Abstract: A service deployment device responds to events originating internally or in a network using a set of condition/action rules. The condition/action rules are defined in terms of business-level information. A rules engine in the service deployment device translates the network events to business information and uses a forward-chaining algorithm to evaluate conditions associated with the rules. Based on the evaluation, the service deployment device enables actions associated with the rules. An enterprise using the service deployment device uses the condition/action rules to deploy business policies in the network.

Abstract: A network device for processing data packets includes an encryption services module, a number of network interfaces and a forwarding module. A network interface receives a packet requiring encryption services and forwards the packet. The forwarding module receives at least a portion of the data packet, where the portion includes header information. The forwarding module identifies a security association for the data packet, appends the security association to the portion of the data packet and forwards the portion of the data packet including the security association to the encryption services module. The encryption services module processes the packet in accordance with the security association.

Abstract: In one embodiment, an apparatus can include a policy vector module configured to retrieve a compressed policy vector based on a portion of a data packet received at a multi-stage switch. The apparatus can also include a decompression module configured to receive the compressed policy vector and configured to define a decompressed policy vector based on the compressed policy vector. The decompressed policy vector can define a combination of bit values associated with a policy.

Abstract: A secure socket layer virtual private network (SSL VPN) network appliance includes a set of virtual systems having respective context information. Each of the virtual systems represents a VPN for a different subscriber network. The network appliance includes a network interface to receive a first network communication associated with a first one of the virtual systems. In response to the network communication, the SSL VPN network appliance sets a context identifier that identifies the first one of the virtual systems. The network appliance further comprises a set of VPN software processes executing on the network appliance to process the first network communication, wherein the set of VPN software processes generate data access requests. A configuration access application programming interface (API) dynamically directs the data access requests from the VPN software processes to the first one of the virtual systems based on the context identifier.

Abstract: A method for performing multilink communications may include applying a quality-of-service (QoS) policy to incoming traffic, where the QoS policy operates to identify a first portion and a second portion of the incoming traffic. The method may include fragmenting the first portion of the incoming traffic into a group of fragments. The method may include sequencing the group of fragments and the second portion of the incoming traffic into a sequenced flow, where the sequencing causes the second portion to be interleaved among the group of fragments so that the sequenced flow can be made available to a first link and a second link as multilink traffic, where the first link carries a first portion of the multilink traffic and the second link carries a second portion of the multilink traffic.

Abstract: An ATM switch allowing simplified OAM processing only on the line incoming side is disclosed. An incoming line circuit has a header conversion table storing information indicating whether the system is an end point of an OAM processing flow for each connection and an OAM table storing an AIS flag and an RDI flag for each connection. As for an OAM cell found by referring to these tables to be forced to go back to its own port, an switch output port number is rewritten in the OAM function section. In addition, in the case of an AIS cell, the function type is rewritten so as to become an RDI cell. In the case of an LB cell, the LB indication is rewritten so as to become a return LB cell, and switching to its own port is conducted in the ATM switch core.

Abstract: A method may include receiving a reconfiguration to a first Virtual Local Area Network (VLAN)/spanning tree table, where the first VLAN/spanning tree table has a first identifier and is associated with a region of a network; updating the first VLAN/spanning tree table to generate a second VLAN/spanning tree table based on the reconfiguration; determining a second identifier of the second VLAN/spanning tree table; and generating a list of identifiers associated with the region of the network, the list including the first identifier and the second identifier.

Abstract: A cable modem termination system measures signal qualities of upstream transmissions associated with one or more cable modems. The system monitors the measured upstream signal qualities, and selectively commands at least one of the one or more cable modems to switch between upstream channels based on the signal quality monitoring.

Abstract: The invention is directed to techniques for failsafe management of periodic communications between network devices. A first network device, for example, establishes with a second network device a first response interval by which the first device responds to a message received from the second device. Prior to commencing a software upgrade, the first device determines whether the event requires an interval of time during which the first device cannot respond to the message within the established first response interval. Based on the determination and prior to commencing the upgrade, the first device establishes with the second device a second response interval that equals or exceeds the first response interval. Upon completion of the event, the first device establishes with the second device a third response interval. The first network device therefore may automatically adjust response intervals to accommodate upgrades that may cause unnecessary thrashing.

Abstract: A system for determining the burst start timing of a signal includes logic configured to receive the signal, generate correlation moduli and generate a first timing output based on the correlation moduli. The logic may also be configured to receive operating mode information and timing information and generate search controls. The logic may further be configured to identify a maximum of the correlation moduli using the search controls and determine a second timing output associated with the maximum correlation modulus. The second timing output represents a more accurate approximation of a burst start time than the first timing output.

