Abstract: A system for storing information in a network. The system includes one or more network elements and a message adapted for transfer between the one or more network elements. A mechanism selectively augments the message with information pertaining to a state associated with the one or more network elements. In one embodiment, the system includes space within the message for accommodating one or more state vias containing the state information. One or more computers associated with the one or more network elements are adapted to update the message with state information pertaining to each of the one or more network elements that receives the message via the network.

Abstract: A Real-Time Protocol (RTP) source node of a network operates to send a first data packet of a first size to a destination node over a path of the network that includes a plurality of intermediate nodes, at least one of the intermediate nodes having a maximum transmission unit (MTU) size smaller than the first size such that fragmentation of the first data packet occurs. The destination node sends back to the source node a RTCP report that includes a number of fragments received and a largest minimum data packet size. In response, the source node sends subsequent data packets having a second size less than or equal to the largest data packet size of the fragments. It is emphasized that this abstract is provided to comply with the rules requiring an abstract that will allow a searcher or other reader to quickly ascertain the subject matter of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or meaning of the claims.

Abstract: Methods and apparatus are provided for applying color based policing at a network node. Committed information rate (CIR) and peak information rate (PIR) buckets used to monitor transmission rates are augmented using CIR overflow and PIR overflow buckets. The CIR and PIR overflow buckets hold tokens provided to CIR and PIR buckets that exceed the associated burst limits. Based on the availability of tokens and the color associated with a received packet, an action can be applied to the packet that promotes the color associated with the packet.

Abstract: A communication device such as a Voice over Internet Protocol (VoIP) gateway multiplexes data intended for multiple voice connections within a single IP packet. If it is known in advance that packets for multiple connections between a given Originating Exchange (OEX) and Terminating Exchange (TEX) will travel between the Originating Gateway and Terminating Gateway, voice samples are multiplexed into the same VoIP packet. This “cell multiplexing” is accomplished by adding a cell header field to each cell payload portion. The cell header field indicates at least a connection identifier, so that the terminating gateway can route the payload to the correct TEX trunk. The scheme permits greatly improved efficiency in the carrying of VoIP traffic, especially where efficient voice coders are used.

Abstract: An apparatus and method for reducing overflow in a hash table lookup mechanism that moves entries from full or nearly full buckets in one hash table to less full buckets of another hash table. The number of bucket overflows caused by hashing input addresses can be reduced.

Abstract: Disclosed are methods and apparatus for generating, as well as processing data that is traversing (or will be traversing) a translation device, such as a Network Address Translation (NAT) device. In one embodiment, a method of sending data from a first node to a second node is disclosed. The method includes sending a data packet having a header and a payload whereby the header includes (i) one or more fields which identify an application type that uses addresses and indicates that there is a tag present in the payload that serves as a substitute for an address and (ii) an address and whereby the payload includes a tag that is positioned so that it serves as a substitution for an address that is used the identified application. The one or more fields are associated with the address of the header.

Abstract: A technique is performed by a high availability main primary DNS name server. The technique involves receiving a DNS update sent from a DNS client to the main primary DNS name server and directly modifying a main DNS record based on the DNS update. The technique further involves directing a backup primary DNS name server to modify a backup DNS record based on the DNS update while both the main primary DNS name server and the backup primary DNS name server (i) are configured to distribute DNS information to secondary DNS name servers and DNS clients and (ii) are in ongoing communication with each other, the backup primary DNS name server being configured to receive DNS updates sent from the DNS clients to the backup primary DNS name server and modify backup DNS records based on the DNS updates in response to a loss of communication between the main primary DNS name server and the backup primary DNS name server.

Abstract: Techniques for redirecting a client request. The client request is received at a first server. The first server forwards the client request to a second server. The first server receives a result message from the second server. The first server identifies, in the result message, references to resources of the second server. The first server replaces, in the result message, all references to resources of the second server with translated references that reference the first server without replacing references to resources of any other entity other than the second server. The first server sends the translated references to the client as a response to the client request.

Abstract: A system controls security during operation of a computerized device by enforcing a first security policy during first operational state of the computerized device. Enforcement of the first security policy provides a first level access to resources within the computerized device by processes operating in the computerized device. The system detects a transition operation of the computerized device that occurs during enforcement of the first security policy indicating that operation of the computerized device is transitioning from the first operational state to a second operational state and in response, enforces a second security policy corresponding to the second operational state to provide a level of access to the resources within the computerized device that corresponds to the second operational state during operation of the second operational state. This can be repeated for many different states including boot time, normal runtime, installation, shutdown, and a compromised state.

