Abstract: A system and method that provides dynamic network policy management. The system enables a network administrator to regulate usage of network services upon initiation of and throughout network sessions. The system employs a method of identifying selectable characteristics of attached functions to establish static and dynamic policies, which policies may be amended before, during and after any session throughout the network based on the monitored detection of any of a number of specified triggering events or activities. Particular policies associated with a particular identified attached function in prior sessions may be cached or saved and employed in subsequent sessions to provide network usage permissions more rapidly in such subsequent sessions. The cached or saved policy information may also be used to identify network usage, control, and security. The system and method of the present invention provides static and dynamic policy allocation for network usage provisioning.

Abstract: A user interface enables a user to concurrently select a plurality of network objects of a network object database (e.g., a MIB) from a same network device or different network devices and specify a value, only once, to which to set the selected objects. The user can initiate setting of the selected objects on the one or more devices by specifying only once that the objects on such devices be set to the specified value. The user interface, which may include a GUI, may be configured to enable the user to specify a value for a cell of a first table (“editing table”), in response to which a plurality of cells of a second table (“primary table”) are set equal to the specified value. The primary table may represent a view of a network object database, each column of the view representing an object type of the network object database.

Abstract: Methods and apparatus for the provision of differentiated services in a packet-based network may be provided in a communications device such as a switch or router having input ports and output ports. Each output port is associated with a set of configurable queues that store incoming data packets from one or more input ports. A scheduling mechanism retrieves data packets from individual queues in accord with a specified configuration, providing both pure priority and proportionate de-queuing to achieve a guaranteed QoS over a connectionless network.

Abstract: A PE device learns the address of a local CE device by monitoring the control messages, such as address resolution messages, originating from those local devices. In one embodiment, automated configuration of the PE devices participating in a Layer 2 VPN is facilitated by permitting a PE device to share the addresses for its locally-attached CE devices with the remote PE devices in the VPN. A PE device may share the addresses of the remote CE devices with the local CE devices by initiating its own control message or responding to an control message issued by one of its local CE devices. This latter mechanism in effect hides the distributed, heterogeneous nature of the network from a local CE device.

Abstract: A system and method to facilitate the translation of Command Line Interface (CLI) configuration scripts associated with a device into the corresponding equivalent CLI configuration scripts of another device. The system includes a translator and one or more data dictionaries. The translator includes a user interface module, a translator logic module to enable the translation, and a current data dictionary module for retaining a selected data dictionary. Each of the data dictionaries includes common syntax generated for a variety of CLI script types. A particular data dictionary is referenced based upon initial input from a network administrator. The translator then generates the automated translation of corresponding scripts from those scripts associated with an original device into a device having differing script requirements.

Abstract: A connector assembly, configured to releasably couple a socket assembly, includes zero or more data conductors. An optical pathway is configured to: receive an optical signal from an optical light source positioned within the socket assembly; and provide at least a portion of the optical signal to an optical light target positioned within the socket assembly.

Abstract: A PE device learns the address of a local CE device by monitoring the control messages, such as address resolution messages, originating from those local devices. In one embodiment, automated configuration of the PE devices participating in a Layer 2 VPN is facilitated by permitting a PE device to share the addresses for its locally-attached CE devices with the remote PE devices in the VPN. A PE device may share the addresses of the remote CE devices with the local CE devices by initiating its own control message or responding to an control message issued by one of its local CE devices. This latter mechanism in effect hides the distributed, heterogeneous nature of the network from a local CE device.

Abstract: A connector assembly, configured to releasably couple a socket assembly, includes zero or more data conductors. An optical pathway is configured to: receive an optical signal from an optical light source positioned within the socket assembly; and provide at least a portion of the optical signal to an optical light target positioned within the socket assembly.

Abstract: Significant performance improvements can be realized in data processing systems by confining the operation of a processor within its internal register file so as to reduce the instruction count executed by the processor. Data, which is sufficiently small enough to fit within the internal register file, can be transferred into the internal register file, and execution results can be removed therefrom, using direct memory accesses that are independent of the processor, thus enabling the processor to avoid execution of load and store instructions to manipulate externally stored data. Further, the data and execution results of the processing activity are also accessed and manipulated by the processor entirely within the internal register file. The reduction in instruction count, coupled with the standardization of multiple processors and their instruction sets, enables the realization of a highly scaleable, high-performing symmetrical multi-processing system at manageable complexity and cost levels.

Abstract: A method for location discovery in a data network includes receiving, at a first device, connection information from a neighboring network device and determining a physical location of the first device based on the connection information. The method can include receiving, at the first device, the physical location transmitted from the neighboring network device. The method can further include associating a level of trust with the physical location based on the neighboring network device. The first device be one of a variety of devices, such as a router, a switch, a network entry device, a firewall device, or a gateway.

