Abstract: An apparatus may include a receiver configured to receive chunks of data on a downstream channel from a cable modem termination system. The receiver may be further configured to enter a low power state in which the chunks of data cannot be received. Wake up circuitry may be configured to monitor data in the downstream channel for a wake up signal when the receiver is in the low power state.

Abstract: This disclosure describes a global attacker database that utilizes device fingerprinting to uniquely identify devices. For example, a device includes one or more processors and network interface cards to receive network traffic directed to one or more computing devices protected by the device, send, to the remote device, a request for data points of the remote device, wherein the data points include characteristics associated with the remote device, and receive at least a portion of the requested data points. The device also includes a fingerprint module to compare the received portion of the data points to sets of data points associated with known attacker devices, and determine, based on the comparison, whether a first set of data points of a first known attacker device satisfies a similarity threshold. The device also includes an security module to selectively manage, based on the determination, additional network traffic directed to the computing devices.

Abstract: First in, first out (FIFO) queues may be used to transfer data between a producer clock domain and a number of consumer clock domains. In one implementation, a control component for the FIFO queues may include a number of counters, corresponding to each of the consumer clock domains, each of the counters maintaining a count value relating to an amount of data read by the corresponding consumer clock domain. The control component may additionally include a credit deduction component coupled to the count values of the counters, the credit deduction component determining whether any of the count values is above a threshold, and in response to the determination that any of the count values is above the threshold, reducing the count value of each of the counters and issuing a write pulse signal to the producer clock domain, the write pulse signal causing the producer clock domain to perform a write operation to the FIFO queues.

Abstract: In general, this disclosure describes a high-level forwarding path description language (FPDL) for describing internal forwarding paths within a network device. The FPDL enables developers to create a template that describes a section of an internal forwarding path within the forwarding plane of a network device. The FPDL provides syntactical elements for specifying the allocation of forwarding path structures as well as enabling the run-time construction of internal forwarding paths to interconnect the forwarding path structures in a manner specific to packet, packet flow, and/or interface properties, for example. In conjunction with late binding techniques, whereby the control plane of the network device provides arguments to template parameters that drive allocation by the packet forwarding engines of forwarding path structures specified by the FPDL, the techniques provide control plane processes a unified interface with which to manage the operation of the packet forwarding engines.

Abstract: A system and method for detecting malware optimized for mobile platforms. The system and method compares hashed portions of one or more malware signatures to hashes hashed from a suspect application, to determine whether the suspect application is malware-free. A second stage robust hash and splatter set of pseudorandomly selected blocks of the malware signatures reduce false positives allowing for improved detection of malware.

Abstract: In one example, a network device determines a set of candidate loop-free alternate (LFA) next hops for forwarding network traffic from the network device to a multi-homed network by taking into account a first cost associated with a second path from a first border router to the multi-homed network and a second cost associated with a second border router to the multi-homed network, wherein the multi-homed network is external to an interior routing domain in which the network device is located. The network device selects an LFA next hop from the set of candidate LFA next hops, to be stored as an alternate next hop for forwarding network traffic to the multi-homed network, and updates forwarding information stored by the network device to install the selected LFA next hop as the alternate next hop for forwarding network traffic from the network device to the multi-horned network.

Abstract: A security device may receive an object destined for a user device. The object may be of an object type that does not describe a web page. The security device may determine that the user device is to be warned regarding the object. The security device may determine a warning object based on determining that the user device is to be warned. The warning object may include information associated with a reason for determining that the user device is to be warned regarding the object, and may include information that allows the user device to receive the object. The security device may provide the warning object. The security device may receive, after providing the warning object, an indication associated with the user device obtaining the object. The security device may allow the user device to obtain the object based on receiving the indication.

Abstract: In one example, a controller device includes one or more network interfaces communicatively coupled to one or more devices of a virtual network, and a processor configured to determine, for the virtual network, a set of two or more related processes executed by respective devices in the virtual network, receive via the network interfaces data for the set of two or more related processes, and aggregate the data for the set of two or more related processes to form aggregated data for the set of two or more related processes.

Abstract: In general techniques are described for applying differentiated services with a customer-aware network device. A network device comprising a control unit and an interface may implement the techniques. The interface receives a network packet that is associated with first and second labels. The first label uniquely identifies a Cable Modem Termination System (CMTS) within a plurality of CMTSs. The second label uniquely identifies one of a plurality of CPE devices coupled to the CMTS. The control unit determines at least one subscriber-specific service associated with the one of the plurality of CPE devices based at least in part on the first and second labels associated with the labeled network packet. The at least one subscriber-specific service comprises a service associated with the one of the plurality of CPE devices. The control unit applies the at least one subscriber-specific service to the labeled network packet received from the CMTS.

Abstract: Network devices provide Internet Protocol (IP) and Label Distribution Protocol (LDP) fast reroute for unicast and multicast traffic. The approach described herein for fast reroute for IP and LDP uses maximally redundant trees (MRTs). MRTs are a pair of trees where the path from any node X to the root R along the first tree and the path from the same node X to the root along the second tree share the minimum number of nodes and the minimum number of links. A network device, such as a router, computes a pair of MRTs for each destination and installs one or more MRT alternate next-hops in its forwarding plane for use in forwarding network traffic to a destination in the event a failure occurs that renders a primary next-hop unusable for reaching the destination.

