Abstract: In one embodiment, for each port of an access node in an access-based computer network, one access server of a plurality of access servers is configured as a preferred access server for that port. Upon receiving a session initiation message at a particular port, the access node forwards the session initiation message to one or more of the access servers based on the configured preferred access server for the particular port.

Abstract: In one embodiment, for each port of an access node in an access-based computer network, one access server of a plurality of access servers is configured as a preferred access server for that port. Upon receiving a session initiation message at a particular port, the access node forwards the session initiation message to one or more of the access servers based on the configured preferred access server for the particular port.

Abstract: Techniques for supporting subscriber sessions for access to an IP network include receiving from a first node at a different second node, a Dynamic Host Configuration Protocol (DHCP) formatted echo-request message. The echo-request message includes a DHCP option field that holds data that indicates an echo-request type. In response to receiving the echo-request message, the second node sends to the first node a DHCP formatted echo-reply message that corresponds to the echo-request message. The echo-reply message includes a DHCP option field that holds data that indicates an echo-reply type. When received by the first node, the echo-response message causes the first node to determine a connected state with the second node. Point to Point Protocol (PPP) keep-alive messages between a customer premises node and a remote access server gateway to an IP network may be replaced by these DHCP echo-request and echo-reply messages.

Abstract: Techniques for authenticating a user for access to an IP network include receiving from the user's host a DHCP request which includes user identifier data. A random challenge value is determined and sent to the user's host in a DHCP message format. A response message that includes a response value is received from the user's host in DHCP format. A verification value is determined based on a password value associated with the user identifier value in an AAA server and the current challenge value using a secure process that renders impractical an attempt to derive the password. If it is determined that the response value does not match the verification value, then a DHCP offer is prevented from being sent to the user's host in response to the DHCP request. Thus, a user is authenticated using DHCP instead of PPP.

Abstract: Techniques for providing remote access to a service provider network include exchanging multiple Dynamic Host Configuration Protocol (DHCP) formatted messages instead of any Point to Point Protocol (PPP) message to provide all PPP functions for accessing a service provider network from a customer node. The service provider network is on provider premises and the customer node is on customer premises different from the provider premises. The DHCP format is used to exchange authentication messages, user profile data on Authentication, Authorization and Accounting (AAA) servers, or session keep-alive echo messages, alone or in some combination. When all are message types are combined, these techniques provide a remote access server (RAS) with the capability to perform all functions presently provided by PPP processes. In some combinations, these techniques allow a modified DHCP server to replace a legacy AAA server.

Abstract: Techniques for distributing digital content include receiving provider content over a network connection at a customer premises node located on premises of a first customer. The provider content is offered by a network service provider different from the first customer. Provider data based on the provider content is stored in non-volatile storage on the customer premises node of the first customer. It is determined whether conditions are satisfied for sending the provider content to a second customer different from the first customer. If it is determined that such conditions are satisfied, then the provider data is retrieved from the non-volatile storage, and data based on the provider data is sent over the network connection for receipt by the second customer. Thereby a customer premises node serves as a cache of provider content for other customer premises nodes on the same last mile segment or access network.

Abstract: An embodiment may provide for link fragmentation and interleaving at an access device located between a point to point link and a tunneled connection. An embodiment may include a method of receiving frames through a tunnel from a network server, fragmenting at least some of the frames from the network server, and sending fragmented and unfragmented frames over a data link to an endpoint device. In some embodiments the frames may be multilink point to point protocol (MLPPP) frames. In yet another embodiment, the frames may be received through a layer two tunneling protocol (L2TP) tunnel. An embodiment may include scanning a frame for PPP options and removing options related to MLPPP negotiation and then forwarding the frame to a network server. An embodiment may comprise means capable of executing the embodiment method or may include instructions that when executed on a machine are capable of the embodiment method.

Abstract: A computer network includes first and second Ethernet access domain networks, each of Ethernet access domain networks including a user-facing provider edge (u-PE) device, and a stack group of network-facing provider edge (n-PE) devices coupled with the u-PE device, the n-PE devices running a bidding protocol to select one of the n-PE devices as a primary n-PE device for a single pseudowire connection path between the first and second Ethernet access domain networks. It is emphasized that this abstract is provided to comply with the rules requiring an abstract that will allow a searcher or other reader to quickly ascertain the subject matter of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or meaning of the claims. 37 CFR 1.72(b).

