Abstract: A security device may receive a response associated with a request. The response may include original session information. The request may be associated with a user device. The security device may modify the original session information to create modified session information. The security device may store information associated with the modified session information. The security device may provide the response, including the modified session information, to the user device. The security device may receive another request. The other request may include the modified session information. The security device may determine that the modified session information is not current session information based on the information associated with the modified session information. The security device may provide the other request without including the original session information.

Abstract: A device receives, from a client device, a request for a resource, and determines, based on information provided in the request, whether to terminate a connection for the request at the device. The device forwards the request to a network when the connection is not terminated at the device, and selects a target device for the resource when the connection is terminated at the device. The device also provides the request to the selected target device, receives the resource from the selected target device, and provides the resource to the client device.

Abstract: Fan trays and components thereof are described herein. In some embodiments, a removable, compact fan tray is configured to be disposed within a slot of a chassis. The fan tray can be latchably coupled to the chassis, and/or can include a light source, such as an LED operable to depict the status of the fan tray. Leads of the light source can be disposed within an sleeve operable to contain and/or insulate the leads. The fan tray can, in some embodiments, be configured to be keyed to a particular type of chassis slot, for example, a slot associated with an air flow direction.

Abstract: A method of sending data to a switch fabric includes assigning a destination port of an output module to a data packet based on at least one field in a first header of the data packet. A module associated with a first stage of the switch fabric is selected based on at least one field in the first header. A second header is appended to the data packet. The second header includes an identifier associated with the destination port of the output module. The data packet is sent to the module associated with the first stage. The module associated with the first stage is configured to send the data packet to a module associated with a second stage of the switch fabric based on the second header.

Abstract: Techniques are described for applying double experimental (EXP) quality of service (QoS) markings to Multiprotocol Label Switching (MPLS) packets. According to the techniques, an edge router of an MPLS network is configured to map a Differentiated Services Code Point (DSCP) marking for customer traffic to at least two EXP fields of at least two different labels included in a MPLS packet encapsulating the customer traffic. In this way, the edge router may map the full DSCP marking across the first and second EXP fields to provide full resolution QoS for the customer traffic over the MPLS network. The techniques also include a core router of an MPLS network configured to identify a QoS profile for a received MPLS packet based on a combination of a first EXP field of a first label and a second EXP field of a second label included in the MPLS packet.

Abstract: In general, techniques are described for enhancing operations of virtual networks. In some examples, a network system includes a network interface card of a server configured to receive a tunnel packet associated with a virtual network. The tunnel packet comprises an outer header associated with the physical network, the outer header encapsulating an inner packet comprising an inner header associated with the virtual network and a payload. A first processing core of the server is configured to perform, based at least on one of the outer header and inner header of the tunnel packet, a first packet steering operation to identify the second processing core. The second processing core is configured to forward the inner packet to a virtual machine of the virtual machines.

Abstract: An apparatus for reducing interference between clock signals may include a circuit board and a first set of clock vias coupled to the circuit board. The apparatus may also include a second set of clock vias coupled to the circuit board in a linear pattern adjacent to the first set of clock vias. The first set of clock vias may transmit a first clock signal and the second set of clock vias may transmit a second clock signal with a frequency that is different from the first clock signal. The system may further include a ground via coupled to the circuit board in line with the second set of clock vias. Each ground via coupled to the circuit board may be positioned outside any region of the circuit board located between the first and second sets of clock vias. Various other apparatuses, systems, and methods are also disclosed.

Abstract: A system includes a storage device and a processor. The storage device is configured to store a first set of values of TCP options for a first group of servers. The processor is configured to: transmit first requests to the first group of servers; receive first replies, in response to the first requests, from the first group of servers; determine the first set of values of the TCP options for the first group based on values in the first replies; store the first set of values in the storage device; receive a first message from a client to establish a connection between the client and a server in the first group of servers, and transmit, in response to the first message, a second message to the client.

Abstract: Techniques are described for providing robust control plane asserts in a network using Protocol Independent Multicast (PIM) or other routing protocols for controlling delivery of multicast traffic. In one example, a router includes a control unit having a hardware-based processor executing a Protocol Independent Multicast (PIM) protocol. The control unit, when executing the PIM protocol, initiates an election process for selecting, from a plurality of routers, a forwarding router to forward multicast traffic to a shared media computer network. In addition, the control unit determines whether the multicast traffic has been received by the router and outputs, in association with the election process, a PIM assert message that includes an indication as to whether the router has successfully received the multicast traffic.

Abstract: The invention is directed to techniques for supporting multi-link protocols within a computer network. In one embodiment, a method includes receiving a set of data blocks from a plurality of links in one or more interface cards according to a multi-link protocol and sending the data blocks to a multi-link service card for sequencing. The data blocks may then be sent to the one or more interface cards for communication to a destination device over a computer network. Implementing a multi-link service card may allow a network device, such as a router, to support multi-link protocols.

