Abstract: In some embodiments, an apparatus includes a core network node configured to be operatively coupled to a set of wired network nodes and a set of wireless network nodes. The core network node is configured to receive, at a first time, a first data packet to be sent to a wired device operatively coupled to a wired network node from the set of wired network nodes. The core network node is configured to also receive, at a second time, a second data packet to be sent to a wireless device operatively coupled to a wireless network node from the set of wireless network nodes. The core network node is configured to apply a common policy to the first data packet and the second data packet based on an identifier of a user associated with both the wireless device and the wired device.

Abstract: An ingress router of a provider network receives a packet from a customer network, determines that the packet includes a customer network label and that the packet is to be tunneled through the provider network, based on the determination, adds a delimiter label to the packet indicative of a bottom of a provider network label stack and one or more provider network labels to the packet, and forwards the packet to a next routing device along the provider network tunnel. An egress routing device of the provider network receives a packet comprising a provider network label stack, removes the provider network label stack from the packet, determines whether the packet comprises a delimiter label following the provider network label stack, and, when the packet comprises the delimiter label, forwards the packet to a customer network interface device.

Abstract: A method performed by a device includes receiving a first Hyper-Text Transfer Protocol (HTTP) packet, creating a first session based on the HTTP packet, and creating a session cache entry for the first session. The method also includes receiving a second HTTP packet, performing a session cache lookup to identify a match of the second HTTP packet with the session cache entry, and creating a second HTTP session based on the match of the second HTTP packet with the session cache entry.

Abstract: A network node that includes a memory to store a multicast forwarding table that contains entries that govern how multicast traffic is to be forwarded from a multicast virtual local area network (MVLAN) associated with the network node, to receiver VLANs associated with the network node, where each entry includes a multicast group, that is associated with a group of ports on the multicast VLAN via which the multicast traffic is received, and information associated with the receiver VLANs to which the received multicast traffic is to be sent.

Abstract: In one embodiment, an apparatus includes a shared memory buffer including a lead memory bank and a write multiplexing module configured to send a leading segment from a set of segments to the lead memory bank. The set of segments includes bit values from a set of variable-sized cells. The write multiplexing module further configured to send each segment from the set of segments identified as a trailing segment to a portion of the shared memory mutually exclusive from the lead memory bank.

Abstract: Fan tray assemblies for cooling electronic devices in data processing units are described herein. In some embodiments, an apparatus includes a fan tray and a stator member. The fan tray is configured to be mounted within a data processing unit, and defines an opening. The fan tray is configured to be coupled to a fan such that the fan and the opening collectively define a portion of an air flow path. The stator member includes multiple stator blades. The stator member is separate from the fan and configured to be coupled to the fan tray such that the stator blades are within the air flow path.

Abstract: In one embodiment, a method includes receiving a bit value from a key vector. The bit value has a position within the key vector correlating to a counter value. The method includes receiving a sequence of bit values from a plurality of predefined bit values based on the counter value and in response to a condition associated with the bit value from the key vector being satisfied.

Abstract: A method, performed by a network device, may include sending a request to a first server, detecting a first timeout without receiving a response from the first server, and sending the request to the first server and to a second server, in response to detecting the first timeout without receiving a response from the first server.

Abstract: In some embodiments, an apparatus includes a first housing, a second housing and at least one cable. The first housing includes a first interface card of a switch fabric. The second housing includes a second interface card of the switch fabric and a third interface card of the switch fabric. The second interface card of the switch fabric is operatively and physically coupled to the third interface card of the switch fabric via a midplane. The second interface card defines a plane that is nonparallel to the a plane defined by the third interface card and a plane defined by the midplane. The plane defined by the third interface card is nonparallel to the plane defined by the second interface card and the plane defined by the midplane. The cable is configured to operatively couple the first interface card to the second interface card.

Abstract: Packet processing is provided in a multiple processor system including a first processor to processing a packet and to create a tag associated with the packet. The tag includes information about the processing of the packet. A second processor receives the packet subsequent to the first processor and processes the packet using the tag information.

Abstract: A laser system includes an array of lasers that emit light at a number of different, fixed wavelengths. A group of optical transport systems connect to the laser system. Each of the optical transport systems is configured to modulate data signals onto the light from the laser system to create optical signals and transmit the optical signals on one or more optical fibers.

