Abstract: A network device is configured to monitor a data size of data transmitted to a particular destination during a particular time period, determine, based on the monitored data size, an average data size for the particular destination and for the particular time period, establish a data connection toward the particular destination during the particular time period, set an initial data size for the data connection based on the average data size, and transmit data on the data connection in an amount equal to the initial data size.

Abstract: Using the ALTO Service, networking applications can request through the ALTO protocol information about the underlying network topology from the ISP or Content Provider. The ALTO Service provides information such as preferences of network resources with the goal of modifying network resource consumption patterns while maintaining or improving application performance. This document describes, in one example, an ALTO server that implements enhancements to the ALTO service to enable initiating incremental updates of network and cost maps to ALTO clients upon receiving status information from a content delivery network (CDN) node.

Abstract: A system facilitates initialization of devices in a cable modem network. The system may provide downstream channels for transmitting data to the devices and upstream channels for receiving data from the devices. At least one of the upstream channels may be dedicated to providing initialization opportunities. This dedicated upstream channel(s) includes less than all of the upstream channels. The system may transmit upstream channel identifiers on the downstream channels, where each of the upstream channel identifiers identifies one of the upstream channels. The system receives initialization data on the dedicated upstream channel(s).

Abstract: This document describes techniques for continuing execution of intrusion detection software when a process exception caused by a protocol decoder is thrown during processing. In one example, a method includes receiving a packet, and processing the packet using intrusion detection software that includes a processing engine and a plurality of protocol decoders. The method also includes detecting an exception that occurs during processing of the packet, identifying a memory location associated with the exception, and determining whether the exception was caused by one of the protocol decoders based on the memory location associated with the exception. The method further includes handling the exception and continuing execution of the intrusion detection software after determining that the exception was caused by one of the protocol decoders. In some implementations, handling the exception may include determining which one of the protocol decoders caused the exception, and disabling the decoder.

Abstract: In general, the invention is directed to techniques for reducing deadlocks that may arise when performing fabric replication. For example, as described herein, a network device includes packet replicators that each comprises a plurality of resource partitions. A replication data structure for a packet received by the network device includes packet replicator nodes that are arranged hierarchically to occupy one or more levels of the replication data structure. Each of the resource partitions in each of the plurality of packet replicators is associated with a different level of the replication data structure. The packet replicators replicate the packet according to the replication data structure, and each of the packet replicators handles the packet using the one of the resource partitions of the packet replicator that is associated with the level of the replication data structure occupied by the node that corresponds to that particular packet replicator.

Abstract: A network device may include a lawful interception module, a routing module, and a multicast distribution table. The lawful interception module may receive a lawful interception request for a subscriber, may inform the routing module about the subscriber, and may provide, to the routing module, a tap interface corresponding to the subscriber. The routing module may receive a multicast join request from the subscriber, and may insert, when the multicast join request is received, the tap interface in the multicast distribution table, as a forwarding interface.

Abstract: In general, techniques are described for mapping WAN conditions to appropriate back-pressure mechanisms at the WAN edges to improve the performance of delay and/or loss-sensitive applications. In one example, a system includes a wide area network having a provider edge (PE) router to establish a Fibre Channel over Ethernet (FCoE) pseudowire over the wide area network. A Lossless Ethernet network attaches, by an attachment circuit, to the FCoE pseudowire at the PE router. A Fibre Channel Fabric connects to the Lossless Ethernet network and to a storage device that provides data for transmission over the wide area network by the FCoE pseudowire. The PE router detects a defect in the FCoE pseudowire and, in response to detecting the defect in FCoE pseudowire, injects an FCoE flow control extension into the Lossless Ethernet network by the attachment circuit.

Abstract: A cooling system includes a heat sink to absorb heat that is generated by a component of a device, where the heat sink includes a base to dissipate the heat, and a group of fins via which the heat, that is dissipated by the base, is transferred; and an inverted heat sink to receive the heat via the fins. The inverted heat sink includes another base to prevent a portion of the heat, transferred into an environment where another component is located, from causing a temperature, of the environment, to increase above a threshold; a heat pipe to transfer another portion of the heat, not transferred into the environment, to a portion of the other base; and another group of fins to receive the other portion of the heat via the portion of the other base. The inverted heat sink is also to transfer the other portion of the heat to another environment to prevent a temperature, of the component, from increasing above another threshold.

Abstract: A network device includes a memory, a routing engine and a forwarding engine. The memory stores a forwarding table and the routing engine constructs a first composite next hop that includes multiple next hops, where each of the multiple next hops represents an action to be taken on a data unit as it transits the network device or represents another composite next hop, and where the first composite next hop specifies a function to be performed on the plurality of next hops. The routing engine further stores the composite next hop in an entry of the forwarding table. The forwarding engine retrieves the composite next hop from the forwarding table, and forwards a data unit towards one or more network destinations based on the composite next hop.

