Abstract: A network device constructs a notification corresponding to a received multicast data unit, where the notification includes administrative data associated with the multicast data unit that does not include a payload of the multicast data unit. The network device replicates the notification at least three different processing elements at different locations in a processing path of the network device to produce multiple replicated data items and produces a copy of the multicast data unit for each of replicated notifications. The network device forwards each copy of the multicast data unit towards a multicast destination.

Abstract: A device may receive a packet, obtain data from the packet, store the data in a memory, and send a request to match a portion of the data to a set of patterns, the request identifying the portion in the memory. In addition, the device may access the portion in the memory based on the request, compare the accessed portion to the set of patterns, generate a result by comparing the accessed portion to the set of patterns, and output the result.

Abstract: An automated method for identifying confidential information may include inputting a search term based on a set of policy rules into a search engine, and causing the search engine to perform a search based on the search term. The method may also include analyzing search results obtained from the search engine against the policy rules to identify the search results containing confidential information.

Abstract: Systems and methods consistent with the present invention provide a better fragment drop heuristic that determines a per-fragment determined “remainder time” value to trigger potential drops on the whole bundle. A per-bundle drop timeout value is assumed. This value is to be configured based on differential delay considerations of the various links that constitute the bundle. The arrival time of a fragment to a reassembly algorithm triggers a remainder timer. When the reassembly algorithm instance actually processes the fragment, the “remainder time,” which is difference of a bundle drop timeout and time elapsed on the remainder timer, is used to determine whether the fragment and the other fragments of the packet should be dropped.

Abstract: A method may include receiving, at a service server, a request for services from a requesting device. The service server may identify one or more service options responsive to the request and send a list of the identified service options to the requesting device. The service server may receive a selected service option from the requesting device. The service server may collect payment information for the selected service option from the requesting device and providing accounting information to a service provider of the selected service option based on the payment information.

Abstract: A system manages cables to connect to a device provided in a device chassis. The system includes a cable management boom connected to a top portion of the device chassis, cable management shelves connected to a side portion of the device chassis, and a cable management arm connected to and supported by the cable management shelves. The cable management arm is to retain the cables, pivot through an angle to provide access to the device provided in the device chassis, and route the cables from the device to the cable management boom. The cable management boom is to gather the cables, retain the cables, and route the cables above the device chassis.

Abstract: A data processing architecture includes multiple processors connected in series between a load balancer and reorder logic. The load balancer is configured to receive data and distribute the data across the processors. Appropriate ones of the processors are configured to process the data. The reorder logic is configured to receive the data processed by the processors, reorder the data, and output the reordered data.

Abstract: A system for managing a circular buffer memory includes a number of data writers, a number of data readers, a circular buffer memory; and logic configured to form a number of counters, form a number of temporary variables from the counters, and allow the data writers and the data readers to simultaneously access locations in the circular buffer memory determined by the temporary variables.

Abstract: A method may include establishing a first Point-to-Point Protocol (PPP) session on an interface, receiving an indication of a layer one failure, omitting for a period of time, an indication that the first PPP session on the interface is down, based on the indication of the layer one failure, establishing a layer one switchover to another interface based on the indication of the layer one failure, and attempting during the period of time, to establish a second PPP session on the other interface.

Abstract: A cable modem termination system may include a number of receivers and a number of input ports configured to receive bursts of data from a number of cable modems on a number of channels. At least one receiver of the number of receivers may be configured to receive and decode bursts of data on at least one channel according to a first control signal. An input selector may be connected between the number of input ports and the number of receivers. The input selector may be configured to route bursts of data from the number of input ports to the number of receivers according to a second control signal.

Abstract: In some embodiments, an apparatus includes a first network device configured to receive, from a second network device, a first forwarding-state packet associated with a peripheral processing device and having a first generation identifier. The first network device is configured to receive, from a third network device, a second forwarding-state packet associated with the peripheral processing device and having a second generation identifier. The first network device is configured to implement forwarding-state information included in the first forwarding-state packet based on a comparison of the first generation identifier and the second generation identifier.

