobile node to allow the mobile node to choose from a list of IP addresses of the foreign agent. To perform virtual care-of address services, the foreign agent ties the virtual care-of address to a mobile node so that an intelligent and dynamic selection of tunnels to be used for the IP session can occur. Therefore, traffic for an IP session is not limited to transmission over the single particular tunnel that corresponds to an IP address initially selected by the mobile node. Rather, the virtual care-of address shifts the tunneling decision from the mobile node to the foreign agent. Supporting multiple tunnels between home agent and foreign agent allows resilience, redundancy, and service-level differentiation to mobile node traffic without involving the mobile node in the process.

Abstract: Embodiments of the present invention include a method, an apparatus, and logic encoded in one or more computer-readable tangible medium to carry out a method. One method includes tagging packets and forwarding packets in a wireless mesh network using stored forwarding information for the tag, wherein the forwarding information is according to a centrally determined routing method and tag distribution method.

Abstract: A plurality of flow network elements monitors network flows at the subscriber level for a plurality of subscribers. The flow network elements export flow records to a collector, which organizes the flow records. A policy client correlates the flow records and determines whether any network flows are violating a flow policy definition. If a flow policy definition is violated, the policy client transmits a policy action to a policy server which indicates what action to take for a given violating flow. The policy server assigns a flow policy for the subscriber corresponding with the violating flow. The assigned flow policy is then transmitted to the flow network element having that violating flow, and that flow network element installs the flow policy.

Abstract: A method of implementing a spanning tree protocol for a wireless network conforming to a wireless network standard, the spanning tree protocol substantially conforming to the IEEE 802.1 standard, including a first wireless bridging node wirelessly transmitting BPDU information to other wireless bridging nodes of the network or wirelessly receiving BPDU information from other wireless bridging nodes, the BPDU information encapsulated in one or more control/management frames, e.g., beacon or probe response frames of the wireless network standard, the BPDU information relating to a spanning tree topology containing the first and other wireless bridging nodes.

Abstract: An apparatus for, a method of, and a computer carrier medium carrying code to cause a processor to execute a method. The method includes running a plurality of instances of a wireless spanning tree protocol in a wireless mesh node, each instance substantially conforming to the IEEE 802.1 standard. Running an instance of wireless spanning tree protocol including the wireless mesh point wirelessly transmitting BPDU information to other wireless mesh points of the network or wirelessly receiving BPDU information from other wireless mesh points, the BPDU information encapsulated in one or more control/management frames, e.g., beacon or probe response frames of a wireless network standard, the BPDU information relating to a spanning tree topology for the instance.

Abstract: In one embodiment, a tree-topology building method for a wireless mesh network includes using a centralized parent selection process to select a parent and join offer messages to a selected child of the selected parent.