Abstract: A method and apparatus for emulating VPLS within an ATM network. Provider Edge devices are configured for VPLS connections. For each pair of provider edge devices supporting the same VPLS ID, one device establishes a virtual circuit between the pair. Thus, a full mesh of virtual circuits is established between provider edge devices, and a VPLS-like service can be offered to users without having to implement MPLS. Establishing the virtual circuits within a PNNI hierarchy maybe facilitated by each provider edge device propagating through the hierarchy an information group containing an association between the ATM address of the device and a VPLS ID, so that each provider edge device learns all ATM addresses to be associated with each VPLS ID. The method of advertising ATM addresses can be applied to other services requiring a number of interconnections between provider edge devices, such as Virtual Private Networks.

Abstract: The packet rate limiting method and system is used for detecting and blocking the effects of DoS attacks on IP networks. The method uses an ACL counter that stores an action parameter in the first 3 most significant bits and uses 13 bits as a packet counter. A rate limit is enforced by setting the packet counter to an initial value, and resetting this value at given intervals of time. The action parameter enables the ACL to accept or deny packets based on this rate limit. If the number of packets in the incoming flow saturates the packet counter before the reset time, the packets are denied access to the network until the counter is next reset. The denied packets may be just discarded or may be extracted for further examination.

Abstract: A packet processing device has an on-board match engine memory. Actions to be taken on a packet can be looked up in the match engine memory using a key comprising a match engine index and a protocol field from the packet. The match engine index is obtained from either a relatively small on-board parser memory or a larger context memory. The parser memory contains match engine indices for sparse protocols. Performance approaching that of hard-wired packet processors can be obtained. New protocols or changes in protocols can be accommodated by writing new values into the match engine, parser and context memories. The packet processing device can be provided in a pipelined architecture.

Abstract: A multi-protocol switch that supports both ATM and IP traffic and method for use is presented. The multi-protocol switch associates certain input connections, as identified by virtual path identifier/virtual connection identifier (VPI/VCI), with either IP or ATM traffic. When the connection identifier for a cell received indicates that the cell is an ATM cell, the multi-protocol switch forwards the cell through the switch, where the forwarding is based on the connection identifier for the cell. If the connection identifier for a cell indicates that the cell is IP traffic, the cell is stored with other cells included in the IP packet to which the cells correspond within the ingress line card of the switch. The destination address included in the packet is used to determine a forwarding decision for the cells included in the packet. After at least partial reassembly, the packet is segmented and forwarded through the switch based on the forwarding decision determined from the destination address.

Abstract: The packet rate limiting method and system is used for detecting and blocking the effects of DoS attacks on IP networks. The method uses an ACL counter that stores an action parameter in the first 3 most significant bits and uses 13 bits as a packet counter. A rate limit is enforced by setting the packet counter to an initial value, and resetting this value at given intervals of time. The action parameter enables the ACL to accept or deny packets based on this rate limit. If the number of packets in the incoming flow saturates the packet counter before the reset time, the packets are denied access to the network until the counter is next reset. The denied packets may be just discarded or may be extracted for further examination.

Abstract: A method and apparatus are provided for emulating VPLS within an ATM network. Provider Edge devices are configured for the VPLS connections. Each provider edge device advertises its configured VPLS IDs to other provider edge devices by propagating an information group up the PNNI hierarchy, the information group containing an association between an ATM address of the provider edge device and the VPLS ID. Information groups are propagated back down the PNNI hierarchy, so that each lowest level node learns all ATM addresses to be associated with each VPLS ID. For each pair of provider edge devices supporting the same VPLS ID, one of the provider edge devices establishes a virtual circuit between the pair. In this way, a mesh of virtual circuits is established between provider edge devices, and a VPLS-like service can be offered to users without having to implement MPLS.

Abstract: A packet processing device has an on-board match engine memory. Actions to be taken on a packet can be looked up in the match engine memory using a key comprising a match engine index and a protocol field from the packet. The match engine index is obtained from either a relatively small on-board parser memory or a larger context memory. The parser memory contains match engine indices for sparse protocols. Performance approaching that of hard-wired packet processors can be obtained. New protocols or changes in protocols can be accommodated by writing new values into the match engine, parser and context memories. The packet processing device can be provided in a pipelined architecture.