Abstract: A network device comprises a service card (e.g., a dynamic flow capture (DFC) service card) executing a communication protocol to receive, from one or more control sources, flow capture information specifying at least one destination and criteria for matching one or more packet flows. The network device includes a network interface card to receive a packet from a network, a packet replication module to replicate the packet, and a control unit to provide the replicated packet from the interface card to the DFC service card. The network device includes a filter cache that caches flow capture information recently received from the control sources. The network device may provide real-time intercept and relaying of specified network-based communications. Moreover, the techniques described herein allow control sources to tap packet flows with little delay after specifying flow capture information, e.g., within 50 milliseconds, even under high-volume networks.

Abstract: In one aspect the invention provides a method for allocating bandwidth in a network appliance where the network appliance includes a plurality of guaranteed bandwidth buckets used to evaluate when to pass traffic through the network appliance. The method includes providing a shared bandwidth bucket associated with a plurality of the guaranteed bandwidth buckets, allocating bandwidth to the shared bandwidth bucket based on the underutilization of bandwidth in the plurality of guaranteed bandwidth buckets and sharing excess bandwidth developed from the underutilization of the guaranteed bandwidth allocated to the individual guaranteed bandwidth buckets. The step of sharing includes borrowing bandwidth from the shared bandwidth bucket by a respective guaranteed bandwidth bucket to allow traffic to pass immediately through the network appliance.

Abstract: A network device for performing redirect checking includes an input device and processing logic. The input device receives a data packet on a first one of a number of interfaces. The data packet includes source and destination addresses. The processing logic assigns an incoming interface to the data packet and generates forwarding information identifying a next hop for the data packet. The processing logic also identifies an outgoing interface based on the next hop and determines whether the incoming interface index is equal to the outgoing interface index. The processing logic also determines whether the data packet originated from a station that is part of the same subnet as the next hop. When both of these conditions are met, the processing logic generates a redirect message.

Abstract: A network device includes one or more sprayers, multiple packet processors, and one or more desprayers. The sprayers receive packets on at least one incoming packet stream and distribute the packets according to a load balancing scheme that balances the number of bytes of packet data that is given to each of the packet processors. The packet processors receive the packets from the sprayers and process the packets to determine routing information for the packets. The desprayers receive the processed packets from the packet processors and transmit the packets on at least one outgoing packet stream based on the routing information.

Abstract: A device provides an ager ring that ages entries associated with managed resource of a device, and determines whether a particular entry associated with a particular managed resource of the device is to be updated. The device also updates, when the particular entry is to be aged out in a particular time frame, the particular entry in the ager ring based on a bucket offset and a current time bucket associated with the particular entry and based on a current time, a refresh timeout, and a maximum timeout associated with the ager ring. The device further updates, when the particular entry is being aged during processing, the particular entry in the ager ring based on a new bucket, the current time bucket, and the bucket offset associated with the particular entry and based on the maximum timeout associated with the ager ring.

Abstract: In general, techniques are described for managing distributed address pools within network devices. A network device that includes a control unit and at least one interface may implement these techniques. The control unit stores data defining a network address pool shared by both the network device and another network device. The control unit includes a shared pool manager module that evaluates the data defining the network address pool to determine a block of addresses of the network address pool that is not in use by the other network device. The at least one interface transmits a request to the other network device requesting the determined block and receives a response from the other network device indicating whether one or more addresses of the requested block are available. The control unit then allocates one or more addresses from the requested block to subscriber devices based on the indication in the response.

Abstract: In some embodiments, a network management module is operatively coupled to a set of edge devices that are coupled to a set of peripheral processing devices. The network management module can receive a signal associated with a broadcast protocol from an edge device from the set of edge devices in response to that edge device being operatively coupled to a switch fabric. The network management module can provision that edge device in response to receiving the signal. The network management module can define multiple network control entities at the set of edge devices such that each network control entity from the multiple network control entities can provide forwarding-state information associated with at least one peripheral processing device from the set of peripheral processing devices to at least one remaining network control entity from the multiple network control entities using a selective protocol.

Abstract: A network device may implement packet scheduling with administrator-configurable packet scheduling policies. In one implementation, the network device includes a filter component configured to assign priority levels to data units, the priority levels defining traffic classes for the data units. The network device may also include a scheduler component configured to schedule transmission of the traffic classes based on an assignment of weights to the traffic classes using at least one bandwidth allocation policy that exhibits a bandwidth allocation profile that varies based on one or more parameters of the bandwidth allocation policy that are configurable by an administrator.

Abstract: In general, the invention is directed to techniques for breaking out mobile data traffic from a mobile service provider network to a packet data network. For example, as described herein, a breakout gateway device (BGW) receives a first service request and data traffic for a data session associated with the requested service from a mobile device in a radio access network, wherein the first service request is addressed to a serving node of a mobile core network of the mobile service provider network, and wherein the data traffic is destined for the PDN. A control packet analysis module forwards the first service request from the breakout gateway device to the serving node. A breakout module of the BGW bypasses the serving node by sending the data traffic from the breakout gateway device to the PDN on a data path from the radio access network to the PDN.

