Abstract: A front-to-back cooling system allows cooling of an apparatus containing two orthogonal sets of modules. Each set of modules is independently cooled. A vertical set of modules is cooled with vertical air flow across the modules that enters from a front of the apparatus and exhausts from a back of the apparatus. A horizontal set of modules is cooled with horizontal front-to-back air flow. When the horizontal set of modules is at the front of the apparatus, a plenum extending exterior to the vertical set of modules allows exhausting horizontally flowing air to the rear of the apparatus. When the horizontal set of modules is at the rear of the apparatus, a plenum extending exterior to the vertical set of modules allows moving air from the front of the apparatus to a chamber holding the horizontal modules.

Abstract: The disclosure is directed to techniques for automatically establishing an inter-autonomous system (AS) virtual private local area network service (VPLS) across a first AS and a second AS with improved scaling of pseudowires (PWs) between the first AS and the second AS. The techniques include extending the control plane of a border device to include a location table that records AS location information for the network devices that belong to the inter-AS VPLS. The techniques also include updating a medium access control (MAC) table in the data plane of the border device based on the location table to maintain a scalable number of PWs between the first AS and the second AS for the inter-AS VPLS. In some cases, the techniques may be used by border devices in both a first AS and a second AS to signal a single PW between the first AS and the second AS.

Abstract: A system establishes a virtual private network (VPN) tunnel to a destination and determines a next hop for the VPN tunnel. The system inserts the next hop, and an address associated with the destination, into an entry of a first table. The system inserts the next hop, and a tunnel identifier corresponding to the established VPN tunnel, into an entry of a second table. The system associates one or more security parameters, used to encrypt traffic sent via the VPN tunnel, with the tunnel identifier.

Abstract: An enhanced, flooding-based routing protocol is described that provides burst-rate and average-rate flow control. A routing device comprises a network interfaces configured to send and receive packets over a layer-two (L2) communication medium. A flooding-based link state routing protocol executes on a processor of the routing device to maintain network topology information for a network and establish an adjacency with a peer router over the layer-two (L2) communication medium. A database of the routing device stores a minimum packet interval and a credit specified by the peer router for the adjacency. When sufficient credit has been allocated to the L2 communication medium, a scheduler of the router dequeues link state messages from an outbound packet queue and floods each of the link state messages to the L2 communication medium while maintaining at least the specified minimum packet interval between each of the plurality of link state messages.

Abstract: A multi-chassis network device includes a plurality of nodes that operate as a single device within the network and a switch fabric that forwards data plane packets between the plurality of nodes. The switch fabric includes a set of multiplexed optical interconnects coupling the nodes. For example, a multi-chassis router includes a plurality of routing nodes that operate as a single router within a network and a switch fabric that forwards packets between the plurality of routing nodes. The switch fabric includes at least one multiplexed optical interconnect coupling the routing nodes. The nodes of the multi-chassis router may direct portions of the optical signal over the multiplexed optical interconnect to different each other using wave-division multiplexing.

Abstract: An enhanced, flooding-based link state routing protocol is described that provides pruning of link state data and, when needed, rate-controlled refresh of the pruned link state data from other routers of the flooding domain. A routing device comprises a network interface to send and receive packets over a layer-two (L2) communication medium. The routing device includes a control unit coupled to the network interface, and a flooding-based link state routing protocol executing on a processor of the control unit. The link-state routing protocol establishes an adjacency with a peer router. A database of the routing device includes entries that store a plurality of link state messages for a flooding domain of the link state routing protocol, wherein at least one of the entries in the database stores a partial link state message having a header portion and a payload having pruned link state data.

Abstract: A label switching router (LSR) is described that spoof checks Multi-protocol Label Switching (MPLS) packets to prevent malicious or inadvertent injection of MPLS packets within a label switched path (LSP). The LSR ensures that MPLS packets received from an upstream label switching router (LSR) contain labels that were advertised to that upstream LSR. A software module associated with a signaling protocol, such as the Resource Reservation Protocol (RSVP), the Label Distribution Protocol (LDP), or the Border Gateway Protocol (BGP), is extended to utilize an MPLS forwarding table, and MPLS interface table, and a remote autonomous system table. A set of interfaces for which the label was advertised may be checked to determine whether an interface on which a packet was received is contained in the set of interfaces. The MPLS forwarding table may contain a spoof-check field used to specify one of several different types of spoof checks and to specify the set of interfaces.

Abstract: Principles of the invention are described for providing multicast virtual private networks (MVPNs) across a public network that are capable of carrying high-bandwidth multicast traffic with increased scalability. In particular, the MVPNs may transport layer three (L3) multicast traffic, such as Internet Protocol (IP) packets, between remote sites via the public network. The principles described herein may reduce the overhead of protocol independent multicast (PIM) neighbor adjacencies and customer control information maintained for MVPNs. The principles may also reduce the state and the overhead of maintaining the state in the network by removing the need to maintain at least one dedicated multicast tree per each MVPN.

Abstract: A front-to-back cooling system allows cooling of an apparatus containing two orthogonal sets of modules. Each set of modules is independently cooled. A vertical set of modules is cooled with vertical air flow across the modules that enters from a front of the apparatus and exhausts from a back of the apparatus. A horizontal set of modules is cooled with horizontal front-to-back air flow. When the horizontal set of modules is at the front of the apparatus, a plenum extending exterior to the vertical set of modules allows exhausting horizontally flowing air to the rear of the apparatus. When the horizontal set of modules is at the rear of the apparatus, a plenum extending exterior to the vertical set of modules allows moving air from the front of the apparatus to a chamber holding the horizontal modules.

