Abstract: A device includes a group of resources, where each resource is to determine a priority rank position, among the group of resources, based on which other resources of the group of resources are available. The device also includes a group of requestors of the resources, where each requestor is to determine a priority rank position, among the group of requestors, based on which other requestors are active and based on each active requestor's priority. The device also includes a processing component to receive the priority rank position from each resource and the priority rank position from each requestor; assign pairs of the resources and the requestors based on the priority rank position of each resource and the priority rank position of each requestor; and assign work to resources of the group of resources based on the pairs.

Abstract: In general, techniques are described of enabling a client-based web browser application to browse a directory structure provided by a server on a private network via a secure gateway. In particular, an intermediate gateway device is positioned on a network path between the client device and a server device. The gateway device communicates with the client device via a secure network connection (e.g., a Secure Sockets Layer connection). When the gateway device receives a resource identifier that identifies a directory structure from either the client device or the server device, the gateway device alters the resource identifier. In particular, the gateway device alters the resource identifier in such a way that when the client device transmits a request to view the directory structure identified by the resource identifier, the client device transmits a request to view the directory structure in a networking protocol that the gateway device permits to pass through the gateway device.

Abstract: Call setup signaling is performed across at least a first security zone, a second security zone, and a third security zone to set up a call. At least one gate is then established between the first security zone and the third security zone to enable traffic flow for the call between the first security zone and the third security zone.

Abstract: Methods, apparatus, and products are disclosed for forwarding frames in a computer network using shortest path bridging (‘SPB’). The network includes multiple bridges, and each edge bridge is assigned a unique service virtual local area network (‘VLAN’) identifier. One of the bridges receives a frame for transmission to a destination node. The received frame includes a service VLAN identifier for the ingress bridge through which the frame entered the network and a customer VLAN identifier. The one bridge identifies an SPB forwarding tree in dependence upon the service VLAN identifier. The SPB forwarding tree specifies a shortest route in the network from the ingress bridge through the one bridge to the other bridges in the network. The one bridge then forwards the received frame to the egress bridge without MAC-in-MAC encapsulation in dependence upon the SPB forwarding tree and the customer VLAN identifier.

Abstract: In some embodiments, an apparatus includes a flow control module configured to receive a first data packet from an output queue of a stage of a multi-stage switch at a first rate when an available capacity of the output queue crosses a first threshold. The flow control module is configured to receive a second data packet from the output queue of the stage of the multi-stage switch at a second rate when the available capacity of the output queue crosses a second threshold. The flow control module configured to send a flow control signal to an edge device of the multi-stage switch from which the first data packet or the second data packet entered the multi-stage switch.

Abstract: A method includes receiving network information for calculating weighted round-robin (WRR) weights, calculating WRR weights associated with queues based on the network information, and determining whether a highest common factor (HCF) exists in relation to the calculated WRR weights. The method further includes reducing the calculated WRR weights in accordance with the HCF, when it is determined that the HCF exists, and performing a WRR scheduling of packets, stored in the queues, based on the reduced WRR weights.

Abstract: In one embodiment, an apparatus includes a first access point within a wireless network. The first access point is configured to identify a communication device within a radio frequency (RF) range of the first access point. The first access point is also configured to request a session key associated with the communication device from a first network controller associated with the first access point in response to the communication device being identified. The first access point is further configured to receive the session key associated with the communication device from a second network controller associated with a second access point having an RF range partially overlapping the RF range of the first access point.

Abstract: A device provides an ager ring that ages entries associated with managed resource of a device, and determines whether a particular entry associated with a particular managed resource of the device is to be updated. The device also updates, when the particular entry is to be aged out in a particular time frame, the particular entry in the ager ring based on a bucket offset and a current time bucket associated with the particular entry and based on a current time, a refresh timeout, and a maximum timeout associated with the ager ring. The device further updates, when the particular entry is being aged during processing, the particular entry in the ager ring based on a new bucket, the current time bucket, and the bucket offset associated with the particular entry and based on the maximum timeout associated with the ager ring.

Abstract: A request to receive multicast data, associated with a multicast group, may be transmitted. The request may be transmitted via a tunnel. Group keys may be received in response to the request. The group keys may be based on the multicast group. An encapsulated packet may be received via another tunnel. The encapsulated packet may be processed, using the group keys, to obtain a multicast packet associated with the multicast data. The multicast packet may be forwarded to at least one multicast recipient.

