Abstract: In some embodiments, an apparatus includes a first network control entity configured to be implemented at a first edge device. The first network control entity is configured to receive a control packet from a peripheral processing device via a tunnel that is between the peripheral processing device and the first network control entity and that includes at least a portion within a second edge device. The first network control entity is configured to determine routing information associated with the peripheral processing device based on the control packet. The first network control entity is configured to send the routing information to a second network control entity such that the second network control entity routes a data unit addressed to the peripheral processing device to the second edge device without sending the data unit to the first edge device.

Abstract: A user device receives a captured image of an encoded identifier, analyzes the encoded identifier via the captured image, and extracts, based on the analysis, network access configuration data from the encoded identifier. The user device provides the network access configuration data to a network access control (NAC) device, and receives, based on the network access configuration data, access to the NAC device. The user device permits the NAC device to inspect the user device via the access to the NAC device, and receives, based on the inspection of the user device, access to a network.

Abstract: A method and apparatus for performing a lookup in a switching device of a packet switched network where the lookup includes a plurality of distinct operations each of which returns a result that includes a pointer to a next operation in a sequence of operations for the lookup. The method includes determining a first lookup operation to be executed, executing the first lookup operation including returning a result and determining if the result includes a pointer to another lookup operation in the sequence of operations. If the result includes a pointer to another lookup operation, the lookup operation indicated by the result is executed. Else, the lookup is terminated.

Abstract: A network device is provided in a private virtual local area network (VLAN). The network device receives a packet on one of multiple private VLAN ports of the network device, and assigns a classified VLAN signature to the packet. The network device also assigns a primary VLAN signature to the packet, and stores a media access control (MAC) address and the classified VLAN signature of the packet in a single MAC address table.

Abstract: Techniques are described for dynamically optimizing a device management command for bulk retrieval of configuration information. A network management device is described in which a programmable processor is configured to issue a bulk data retrieval command to direct the managed network device to retrieve configuration information variables stored within a set of columns of a table within the managed device, receive a response from the managed network device in response to the managed network device querying the table a first number of repetitions, analyze the response, and update an estimate of the number of variables expected to be received from the managed network device in a single response based on the analysis of the response.

Abstract: Packet processing is provided in a multiple processor system including a first processor to processing a packet and to create a tag associated with the packet. The tag includes information about the processing of the packet. A second processor receives the packet subsequent to the first processor and processes the packet using the tag information.

Abstract: A method may include receiving a request to establish a quality of service (QoS) policy that identifies a desired QoS associated with traffic being transported by a network; generating a QoS model based on the identified desired QoS, where the QoS model includes a class of service (CoS) and corresponding forwarding priorities associated with the traffic; retrieving a service level agreement (SLA), associated with a client device that is interconnected to a network node associated with the network, where the SLA includes a particular CoS and corresponding other forwarding priorities for packets associated with the client device; creating a QoS provisioning policy based on the QoS model and the SLA, where the creating includes mapping the CoS to the particular CoS or mapping the forwarding priorities to the other forwarding priorities; and transmitting, to the network node, the QoS provisioning policy that permits the network node to process the packets in a manner that complies with the QoS model or the SLA.

Abstract: A number of wireless networks are established by a network device, each wireless network having an identifier. Requests are received from client devices to establish wireless network sessions via the wireless networks using the identifiers. Network privileges of the client devices are segmented into discrete security interfaces based on the identifier used to establish each wireless network session.

Abstract: Techniques are described for verifying a status of a set of paths through a computer network for two or more connectivity protocols. For example, a node uses a first connectivity protocol to concurrently learn information that will cause packets conforming to the first connectivity protocol and packet conforming to a second connectivity protocol to traverse a set of paths through a computer network. After learning this information, the node may verify a status of each of the paths using the first connectivity protocol. In addition, the node may verify a status of each of the paths using the second connectivity protocol. By verifying the status of the paths using both the first and the second connectivity protocols, the node may be able to quickly and accurately determine whether a path has failed.

Abstract: A method may include receiving a packet; identifying the packet as a multicast packet for sending to a plurality of destination nodes; selecting a first forwarding table or a second forwarding table for sending the packet to each of the plurality of destination nodes, wherein the first forwarding table includes first port information associated with a first destination and second port information associated with a second destination, and wherein the second forwarding table includes third port information associated with the second destination; sending the packet to the first destination using the first port; and sending the packet to the second destination using the second port when the first forwarding table is selected and sending the packet to the second destination using the third port when the second forwarding table is selected.

Abstract: A device may include logic configured to receive a packet, identify a flow associated with the packet in a flow table, and identify a rate limit associated with the flow in the flow table. A current rate associated with the flow may be calculated based on the packet. It may be determined whether the current rate associated with the flow exceeds the rate limit associated with the flow. If so, the packet may be discarded or tagged as “over limit.

