Abstract: In one example, an intermediate network device sends packets that advertise a transmission control protocol (TCP) window size of zero bytes to a client device and a server device. The device, after sending the packets, receives a first zero-window probe packet from the client device including data representing a first current sequence number for a client-to-server packet flow of an established network session, and a second zero-window probe packet from the server device including data representing a second current sequence number for a server-to-client packet flow of the network session. The device also initializes a TCP state based on the first and second current sequence numbers, and acts as a TCP proxy for packets following the first zero-window probe packet of the client-to-server packet flow based on the TCP state and packets following the second zero-window probe packet of the server-to-client packet flow based on the TCP state.

Abstract: In some embodiments, an apparatus includes an optical transmitter module that can be electrically coupled to an electrical serializer/deserializer and a controller. The optical transmitter module can include an electrical detector that can receive an in-band signal. The electrical detector can send to the controller a first power error signal and a second power error signal based on the in-band signal. The controller can send a correction control signal to the electrical serializer/deserializer based on the first power error signal and the second power error signal such that the electrical serializer/deserializer sends a pre-emphasized signal to the optical transmitter module based on the correction control signal. In such embodiments, the first power error signal, the second power signal and the correction control signal are out-of-band signals.

Abstract: In some embodiments, a non-transitory processor-readable medium includes code to cause a processor to receive, at a management device, an instantiation request for a first virtual machine. The code includes code to cause the processor to identify a first compute device at a first time such that the first compute device is undersubscribed at the first time. The code includes code to cause the processor to send an instruction to instantiate the first virtual machine at the compute device, and receive a signal indicating that a boot process associated with the first virtual machine is complete and that the virtual machine is instantiated at the first compute device. The code includes code to cause the processor to send at a second time, a signal to migrate the first virtual machine from the first compute device to a second compute device in response to the boot process being complete.

Abstract: Techniques are described for specifying and constructing multi-protocol label switching (MPLS) rings. Routers may signal membership within MPLS rings and automatically establish ring-based label switch paths (LSPs) as components of the MPLS rings for packet transport within ring networks. In one example, a router includes a processor configured to establish an MPLS ring having a plurality of ring LSPs. Each of the ring LSPs is configured to transport MPLS packets around the ring network to a different one of the routers operating as an egress router for the respective ring LSP. Moreover, each of the ring LSPs comprises a bidirectional, multipoint-to-point (MP2P) LSP for which any of the routers can operate as an ingress to source packet traffic into the ring LSP for transport to the respective egress router for the ring LSP. Separate protection paths, bypass LSPs, detours or loop-free alternatives need not be signaled.

Abstract: In some embodiments, an apparatus includes a core network node configured to associate with a native multicast group a first client device that is associated with a first virtual local area network (VLAN) and operatively coupled to the core network node via a first access network node and an aggregation network node. The core network node can associate with the native multicast group a second client device that is associated with a second VLAN and operatively coupled to the core network node via a second access network node and the aggregation network node. The core network node can define a multicast VLAN including the first VLAN and the second VLAN based on the native multicast group. The core network node can receive a multicast data unit associated with the native multicast group and can also define a single instance of the multicast data unit for the multicast VLAN.

Abstract: In general, techniques are described for dynamically scheduling and establishing paths in a multi-layer, multi-topology network to provide dynamic network resource allocation and support packet flow steering along paths prescribed at any layer or combination of layers of the network. In one example, a multi-topology path computation element (PCE) accepts requests from client applications for dedicated paths. The PCE receives topology information from network devices and attempts to identify paths through a layer or combination of layers of the network that can be established at the requested time in view of the specifications requested for the dedicated paths and the anticipated bandwidth/capacity available in the network. The PCE schedules the identified paths through the one or more layers of the network to carry traffic for the requested paths. At the scheduled times, the PCE programs path forwarding information into network nodes to establish the scheduled paths.

Abstract: This disclosure is directed to techniques for providing supply power to components of an electronics system, such as components of a networking device. According to these techniques, a power supply system charges a bulk capacitance of a power supply unit when the power supply unit is selectively disabled (e.g., disconnected). In this manner, when the power supply unit is again enabled, the power supply unit may provide supply power to components of the networking device faster in comparison to other techniques. In addition the power supply does not use any input power and therefore does not produce any heat loss while it is disconnected, thus saving otherwise wasted energy.

Abstract: An apparatus includes a destination edge device configured to receive a first validation packet according to a switch fabric validation protocol. The destination edge device is configured to validate multiple data paths through a distributed switch fabric from a source edge device to the destination edge device based on the first validation packet. The destination edge device is configured to send, in response to receiving the first validation packet, a second validation packet to a peripheral processing device. The destination edge device is also configured to send the second validation packet according to a validation protocol different from the first validation protocol.

Abstract: A method of sending data to a switch fabric includes assigning a destination port of an output module to a data packet based on at least one field in a first header of the data packet. A module associated with a first stage of the switch fabric is selected based on at least one field in the first header. A second header is appended to the data packet. The second header includes an identifier associated with the destination port of the output module. The data packet is sent to the module associated with the first stage. The module associated with the first stage is configured to send the data packet to a module associated with a second stage of the switch fabric based on the second header.