Abstract: Techniques for negotiating Point-to-Point Protocol (PPP) sessions over an Ethernet network include receiving configuration data that indicates a first node is connected to a second node thorough an Ethernet network that supports Ethernet frame payload sizes larger than 1500 octets. Request data is received at the first node from the second node. The request data indicates a request for PPP communications between the first node and the second node using a requested PPP payload size greater than 1492 octets. A particular PPP payload size greater than 1492 octets is determined. Response data is sent from the first node to the second node. The response data indicates that the particular PPP payload size greater than 1492 octets is to be used for PPP communications between the first node and the second node. These techniques allow better utilization of Ethernet Jumbo, Giant and Baby Giant frames.

Abstract: Techniques for operating a network interface include automatically determining whether communications are terminated over a particular attachment circuit on a network interface on an intermediate network node at an edge of a provider network, whereby a sign of death (SOD) on the particular attachment circuit is indicated. The attachment circuit is switched with a particular virtual private network that is a link layer virtual private network (VPN) encapsulated in a higher layer protocol. The provider network is a packet-switched network. The network interface is for a direct communication link to a customer network node outside the provider network. If it is determined that there is an indication of the SOD, then a new network action is initiated in response to the SOD on the particular attachment circuit. These techniques allow for automatic logging of usage, billing, and fault detection, as well as for over-subscription of network resources for multiple VPNs.

Abstract: Techniques for configuring a particular network interface on a particular node at an edge of a provider network to support a particular virtual private network include receiving customer input data. The provider network is a packet-switched network and the particular virtual private network is a link layer virtual private network. The customer input data indicates a topology for customer equipment devices outside the provider network on the particular virtual private network, and may include properties for corresponding interfaces that connect the customer equipment devices to the edge nodes. Based on the customer input data, configuration data is determined for configuring the particular interface at the particular node. The particular node is caused to configure the particular interface based on the configuration data without human intervention. Among other effects, these techniques support zero-touch provisioning of virtual private networks.

Abstract: A method and apparatus for processing a signal on an intermediate network node at an edge of a provider packet-switched network to support a link-layer virtual private network includes receiving a signal on a particular interface. The particular interface is for a direct communication link to a customer network node outside the provider network. It is determined whether the signal indicates that the particular interface is changing from an inactive state to an active state, whereby the signal is called first sign of life (FSOL). If it is determined that the signal is FSOL, then configuration data is determined for configuring the particular interface for the particular virtual private network. The signal is processed based on the configuration data. These techniques allow a dynamic response to new signals on a customer interface without human intervention by the provider.

Abstract: A method and apparatus for configuring a network interface to support a virtual private network includes storing configuration data at a server on a host computer on the provider network. It is determined whether conditions are satisfied for sending the configuration data to a particular node at an edge of the provider network. If it is determined that conditions are satisfied, then the configuration data is sent to the particular node to cause the particular node to configure a particular interface for supporting a virtual private network over the provider network based on the configuration data without human intervention. The provider network is a packet-switched network and the particular virtual private network is a link layer virtual private network. The particular node is different from the host. The particular interface is for a direct communication link to a customer network node outside the provider network.

Abstract: A method and apparatus for configuring a network interface to support a virtual private network includes storing configuration data at a server on a host computer on the provider network. It is determined without human intervention whether conditions are satisfied for sending the configuration data to a particular node at an edge of the provider network without receiving a request message from the particular node. If it is determined that conditions are satisfied, then the configuration data is sent to the particular node to cause the particular node to configure a particular interface for supporting a virtual private network over the provider network based on the configuration data. The particular node is different from the host. These techniques allow changes in configuration data to be pushed to provider edge nodes without human intervention.

Abstract: Techniques for exchanging point to point protocol (PPP) information among network nodes using an arbitrary network protocol include determining whether a PPP payload includes PPP control data. If so, then an outbound protocol frame is generated with the PPP control data in a payload and with an outbound protocol type field that indicates PPP control data. The outbound protocol frame is sent to a server which uses the PPP control data. The outbound protocol is different from PPP and from PPP over Ethernet (PPPoE) and from PPP over Asynchronous Transfer Mode (ATM) protocol (PPPoA). The outbound protocol may be Ethernet or ATM Adaptation Layer (AAL) or some other protocol. These techniques allow PPP control plane functionality while utilizing IP over Ethernet for the data plane.

Abstract: A method and apparatus for changing a secret value used to authenticate network protocol control messages among network nodes in a trusted domain includes configuring each network node in the domain to use a first secret value to authenticate network protocol control messages among network nodes in the domain. After every network node in the domain has been configured with the first secret value, each network node in the domain is configured to use a different second secret value to authenticate network protocol control messages. After every network node has been configured with the second secret value, each network rode in the domain is configured to no longer use the first secret value to authenticate network protocol control messages. Thus a configured secret value for authentication is changed from the first secret value to the second secret value while maintaining communication of network protocol control messages within the domain.