Abstract: A packet scheduler may include logic configured to receive packet information. The packet scheduler may include logic to receive an operating parameter associated with a downstream device that operates with cell-based traffic. The packet scheduler may include logic perform a packet to cell transformation to produce an output based on the operating parameter. The packet scheduler may include logic to use the output to compensate for the downstream device.

Abstract: A network device receives traffic associated with a network of intermediate network devices and user devices, classifies the received traffic, and allocates the classified traffic to traffic queues. The network device also schedules particular queued traffic, provided in the traffic queues and bound for particular intermediate network devices, using a hybrid weighted round robin (WRR) scheduler where the hybrid WRR scheduler schedules the particular queued traffic according to one of a 1-level WRR schedule, a 1.5 level WRR schedule, or a 2-level WRR schedule. The network device further provides the particular queued traffic to the particular intermediate network devices based on the scheduling of the hybrid WRR scheduler.

Abstract: A system that processes single stream multicast data includes multiple queues, a dequeue engine, and/or a queue control engine. The queues temporarily store data. At least one of the queues stores single stream multicast data. A multicast count is associated with the single stream multicast data and corresponds to a number of destinations to which the single stream multicast data is to be sent. The dequeue engine dequeues data from the queues. If the data corresponds to the single stream multicast data, the dequeue engine examines the multicast count associated with the single stream multicast data and dequeues the single stream multicast data based on the multicast count. The queue control engine examines one of the queues to determine whether to drop data from the queue and marks the data based on a result of the determination.

Abstract: A multi-chassis router allows an administrator to distribute configuration data from a single user interface. Additionally, the multi-chassis router presents a software image consistent with that of a standalone router and uses configuration data syntax that is consistent with that of a standalone router. The multi-chassis router automatically distributes and validates relevant configuration data at each chassis within the multi-chassis router. In effect, an administrator does not need to account for the multiple chassis configuration, and an administrator familiar with the configuration data syntax for a standalone router can use that knowledge to configure the multi-chassis router.

Abstract: A method and apparatus for in-line processing a data packet while routing the packet through a router in a system transmitting data packets between a source and a destination over a network including the router. The method includes receiving the data packet and pre-processing layer header data for the data packet as the data packet is received and prior to transferring any portion of the data packet to packet memory. The data packet is thereafter stored in the packet memory. A routing through the router is determined including a next hop index describing the next connection in the network. The data packet is retrieved from the packet memory and a new layer header for the data packet is constructed from the next hop index while the data packet is being retrieved from memory. The new layer header is coupled to the data packet prior to transfer from the router.

Abstract: A network device operating in a cut-through mode receives a current packet of an unknown length and determines if there is a known length value of a previous packet in a processing cycle associated with the current packet. When there is no known length value of the previous packet, the network device applies, to the current packet, an estimated length value for the current packet. When there is a known length value of the previous packet, the network device applies, to the current packet, the known length value of the previous packet. The network device processes the current packet based on one of the estimated length value or the known length value of the previous packet.

Abstract: A device may store a first and second queue of packets, calculate an average queue size based on the number of packets in the first and second queues and discard a packet when the packet is a session creation packet and the calculated average queue size is greater than a threshold value.

Abstract: In general, the invention is directed to techniques of automated authentication of network-enabled software applications launched by a web browser. For example, an intermediate device, such as a Virtual Private Network (VPN) gateway, intercepts communications between a client device and a server. The gateway device automatically issues a temporary token to the client device when the web browser requests a resource that will result in the launch of an additional software application external to the web browser. This temporary token is only valid for a limited time and a limited number of uses. Subsequently, the gateway device uses the temporary token to authenticate the second software application, thereby avoiding passing user credentials from the web browser to the second application on the client device via an insecure persistent cookie.

Abstract: A system processes packet data received in a number of incoming streams of variable speeds. The system includes an input interface, input logic, and one or more packet processors. The input interface receives the packet data and outputs the data using a first arbitration element. The input logic includes flow control logic, a memory, and a dispatch unit. The flow control logic initiates flow control on the data output by the input interface. The memory stores the data from the input interface. The dispatch unit reads the data from the memory using a second arbitration element. The packet processor(s) process the data from the dispatch unit.

Abstract: A power system includes a switch, a capacitor and a comparator circuit. The power system receives a signal to turn off power supplied to the power system, turns off the switch that is used to supply power to the system and discharges the capacitor. The power system also compares a voltage across the discharging capacitor to a threshold voltage value, and turns on the switch to allow power to be supplied to the power system when the compared voltage across the discharging capacitor equals the threshold voltage value.

