Abstract: A method and apparatus for tracking at least one Layer-2 (L2) resource of a network device is provided. The method includes monitoring software operations on the L2 resource. The method further includes monitoring the state of the L2 resource in a corresponding hardware device (e.g., the network device). The L2 resource may be at least one of a Media Access Control (MAC) address, a Virtual Local Area Network (VLAN) identifier, a MAC address, and a VLAN identifier pair.

Abstract: Out-of-profile rate-limited traffic is sampled to provide data for analysis, such as for, but not limited to, identifying a threat condition such as a denial-of-service or other malicious attack, or a non-malicious attack such as an error in configuration. A rate limiter including at least three states is typically used, with one of these states being an out-of-profile sampling state wherein the packet traffic is sampled to identify one or more sampled packets on which analysis can be performed, with defensive action possibly taken in response to the analysis.

Abstract: In one embodiment, a load-balancing algorithm ensures that both network nodes at endpoints of a group of physical links aggregated into a logical channel are using the same load-sharing algorithm and also ensures that the load-sharing algorithm is normalized so that the same flow traverses the same physical link in both directions.

Abstract: Disclosed are systems and methods that enable a host to join a virtual network, such as a VPN, for example. A protocol that may be used by such a system is also disclosed. Once virtual networks are implemented within an enterprise network for different purposes, this protocol allows a host to quickly and easily move around from one virtual network to another without changing its IP address or other host-specifics by which the host is tracked. Given that the host does not rely on classification capabilities of the switch/router, this mechanism allows the enterprise network to provide virtual networks for complex applications or communities in order to isolate application or community impacts, and for hosts to join and leave such networks as they want.

Abstract: In one embodiment, a load-balancing algorithm ensures that both network nodes at endpoints of a group of physical links aggregated into a logical channel are using the same load-sharing algorithm and also ensures that the load-sharing algorithm is normalized so that the same flow traverses the same physical link in both directions.

Abstract: Out-of-profile rate-limited traffic is sampled to provide data for analysis, such as for, but not limited to, identifying a threat condition such as a denial-of-service or other malicious attack, or a non-malicious attack such as an error in configuration. A rate limiter including at least three states is typically used, with one of these states being an out-of-profile sampling state wherein the packet traffic is sampled to identify one or more sampled packets on which analysis can be performed, with defensive action possibly taken in response to the analysis.

Abstract: In one embodiment, a first port of a device provides connectivity to a customer network and a second port of the device provides connectivity to a provider network. Frame mapping logic associated with the first port processes a network message received at the first port and accesses a Virtual Local Area Network (VLAN) mapping data structure that maps customer VLAN designations used in the customer network to provider VLAN designations used in the provider network. Frame mapping logic uses the VLAN mapping data structure to associate the received network message with a particular provider VLAN designation based upon the received network message's particular customer VLAN designation. The received network message is then passed toward the second port.

Abstract: A method and apparatus for tracking at least one Layer-2 (L2) resource of a network device is provided. The method includes monitoring software operations on the L2 resource. The method further includes monitoring the state of the L2 resource in a corresponding hardware device (e.g., the network device). The L2 resource may be at least one of a Media Access Control (MAC) address, a Virtual Local Area Network (VLAN) identifier, a MAC address, and a VLAN identifier pair.

Abstract: A plurality of rule groups are stored in a hard disk (14) in advance, and each group generally includes a plurality of rules. A data file is stored on a floppy disk (16) and includes input- and output-variable data. The input- and output-variable data is a set of input-variable data and output-variable data, the latter of which is obtained when the input-variable data is applied and an operation in accordance with rules desired to be generated is carried out. The data file on the floppy disk (16) is read by a floppy disk drive (15). Using the input-variable data, the CPU (11) performs an operation in accordance with each rule group stored on the hard disk (14). The operational results and the output-variable data are compared and the degree of effectiveness of each rule group is calculated on the basis of the comparison. The best rule group is selected based upon the degree of effectiveness.