Abstract: A bandwidth management card includes a switch control unit and multiple ports connected to one or more line cards that are separate from the bandwidth management card. The bandwidth management card further includes at least one switch, and multiple network ports, where each of the multiple network ports is connected to a respective link to at least one external network. A first switch of the at least one switch receives instructions from the switch control unit, switches a first subset of the multiple network ports through to a first port of the multiple ports based on the received instructions, and switches a second subset of the multiple network ports through to a second port of the multiple ports based on the received first instructions.

Abstract: A device may receive a packet, obtain data from the packet, store the data in a memory, and send a request to match a portion of the data to a set of patterns, the request identifying the portion in the memory. In addition, the device may access the portion in the memory based on the request, compare the accessed portion to the set of patterns, generate a result by comparing the accessed portion to the set of patterns, and output the result.

Abstract: A network device may include logic to establish an IP session, establish a BFD session within the established IP session, transmit BFD packets within the established BFD session, and determine that the established IP session is active based upon reception of the BFD packets. In another embodiment, the logic may also determine that an IP session is active using an inactivity timer that may also trigger transmission of BFD packets.

Abstract: A device provides a flow table. The device receives a data unit, determines a data flow associated with the data unit, determines whether the flow table includes an entry corresponding to the data flow, determines a current utilization of a group of output ports of the device, selects an output port, of the group of output ports, for the data flow based on the current utilization of the group of output ports when the flow table does not store an entry corresponding to the data flow, and stores the data unit in a queue associated with the selected output port.

Abstract: A system and method for detecting malware on a mobile platform in a mobile network. The system and method verifies that an executable is malware-free by computing the checksum of the executable and comparing that checksum with a checksum obtained from a malware-free copy of the executable. The checksum is a sum of all 32-bit values in a code section and an import section of said executable, a byte sequence at an entry point in said executable, a size descriptor of an import table, a size descriptor of said import section, a cyclic redundancy check of said executable, or a combination thereof.

Abstract: A router determines a graph of unicast tunnels that connect a set of edge routers that will distribute multicast traffic in a network, wherein the graph comprises vertices and edges connecting one or more vertex pairs. The router calculates a minimum-cost spanning tree for the graph based on edge metric values, wherein the minimum-cost spanning tree includes the graph vertices and a selected subset of the graph edges, and wherein the minimum-cost spanning tree includes a first vertex that represents an ingress one of the set of edge routers for the multicast traffic and a second vertex that shares one of the edges with a third one of the vertices other than the first vertex representing the ingress edge router. The router then establishes an MPLS-based multicast distribution tree based on the calculated minimum-cost spanning tree to distribute the multicast traffic from the ingress router to the edge routers.

Abstract: In general, the invention is directed toward techniques for controlling access to a network or other computing resource in order to slow down the execution of a password attack while providing minimal obstruction to normal network activity. The method includes generating a history of successful network logins, detecting symptoms of a network password attack, and activating countermeasures in response to the detection. The method further includes receiving a valid login request from the user while the countermeasures are activated and analyzing the history of successful network logins to determine whether the valid login request satisfies a match condition. The method further includes granting the user access to the network when the valid login request satisfies the match condition and denying the user access to the network when the valid login request does not satisfy the match condition even though the valid login request contains a valid username and a valid password.

Abstract: In some embodiments, an apparatus includes a printed circuit board and a thermal interface member. The printed circuit board is configured to be coupled to an electronic device, such as, for example, a removable (or “pluggable”) optical transceiver. A first surface of the printed circuit board includes a thermally-conductive portion, and a second surface of the printed circuit board includes a thermally-conductive portion that is coupled to the thermally-conductive portion of the first surface by a thermally-conductive via between the first surface and the second surface. The thermal interface member is coupled to the first surface of the printed circuit board such that a portion of the thermal interface member is in contact with the thermally-conductive portion of the first surface. The portion of the thermal interface member is deformable and thermally-conductive.

Abstract: To provide a switching system with telephone switching function mainly on the basis of hardware processing by using isochronous channel which is a real time communication channel. The switching system comprises a gateway node connected with ISDN (Integrated Services Digital Network) and PSTN (Public Switched Telephone Network), and one or more extension nodes, and a serial bus such as IEEE 1394 bus. The gateway node transforms data rate of outside line into data rate of extension node, and the other way around, and secure a seamless communication channel. Concretely, the gateway node secures an isochronous channel, according to a request from the extension nodes or the outside line, and executes switching such as transfer or reservation. A resource manager holds a table for managing the gateway node and extension node.

Abstract: An interconnect network for operation within communication node, wherein the interconnect network may have features including the ability to transfer a variety of communication protocols, scalable bandwidth and reduced down-time. According to one embodiment of the invention, the communication node includes a plurality of I/O channels for coupling information into and out of the node, and the interconnect network includes at least one local interconnect module having local transfer elements for transferring information between the plurality of I/O channels; and scaling elements for expanding the interconnect network to include additional local interconnect modules, such that information can be transferred between the local interconnect modules included in the interconnect network.

