Abstract: A solution is provided wherein the interfaces between multiple chassis (e.g., edge switches) in a network of layer 2 devices and a spanning tree device are treated as a single emulated switch. This emulated switch effectively enables two different views to the two different sides. Thus, frames from the network of layer 2 switches destined to any port of the emulated switch may take any of the links (through any of the physical switches), thereby enabling effective load-balancing for frames traveling from the layer 2 network side into the spanning tree device. Meanwhile the spanning tree device does not recognize an illegal loop in its connection to two different edge switches as it views the two links as a single logical EtherChannel.

Abstract: A system for managing bandwidth use in a device. In a specific embodiment, the device is a network device that includes a first data scheduler that is adapted to initially share available device bandwidth among a first type of traffic and a second type of traffic on an as-needed basis. A traffic monitor communicates with the first scheduler and causes the first data scheduler to guarantee predetermined transmission characteristics for the second type of traffic. The first data scheduler includes one or more routines for prioritizing first type of traffic above the second type of traffic when the network device is in a first operational mode, and prioritizing the second type of traffic above the first type of traffic when the network device is in a second operation al mode. The minimum transmission characteristics include a minimum service rate and a minimum latency for the second type of traffic.

Abstract: Disclosed are systems and methods for persisting management information indexes across multiple network elements. In particular, methods of detecting and curing potential collisions among a peer group of network elements by use of a hashing function can be provided in accordance with embodiments. For example, a method for maintaining persistence across network elements can include: (i) configuring one of the network elements, and providing a configuration string therefrom; (ii) performing a hashing algorithm on the configuration string to provide a hash value; (iii) determining if any collisions exists between the hash value and corresponding values from among a peer group of network elements; and (iv) assigning the hash value as a management table index when no collision is found, or assigning a new value for the management table index when a collision is found.

Abstract: Disclosed are, inter alia, methods, apparatus, data structures, computer-readable media, mechanisms, and means for providing a JTAG to system bus interface for accessing embedded analysis system(s). JTAG commands are received and converted into commands sent out a bus to a device including an embedded analysis instrument, with results received over the bus forwarded out the JTAG interface to an external device. Such a JTAG to system bus interface may eliminate the need to provide separate JTAG TAP interfaces on each ASIC of a board, and/or eliminate the need to daisy chain multiple TAP interfaces of multiple ASICs in order to provide a single TAP interface for accessing the multiple embedded testing instruments.

Abstract: Techniques for routing content requests are provided. In one embodiment, a first device at a network device sends a request from a first device at a first site for content to a second device at a second site. The second device determines if the request should be redirected to a third device in a third site. For example, a content server in the second site may decide that a request is better serviced by a third site. This may be because the third site may be closer to the first site, the second site may be overloaded or down, etc. If the request should be redirected, the second device determines a rule for sending further requests for the content to the third site. Signaling is then sent to the network device such that the rule may be installed where further requests for the content are sent to the third site. The further requests are sent to the third site without going through the second site.

Abstract: A multilevel coupled policer is configured to police packets using at least two policing levels, including a first-level of class policers and a second-level aggregate policer. The multilevel coupled policer is configured to share bandwidth of the aggregate policer among packet traffic corresponding to the class policers based on the packet traffic. The multilevel coupled policer is configured to apply a particular class policer corresponding to a particular packet to identify a tentative policing action. The multilevel coupled policer is configured to apply the second-level aggregate policer to the particular packet based on the identified the tentative policing action and a result of a comparison operation of the number of tokens in one or more token buckets associated with the second-level aggregate policer and the length of the particular packet in order to determine a final policing action for marking and/or applying to the particular packet.

Abstract: One or more firewalls are used to perform firewall functionality on packets based on the entry and exit accesses of each of the one or more firewalls being applied to a packet. For example, when firewalls are included in a router, the interfaces of the router are typically mapped to virtual firewalls and access thereof. Based on the determined routing of a particular packet, the firewalls to apply and their corresponding entry and exit accesses are identified. In order to decouple the application by the firewall itself of the security policies from the network topology and routing architecture (e.g., the network routing address information which is typically relied upon by current firewalls), the firewall functionality is defined based on the identified entry and exit accesses of a firewall, rather than based on network defined addresses, for example.

