Abstract: A system processes data corresponding to multiple data streams. The system includes multiple queues that store the data, stream-to-queue logic, dequeue logic, and queue-to-stream logic. Each of the queues is assigned to one of the streams based on a predefined queue-to-stream assignment. The stream-to-queue logic identifies which of the queues has data to be processed. The dequeue logic processes data in the identified queues. The queue-to-stream logic identifies which of the streams correspond to the identified queues.

Abstract: A packet processing method for exchanging packet data through a plurality of layers is disclosed, that comprises the steps of storing the entire packet to a packet memory; and storing part of each packet of the packet data used in processes of a layer 2 processing portion and a layer 3 processing portion of the plurality of layers to a multi-port shared memory, the layer 2 processing portion and the layer 3 processing portion accessing the same memory space of the multi-port shared memory. In addition, a pipeline processing system is used so that when the layer 2 processing portion and the layer 3 processing portion access the shared memory, they do not interfere with each other.

Abstract: A network device includes multiple queues to store packets to be scheduled, and a weighted round-robin (WRR) scheduler. The WRR scheduler performs a first WRR scheduling iteration including processing of at least one packet from a particular queue of the multiple queues, identifies the particular queue as an empty queue during the performing of the first WRR scheduling iteration, identifies the particular queue as a non-empty queue after the identifying the particular queue as the empty queue, and performs a second WRR scheduling iteration including processing of only one packet of a group of packets from the particular queue of the multiple queues.

Abstract: A policy device grants access to a client device, without authenticating the client device, when the client device provides a session identifier to the policy device that was previously granted to the client device by a second policy device upon authenticating the client device by the second policy device. In one example, a policy device includes a network interface that receives a session identifier from a client device, wherein the policy device comprises an individually administered autonomous policy server, and an authorization module that grants the client device access to a network protected by the policy device based on the session identifier without authenticating the client device by the policy device. In this manner, the client device need not provide authentication information multiple times within a short time span, and the policy device can deallocate resources when a session migrates to a second policy device.

Abstract: A method performed by a Dynamic Host Configuration Protocol (DHCP) server comprising receiving a DHCP DISCOVER message from a DHCP client; generating a challenge in response to the DHCP DISCOVER message; sending the challenge to an authentication device; receiving a first challenge response from the authentication device; generating a DHCP OFFER message; sending the challenge to the DHCP client in the DHCP OFFER message; receiving a DHCP REQUEST message that includes a second challenge response from the DHCP client; comparing the first challenge response with the second challenge response; and authenticating the DHCP client when the first challenge response and the second challenge response match.

Abstract: A call admission control technique allowing flexible and reliable call admissions at an ATM switch in the case of an ATM network including both QoS-specified and QoS-unspecified virtual connections is disclosed. In the case where a QoS (Quality of Service) specified connection request occurs, an estimated bandwidth is calculated which is to be assigned to an existing QoS-unspecified traffic on the link associated with the QoS-specified connection request. A call control processor of the ATM switch determines whether the QoS-specified connection request is accepted, depending on whether a requested bandwidth is smaller than an available bandwidth that is obtained by subtracting an assigned bandwidth and the estimated bandwidth from a full bandwidth of the link.

Abstract: A method performed by network devices that includes operating in a normal mode, where the network devices form a virtual chassis that corresponds to a single logical network device; detecting when a failure within the virtual chassis occurs; executing a splitting process to form one or more new virtual chassis in correspondence to the failure; determining whether one of the one or more new virtual chassis operates as a functioning virtual chassis based on whether at least one of a set of criteria is satisfied, where the functioning virtual chassis operates according to resources configured for the virtual chassis; and operating as a nonfunctioning virtual chassis when it is determined that the one of the one or more virtual chassis does not satisfy the at least one of the set of criteria, where the nonfunctioning virtual chassis operates in a pass-through mode.

Abstract: Techniques are described in which a network device waits differing amounts of time for different network sockets before beginning processes to determine whether respective network connections from the network sockets have failed. An intermediate device may create a network socket for a network connection having a keep-alive wait time option set to a keep-alive wait time associated with a class of the network connection. If an amount of time specified by the keep-alive option of the socket passes after a last successful communication on the network connection, the socket may begin a process to determine whether the network connection has failed. If the intermediate device determines that the network connection has failed, the intermediate device may terminate the connection to free resources on the intermediate device allocated to the network connection.

Abstract: In general, this disclosure describes techniques of storing data in and retrieving data from a cache of a computing device. More specifically, techniques are described for utilizing a “perfect hash” function to implement an associative cache within a computing device. That is, the associative cache implements a fully associative map between a predetermined set of addresses and data values, employing only a single tag fetch comparison.

