Abstract: In one embodiment, probe-packet discovery of entropy values causing specific paths to be taken through a network is performed. One embodiment sends, from a first network node to a second network node in a network, a plurality of Equal Cost Multipath (ECMP) path-taken probe packets, each with a different entropy label, to determine a particular entropy label for each particular ECMP path of a plurality of different ECMP paths between the first network node and the second network node that will cause a packet including the particular entropy label to traverse said particular ECMP path. The ECMP paths taken by the plurality of ECMP path-taken probe packets is analyzed to determine one or more entropy labels for each different ECMP path of the plurality of different ECMP paths that will cause a packet including one of said one or more entropy labels to traverse said different ECMP path.

Abstract: In one embodiment, a hierarchical scheduling system including multiple scheduling layers with layer bypass is used to schedule items (e.g., corresponding to packets). This scheduling of items performed in one embodiment includes: propagating first items through the hierarchical scheduling system and updating scheduling information in each of the plurality of scheduling layers based on said propagated first items as said propagated first items propagate through the plurality of scheduling layers, and bypassing one or more scheduling layers of the plurality of scheduling layers for scheduling bypassing items and updating scheduling information in each of said bypassed one or more scheduling layers based on said bypassing items. In one embodiment, this method is performed by a particular machine. In one embodiment, the operations of propagating first items through the hierarchical scheduling system and bypassing one or more scheduling layers are done in parallel.

Abstract: In one embodiment a limited functionality link state protocol node has one or two interfaces configured to send and receive link state protocol packets. In response to receiving, by the partially-participating link state protocol node on a first interface, a particular link state protocol data unit (LSP): sending the particular LSP from a second interface of the partially-participating link state protocol node without updating the local link state database when the second interface is currently participating in the link state protocol distribution; and sending an acknowledgment of the particular LSP from the first interface when the second interface is not currently participating in the link state protocol distribution.

Abstract: One embodiment includes a firewall, intrusion prevention, or other device that automatically and dynamically adjusts packets subjected to certain rate limiting based on the reputation level associated with these packets (e.g., based on the reputation score of the source of a packet). In response to measured traffic, one embodiment automatically adjusts the range of reputation scores determining which packets are subjected to this rate limiting (e.g., which packets are possibly dropped), such as, but not limited to increase or decrease the measured traffic. For example, packet traffic with a worse reputation can be singled out for this rate limiting during a period of increased traffic, and then when the measured traffic subsides, the range of reputation scores can be correspondingly changed to allow more measured traffic.

Abstract: In one embodiment, a negotiation is performed between each adjacent pair of a plurality of packet switching devices in a ring network to determine an Internet Protocol (IP) subnet to be used for communicating between said packet switching devices of said adjacent pair. Packets are communicated by said packet switching devices of said adjacent pair using a different IP address of said determined IP subnet. In one embodiment, each of the plurality of packet switching devices is initially assigned an IP subnet to use on one of its two interfaces participating in the ring network; and wherein said negotiation determines which of said two interfaces will use said initially assigned IP subnet.

Abstract: In one embodiment, a first search operation is performed based on a base lookup word on a first plurality of content-addressable memory entries of an overall plurality of priority-ordered content-addressable memory entries to identify a first matching entry and a corresponding first overall search position of the first matching entry within the overall plurality of priority-ordered content-addressable memory entries. A second search operation is performed based on the base lookup word on a second plurality of content-addressable memory entries of the overall plurality of priority-ordered content-addressable memory entries to identify a second matching entry and a corresponding second overall search position of the second matching entry within the overall plurality of priority-ordered content-addressable memory entries. The corresponding first overall search position is compared to the corresponding second overall search position to determine the overall search result.

Abstract: In one embodiment, an apparatus in a network determines particular metadata to communicate infrastructure information associated with a particular packet to another apparatus in the network. The apparatus sends into the network the particular packet including a metadata channel, comprising said particular metadata, external to the payload of the particular packet. Examples of infrastructure metadata carried in a packet include, but are not limited to, information defining service chaining for processing of the packet, contextual information for processing of the packet, specific handling instructions of the packet, and operations, maintenance, administration (OAM) instrumentation of the packet.