Abstract: A hierarchical, distributed Availability Management (AM) process for recovering from component failures in a data processing system. The hierarchy of AM elements track a failure modality hierarchy of the data processing system components. For example, the system hierarchy may include system cards, processors, and processes, in which case the associated AM elements may be implemented at a card manager (CM) level, a system manager (SM) level, and a process manager (PM) level. The AM hierarchy is designed to achieve a failure granularity so that failures in the lower levels of the hierarchy have less of an impact on the entire system. Each AM element is responsible for receiving failure notifications from processing system components associated with a next lower level of the hierarchy.

Abstract: A modular receptacle assembly includes integral optical indication. The receptacle assembly includes a module housing one or more receptacles configured to releasably receive, in an insertion direction, a leading portion of a modular plug. A light pipe having proximal and distal ends, is disposed in the footprint of the module. The proximal end is coupled to the receptacle, and the distal end is coupled to a light source. The proximal end is configured to radiate light onto the leading portion of a plug disposed within said receptacle. An actuator is configured to selectively operate the light pipe.

Abstract: A host-based intrusion detection system (HIDS) sensor that monitors system logs for evidence of malicious or suspicious application activity running in real time and monitors key system files for evidence of tampering. This system detects attacks targeted at the host system on which it is installed and monitors output to the system and audit logs. It is signature-based and identifies and analyzes system and audit messages for signs of system misuse or attack. The system monitors the logs of applications running on the host, including mail servers, web servers and FTP servers. The system also monitors system files and notifies the system administrator when key system and security files have been accessed, modified or even deleted.

Abstract: A plug assembly is provided with integral optical indication. The plug assembly includes a housing having a leading portion and a trailing portion. The leading portion is configured for information exchanging engagement with an internally illuminated receptacle sized and shaped to releasably receive said leading portion therein. The receptacle is configured to radiate light onto the leading portion of the plug. This leading portion includes a light collector configured to receive the light, which is then conveyed via an optical coupling to an optical indicator located on the trailing portion of the plug assembly. The indicator has optical properties distinct from those of said trailing portion to facilitate viewing.

Abstract: Data is provided with location-based access control information. Access to the data at a physical location is then limited according to the location-based access control information. A physical location of a device accessing the data can be determined, and the limiting of the access is then according to the determined physical location. The data can be provided in encrypted form, and limiting access to the data includes enabling decryption of the data according to the physical location.

Abstract: Write transactions with large amounts of data using a typical cache may consume over half of the available backing store bandwidth because of the way traditional caching algorithms fill lines during a write-invoked eviction. Relaxing the traditional constraint of cache coherency improves write performance by eliminating unneeded cache line fills. This technique conserves backing store bandwidth during many write operations while having negligible impact on the cache's read performance.

Abstract: A system and method to monitor, detect, analyze and respond to, triggering conditions associated with packet and signal flows in a network system including attached functions and a network infrastructure. The system includes a detection function, an analysis function, and a response function. The detection function includes a monitoring sub-function, a flow definition sub-function, and a monitor counter sub-function. The flow definition sub-function defines the types of activities associated with the traffic flow that may indicate a triggering condition requiring analysis and potentially a response. The monitor sub-function observes traffic flows. The monitor counter sub-function counts the defined types of activities occurring in the device. The analysis function analyzes the event from the monitored flows, flow counters, status and other network information and determines whether a response is required.

Abstract: The present invention provides method and systems for dynamically mirroring network traffic. The mirroring of network traffic may comprise data that may be considered of particular interest. The network traffic may be mirrored by a mirror service portal from a mirror sender, referred to as a mirror source, to a mirror receiver, referred to as a mirror destination, locally or remotely over various network segments, such as private and public networks and the Internet. The network traffic may be mirrored to locations not involved in the network communications being mirrored. The present invention provides various techniques for dynamically mirroring data contained in the network traffic from a mirror source to a mirror destination.

Abstract: A P device interworks CE devices connected to the P device using different types of data links. The P device learns the address of a local CE device by monitoring the control messages, such as address resolution messages, originating from the local device. The P device may share the address of a local CE device with another local CE device by initiating a control message or responding to a control message issued by one of the local CE devices. This latter mechanism in effect hides the heterogeneous nature of the network.

Abstract: A system and method for enhancing the security of signal exchanges in a network system. The system and method include a process and means for generating one or more replacement encryption key sets based on information and events. The information that may cause the generation of a replacement encryption key set includes, but is not limited to, a specified period of time, the level and/or type of signal traffic, and the signal transmission protocol and the amount of data sent. A key manager function initiates the replacement encryption key process based on the information. The replacement encryption key set may be randomly or pseudo-randomly generated. Functions attached to the network system required to employ encryption key sets may have encryption key sets unique to them or shared with one or more other attached functions. The system and method may be employed in a wireless, wired, or mixed transmission medium environment.