Abstract: Wireless devices that are attempting to connect to a packet data network may be blocked from issuing connection requests to the network during periods in which, due to the failure of other network devices, the connections requests will fail. A device may particularly determine when a connection request to access a network, from a machine to machine (M2M) device, will fail or has failed. The device may create, in response to the connection request, a response to the connection request, the response including an indication that the M2M device is to be blocked, by other network devices, from accessing the network. The device may transmit the response to the connection request to the other network devices, the response to the other network devices including one or more parameters that identify a duration for which the M2M device is to be blocked and an identification of the M2M device.

Abstract: An example network device includes a control plane and a filter lookup module that includes a Bloom filter that supports parallel lookup of a maximum number of different prefix lengths. The filter lookup module accesses the Bloom filter to determine a longest length prefix that matches an entry in a set of prefixes. The control plane receives prefix lengths that include more than the maximum number of different prefix lengths supported by the Bloom filter, wherein the set of prefix lengths is associated with one application, generates, based on the received set of prefix lengths, two or more groups of different prefix lengths, wherein each of the two or more groups of different prefix lengths includes no more than the maximum number of different prefix lengths, and programs the filter lookup module with the two or more groups of different prefix lengths associated with the one application.

Abstract: In one embodiment, a method includes receiving a value associated with a data packet and identifying a data set based on the value. The data set is associated with a range of values and represents routing actions. The data set is a first data set from a plurality of data sets if the value is included in the range of values associated with the first data set. The data set is a default data set if the value is not included in a range of values associated with a data set from the plurality of data sets. The method includes combining the first data set with the default data set if the first data set is identified. The method includes combining the default data set with an except data set if the default data set is identified.

Abstract: Feedback indicates low signal-to-noise ratio (SNR) conditions for a wireless communications link between a transmitter device and a receiver device. After attempting to achieve a target packet error rate (PER) by increasing transmission power for the wireless communications link, the transmitter device receives feedback that indicates a current PER, for data transmitted using an initial automatic repeat request (ARQ) block size, is above the target PER for the receiver device, and changes, based on the feedback, the current ARQ block size to a different ARQ block size for the wireless communications link. The different ARQ block size may be adaptively selected to provide a maximum PDU size that achieves the target PER at the receiver device under the low SNR conditions.

Abstract: In general, techniques are described for scheduling traffic for delivery over an aggregated bundle of links. The techniques may be implemented by a network device comprising a control unit. The control unit configures a primary logical interface such that the primary logical interface is associated with a primary link of the aggregated bundle of links. The primary logical interface is associated with a primary scheduling module that schedules the traffic for delivery via the primary link. The control unit further, prior to detecting a failure associated with the primary scheduling module, configures a backup logical interface such that the backup logical interface is associated with a backup link of the aggregated bundle links. The backup logical interface is associated with a backup scheduling module that schedules, in response to detecting the failure associated with the primary scheduling module, the traffic for delivery downstream via the backup link.

Abstract: In general, techniques are described for seamlessly migrating a secure session established between a first computing device and a secure access appliance to a second computing device. In one example, a client computing device establishes a secure session with a secure access appliance. The client computing device receives a request via a communication channel from a second client computing device for secure session data for the first secure session usable by the second client computing device to establish a second secure session with the secure access appliance. The client computing device generates a message that includes the secure session data for the first secure session and sends the message to the second client computing device. Responsive to receiving the message, the second client computing device establishes a new secure session with the secure access appliance.

Abstract: In general, this disclosure describes techniques of selecting routes for network packets through a computer network based, at least in part, on electrical power procurement arrangements of devices in the computer network. A computing system includes a hardware processor and a database storing power procurement profiles. Each of the power procurement profiles stores data indicating an arrangement between an operator of one or more of routing devices to procure electrical power from a utility company for facilities in which the routing devices are located. The power procurement profiles are mapped to ranges of network addresses associated with the facilities for retrieval of the power procurement profiles for the routers based on the network addresses assigned to the routers.

Abstract: An example network device includes one or more network interface cards and a control unit. The network interface cards are configured to send and receive messages with a first network operating in accordance with a first network-layer protocol and a second network operating in accordance with a second network-layer protocol and a control unit. The control unit is configured to receive a message via the one or more network interface cards, transform the message from conforming to a first transitioning protocol to conforming to a second transitioning protocol, and forward the message via the second network.

Abstract: Techniques are described for synchronizing state information between a plurality of control units. A router, for example, is described that includes a primary control unit and a standby control unit. The primary control unit maintains router resources to ensure operation of the router. To ensure operation, the primary control unit receives state information from the router resources and maintains the state information for consumers, i.e. router resources that require or “consume” state information. Prior to updating the consumers with the state information, the primary control unit synchronizes the state information with the standby control unit. In the event the primary control unit fails, the standby control unit assumes control of the router resources. Upon assuming control, the standby control unit resumes updating the consumers with state information without having to “relearn” state information, e.g., by way of power cycling the router resources to a known state.