Abstract: In one embodiment, a working path through a packet switched network is protected by a protection path. In response to a switchover condition, a packet switching device ceases to enqueue packets for sending over the current working path. Packets are enqueue for sending over the protection path, with a delay by a predetermined duration before beginning to dequeue and send of packets over the protection path. A sending packet switching device, by delaying an appropriate predetermined duration, can guarantee that the protection switching operation will not induce packet reordering nor packet loss. This predetermined delay is calculated, possibly based on measurements, of different component delays of sending packets over the working and protection paths. For example, these component delays typically include latency within the sending device, latency of communications between the sending device and the destination, and latency with the destination.

Abstract: In one embodiment, a one-way delay is measured between optical devices in an optical transport network based on roundtrip times of request and corresponding response frames. A first optical device sends a sequence of delay measurement request frames to a second optical device, which varies a local delay before responding to a request frame, thus causing a slippage in the sequence of reply frames received by the first device. The point at which the request frames are received in relation to the stream of frames sent by the optical device can be identified based on the frame slippage. Therefore, the delay measurement can be adjusted by a corresponding offset to the beginning of a frame in order to increase the accuracy of the one-way delay measurement.

Abstract: In one embodiment, batch entries include multiple content-addressable memory (CAM) entries, and CAM entries are allowed to be shared among different batch entries. For example, two or more batch entries might have a common set of bits (e.g., representing an address, an address prefix, etc.). Rather than consuming bits of multiple CAM entries, a single CAM entry can be programmed with this common information. Other CAM entries associated with different batch entries are programmed with the distinguishing/different values. A batch lookup operation on a batch entry of two or more CAM entries requires multiple lookup operations on the CAM entries. One embodiment uses a batch mask vector to provide information to decode what CAM entries are shared among which batch entries during a series of lookup operations, which can be performed in one or both directions through the CAM entries.

Abstract: In one embodiment, multiple content-addressable memory entries are associated with each other to effectively form a batch content-addressable memory entry that spans multiple physical entries of the content-addressable memory device. To match against this content-addressable memory entry, multiple lookup operations are required—i.e., one lookup operation for each combined physical entry. Further, one embodiment provides that a batch content-addressable memory entry can span one, two, three, or more physical content-addressable memory entries, and batch content-addressable memory entries of varying sizes could be programmed into a single content-addressable memory device. Thus, a lookup operation might take two lookup iterations on the physical entries of the content-addressable memory device, with a next lookup operation taking a different number of lookup iterations (e.g., one, three or more).

Abstract: In one embodiment, the integrity of forwarding paths within a packet switching device is investigated. A packet switching device creates a probe packet. The packet switching device then communicates the probe packet within the packet switching device in a normal forwarding manner, while monitoring at multiple positions along forwarding paths through the packet switching device for the appearance of the probe packet. The traveling within the packet switching device of the probe packet, including as identified by the monitored positions, is analyzed to identify whether or not the probe packet was correctly forwarded at one or more locations within the packet switching device.

Abstract: In one embodiment, packet streams are reliably transported through a network using packet replication. A packet stream is received at a duplication point in a network, with two or more copies of each of the packet streams being transported, typically over divergent paths in the network, to a merge point from which a single copy of the packet stream is forwarded or consumed. In one embodiment, this merge point is a packet switching device that includes ingress card(s) and egress line card(s), wherein multiple copies of the packet stream are received by ingress line card(s), with only a single copy provided to an egress line card of the packet switching device. In this manner, a switching fabric or other communication mechanism communicatively coupling the ingress line card(s) to the egress line card, nor the egress line card, is taxed with the burden imposed by additional copies of packet stream.