Abstract: A network device implements an SSL VPN gateway for client devices. The network device may receive a script destined for a client device. The script may include at least one later binding uniform resource locator (URL)-based link entity. The network device may rewrite the script to include additional script associated with the later binding URL-based link entity. The additional script is configured to execute at the client device to rewrite the later binding URL-based link entity with substitute links that refer to the network device. In this manner, the network device allows the external client devices to access back-end servers in a proprietary network without requiring the installation of custom software on the client devices.

Abstract: A device may include logic configured to receive a packet, identify a flow associated with the packet in a flow table, and identify a rate limit associated with the flow in the flow table. A current rate associated with the flow may be calculated based on the packet. It may be determined whether the current rate associated with the flow exceeds the rate limit associated with the flow. If so, the packet may be discarded or tagged as “over limit.

Abstract: A network device receives, from a remote user device, a requested test that includes test Internet protocol (IP) packets, and converts the test IP packets into hardware test commands. The network device also performs, based on the hardware test commands, the requested test on a component of a network device card to produce hardware test results. The network device further converts the hardware test results into test results in an IP packet format, and provides the tests results in the IP packet format to the remote user device.

Abstract: Techniques described in this disclosure relate to configuration updates, such as performing an in-service software upgrade on a device, using virtual machines. In a routing device, a routing engine utilizes a virtual machine executing on a hypervisor to provide control plane functions. In one example, an in-service software upgrade may be performed between a first virtual machine and a second virtual machine without a managing virtual machine. More specifically, a first virtual machine in the control plane of the router may control the upgrade process, including requesting initialization of the second virtual machine, installing a new software system on the second virtual machine, and replicating state data from the first virtual machine to the second virtual machine. In this example, the first virtual machine may operate as a master virtual machine and the second virtual machine may operate as a slave virtual machine that synchronizes with the master virtual machine.

Abstract: Techniques are described for synchronizing state information between a plurality of control units. A router, for example, is described that includes a primary control unit and a standby control unit. The primary control unit maintains router resources to ensure operation of the router. To ensure operation, the primary control unit receives state information from the router resources and maintains the state information for consumers, i.e. router resources that require or “consume” state information. Prior to updating the consumers with the state information, the primary control unit synchronizes the state information with the standby control unit. In the event the primary control unit fails, the standby control unit assumes control of the router resources. Upon assuming control, the standby control unit resumes updating the consumers with state information without having to “relearn” state information, e.g., by way of power cycling the router resources to a known state.

Abstract: An example network device includes a control plane and a filter lookup module that includes a Bloom filter that supports parallel lookup of a maximum number of different prefix lengths. The filter lookup module accesses the Bloom filter to determine a longest length prefix that matches an entry in a set of prefixes. The control plane receives prefix lengths that include more than the maximum number of different prefix lengths supported by the Bloom filter, wherein the set of prefix lengths is associated with one application, generates, based on the received set of prefix lengths, two or more groups of different prefix lengths, wherein each of the two or more groups of different prefix lengths includes no more than the maximum number of different prefix lengths, and programs the filter lookup module with the two or more groups of different prefix lengths associated with the one application.

Abstract: An example network device includes one or more network interface cards and a control unit. The network interface cards are configured to send and receive messages with a first network operating in accordance with a first network-layer protocol and a second network operating in accordance with a second network-layer protocol and a control unit. The control unit is configured to receive a message via the one or more network interface cards, transform the message from conforming to a first transitioning protocol to conforming to a second transitioning protocol, and forward the message via the second network.

Abstract: In one embodiment, a method includes receiving a value associated with a data packet and identifying a data set based on the value. The data set is associated with a range of values and represents routing actions. The data set is a first data set from a plurality of data sets if the value is included in the range of values associated with the first data set. The data set is a default data set if the value is not included in a range of values associated with a data set from the plurality of data sets. The method includes combining the first data set with the default data set if the first data set is identified. The method includes combining the default data set with an except data set if the default data set is identified.

Abstract: A method may include authenticating a node over layer 2 in a network based on authentication rules; sending a node authentication code to the node; and providing layer 3 network access based on the node authentication code.