Abstract: Control traffic in a virtual LAN (VLAN) may be reduced. In one implementation, a network device may implement one of a plurality of redundant gateway devices in a virtual router that includes one or more other network devices, where the network device and the one or more other network devices are associated with a first address that corresponds to the virtual router. The network device may filter egress traffic to drop egress traffic that includes a particular destination address and that is at an interface of the device that is not needed to deliver control traffic.

Abstract: A device maintains, in a database, a plurality of data items, each data item of the plurality of data items being associated with a respective category. The device associates, in the database, a first counter value with each data item, the first counter value indicating a number of times the respective category has been deleted from the database at a time when the data item was stored in the database. The device associates, in the database or another database, a second counter value with the respective category, the second counter value indicating a current value for a number of times the respective category has been deleted from the database. The device selectively deletes, from the database, one or more data items of the plurality of data items from the database based on the first counter values and the second counter value.

Abstract: A device may receive a packet at a network device, and may retrieve from a table, by using information in a header of the packet as keys, records that include communication performance statistics associated with transport protocols. In addition, the device may select, based on the records, a transport protocol with an optimum communication performance statistics among the transport protocols and send the packet in accordance with the selected transport protocol from the network device.

Abstract: A device may maintain, in a database, a plurality of data items, each data item of the plurality of data items being associated with a respective category and supplemental information relating to deletion of the data item. The device may associate a group of counters with at least one of the categories and receive a deletion request corresponding to one of the group of categories, the deletion request including the supplemental information. The device may identify a counter associated with the category corresponding to the deletion request based on the supplemental information. The device may then increment the identified counters and selectively delete the data items based on values of the counters.

Abstract: A bandwidth management card includes a switch control unit and multiple ports connected to one or more line cards that are separate from the bandwidth management card. The bandwidth management card further includes at least one switch, and multiple network ports, where each of the multiple network ports is connected to a respective link to at least one external network. A first switch of the at least one switch receives instructions from the switch control unit, switches a first subset of the multiple network ports through to a first port of the multiple ports based on the received instructions, and switches a second subset of the multiple network ports through to a second port of the multiple ports based on the received first instructions.

Abstract: Improved approaches for providing secure remote access to email resources maintained on private networks are disclosed. The secure access can be provided through a public network using a standard network browser. Multiple remote users are able to gain restricted and controlled access to email on a mail server within a private network through a common access point. The solution provided by the improved approaches allow not only native access to email resources but also robust authentication approaches.

Abstract: A switch fabric for a modular router may be tested without connecting the switch fabric portion of the router to the other modular portions of the router. The switch fabric may generate test data units and insert the test data units into one or more elements of the switch fabric. The switch fabric may operate with the inserted test data units. A control component may receive data units from the switch fabric after operation of the switch fabric and analyze the received data units to determine whether the received data units correspond to the inserted test data units.

Abstract: A packet header processing engine receives a header of a packet. The received header includes a size of the packet. A maximum transfer unit size of a destination interface of the packet may be determined. The packet header processing engine determines whether the size of the packet exceeds the maximum transfer unit size of the destination interface. If the size of the packet does not exceed the maximum transfer unit size of the destination interface, the packet header processing engine generates a new header from the received header. If the size of the packet exceeds the maximum transfer unit size of the destination interface, the packet header processing engine generates a fragment header from the received header. The packet header processing engine may recycle the fragment header for further processing in addition to forming a first fragment packet from the fragment header.

Abstract: Techniques are described for centralized management of quality of service (QoS) characteristics of network data flows. A service management system maintains a database that associates access information, such as a username and password, with QoS information. A router or other network device associates a data flow with access information, and queries the service management system with the access information to obtain the QoS information. The router forwards data of the data flow in accordance with the QoS information obtained from the service management system. As the access information may be a username and password, an existing system, such as a Remote Authentication Dial-In User Service (RADIUS) system, may easily be adapted for use as the service management system. As a result, QoS information may easily be centrally managed for numerous routers or other network devices.

Abstract: A network optimization device may receive a stream of data and generate a signature for a plurality of fixed length overlapping windows of the stream of data. The device may select a predetermined number of the generated signatures for each Ln-byte segment of the data stream, wherein Ln is greater than a length of each of the windows. The network device may store the selected signatures in a bucketed hash table that includes a linked-list of entries for each bucket.

Abstract: An apparatus for remotely releasing a connector, e.g., an RJ-45 connector, is described. Embodiments of the invention allow a user to release a cable comprising a connector from a connector jack when the connector jack is difficult to reach. The invention may be particularly useful to release cables from devices comprising an array of connector jacks.