Abstract: An MPLS-aware firewall allows firewall security policies to be applied to MPLS traffic. The firewall, which may be integrated within a routing device, can be configured into multiple virtual security systems. The routing device provides a user interface by which a user specifies one or more zones to be recognized by the integrated firewall when applying stateful firewall services to the packets. The user interface allows the user to define different zones and policies for different ones of the virtual security systems. In addition, the user interface supports a syntax that allows the user to define the zones for the firewall by specifying the customer VPNs as interfaces associated with the zones. The routing device generates mapping information for the integrated firewall to map the customer VPNs to specific MPLS labels for the MPLS tunnels carrying the customer's traffic.

Abstract: A network device allocates a number of blocks of memory in a ternary content-addressable memory (TCAM) of the network device to each database of multiple databases, and assigns unused blocks of memory of the TCAM to a free pool. The network device also detects execution of a run mechanism by the TCAM, and allocates, based on the execution of the run mechanism, one of the unused blocks of memory to a filter or rule of one of the multiple databases.

Abstract: In general, techniques are described for managing timers for large scale service statistics collection. For example, as described herein, a network device includes a timing wheel data structure defining a plurality of slots. A rate limiter selects up to a rate limit value of timer events stored in a first one of the slots, wherein the rate limit value is less than a total number of the plurality of timer events stored in the first one of the time slots. A timer service module services the selected timer events during the first time interval, wherein the timer service module defers at least one of the unserviced timer events from the first one of the slots to a second one of the slot. During a second time interval, the timer service module services at least one of the timer events deferred from the first one of the slots.

Abstract: Methods and systems consistent with the present invention provide dynamic buffer allocation to a plurality of queues of differing priority levels. Each queue is allocated fixed minimum number of buffers that will not be de-allocated during buffer reassignment. The rest of the buffers are intelligently and dynamically assigned to each queue depending on their current need. The system then monitors and learns the incoming traffic pattern and resulting drops in each queue due to traffic bursts. Based on this information, the system readjusts allocation of buffers to each traffic class. If a higher priority queue does not need the buffers, it gradually relinquishes them. These buffers are then assigned to other queues based on the input traffic pattern and resultant drops. These buffers are aggressively reclaimed and reassigned to higher priority queues when needed.

Abstract: In one embodiment, a method includes sending a first flow control signal to a first stage of transmit queues when a receive queue is in a congestion state. The method also includes sending a second flow control signal to a second stage of transmit queues different from the first stage of transmit queues when the receive queue is in the congestion state.

Abstract: A network device connects between a client and a server. The network device is configured to store information regarding a capability of the server; receive a first message, from the client, intended for the server; obtain the stored information regarding the capability of the server; generate a second message that includes the information regarding the capability of the server; send the second message to the client; receive a third message from the client; and establish, based on the third message, a connection between the client and the server.

Abstract: A method and apparatus for performing a lookup in a switching device of a packet switched network where the lookup includes a plurality of distinct operations each of which returns a result that includes a pointer to a next operation in a sequence of operations for the lookup. The method includes determining a first lookup operation to be executed, executing the first lookup operation including returning a result and determining if the result includes a pointer to another lookup operation in the sequence of operations. If the result includes a pointer to another lookup operation, the lookup operation indicated by the result is executed. Else, the lookup is terminated.

Abstract: The TDMA receiver comprises a control unit for allocating to each of a plurality of transmitters time intervals during which the transmitter is allowed to transmit signals towards the TDMA receiver, a receiving unit for receiving an incoming signal resulting from the multiplexing of different signals which are output by the plurality of transmitters during the allocated time intervals and in the predetermined frequency band, the incoming signal thus consisting, in the predetermined frequency band, of a TDM signal, a processing unit for extracting and processing the TDM signal, and a spectrum determination unit for determining the spectrum of the incoming signal. The control unit is designed to synchronize the operation of the spectrum determination unit as a function of the time intervals allocated to the transmitters for the determination of the spectrum of the incoming signal in the predetermined frequency band.

Abstract: A user device receives a request to perform an automatic clock insertion operation for an integrated circuit; retrieves location information regarding a group of components, of the integrated circuit, that use a clock signal; deploys a clock mesh based on the location information regarding the group of components; and inserts drop points into the clock mesh; deploys a particular buffer for a particular drop point; maps a component, of the group of components, to the particular buffer; generates a clock box for the particular buffer, where dimensions of the clock box are based on a location of the component; deploys an H-tree for the clock box, where dimensions of the H-tree are proportional to the clock box dimensions; connects the H-tree to the component; and displays or stores clock mesh information, information regarding the group of buffers, information regarding the H-tree, and the location information regarding the group of components.

Abstract: A device may include a flow table to store, in flow table records, statistics associated with a number of data flows, and a flow type table to store, in flow type table records, information that indicates whether to store statistics in the flow table for each of a number of types of data flows, information that indicates a manner for sampling data units associated with the data flows, and/or information that indicates when to delete flow table records from the flow table.