Abstract: Disclosed are, inter alia, methods, apparatus, data structures, computer-readable media, mechanisms, and means for supporting a large number of virtual local area networks (VLANS) in a bridged network. Packets are received that include 802.1Q Virtual Local Area Network (VLAN) identifiers (VIDs). However, rather than accessing the VLAN forwarding information directly based on the VID as conventionally performed, the VLAN forwarding information to use for a particular packet is determined based on an interface (e.g., virtual or physical interface, port, MPLS label, GRE tunnel or other abstraction of the interface). In other words, the interface associated with the packet identifies a context for determining the VLAN forwarding information based on the VID included in the packet. Therefore, network bridging devices can support more VLANs than that imposed by the 4096 possible values of a VID.

Abstract: In on embodiment, techniques for providing alerts to a user when a communication frequency pattern between a user and a contact has not occurred during a pre-determined amount of time are provided. Communication records between the contact and the user can be analyzed to determine if the communication frequency pattern with the contact during the pre-determined amount of time does not meet pre-determined criteria. For example, the criteria may be generate an alert if communications do not occur in the last month, generate an alert if less than five communications occur in the last six months, or any other communication pattern. Also, the content of a communication may be analyzed to determine if a certain topic has been discussed. If a certain topic has not been discussed during the pre-determined amount of time, an alert may also be generated reminding the user that the topic has not been discussed.

Abstract: Streams of packets are dynamically switched among dedicated and shared queues. For example, when a packet stream is in a maintenance mode (such as to keep a tunnel or packet stream associated with a server active) all packet traffic received over a packet stream is directed into the shared queue while the packet stream is not associated with one of the dedicated queues. In response to a detected change in the packet activity status of packet traffic (e.g., the establishment of a call or an increase in packet traffic, especially desirous of individualized quality of service) over a particular packet stream of the packet streams, the particular packet stream is associated with a particular group of dedicated queues such that at least non-control data traffic received over the particular packet stream is subsequently directed into the particular group of dedicated queues while the particular packet stream remains associated with the particular group of dedicated queues.

Abstract: Disclosed are, inter alia, methods, apparatus, data structures, computer-readable media, mechanisms, and means for applying features to packets in an order specified by a selected feature order template. By providing multiple feature order templates, a network device manufacturer can provide the user of the network device the ability to select among a variety of orders in which features are applied, while limiting the possible selectable orderings such as to those capable by the hardware and software of the network device, and/or to a subset of orderings thereof which has been thoroughly tested. Some devices further allow a user to define new feature order templates via a user interface.

Abstract: Out-of-profile rate-limited traffic is sampled to provide data for analysis, such as for, but not limited to, identifying a threat condition such as a denial-of-service or other malicious attack, or a non-malicious attack such as an error in configuration. A rate limiter including at least three states is typically used, with one of these states being an out-of-profile sampling state wherein the packet traffic is sampled to identify one or more sampled packets on which analysis can be performed, with defensive action possibly taken in response to the analysis.

Abstract: Disclosed are conferencing systems, devices, architectures, and methods for managing a conference spanning system to facilitate participation in a plurality of conferences at the same time. An exemplary system having devices and/or structures in accordance with embodiments can include: (i) a plurality of conferences, each conference being configured to support a plurality of media modes; (ii) a presentation mechanism configured to support the plurality of media modes from the plurality of conferences; and (iii) a selector for selecting a conference from the plurality of conferences and designating the selected conference as an active conference and designating non-selected conferences as background conferences, wherein the active conference is assigned at least one enhanced media mode in the presentation mechanism.