Abstract: A virtual device includes multiple devices connected to operate as a single device. A first one of the devices is configured to determine that the first device connects to a second one of the devices via a first link; identify a second link; determine that the second link connects the first device to the second device; and automatically aggregate the first link and the second link to form a link aggregation with the second device based on determining that the first device connects to the second device via both the first and second links. The first device is further configured to transmit packets to the second device via the first and second links of the link aggregation.

Abstract: A network device includes a group of interfaces. Each interface is associated with at least one other interface of the group of interfaces and a group of network addresses. Each interface is configured to monitor at least one of the group of network addresses with which the each interface is associated or the at least one other interface with which the each interface is associated, and determine whether to logically shut down based on the monitoring.

Abstract: Intermediate network devices, such as routers, are configured to discover a maximum transmission unit (MTU) for a path between two network endpoints by removing data from packets when the packet size exceeds a link MTU to a next hop. An example intermediate network device includes a forwarding engine to determine an interface card through which to forward a received packet and to determine a link MTU for a link corresponding to the interface card, wherein the received packet comprises a header and a payload, the header indicating not to fragment the packet, and a PMTU determination module to determine whether a size of the received packet exceeds the link MTU, and to remove a portion of data from the payload of the packet, discard the removed portion, and adjust the header of the packet according to the removed portion when the size of the received packet exceeds the link MTU.

Abstract: The invention is directed towards techniques for forwarding subscriber frames through a Multi-Protocol Label Switching (MPLS) aggregation network using MPLS labels. Layer two (L2) network devices, such as access nodes, of a service provider (SP) network implement MPLS functionality in the data plane, but do not implement an MPLS signaling protocol in the control plane. The L2 network devices include an interface for configuring a static pool of labels applied in the data plane of the L2 network device to output MPLS communications to the MPLS network. The access nodes may be configured by an administrator to maintain static pools of subscriber labels and MPLS labels. The access nodes autonomously allocate the subscriber labels to subscriber devices that request broadband services from a Broadband Services Router (BSR), and distribute the subscriber labels and MPLS labels as upstream assigned labels.

Abstract: A network node that includes a memory to store a multicast forwarding table that contains entries that govern how multicast traffic is to be forwarded from a multicast virtual local area network (MVLAN) associated with the network node, to receiver VLANs associated with the network node, where each entry includes a multicast group, that is associated with a group of ports on the multicast VLAN via which the multicast traffic is received, and information associated with the receiver VLANs to which the received multicast traffic is to be sent.

Abstract: A method may include receiving, in a first server from a second server, a request for a service of a network by a device; sending, from the first server to the second server, a response to the request for the service to permit access to the service; and sending state information about the response to a third server for storage in a database.

Abstract: A network device includes at least one input interface, at least one processing path and at least one output interface. The at least one input interface receives data blocks from a plurality of streams in a first order. The at least one processing path processes each of the data blocks, the processing including performing one or more route look-ups for each of the data blocks. The at least one output interface re-orders the data blocks based on a number of the one or more route look-ups associated with each of the data blocks.

Abstract: Network traffic associated with a user is lawfully intercepted by mirroring data packets flowing to and from the user for which interception has been designated. A unique packet structure enables analysis of mirrored data packets of any network type. In one implementation, a packet structure comprises routable packets that encapsulate the mirrored packet stream. The routable packet structure may be formed by prepending a correlation header to each mirrored packet. The correlation header includes a routing header to allow the mirrored packets to be transportable across the public Internet. In addition, an intercept header may be embedded within the correlation header to easily support various analyzer-specific implementations. The intercept header may include a version field that is extensible for the various analyzer implementations.

Abstract: A method may include generating a request that includes a host domain associated with a multiple-domain-to-one domain mapping, capturing the request before transmission of the request, rewriting the host domain, and transmitting the request.

Abstract: Techniques are described for testing connectivity to unnumbered interfaces of a target device. For example, a software utility and protocol are described that allows an administrator to specify a logical offset that may be internally resolved by the target device to one of a plurality of unnumbered interfaces during the test. Similarly, the administrator may specify an offset that may be internally resolved by the source device to one of a plurality of unnumbered interfaces from which the connectivity test is to originate. The source device may send enhanced request packets and receive enhanced reply packets specifying the source unnumbered interface and the destination unnumbered interface between which connectivity is to be tested. In this manner, an administrator may test for connectivity of particular interfaces even where internet protocol (IP) addresses or other identifiers for the interfaces are not externally known.

Abstract: Techniques are described by which an IP telephone system leverages the digital signal processing functions of end-user IP telephones by distributing signal processing tasks typically carried out by a centralized IP-PBX. The end-user IP telephones publicize their signal processing capabilities and availabilities to an IP-PBX, which maintains a resource capability mapping of the IP telephones. When the IP-PBX receive a bitstream for a communication session involving IP telephones and/or legacy phones of the IP telephone system, the IP-PBX determines the signal processing requirements for the bitstream, selects an available, capable IP telephone to perform the requirements, and distributes the bitstream to the selected IP telephone. The IP telephone performs the requisite signal processing and returns the processed bitstream to the IP-PBX, which forwards the processed bitstream to the destination endpoint for the communication session.