Abstract: A method may include receiving a request for a lawful intercept (LI) session, where the LI session is associated with a particular priority of a set of priority levels, and determining whether a maximum quantity of LI sessions has been initiated by a network device. The method may further include initiating a new LI session based on the request, when the maximum quantity of LI sessions has not been initiated; determining whether at least one LI session exists that is associated with a lower priority than the particular priority, when the maximum quantity of LI sessions has been initiated; and terminating a particular LI session associated with a lowest priority and initiating a new LI session based on the received request, when the at least one LI session associated with the lower priority exists.

Abstract: A system determines bandwidth use by queues in a network device. To do this, the system determines an instantaneous amount of bandwidth used by each of the queues and an average amount of bandwidth used by each of the queues. The system then identifies bandwidth use by each of the queues based on the instantaneous bandwidth used and the average bandwidth used by each of the queues.

Abstract: A method for managing access to network resources by a first network device may include establishing a communication session with the first network device. The method may also include receiving information from the first network device during the communication session, the information indicating that the first network device is not in compliance with at least one security-related rule. The method may further include determining whether to modify access by the first network device to at least one of the network resources based on the received information.

Abstract: A network device establishes a logical channel with each server device of multiple server devices, where each logical channel is not shared with another server device of the multiple server devices. The network device also determines a network loopback Internet protocol (IP) address for each server device of the multiple server devices, and associates each network loopback IP address with a corresponding logical channel. The network device further receives a packet destined for a particular server device, and provides the packet to the particular server device via the logical channel associated with the particular server device.

Abstract: In one embodiment, a method includes sending a configuration signal to a virtual network switch module within a control plane of a communications network. The configuration signal is configured to define a first network rule at the virtual network switch module. The method also includes configuring a packet forwarding module such that the packet forwarding module implements a second network rule, and receiving status information from the virtual network switch module and status information from the packet forwarding module. The status information is received via the control plane.

Abstract: A method and an apparatus for rapidly resuming, at times of failures, network traffic in a connection-oriented network by using an alternative route pre-computed and stored locally in nodes along an initial route without requiring signaling of upstream nodes or a master server.

Abstract: A method and apparatus for provisioning virtual upstream channels within one physical upstream channel. Each virtual upstream channel is assigned to a group of cable modems that share certain operational parameters. New virtual upstream channels can be provisioned as needed and existing virtual upstream channels can be deleted, as needed.

Abstract: Network devices provide seamless offloading of data communications from a service provider's cellular network to an alternate access network outside of the service provider's cellular network. After a cellular mobile device has initially been authenticated by devices in the cellular network to communicate with a packet data network via the cellular network, the cellular mobile device is configured to leverage its prior authentication on the cellular network and automatically obtain credentials for use in logging onto the alternate access network, without requiring any action by a user of the cellular mobile device. After the cellular mobile device is logged on to the alternate access network, the cellular mobile device sends wireless data communications to the packet data network via the alternate access network instead of the cellular network.

Abstract: A redundant power supply may obtain a rule for increasing mean time between failures (MTBF) for a first internal power supply and a second internal power supply connected to an electronic device, apply the rule to the first and second power supplies, activate the second internal power supply based on the rule to permit the second internal power supply to provide power to the electronic device, and deactivate the first internal power supply based on the rule.

Abstract: In one embodiment, a processor-readable medium can store code representing instructions that when executed by a processor cause the processor to receive a value representing a congestion level of a receive queue and a value representing a state of a transmit queue. At least a portion of the transmit queue can be defined by a plurality of packets addressed to the receive queue. A rate value for the transmit queue can be defined based on the value representing the congestion level of the receive queue and the value representing the state of the transmit queue. The processor-readable medium can store code representing instructions that when executed by the processor cause the processor to define a suspension time value for the transmit queue based on the value representing the congestion level of the receive queue and the value representing the state of the transmit queue.

Abstract: An example network system includes a layer two (L2) device and a layer three (L3) device. The L2 device includes a control unit is configured to determine a preferred network path from a first L2 network in which the L2 device resides to an intermediate L3 network in which the L3 device resides that couples the first L2 network to a second L2 network having a second L2 device. The control unit includes a management endpoint (MEP) module. The MEP module executes an operations, administration, and management (OAM) protocol to monitor the first L2 network and output an L2 frame in accordance with the OAM protocol to the L3 device to notify the L3 device that it is within the preferred network path. A MEP module of the L3 device executes an OAM protocol that outputs L2 frames to the L2 device indicating the status of the L3 network.