Abstract: A memory controller includes a circuit to generate a strobe signal for write operations to a DDR SDRAM. The circuit efficiently generates a glitch free strobe signal for a group of data lines. In one implementation, the memory controller includes a write data generation circuits to each transmit a data signal to the memory on a data line, the write data generation circuits being controlled by write enable signals. A write strobe generation circuit generates the strobe signal and the write enable signals, the strobe signal including a preamble window to signal the beginning of the data burst, a data transfer window, and a postamble window to signal the end of the data burst, the write strobe generation circuit generating the write enable signals a half memory cycle early and terminating the write enable signals a half memory cycle late with respect to the data signals generated by the write data generation circuits.

Abstract: A method may include detecting an event, determining whether the event correlates to a hard disk access, requesting a wake-ahead of a hard disk drive if it is determined that the event correlates to a hard disk access, weighing a performance improvement of the hard disk drive if the wake ahead request is granted against a life of the hard disk drive if the wake ahead request is not granted, and waking ahead the hard disk drive if the performance improvement outweighs the life of the hard disk drive.

Abstract: A check of a processing device is performed. A device may receive a network access request to access a network from a first processing device. A security check may be caused to be performed on the first processing device. Whether to grant the network access request to the first processing device is based on a result of the security check.

Abstract: A network device includes a main storage memory and a queue handling component. The main storage memory includes multiple memory banks which store a plurality of packets for multiple output queues. The queue handling component controls write operations to the multiple memory banks and controls read operations from the multiple memory banks, where the read operations for at least one of the multiple output queues alternates sequentially between the each of the multiple memory banks, and where the read operations and the write operations occur during a same clock period on different ones of the multiple memory banks.

Abstract: Rolling software upgrades may be employed for a network device in a modular chassis and/or virtual chassis. The network device may include memory devices to store a software upgrade package and a group of instructions, and a processor. The processors may install the software upgrade package on a backup routing engine; determine subsets of multiple line cards on which to perform a software upgrade, where ports in each of the multiple line cards are part of a link aggregation group (LAG); initiate a reboot process for each of the subsets of multiple line cards, in sequence, where the reboot process for each of the line cards results in a software upgrade without deactivating any LAG. The processors may also switch the backup routing engine and a master routing engine to create a new master routing engine and a new backup routing engine, and install the upgrade package on the new backup routing engine.

Abstract: A network device component receives traffic, determines whether the traffic is host bound traffic or non-host bound traffic, and classifies, based on a user-defined classification scheme, the traffic when the traffic is host bound traffic. The network device component also assigns, based on the classification, the classified host bound traffic to a queue associated with network device component for forwarding the classified host bound traffic to a host component of the network device.

Abstract: A reorder engine classifies information relating to incoming data items as belonging to either a first, second, or third region. The information relating to the data items may arrive at the reorder engine out of order. The data items each include a sequence number through which the reorder engine may reconstruct the correct order of the data items. Based on the classification, the reorder engine may either process the data items normally or drop certain ones of the data items. The majority of incoming data items will fall in the first region and are processed normally. Data items arriving in the second region indicate that a previous data item is late or delayed. If this previous data item is delayed but does eventually arrive, it will arrive in the third region and is simply ignored.

Abstract: Access switches in a switching system may use virtual aggregated links. When a link between an aggregation switch and an access switch fails, the link failure may be reflected in the virtual aggregated link and data traffic to another access switch may be switched away from the failed switch. A forwarding table in the access switch stores a number of entries that each define a correspondence between destination addresses and an output identifier for the switch. At least a first output identifier includes an aggregated link that represents a first set of possible output links. At least a second output identifier includes a virtual aggregated link, associated with a second network switch that represents a second set of possible output links. Destination addresses in the forwarding table for the virtual aggregated link correspond to network devices connected to the second network switch.

Abstract: A memory controller, such as a memory controller for reading data received from a DDR SDRAM memory, may detect the beginning and end of a read cycle. The memory controller may include a preamble detection circuit to receive a strobe signal and output a first control signal indicating detection of a preamble window in the strobe signal that indicates a beginning of the read cycle, where the first control signal is delayed based on a selectable delay period applied to the first control signal. The memory controller may further include a first gate to, based on the first control signal, either output the strobe signal for reading of the data lines or block the strobe signal, and the control logic to set an amount of the selectable delay period for the preamble detection circuit.

Abstract: A device may include polling logic configured to store a table of received addresses, sequentially receive sensor data from each address in the table via a serial data bus, store the sensor data in a memory, receive an address from a processor via a high speed data bus, and provide stored sensor data from the memory to the processor via a parallel data bus.

Abstract: A method includes operating in a normal mode to receive and transmit packets, where the network device is one of multiple network devices that operate as a virtual chassis, where the virtual chassis corresponds to a single logical network device, and detecting when the network device crashes. The method further includes initiating a resetting process and operating in a pass through mode, during the resetting process, where the pass through mode permits packets to be received and transmitted to the network devices of the virtual chassis.