Abstract: Class-based bandwidth partitioning of a sequence of packets of varying packet classes is performed, such as, but not limited to determining whether or not to admit a packet to a queue based on a probability corresponding to a class of packets associated with the packet, with this probability being based on measured arrival traffic and a fair share based on the length of the queue. Data path processing is performed on each packet to determine whether to admit or drop the packet, and to record the measured received traffic. Control path processing is periodically performed to update these probabilities based on determined arrival rates and fair shares for each class of packets. In this manner, a relatively small amount of processing and resources are required to partition bandwidth for a scalable number of classes of packets.

Abstract: Stored in the leaf nodes of a data structure that can be used for identifying the longest prefix matching an address are corresponding values from multiple forwarding information bases. A single common address lookup data structure (e.g., a tree, trie, etc.) can be used, and a leaf node can contain information from multiple forwarding information bases. If lookup operations are performed for a single address in multiple forwarding information bases, the single common address lookup data structure may only need to be traversed once. For example, the forwarding information for another forwarding information base may be stored in the same leaf, further down in the data structure requiring traversal from the current position, or above requiring traversal from the root of the lookup data structure. Information can be stored in the leaf node to indicate which traversal option is appropriate for a particular forwarding information base.

Abstract: A content-addressable memory entry is identified as being matched if it matches all bit positions of a lookup word or does not match for less than a predetermined number of bit positions. A match line of the content-addressable memory entry is precharged. During a subsequent matching phase, each of the bit positions of the content-addressable memory entry provides a discharge path for the precharged match line. Whether or not the content-addressable memory should be identified as being matched is then determined typically by comparing the match reference voltage of the match line to a predetermined voltage level at a predetermined time, with the predetermined voltage level and predetermined time selected for the allowed number of bit positions that do not have to be matched while still considering the content-addressable memory entry to have been matched, and the implementation technology of the embodiment.

Abstract: Associative memory bit cells are disclosed for selectively producing binary or ternary content-addressable memory lookup results. Associative memory bit cells are grouped together to act as n binary content-addressable memory cells (CAM) bits or m ternary content-addressable memory (TCAM) bits, with n>m>0. Based on the programming of the associative memory bit cells and the selective application of search values (based on whether they are acting as CAM or TCAM bit cells), the appropriate determination is made as to whether or not to signal a hit or a miss based on the current input search values. These associative memory bit cells can also be combined to provide error protection for either of their operating modes. Error protection can be used to enable a correct result when e bit errors occur in the stored values in the associative memory bit cells.

Abstract: Ternary content-addressable memory (TCAM) entries are disclosed for use in performing error-protected lookup operations by allowing an error budget of u deviations in values stored in each entry. Each TCAM entry is configured to identify a hit condition (else a miss condition) with an input lookup word if its stored value matches each bit of the lookup word with the exception of zero to u of its cells not matching. This determination may be made, for example, using discrete logic or based a voltage level of one or more match lines. Furthermore, it is possible to store at least 2u+1 copies of a data value desired to be protected in a such a TCAM entry among its said t TCAM cells.

Abstract: Disclosed are, inter alia, methods, apparatus, data structures, computer-readable media, and mechanisms, for a route processor adjusting admission control policies for packets destined for the route processor and enforced on line cards. Individual line cards can identify offending packet flows that pass through them. However, for example, it is possible that an attack on the route processor might comprise packets being forwarded to the route processor from different line cards, with these packets belonging to a same or different packet flow. By monitoring and identifying offending packet flows, the route processor can inform at least the line cards corresponding to these offending packet flows in order to adjust their corresponding admission control policies to combat such an attack, while typically allowing legitimate traffic to continue to flow at the desired rate to the route processor.

Abstract: Disclosed are, inter alia, methods, apparatus, data structures, computer-readable media, and mechanisms, for identifying admission control policies and enforcement of these admission control policies on packets destined for a route processor. A typical routing device includes: a route processor, a forwarding lookup mechanism for identifying packets destined for the route processor; a lookup mechanism for identifying admission control parameters for packets destined for the route processor; and an admission control enforcement mechanism for enforcing the identified admission control policy parameters for the packets.