Abstract: In one example, an intermediate network device sends packets that advertise a transmission control protocol (TCP) window size of zero bytes to a client device and a server device. The device, after sending the packets, receives a first zero-window probe packet from the client device including data representing a first current sequence number for a client-to-server packet flow of an established network session, and a second zero-window probe packet from the server device including data representing a second current sequence number for a server-to-client packet flow of the network session. The device also initializes a TCP state based on the first and second current sequence numbers, and acts as a TCP proxy for packets following the first zero-window probe packet of the client-to-server packet flow based on the TCP state and packets following the second zero-window probe packet of the server-to-client packet flow based on the TCP state.

Abstract: A provider edge bridge in a service provider network receives multiple media access control (MAC) Registration Protocol (MMRP) registration messages from customer networks via tunnels. The provider edge bridge snoops the MMRP registration messages to obtain multicast MAC addresses from the registration messages, and tunnels the MMRP registration messages toward one or more other bridges. The provider edge bridge constructs multicast forwarding tables based on the multicast addresses obtained from snooping the MMRP registrations, and uses the multicast forwarding tables for forwarding data units from the provider edge bridge towards destinations.

Abstract: A configurable advertisement count and skew timer in a virtual router can be used to improve the speed with which a backup virtual router assumes the role of master upon the master router's failure. Enhanced VRRP packets having a type other than one may be used to cause MAC address movement from a failed master router to a backup router assuming the role of master router without placing an undue load on other routers in the network, such as by dropping the enhanced VRRP packets having a type other than one without processing the packets in the control plane of a receiving virtual router.

Abstract: In general, the invention is directed to techniques for reducing deadlocks that may arise when performing fabric replication. For example, as described herein, a network device includes packet replicators that each comprises a plurality of resource partitions. A replication data structure for a packet received by the network device includes packet replicator nodes that are arranged hierarchically to occupy one or more levels of the replication data structure. Each of the resource partitions in each of the plurality of packet replicators is associated with a different level of the replication data structure. The packet replicators replicate the packet according to the replication data structure, and each of the packet replicators handles the packet using the one of the resource partitions of the packet replicator that is associated with the level of the replication data structure occupied by the node that corresponds to that particular packet replicator.

Abstract: A device receives traffic; identifies an address associated with the traffic; determines whether the address is associated with an aggregate interface, the aggregate interface being associated with a first port and a second port. The first port corresponds to a first node in a first state, that indicates that the first node is available to forward the traffic, and the second port corresponds to a second node in a second state, that indicates that that the second node is not available to forward the traffic. The device transmits the traffic to the first node via the first port and to the second node, via the second port, when the address is associated with the aggregate interface. Transmitting the traffic enables the second node to forward the traffic when the first node changes from the first state to the second state.

Abstract: A processor may include a conditional arithmetic logic unit and a main arithmetic logic unit. The conditional arithmetic logic unit may perform a first arithmetic logic operation to generate a first result, and output the result. The main arithmetic logic unit may select input buses among a plurality of data buses that carry the first result from the conditional arithmetic logic unit, perform a second arithmetic logic operation on data provided by the selected input buses to generate a second result, and write the second result in a storage component.

Abstract: In general, techniques are described for performing customer bandwidth profiling in computer networks. A network device intermediately positioned in a service provider network between a customer network and a centralized network device that provides a hierarchical arrangement of virtual local area networks (VLANs) located in the service provider network may perform the techniques. The network device determines a service profile based on authentication messages and associates the service profile with the hierarchical arrangement of VLANs used for delivering the traffic to and from the customer network and the service provider network. The service profile defines constraints on delivery of the traffic associated with the one or more services. The network device then applies the service profile to the traffic received via the associated hierarchical arrangement of VLANs to enforce the constraints on the delivery of the traffic received via the associated hierarchical arrangement of VLANs.

Abstract: A provider edge device, associated with a virtual private local area network service (VPLS) system, includes a memory to store instructions to implement a pseudowire mechanism to receive a first data frame from a source customer edge (CE) device associated with the VPLS system, incorporate the first data frame into a first VPLS packet, determine whether the source CE device is a single-homed CE device or a multi-homed CE device, and incorporate, into the first VPLS packet, a first pseudowire label, if the source CE device is a single-homed CE device, and incorporate, into the first VPLS packet, a second pseudowire label, different from the first pseudowire label, if the source CE device is a multi-homed CE device; and a processor to execute the instructions.

Abstract: Techniques are described for supporting PIM (Protocol Independent Multicast) Dense Mode (PIM-DM) and PIM Bootstrap Router (PIM-BSR) between different VPN sites of an IP VPN. A system includes a plurality of customer sites connected to a service provider network by provider edge (PE) routers that provide an IP VPN. A first one of the PE routers receives multicast traffic from a first one of the customer sites, wherein the multicast traffic is PIM (Protocol Independent Multicast) Dense Mode (PIM-DM) traffic for which no PIM join messages have been received by the first PE router from the other PE routers via BGP messages. A tunnel setup module of the first PE router is configured to automatically signal a provider tunnel through the service provider network upon receiving the PIM-DM multicast traffic without maintaining multicast state data for a multicast group associated with the PIM-DM multicast traffic.

Abstract: A computer-implemented method includes detecting an actual workload representative of a pattern of access of a plurality of items of content; comparing the actual workload against a prescriptive workload to determine an occurrence of a substantial deviation from the prescriptive workload; and upon determining the occurrence of the substantial deviation, revising the prescriptive workload based at least in part on the actual workload. The plurality of items is stored on resources of a storage environment according to one of a plurality of resource allocation arrangements. The prescriptive workload including a plurality of categories, each category being associated with a respective one of the plurality of resource allocation arrangements.