Abstract: In some embodiments, an apparatus includes an optical transceiver system that includes a set of optical transmitters and a backup optical transmitter. In such embodiments, each optical transmitter from the set of optical transmitter can transmit at a unique wavelength from a set of wavelengths. The backup optical transmitter can transmit at a wavelength from the set of wavelengths when an optical transmitter from the set of optical transmitters associated with that wavelength fails. In other embodiments, an apparatus includes an optical transceiver system that includes a set of optical receivers and a backup optical receiver. The backup optical receiver can receive at a wavelength from the set of wavelengths when an optical receiver from the set of optical receivers associated with that wavelength fails.

Abstract: Techniques are described for performing inline NAT functions in a forwarding element of a mobile gateway router or other device in which subscriber sessions of a mobile access network are distributed across a plurality of session management cards. The session management cards pre-allocate a public network address and port range for subscribers at the time a network connection is established in response to connection request prior to receiving any data traffic associated with the subscriber. NAT profiles are programmed into hardware forwarding elements of the mobile gateway router for inline NAT when routing subscriber traffic for the mobile access network.

Abstract: An apparatus may include a bus that electrically couples an electrical load to redundant power feeds. The apparatus may also include at least one capacitive component electrically coupled between first and second rails of the bus via both a conductive path and a resistive path that has substantially greater resistance than the conductive path. In addition, the apparatus may include a switching mechanism electrically coupled between the first and second rails of the bus that causes the capacitive component to charge through the conductive path until a threshold voltage on the first rail of the bus is reached. When the threshold voltage on the first rail of the bus is reached, the switching mechanism may close the conductive path and force the capacitive component to charge through the resistive path. Various other systems and methods are also disclosed.

Abstract: An access network is described in which a centralized controller provides seamless end-to-end service from a core-facing edge of a service provider network through aggregation and access infrastructure out to access nodes located proximate the subscriber devices. The controller operates to provide a central configuration point for configuring aggregation nodes (AGs) of a network of the service provider so as to provide transport services to transport traffic between access nodes (AXs) and edge routers on opposite borders of the network.

Abstract: A device may be configured to receive information regarding one or more ports associated with a routing device; output, to the routing device, filter information associated with at least a particular port, of the one or more ports associated with the routing device, the filter information specifying one or more conditions associated with traffic of interest; receive, from the routing device, and based on the outputted filter information, information regarding traffic of interest received or sent by the routing device via the particular port, the traffic of interest being less than or equal to all traffic received or sent by the routing device via the particular port; and store or output a representation of at least a portion of the received information regarding the traffic of interest.

Abstract: An access network includes an access device having an optical interface module that outputs a plurality of pairs of optical communication signals, each of the pairs of optical communication signals comprising a modulated optical transmit signal and an unmodulated optical receive signal, each of the pairs of optical communication signals having a different wavelength. A customer premise equipment (CPE) comprises an optical interface module to receive the modulated optical transmit signal and the unmodulated optical receive signal for any of the plurality of pairs of optical communication signals. The optical interface module includes a receive module to demodulate the modulated optical transmit signal into inbound symbols and a transmit module having an optical modulator and reflective optics to modulate the unmodulated optical receive signal in accordance with a data signal and reflect a modulated optical receive signal to communicate outbound data symbols to the access device.

Abstract: The disclosed apparatus may include (1) a storage device that maintains information about mobile devices roaming within a wireless network, (2) an AP-prediction unit that (A) determines, based at least in part on the information maintained in the storage device, a number of times that a mobile device has visited a specific AP within the wireless network, (C) generates, based at least in part on the number of times, a score that represents a probability that the specific AP is the next AP visited by the mobile device, and then (D) determines that the score is above a certain threshold, and (3) a profile-distribution unit that provides, in response to the determination that the score is above the certain threshold, the specific AP with a roaming-session profile that facilitates transferring a roaming session of the mobile device to the specific AP. Various other apparatuses, systems, and methods are also disclosed.

Abstract: A method may include determining one or more rules and communicating the one or more rules to a firewall, where the firewall receives a data unit and determines, based on the one or more rules, whether to forward the data unit to a destination address; receiving a redirection of a device from the firewall when the firewall determines not to forward the data unit to the destination address; receiving an indication that the firewall did not forward the data unit to the destination address; and determining a new rule to allow the firewall to forward the data unit to the destination address and communicating the new rule to the firewall; and redirecting the device to the destination address.

Abstract: Techniques of this disclosure enable loop protection for networks that utilize hop-by-hop routing, such as networks that utilize multi-protocol label switching (MPLS) label distribution and interior gateway protocol (IGP) routing. As described herein, the techniques provide protection from any small transient loops that may emerge due to link failure or other topology change events in networks that utilize hop-by-hop routing techniques.

Abstract: This disclosure describes techniques for determining whether a network session originates from an automated software agent. In one example, a network device, such as a router, includes a network interface to receive packets of a network session, a bot detection module to calculate a plurality of scores for network session data based on a plurality of metrics, wherein each of the metrics corresponds to a characteristic of a network session originated by an automated software agent, to produce an aggregate score from an aggregate of the plurality of scores, and to determine that the network session is originated by an automated software agent when the aggregate score exceeds a threshold, and an attack detection module to perform a programmed response when the network session is determined to be originated by an automated software agent. Each score represents a likelihood that the network session is originated by an automated software agent.