Abstract: A network device may operate to increase application performance over a wide area network. In one particular implementation, the network device may monitor accesses to a disk drive from entities and determine whether an entity is accessing the disk drive in a manner that causes a disproportionate amount of performance degradation. If so, the network device may throttle access to the disk drive for the entity.

Abstract: A device may include a maintenance association endpoint configured to select a maintenance association endpoint identifier, transmit the maintenance association endpoint identifier to one or more other maintenance association endpoints, and automatically assign the maintenance association endpoint identifier to the maintenance association endpoint if it is determined that the maintenance association endpoint identifier is available based on a conflict message received from one of the one more other maintenance association endpoints.

Abstract: A device provides a flow table. The device receives a data unit, determines a data flow associated with the data unit, determines whether the flow table includes an entry corresponding to the data flow, determines a current utilization of a group of output ports of the device, selects an output port, of the group of output ports, for the data flow based on the current utilization of the group of output ports when the flow table does not store an entry corresponding to the data flow, and stores the data unit in a queue associated with the selected output port.

Abstract: A network system includes an access control device and a client device. The access control device provides access to an enterprise network using a virtual private network (VPN) and provides a software update package to the client device. The client device includes an operating system that maintains a user context for a user having restricted privileges and a system context having elevated privileges. The client device further includes a user-level setup module, a system-level installation service and a user-level installation service. The setup module, system-level installation service and the user-level installation service interact to provide on-demand advertisement and installation of authorized software update packages on computing devices when needed by the user without requiring action by an administrator.

Abstract: In general, techniques are described for performing work conserving packet scheduling in network devices. For example, a network device comprising queues that store packets and a control unit may implement these techniques. The control unit stores data defining hierarchically-ordered nodes, which include leaf nodes from which one or more of the queues depend. The control unit executes first and second dequeue operations concurrently to traverse the hierarchically-ordered nodes and schedule processing of packets stored to the queues. During execution, the first dequeue operation masks at least one of the selected ones of the leaf nodes from which one of the queues depends based on scheduling data stored by the control unit. The scheduling data indicates valid child node counts in some instances. The masking occurs to exclude the node from consideration by the second dequeue operation concurrently executing with the first dequeue operation, which may preserve work in certain instances.

Abstract: A network device may include a line interface to receive and transmit data units, a memory including instructions associated with a user space and a kernel space that are executable by a processor, the user space including a first-in-first-out (FIFO) region for storing the data units and corresponding metadata, where the kernel space writes the data unit and the corresponding metadata to the FIFO region, the metadata including a next pointer that identifies a memory address for storing the next data unit in the FIFO region, a user space process determines whether to transmit or drop the data unit, the user space process being a single process, and the user space transmits the data unit from the FIFO region without involving the kernel space when the user space process issues a command.

Abstract: A network device connects between a client and a server. The network device is configured to store information regarding a capability of the server; receive a first message, from the client, intended for the server; obtain the stored information regarding the capability of the server; generate a second message that includes the information regarding the capability of the server; send the second message to the client; receive a third message from the client; and establish, based on the third message, a connection between the client and the server.

Abstract: An intermediate network device includes a local caching module that caches user information from a remote server before a local user requests the information. In particular, the local caching module securely obtains and caches one-time passwords for a local user. The local caching device maintains separate sets of one-time passwords for each user. The local caching module may access the locally cached one-time passwords to authenticate a local user to a resource protected by a one-time password.

Abstract: Communicating keys between network devices on a network using asymmetric cryptographic techniques, for which asymmetric keys may be derived from a single (same) password. Knowledge or partial knowledge of the password may be the only information shared between parties prior to execution of a key exchange, and may be the only criteria by which one party will base trust in the other. A first network device may encrypt a key using a password-based key derived from a password, and authenticate a second device based on the second network device's ability to decrypt the encrypted key using a key derived from the same password. Knowledge of the password may be conveyed by the second device to the first device—a session key may be generated as a function of the decrypted key, and a function of this session key may be communicated from the second device to the first device.