Abstract: A first-in-first-out (FIFO) queue optimized to reduce latency in dequeuing data items from the FIFO. In one implementation, a FIFO queue additionally includes buffers connected to the output of the FIFO queue and bypass logic. The buffers act as the final stages of the FIFO queue. The bypass logic causes input data items to bypass the FIFO and to go straight to the buffers when the buffers are able to receive data items and the FIFO queue is empty. In a second implementation, arbitration logic is coupled to the queue. The arbitration logic controls a multiplexer to output a predetermined number of data items from a number of final stages of the queue. In this second implementation, the arbitration logic gives higher priority to data items in later stages of the queue.

Abstract: Secure tunneled multicast transmission and reception through a network is provided. A join request may be received from a second tunnel endpoint, the join request indicating a multicast group to be joined. Group keys may be transmitted to the second tunnel endpoint, where the group keys are based at least on the multicast group. A packet received at the first tunnel endpoint may be cryptographically processed to generate an encapsulated payload. A header may be appended to the encapsulated payload to form an encapsulated packet, wherein the header includes information associated with the second tunnel endpoint. A tunnel may be established between the first tunnel endpoint and the second tunnel endpoint based on the appended header. The encapsulated packet may be transmitted through the tunnel to the second tunnel endpoint. The second tunnel endpoint may receive the encapsulated packet. Cryptographic processing of the encapsulated packet may reveal the packet having a second header.

Abstract: A provider device determines that a failure has occurred in a link or path and notifies a customer device of the failure. The notifying causes the customer device to become aware of the failure in less than one second.

Abstract: Sending priority of plural stages is statically assigned according to a quality class and an output connection, and the sending priority is dynamically changed according to a state of sending request stacking every sending priority and a state of ATM cell conversion processing of a frame, and ATM cell conversion request means for issuing an ATM cell conversion request is provided every output route, and the cell conversion processing of the frame is selected and performed in the order of higher sending priority every time one cell conversion.

Abstract: In some embodiments, a system includes a first switch fabric device, a second switch fabric device, a first access switch operatively coupled to the first switch fabric device by a first cable, and a second access switch operatively coupled to the second switch fabric device by a second cable. The second access switch is operatively coupled to the first access switch by a third cable. The first access switch is configured to send data to the first switch fabric device via the first cable. The first access switch is configured to send data to the second switch fabric device via the third cable, the second access switch, and the second cable.

Abstract: A data processing system performs any-to-any transmission of data blocks. The system receives the data blocks on incoming data streams, and load balances the data blocks across a number of processing paths. The processing paths process the data blocks causing one or more of the data blocks to become out of order relative to an order in which the data blocks were received. The system hashes the data blocks to determine a manner in which to transmit the data blocks, reorders the data blocks to restore the order in which the data blocks were received, and transmits the reordered data blocks on outgoing data streams.

Abstract: Methods, apparatus, and products for routing frames in a shortest path computer network for a multi-homed legacy bridge, wherein the network includes a plurality of bridges. At least two of the plurality of bridges operate as edge bridges through which the frames ingress and egress the network. A first edge bridge identifies a legacy bridge nickname for a legacy bridge connected to the network through the first edge bridge and a second edge bridge using active-active link aggregation. The first bridge receives a frame from the legacy bridge and determines, in dependence upon the frame's destination node address, an egress bridge nickname for a third bridge through which a destination node connects to the network. The first bridge then adds the legacy bridge nickname and the egress bridge nickname to the frame and routes the frame to the third bridge in dependence upon the egress bridge nickname.

Abstract: In one embodiment, an apparatus includes a shared memory buffer including a lead memory bank and a write multiplexing module configured to send a leading segment from a set of segments to the lead memory bank. The set of segments includes bit values from a set of variable-sized cells. The write multiplexing module further configured to send each segment from the set of segments identified as a trailing segment to a portion of the shared memory mutually exclusive from the lead memory bank.

Abstract: A network device may include logic configured to detect that an event has occurred in the network device, determine an XML document structure based on the detected event, and generate an XML document with the determined structure including information relating to the detected event.

Abstract: An integrated, multi-service network client for cellular mobile devices is described. The multi-service network client can be deployed as a single software package on cellular mobile network devices to provide integrated services including secure enterprise virtual private network (VPN) connectivity, acceleration, security management including monitored and enforced endpoint compliance, and collaboration services. Once installed on the cellular mobile device, the multi-service client integrates with an operating system of the device to provide a single entry point for user authentication for secure enterprise connectivity, endpoint security services including endpoint compliance with respect to anti-virus and spyware software, and comprehensive integrity checks.