Abstract: Principles of the invention are described for providing multicast virtual private networks (MVPNs) across a public network that are capable of carrying high-bandwidth multicast traffic with increased scalability. In particular, the MVPNs may transport layer three (L3) multicast traffic, such as Internet Protocol (IP) packets, between remote sites via the public network. The principles described herein may reduce the overhead of protocol independent multicast (PIM) neighbor adjacencies and customer control information maintained for MVPNs. The principles may also reduce the state and the overhead of maintaining the state in the network by removing the need to maintain at least one dedicated multicast tree per each MVPN.

Abstract: Improved approaches for providing secure access to resources maintained on private networks are disclosed. The secure access can be provided through a public network using client software of client-server software and/or with file system software. Multiple remote users are able to gain restricted and controlled access to at least portions of a private network through a common access point, such as an intermediate server of the remote network.

Abstract: A system processes data units in a network. The system receives a data unit that includes a group of headers and suppresses one or more of the headers to form a reduced data unit. The system suppresses one or more other headers of the reduced data unit to form a further reduced data unit and transmits the further reduced data unit to one or more destination devices using the program identifier (PID) field in the MPEG header as an index to suppressed headers.

Abstract: A transmission source bridge collects packets sent from nodes connected to a serial bus in accordance the IEEE1394 Standards, into one packet in an order they are to be transmitted and then sends them onto an ATM network, so that a transmission destination bridge receives this packet and divides it into a plurality of smaller packets and transfers them, in the order they were sent, to nodes connected to the serial bus in accordance with the IEEE1394 Standards.

Abstract: A device may include two or more line interfaces. One of the line interfaces may include a component to buffer a packet that is received at the line interface, perform a lookup of information related to selecting a flow based on a header of the packet, apply a symmetric hash function to addresses in the header to obtain a hash when the information related to selecting the flow indicates the flow is to be selected based on a random method, compare the hash to a particular number using the information related to selecting the flow, the particular number being same for the line interfaces, sample a flow when the hash matches the particular number, create a flow record for the flow, and sample packets based on the flow record.

Abstract: A cable modem termination system that connects to cable modems includes a scheduler and a system manager. The scheduler schedules transmission opportunities for the cable modems and operates in multiple fragmentation modes. The scheduling of transmission opportunities by the scheduler differs among the fragmentation modes. The system manager compares one or more processing parameters associated with the cable modem termination system to one or more thresholds and causes the scheduler to transition among the fragmentation modes based on a result of the comparison.

Abstract: Techniques for modifying a script portion of markup language documents are described. By modifying the script portion of markup language documents, access to resources residing on remote servers through an intermediate server is facilitated. The script portions can be modified at the intermediate server, client devices, or both.

Abstract: A high temperature testing system for an electronic device may include a testing chamber in which the temperature of ambient air in the testing chamber may be maintained at a desired testing temperature and the surface temperature of the electronic device may be maintained at a second desired testing temperature, where the ambient air temperature and the surface temperature of the electronic device may be set to be equal to one another. In one implementation, a system may control operation of a fan based on the surface temperature of the electronic device. The system may further include a testing apparatus that includes a heat exchanger connected to an inlet hose such that blown air is passed over the heat exchanger to cool the heat exchanger. A temperature sensor may be attached to the heat exchanger and may generate the temperature signal.

Abstract: A memory controller, such as a memory controller for reading data received from a DDR SDRAM memory, may detect the beginning and end of a read cycle. The memory controller may include a preamble detection circuit to receive a strobe signal and output a first control signal indicating detection of a preamble window in the strobe signal that indicates a beginning of the read cycle, where the first control signal is delayed based on a selectable delay period applied to the first control signal. The memory controller may further include a first gate to, based on the first control signal, either output the strobe signal for reading of the data lines or block the strobe signal, and the control logic to set an amount of the selectable delay period for the preamble detection circuit.

Abstract: An asynchronous transfer mode (ATM) connection band control system, in an ATM network, may include a first memory, a second, different memory, and a connection-setting control portion. The first memory may store, in a buffer control memory, band acquiring data of a connection, the first memory preliminarily acquiring a connection band for the connection, irrespective of the connection being a switched virtual connection (SVC) or a permanent virtual connection (PVC). The second, different memory may store acquired band data of a currently established connection, irrespective of the currently established connection being a PVC or an SVC. The connection-setting control portion may control a setting of the currently established connection, where a band for the currently established connection, irrespective of the currently established connection being a PVC or an SVC, is preliminarily set as the band acquiring data.