Abstract: In one embodiment, a method includes receiving a first identifier and a private key after a network device has been included in a data center switch fabric control plane, authenticating the network device based on the private key, sending a second identifier to the network device, and sending a control signal to the network device based on the second identifier. The first identifier is associated with the network device and unique within a segment of the data center switch fabric control plane. The second identifier is unique within the segment of the data center switch fabric control plane.

Abstract: In one embodiment, a method includes receiving a first identifier and a private key after a network device has been included in a data center switch fabric control plane, authenticating the network device based on the private key, sending a second identifier to the network device, and sending a control signal to the network device based on the second identifier. The first identifier is associated with the network device and unique within a segment of the data center switch fabric control plane. The second identifier is unique within the segment of the data center switch fabric control plane.

Abstract: In one embodiment, a method includes receiving a first identifier and a private key after a network device has been included in a data center switch fabric control plane, authenticating the network device based on the private key, sending a second identifier to the network device, and sending a control signal to the network device based on the second identifier. The first identifier is associated with the network device and unique within a segment of the data center switch fabric control plane. The second identifier is unique within the segment of the data center switch fabric control plane.

Abstract: In one embodiment, a method includes receiving a configuration request and a first key from a network device, granting a first class of access to the network device, sending a configuration instruction to the network device, receiving an association request from the network device, and granting a second class of access to the network device. The configuration request and the first key are received at a first time. The network device is outside a secure network segment at a first time. The first class of access is granted based on the first key. The configuration instruction is send in response to granting the first class of access. The association request includes a second key. The granting the second class of access is based on the second key.

Abstract: In one embodiment, an apparatus comprises logic for detecting stolen authentication cookie attacks. A first transport connection is established between a client and a gateway server, where the first transport connection is authenticated by the gateway server. A first authentication cookie is associated with a client session, between the client and the gateway server, that includes the first transport connection. A second transport connection is established at the gateway server. A request is received over the second transport connection. The request includes the first authentication cookie to associate the second transport connection with the client session. A second authentication cookie is generated for the client session and is returned over the second transport connection. Thereafter, a determination is made whether the second authentication cookie is received over the first transport connection.

Abstract: Method and system for providing improved uniform resource locator (URL) mangling performance using fast re-write including scanning a web page, detecting an absolute URL in the web page, and modifying the detected absolute URL to a corresponding relative URL in the web page, is disclosed.

Abstract: A network element implementing a method for determining an optimal maximum transmission unit (MTU) value on a path between two nodes in a network is described. A sending node interested in learning the optimal MTU path value allows fragmentation of datagrams sent on the path, selects an initial MTU, and sends one or more data packets to a receiving node. Upon receiving the data the receiver determines if fragmentation occurred. If no fragmentation occurred then the MTU path selected is the optimal MTU for the given path between the nodes. If fragmentation did occur then the sender is notified that the selected MTU was not the optimal MTU for the path. Either the receiver proposes a new MTU for the path, or the sender selects a new, smaller MTU. The process repeats until the receiver detects no fragmentation.

Abstract: In one embodiment, an apparatus comprises logic for detecting stolen authentication cookie attacks. A first transport connection is established between a client and a gateway server, where the first transport connection is authenticated by the gateway server. A first authentication cookie is associated with a client session, between the client and the gateway server, that includes the first transport connection. A second transport connection is established at the gateway server. A request is received over the second transport connection. The request includes the first authentication cookie to associate the second transport connection with the client session. A second authentication cookie is generated for the client session and is returned over the second transport connection. Thereafter, a determination is made whether the second authentication cookie is received over the first transport connection.

Abstract: Method and system for providing improved uniform resource locator (URL) mangling performance using fast re-write including scanning a web page, detecting an absolute URL in the web page, and modifying the detected absolute URL to a corresponding relative URL in the web page, is disclosed.

Abstract: A network element implementing a method for determining an optimal maximum transmission unit (MTU) value on a path between two nodes in a network is described. A sending node interested in learning the optimal MTU path value allows fragmentation of datagrams sent on the path, selects an initial MTU, and sends one or more data packets to a receiving node. Upon receiving the data the receiver determines if fragmentation occurred. If no fragmentation occurred then the MTU path selected is the optimal MTU for the given path between the nodes. If fragmentation did occur then the sender is notified that the selected MTU was not the optimal MTU for the path. Either the receiver proposes a new MTU for the path, or the sender selects a new, smaller MTU. The process repeats until the receiver detects no fragmentation.

Abstract: A method of modifying network identifiers at data servers is disclosed. A virtual private network (VPN) gateway server generates a Hypertext Transfer Protocol (HTTP) request. The HTTP request not only requests data from a data server that is within a VPN, but also instructs the data server to modify (“mangle”) URLs that are contained within the requested data so that the URLs refer to the VPN gateway server. The VPN gateway server sends the HTTP request toward the data server. As a result, the data server modifies the URLs so that the VPN gateway server does not need to. When such a modified URLs is selected in a web browser, the web browser generates an HTTP request that is directed to the VPN gateway server's URL, which, unlike the unmodified URLs, can be resolved by domain name servers that are outside of the VPN.