Abstract: In some embodiments, an apparatus comprises a switch from a set of switches associated with a stage of a multi-stage switch fabric. The switch is configured to receive a data packet having a destination address of a destination device from a source device, and then store the data packet in a queue of the switch. The switch is configured to define a message based on the queue having an available capacity less than a threshold, and include a congestion root indicator in the message if the switch is a congestion root. The switch is then configured to send the message to the source device such that the source device sends another data packet having the destination address of the destination device to another switch from the set of switches and not to the previous switch if the message includes the congestion root indicator.

Abstract: In some embodiments, an apparatus includes a switch device that can be operatively coupled to a network having a set of links. The switch device can receive at a first time, a message having a set of physical coding sublayer (PCS) lanes. The message can include an error notification within a first subset of PCS lanes from the set of PCS lanes and not within a second subset of PCS lanes from the set of PCS lanes. The error notification is associated with signal degradation of a link from the set of links, where the switch device can send a first signal in response to receiving the message at the first time. The switch device can also receive at a second time a message without the error notification, and the switch device can send a second signal in response to receiving the message at the second time.

Abstract: In some embodiments, an apparatus includes a first edge device that is operatively coupled to a second edge device via a switch fabric. The first edge device and the second edge device collectively define an edge device network operating with a network-address-based protocol. The first edge device communicates with the second edge device via a multiprotocol label switching (MPLS) tunnel through the switch fabric. Furthermore, the first edge device is operatively coupled to the switch fabric such that a node of the switch fabric can be modified without coordination of the edge device network. Additionally, the first edge device is operatively coupled to the second edge device to define the edge device network such that an edge device of the edge device network can be modified without coordination of the switch fabric.

Abstract: A device receives data, identifies a context associated with the data, and identifies a script, within the data, associated with the context. The device parses the script to identify tokens, forms nodes based on the tokens, and assembles a syntax tree using the nodes. The device renames one or more identifiers associated with the nodes and generates a normalized text, associated with the script, based on the syntax tree after renaming the one or more identifiers. The device determines whether the normalized text matches a regular expression signature and processes the data based on determining whether the normalized text matches the regular expression signature. The device processes the data by a first process when the normalized text matches the regular expression signature or by a second process, different from the first process, when the normalized text does not match the regular expression signature.

Abstract: In some embodiments, an apparatus includes an optical detector that can sample asynchronously an optical signal from an optical component that can be either an optical transmitter or an optical receiver. In such embodiments, the apparatus also includes a processor operatively coupled to the optical detector, where the processor can calculate a metric value of the optical signal without an extinction ratio of the optical signal being measured. The metric value is proportional to the extinction ratio of the optical signal. In such embodiments, the processor can define an error signal based on the metric value of the optical signal and the processor can send the error signal to the optical transmitter such that the optical transmitter modifies an output optical signal.

Abstract: An electronic device includes an instrument panel that includes a display opening, where the instrument panel is located in a first plane; a circuit board located inside the electronic device, where the circuit board includes a display device that includes a display area, and where the display area is located in a second plane that is different from the first plane; and a waveguide that couples the display area to the display opening and guides light, and/or an image displayed in the display area, from the display area to the display opening.

Abstract: A device identifies, based on a program code instruction, an attempted write access operation to a fenced memory slab, where the fenced memory slab includes an alternating sequence of data buffers and guard buffers. The device assigns read-only protection to the fenced slab and invokes, based on the attempted write access operation, a page fault operation. When a faulting address of the attempted write operation is not an address for one of the multiple data buffers, the device performs a panic routine. When the faulting address of the attempted write operation is an address for one of the multiple data buffers, the device removes the read-only protection for the fenced slab and performs a single step processing routine for the program code instruction.

Abstract: In one embodiment, an apparatus includes a switching policy module configured to define a switching policy associating a Fiber Channel port with a destination Media Access Control (MAC) address. The switching module can be configured to receive a Fiber Channel over Ethernet (FCoE) frame from a network device and send a Fiber Channel frame encapsulated in the FCoE frame to the Fiber Channel port based at least in part on the switching policy and a destination MAC address of the FCoE frame.

Abstract: Computer program products and methods of inspecting a log of security records in a computer network are provided. The method includes retrieving a log record, processing the log record including deriving a key to a table, determining a data value from information in the log record and adding the data value to a list of data values associated with the key if the data value is unique. One or more entries of the table are evaluated based on predetermined criteria to detect attempted security breaches.

Abstract: In one embodiment, a method includes receiving a value associated with a data packet and identifying a data set based on the value. The data set is associated with a range of values and represents routing actions. The data set is a first data set from a plurality of data sets if the value is included in the range of values associated with the first data set. The data set is a default data set if the value is not included in a range of values associated with a data set from the plurality of data sets. The method includes combining the first data set with the default data set if the first data set is identified. The method includes combining the default data set with an except data set if the default data set is identified.

Abstract: A method and a network device are provided to transmit network packets through a network security device. The method, performed by the network device, receives a request to send a network packet from a first computing device to a second computing device over a network that includes the network device and the network security device. The network packet includes a first network interface identifier for identifying the first computing device and a second network interface identifier for identifying the second computing device. The method identifies third and fourth network interface identifiers that cause the network packet to be transmitted through the network security device. The method transmits the network packet over the network through the network security device using the third and fourth network interface identifiers. The method transmits the network packet to the second computing device using the first and second network interface identifiers.