Abstract: A network device has a network interface to allow the device to send and receive traffic across a network. The device also has a cable connection to allow the device to exchange data with at least one cable modem and a processor to associate a cable interface and cable service identifier with a cable modem; receive a packet from the cable modem; and insert a layer 2 network identifier, the identifier comprising two service provider VLAN (SP-VLAN) tags, into the packet. The processor in the network device identifies a virtual trunk interface based on the outer SP-VLAN tag and identifies the virtual private network based on the inner SP-VLAN tag.

Abstract: In one embodiment, a method and apparatus of controlling transmission of data packets in a communications network includes designating all networking devices in a portion of the communications network as either hubs or spokes, communicating a link-state advertisement to each connected hub and spoke in the portion of the communications network, computing a shortest path tree at all the hubs and the spokes based on the link-state advertisement, the computing including truncating the shortest path tree at the hubs only for links leading from the spoke to the hub, creating a routing table at each of the hub and the spoke based on the truncated shortest path tree, and transmitting the data packets in the communications network based on the link-state advertisement. The shortest path tree includes all data transmission routes in the tree except links leading from a spoke to a hub.

Abstract: Systems, methods, and other embodiments associated with processing secure network traffic are described. One example method includes determining whether a device is a preconfigured member of a group key system. If the device is not a preconfigured member then the method selectively establishes membership in the group key system by requesting membership from a group controller. The example method may also include receiving a set of keys from the group controller and being assigned a role by the group controller. The method may further include processing secure network traffic as an inspection point, a rewriting point, and/or a validation point based on the received set of keys and the assigned role(s).

Abstract: Disclosed are, inter alia, methods, apparatus, computer-storage media, mechanisms, and means associated with load balancing across multiple network address translation (NAT) instances and/or processors. N network address translation (NAT) processors and/or instances are each assigned a portion of the source address traffic in order to load balance the network address translation among them. Additionally, the address space of translated addresses is partitioned and uniquely assigned to the NAT processors and/or instances such that the identification of the assigned NAT processor and/or instance associated with a received translated address can be readily determined there from, and then used to network address translate that received packet.

Abstract: A method for programming programmable devices includes monitoring a status pin for each of the programmable devices, maintaining state information for the programmable devices indicating whether each programmable device is programmed, and transitioning each programmable device from a programmed state to an operating state. A monitoring module includes detectors, a memory and a processor. The detectors detect indications on the status pins of programmable devices that the programmable devices are programmed. The memory stores state information about the programmable devices. The processor communicates control signals to the programmable devices instructing them to transition from the programmed state to the operating state.

Abstract: Systems, methods, devices and techniques can be used in networks including resilient packet ring networks and other types of ring topology networks to adjust the flow of data traffic to MAC clients associated with stations on the network. In one example, adjusted fairness rates and/or messages associated with a network communication protocol are used to reduce traffic destined for a particular station and/or a MAC client associated with that station. In another example, station MAC clients or other components implement virtual destination queues and transmit information associated with the rate at which they receive data. The information and queues are used to reduce traffic destined for a particular station and/or a MAC client associated with that station.

Abstract: Nodes in a network include a pseudo-timestamp in messages or packets, derived from local pseudo-time clocks. When a packet is received, a first time is determined representing when the packet was sent and a second time is determined representing when the packet was received. If the difference between the second time and the first time is greater than a predetermined amount, the packet is considered to be stale and is rejected, thereby deterring replay. Because each node maintains its own clock and time, to keep the clocks relatively synchronized, if a time associated with a timestamp of a received packet is later than a certain amount with respect to the time at the receiver, the receiver's clock is set ahead by an amount that expected to synchronize the receiver's and the sender's clocks. However, a receiver never sets its clock back, to deter attacks.

Abstract: A method, an apparatus, and a carrier medium carrying computer readable code segments to instruct a processor to execute the method. The method is in a wireless network that includes at least one access point. The method includes, from time-to-time, measuring a first set of at least one property of each access point of a set of at least one classified access point of the wireless network. The method further includes re-classifying each access point based on at least one function of a second set of at least one property of the access point, the second set of properties including the first set of properties. The set of at least one access point is classified according to a set of AP classifications, and the re-classifying is into one of the AP classifications.

Abstract: A hierarchical traffic management system and method (i.e., a QoS behavioral model) are disclosed herein. The system includes a classifier operable to identify and classify incoming traffic streams and a queuing system. The queuing system includes a plurality of queues and is operable to apply scheduling policies to the traffic streams. The queues of the queuing system each include enqueue attributes configured to control a depth of the queue and dequeue attributes configured to control scheduling of the queue. The dequeue attributes include minimum bandwidth, maximum bandwidth, excess bandwidth, and priority, wherein each of the queues has one or more of the dequeue attributes defined.