Abstract: A method of mirroring select traffic in a switching mesh. A packet is received at an edge switch of the switching mesh, and a determination is made as to whether the packet is to be mirrored based on mirroring criteria. A path tag associated with a path through the switching mesh is selected. The path tag is associated with a mirror path if the packet is to be mirrored. The path tag is added to the packet, and the tagged packet is forwarded to a next switch along the path. Other embodiments are also disclosed.

Abstract: One embodiment disclosed relates to a method of configuring a traffic-associated path through a switching mesh. A source switch receives a request to associate a type of traffic to a specified path. The source switch is located at the beginning of the path. A path tag is allocated to the path. The path through the mesh is built, and the association between the type of traffic and the allocated path tag is programmed. Other embodiments are also disclosed.

Abstract: A router programmed to function within an aggregation of a plurality of routers that appears as a single router externally is programmed to determine whether it is a first router in the aggregation of routers to receive a data packet. If the router is a first router in the aggregation of routers to receive a data packet, the router is programmed to perform layer 3 routing for the data packet including modification of the source and destination Media Access Control (MAC) addresses of the packet, and then transmit the packet to another router in the aggregation of routers for layer 2 switching of the packet. If the router is not a first router in the aggregation of routers to receive a data packet, the router is programmed to only perform layer 2 switching of the packet, with layer 3 routing for the data packet having already been performed by another router in the aggregation of routers.

Abstract: A method for applying a host security service to a network is described herein. The network may include a host device and a network device. The network device may receive a request for security-based filtering. The request includes filtering parameters that restrict traffic between the host device and the network device. It is determined whether the filtering parameters conflict with an initial filtering configuration. The filtering parameters may be applied to traffic through the network device.

Abstract: One embodiment described relates to an automated method of host discovery and path tracing by a network management server. The method includes discovery of a location in the network of a source host, discovery of a location in the network of a destination host, and discovery of a path from the source host to the destination host. Other embodiments are also described.

Abstract: One embodiment disclosed relates to a method of assuring integrity of a data set between multiple devices. A normalizing factor is generated at a first device. Based on the data set at the first device and the normalizing factor, a first integrity mechanism is calculated. The normalizing factor and the first integrity mechanism are sent from the first device to at least a second device. Other embodiments are also disclosed.

Abstract: A method for energy efficient configuration of a physical port of a plurality of physical ports of a network device is described herein. One or more physical ports of the plurality of physical ports may be aggregated to a logical port in a logical communication channel between the network device and another device. A configuration of the one or more physical ports is determined. The configuration includes one or more parameters which are monitored. The physical port of the plurality of physical ports is selected and a configuration state of the selected physical port is modified upon detection of an event based on the one or more parameters. The modified configuration state is one of an active port state, an active port state with a limited bandwidth utilization rate, and a standby port state. The selected port is reconfigured according to the modified configuration state.

Abstract: A method for applying a host security service to a network is described herein. The network may include a host device and a network device. The network device may receive a request for security-based filtering. The request includes filtering parameters that restrict traffic between the host device and the network device. It is determined whether the filtering parameters conflict with an initial filtering configuration. The filtering parameters may be applied to traffic through the network device.

Abstract: A method and apparatus for policy enforcement at a network device of a network are disclosed. A packet is received at the network device. A tag associated with the packet is determined. The tag includes a field that indicates a path thru the network that is assigned to the packet. The path is between an entry network device of the packet and a destination network device of the packet. The tag is mapped to a policy of a plurality of policies based on information about a client device. The client information is not available within the packet. One or more rules associated with the policy are determined and enforced.

Abstract: A router programmed to function within an aggregation of a plurality of routers that appears as a single router externally is programmed to determine whether it is a first router in the aggregation of routers to receive a data packet. If the router is a first router in the aggregation of routers to receive a data packet, the router is programmed to perform layer 3 routing for the data packet including modification of the source and destination Media Access Control (MAC) addresses of the packet, and then transmit the packet to another router in the aggregation of routers for layer 2 switching of the packet. If the router is not a first router in the aggregation of routers to receive a data packet, the router is programmed to only perform layer 2 switching of the packet, with layer 3 routing for the data packet having already been performed by another router in the aggregation of routers.

Abstract: A method for traffic control of a network device in a network are disclosed. The network device determines potentially malicious behavior by a host device in the network. A permissible rate of traffic from the host device through a port of the network device is reduced in response to determining the potentially malicious behavior. A rate of traffic through the port of the network device is measured. The measured traffic rate is compared with a threshold rate. The permissible rate of traffic is adjusted based on the comparison.