Abstract: In one embodiment, the processing by a packet switching device of a received network-to-link-layer address resolution request message (e.g., Address Resolution Protocol [ARP] Request message, Neighbor Discovery Protocol [NDP] Neighbor Solicitation message) is dependent upon whether or not its target IP address corresponds to a network gateway packet switching device. When the target IP address of a received ARP Request/NDP Neighbor Solicitation message corresponds to a network gateway, then the packet switching device responds effectively on behalf of the network gateway, rather than forwarding the message to the network gateway. When the target IP address of a received ARP Request/NDP Neighbor Solicitation message does not correspond to a network gateway and the Media Access Control (MAC) address corresponding to the target IP address is known, then the packet switching device transforms then sends the broadcast or multicast frame into a unicast frame.

Abstract: Disclosed are, inter alia, methods, apparatus, computer-storage media, mechanisms, and means associated with registration of optical device characteristics of optical network devices with an optical control layer of the optical network for use in establishing compatible connections through the optical network. Especially end network devices and internal network optical devices that regenerate the optical signal register their communication capabilities of their optical interfaces with the optical control layer of an optical network. This registration allows a light path to be established through the optical network which is compatible with the registered capabilities. The optical control layer may be centralized in an optical layer server and/or distributed among optical devices in the optical network, such as on control processors in multiple, optical layer devices.

Abstract: In one embodiment, excess committed network appliance resources are shared for providing services within a network appliance. One approach maintains service resources in a committed service resource pool and one or more other pools of service resources. Service resources are taken from a corresponding pool as needed. Service resources are reallocated to the committed resource pool as needed to ensure that service resources are available to service corresponding packet streams at their corresponding committed rate. Examples of such services provided by a network appliance include, but are not limited to, network address translation (NAT), firewall, Internet Protocol Security (IPsec), virtual private network (VPN), or deep packet inspection (DPI) services.

Abstract: In one embodiment, a packet switching device is configured to perform a lookup operation, based on a particular per-CE label (per-Customer Edge label) included in a particular packet, in a forwarding data structure for identifying forwarding information for the particular packet. When a corresponding outbound path is unavailable, a per-VRF (per-Virtual Routing and Forwarding) lookup operation in a VRF data structure, identified based on the particular per-CE label, based on a destination address of a packet encapsulated within the received packet. A corresponding packet is forwarded based on the results of the VRF lookup operation. In one embodiment, a set of more than one egress line card is identified based on this lookup operation, and packets of different routes are load balanced among egress line cards in this identified set of egress line cards.

Abstract: In one embodiment, an operating system kernel and/or one or more processes of a high-availability system are modified while the system is operating and providing high-availability service. In accomplishing this, one embodiment uses a second virtual machine to operate a second operating system kernel including a second set of processes in the standby mode, which receive state information from corresponding process(es) in the active mode. Individually, the operating system kernel and processes within the second set of processes may be a same or different version of their counterpart in a first virtual machine and its processes which are being replaced. When the second set of processes have acquired sufficient state information to perform the standby role, the operation of the first virtual machine is typically ceased as the version modified second virtual machine is performing the version modified functionality of the first virtual machine.

Abstract: In one embodiment, a packet switching device determines backup forwarding paths based on route distinguisher correlation values. A route distinguisher correlation value is some value associated with multiple routes, which allows a packet switching device to consider routes associated with a same route distinguisher correlation value, but having different route distinguishers and a same prefix to be considered as going to a same destination. Examples of route distinguisher correlation value used in one embodiment include, but are not limited to: scalar values, a route distinguisher of a different route, a virtual private network associated with a different route; a route target associated with the a different route; or a Border Gateway Protocol (BGP) Next-hop address associated with a different route.

Abstract: In one embodiment, active links are added to, and removed from, a multichassis link bundle with one side of the multichassis link bundle terminated on multiple devices of a multichassis device. In one embodiment, adding active links includes selecting which particular device to which to add an active link to the multichassis link bundle based on a device priority of each of the multiple devices, with a device priority of a given device being based on a current number of active links associated with the given device.