Abstract: In general, techniques are described for using routing information obtained by operation of network routing protocols to dynamically generate network and cost maps for an application-layer traffic optimization (ALTO) service. For example, an ALTO server of an autonomous system (AS) receives routing information from routers of the AS by listening for routing protocol updates outputted by the routers and uses the received topology information to dynamically generate a network map of PIDs that reflects a current topology of the AS and/or of the broader network that includes the AS. Additionally, the ALTO server dynamically calculates inter-PID costs using received routing information that reflects current link metrics. The ALTO server then assembles the inter-PID costs into a cost map that the ALTO server may provide, along with the network map, to clients of the ALTO service.

Abstract: A device may include an authentication server and a server. The authentication server may receive a first form of a password from a client in accordance with an authentication protocol, and authenticate the client based on a comparison of the first form to a value derived from a second form of the password stored in a password database. The comparison fails when the first form is not comparable to a value derived from the second form. The server may establish a secure connection to the client, receive a plain-text password from the client over the secure connection, authenticate the client by comparing a value derived from the plain-text password with a value derived from the second form, and update the password database with a third form of the password that permits the authentication server to successfully authenticate the client when the authentication server receives the first form.

Abstract: A device may detect and report failure in point-to-point Ethernet links. In one implementation, the device may determine, based on a periodic timing signal, whether at least one packet was received on an incoming Ethernet link during a previous period of the periodic timing signal. The device may update an entry in a circular buffer to indicate whether the at least one packet was received during the previous period of the periodic timing signal and analyze the circular buffer to determine whether there is a signal failure on the incoming Ethernet link.

Abstract: A system establishes a virtual private network (VPN) tunnel to a destination and determines a next hop for the VPN tunnel. The system inserts the next hop, and an address associated with the destination, into an entry of a first table. The system inserts the next hop, and a tunnel identifier corresponding to the established VPN tunnel, into an entry of a second table. The system associates one or more security parameters, used to encrypt traffic sent via the VPN tunnel, with the tunnel identifier.

Abstract: A data processing system includes an input circuit, a plurality of processing paths and an output circuit. The input circuit receives blocks of data on a plurality of data streams and distributes the blocks of data to the plurality of processing paths. The plurality of processing paths receive and process the distributed blocks of data. The output circuit selectively queues and dequeues the processed blocks of data based on a determined maximum differential delay among each of the processing paths and transmits the processed blocks of data.

Abstract: Techniques are described for configuration of a multi-chassis router for managing periodic communications between the multi-chassis router and other network devices. The multi-chassis router selectively processes data received from a network by determine whether the data: (1) indicates an operational state of a network device in association with a routing protocol, or (2) conveys routing information for the routing protocol. Data conveying routing information are processed by a master routing component of the multi-chassis router, while data indicating an operational state of a network device are processed by one or more slave routing components of the multi-chassis router.

Abstract: A method for securing delivery of flash content over a network includes rewriting flash content action code capable of making a network request for flash content to redirect network communication associated with the flash content to a network device.

Abstract: A system includes an input device configured to receive a packet having a header and a packet processing device. The packet processing device is configured to examine the header, identify at least one function from a group of functions based on at least a portion of the header, where the group of functions includes an index table lookup function, a filtering function, and a longest best match lookup function, perform the identified at least one function for the packet to obtain a result, and forward the packet using the result.

Abstract: A pipeline scheduler provides a minimum bandwidth guarantee by transporting cells from an input port to an output port in a two-phased approach. Cells that conform to a minimum cell rate (MCR) are selected from queues at the input port and arranged into supercells for transport to the output port, followed by nonconforming cells, to guarantee fairness by using scheduling modules to build the supercells first for conforming cells, and then for nonconforming cells. Reservation vectors are used to permit the same time slot of the next frame to be reserved by a first queue, and the same time slot of the following time frame to be held for reservation by a second queue, to ensure equal time slot access by the first and second queues over successive time frames.

Abstract: A method and apparatus for switching a data packet between a source and destination in a network. The data packet includes a header portion and a data portion. The header portion includes routing information for the data packet. The method includes defining a data path in the router comprising a path through the router along which the data portion of the data packet travels and defining a control path comprising a path through the router along which routing information from the header portion travels. The method includes separating the data path and control path in the router such that the routing information can be separated from the data portion allowing for the separate processing of each in the router. The data portion can be stored in a global memory while routing decisions are made on the routing information in the control path.

Abstract: A computer-implemented method includes detecting an actual workload representative of a pattern of access of a plurality of items of content; comparing the actual workload against a prescriptive workload to determine an occurrence of a substantial deviation from the prescriptive workload; and upon determining the occurrence of the substantial deviation, revising the prescriptive workload based at least in part on the actual workload. The plurality of items is stored on resources of a storage environment according to one of a plurality of resource allocation arrangements. The prescriptive workload including a plurality of categories, each category being associated with a respective one of the plurality of resource allocation arrangements.