Abstract: A method for energy efficient configuration of a physical port of a plurality of physical ports of a network device is described herein. One or more physical ports of the plurality of physical ports may be aggregated to a logical port in a logical communication channel between the network device and another device. A configuration of the one or more physical ports is determined. The configuration includes one or more parameters which are monitored. The physical port of the plurality of physical ports is selected and a configuration state of the selected physical port is modified upon detection of an event based on the one or more parameters. The modified configuration state is one of an active port state, an active port state with a limited bandwidth utilization rate, and a standby port state. The selected port is reconfigured according to the modified configuration state.

Abstract: One embodiment disclosed relates to a method of routing a packet by way of a router aggregation. A packet is received from outside the aggregation by an initially receiving router/switch unit. Router functions are performed by the initially receiving router unit, including modification of the packet. The packet is then sent to a layer 2 network of the aggregation, wherein switching functions are performed on the packet. Another embodiment disclosed relates to a cooperative aggregation of router/switch units. The aggregation includes a plurality of the router/switch units, and a switching network interconnecting the units. The cooperative aggregation functions as a single router from a perspective of an external network device coupled to the system.

Abstract: One embodiment disclosed relates to a method of cost determination for paths between switches in a mesh. A set of paths between each pair of the mesh switches is defined, and start-up costs for the paths are calculated. The costs for the previously defined paths are subsequently recalculated using a directed cost protocol. The directed cost protocol may include generating at a first switch a cost packet with path information associated with a specific path, and unlasting the cost packet via the specific path to a second switch.

Abstract: A method and apparatus for processing a Dynamic Host Configuration Protocol (DHCP) packet in a trusted network are disclosed. The trusted network includes a plurality of trusted network devices and a trusted host. The DHCP packet is received at a network device of the trusted network. A port of the network device from which the DHCP packet was received is determined. An identifier associated with the port is determined. An option in the DHCP packet is marked by the network device using the identifier. The marked DHCP packet is transmitted along a forwarding path.

Abstract: One embodiment disclosed relates to a switching system. The switching system includes first, second, and third sets of switches. The first set of switches is configured with a first instance of meshing software such that the switches in the first set are members of a first mesh domain. The second set of switches is configured with a second instance of the meshing software such that the switches in the second set are members of a second mesh domain. The third set of switches is configured with both the first and second instances of the meshing software such that the switches in the third set are members of both the first and second mesh domains. Another embodiment disclosed relates to a packet switch apparatus executing multiple instances of meshing software. Another embodiment disclosed relates to a method of configuring a switching system having multiple mesh domains.

Abstract: One embodiment disclosed relates to a method of handling oversubscribed ports between switches. An oversubscribed port is detected at a detecting switch. A set of paths exiting at the oversubscribed port is selected for retagging, and tags for the set of paths are invalidated. When packets with the invalidated tags are received, the received packets are retagged with a tag associated with a detour path. Another embodiment disclosed relates to a packet switch apparatus with oversubscribed port handling capability for use in a switching mesh. Another embodiment disclosed relates to a switching mesh including a capability to handle oversubscribed ports between switches.

Abstract: One embodiment disclosed relates to a method of handling link failures between switches. A failed link is detected at a detecting switch. The detecting switch determines a set of path tags whose paths are affected by the failed link. Subsequently, when packets are received with one of the path tags affected by the failed link, those packets are retagged with a detour path tag associated with a detour path circumventing the failed link. Another embodiment disclosed relates to a packet switch apparatus with link failure handling capability for use in a switching mesh. Another embodiment disclosed relates to a switching mesh including a capability to handle link failures.

Abstract: One embodiment relates to a method by a switch of tracing a broadcast path from the switch through a group of switches. A broadcast traceroute packet is issued with a first hop entry from each port within the broadcast path. Trace hop packets are received from hop switches within the broadcast path, and trace complete packets are received from end switches within the broadcast path. Other embodiments are also disclosed.

Abstract: An apparatus in one example comprises a first mesh network switch, of a plurality of mesh network switches, that employs mesh connection information of one or more mesh network switches of the plurality of mesh network switches to determine a plurality of paths between the first mesh network switch and a second mesh network switch, of the plurality of mesh network switches, before a selection of one path of the plurality of paths for transmission of one or more packets from the first mesh network switch to the second mesh network switch.