Abstract: A base station, in a mobile communication network, includes a receive component to receive, from a higher rank station in the network, a particular data unit that includes multiple data units multiplexed together; a master processor to determine that the first portion of the particular data unit is destined for the base station and that the second portion of the particular data unit is not destined for the base station, and discard the second portion of the particular data unit; and a slave processor to determine that the second portion of the particular data unit is destined for the other base station and that the first portion of the particular data unit is not destined for the other base station, and send the second portion of the particular data unit to the other base station.

Abstract: A network device seamlessly handles multicast traffic flow between virtual private networks (VPNs) and content providers located external to the VPNs. For example, the network device, such as a router, comprises an interface card and a forwarding component. The forwarding component maintains forwarding data for a public network and forwarding data for the virtual private network. The interface card receives a multicast packet from a virtual private network destined for a multicast content provider external to the virtual private network. When forwarding the multicast packet, the forwarding component bypasses the forwarding data for the public network and forwards the multicast packet to the multicast content provider in accordance with the forwarding data for the public network.

Abstract: Techniques are described that allow a network device, such as a router, to dynamically build VLAN interfaces based on subscriber information strings included within packets. In particular, the network device comprises an interface controller and a forwarding controller, where the forwarding controller receives the packet over an Ethernet port and forwards the received packet to the interface controller. The packet includes both Ethernet tagging information and a subscriber information string. The interface controller comprises an Ethernet module that dynamically builds a primary virtual local area network (VLAN) sub-interface (PVS) based on the Ethernet tagging information. The Ethernet module also dynamically builds a subscriber VLAN sub-interface (SVS) based on the subscriber information string. The SVS allows the network device to distinguish between subscribers residing on the same VLAN, and, therefore, to provide subscriber specific services.

Abstract: A network device includes a memory, a routing engine and a forwarding engine. The memory stores a forwarding table and the routing engine constructs a first composite next hop that includes multiple next hops, where each of the multiple next hops represents an action to be taken on a data unit as it transits the network device or represents another composite next hop, and where the first composite next hop specifies a function to be performed on the plurality of next hops. The routing engine further stores the composite next hop in an entry of the forwarding table. The forwarding engine retrieves the composite next hop from the forwarding table, and forwards a data unit towards one or more network destinations based on the composite next hop.

Abstract: A redundant power system determines a rate of decline of a voltage supplied by a remote power source. The redundant power system further supplies power from a redundant power source to the remote power source based on the determined rate of decline of the voltage supplied by the remote power source.

Abstract: A system aggregates connections to multiple customer devices. The system receives data, performs switching functions on the data when the data is to be transmitted in a first direction, performs routing functions on the data when the data is to be transmitted in a second direction, and transmits the data in the first or second direction.

Abstract: A system may identify a group of first links in a document, where the first links correspond to a group of objects within the document and are associated with a same identifier. The system may replace the first links in the document with second links that point to a number of different identifiers, and forward the document with the second links to a client.

Abstract: This application describes techniques for peer-agnostic socket replication to implement graceful failover. An exemplary method to enable non-stop routing includes receiving a packet with a first routing engine of a network device having the first routing engine and a second routing engine configured as a backup routing engine, replicating, before processing the packet at a transport layer, the packet to form a replicated packet, sending the replicated packet from the first routing engine to the second routing engine, receiving, at the first routing engine, an acknowledgement from the second routing engine acknowledging reception of the replicated packet, after receiving the acknowledgment, processing the packet at the transport layer of the first routing engine to extract application-layer data and assemble a routing message, and storing the application-layer data from the processed packet in a socket associated with a routing process of the first routing engine.

Abstract: Techniques are described to enable two or more layer two (L2) firewall devices to be configured as a high availability (HA) cluster in an active-active configuration. A first layer two (L2) firewall and a second L2 firewall are positioned within the same L2 network. The first L2 firewall and the second L2 firewall are concurrently configured with active virtual security devices (VSDs) within the L2 network, and concurrently apply L2 firewall services to packets within the L2 network. A VSD of one of the L2 firewalls automatically switches to an active VSD status for a VSD group in place of a VSD of another L2 firewall when the other L2 firewall fails.

Abstract: A system and method that optimizes transmission control protocol (TCP) flow control without intruding upon TCP's core algorithms. A control module relatively near a sender's local area network (LAN) automatically identifies a packet flow that has become window-limited. After the packet flow has been identified as window-limited, the control module relatively near the sender's LAN and another control module relatively near a receiver's LAN optimize the packet flow by increasing the window size indicated in the receiver's acknowledgment packet. Both control modules operate synchronously to transparently manage the packet flow between the sender and the receiver.

Abstract: Routing techniques are described that separate network topology information and management from network protocol addressing information, e.g., network prefixes, that network routers typically use during the packet forwarding process. The techniques provide separate topological identifiers to identify individual topological elements of the network, referred to as aggregates. A router within a network exchanges topological information with other routers that specifies routes for reaching destinations within a set of aggregates that represent topological elements of a network. In accordance with the topological information, the router generates forwarding information that associates the destinations with respective next hops within the network, and forwarding packets in accordance with the forwarding information.

Abstract: Systems, apparatus, methods, and computer program products for multicast access control are provided to analyze incoming data based on a source zone and a destination zone of the incoming data. Appropriate access control rules are applied to incoming data based on the results of the analysis. Additional implementations of a multicast access control include using a proxy rendezvous point operable to function as a rendezvous point in place of a physical rendezvous point.

Abstract: A retainer may include a hollow portion for holding a connector, a path for conveying the connector from outside the retainer to the hollow portion, a surface that is adjacent to the connector when the connector is held in the hollow portion, a fastener for applying a force to couple the retainer to a device, and a member that causes the surface to press the connector against a connector receiver associated with the device and to prevent the connector from being disengaged from the connector receiver.

Abstract: The label distribution protocol (LDP) is extended to set up a point to multi-point (P2MP) label switched path (LSP) across a computer network from a source network device to one or more destination network devices. LDP is extended to create a P2MP label map message containing a label and a P2MP forwarding equivalence class (FEC) element having a root node address and an identifier. The P2MP FEC element may, for example, associate an address of the root node of the P2MP LSP with an opaque identifier. The P2MP FEC element uniquely identifies the P2MP LSP. The P2MP FEC element may be advertised with a label in a P2MP label map message. A source network device or the destination network devices may initiate setup and teardown of the P2MP LSP. The P2MP label map messages may be propagated from the destination network devices to the source network device.

Abstract: In general, principles of the invention relate to techniques for detecting data plane failures in Multi-Protocol Label Switching (MPLS) Label-Switched Paths (LSPs) that may be tunneled over one or more other LSPs. More specifically, the techniques described herein allow for testing connectivity of an LSP that is tunneled through at least one other LSP, and testing connectivity of an inter-autonomous system LSP. For example, a method comprises providing, with an intermediate label-switching router (LSR) of an LSP, instructions to an ingress LSR of the LSP to modify a forwarding equivalence class (FEC) stack of MPLS echo request packets. The intermediate LSR may provide the instructions within an MPLS echo reply packet.

Abstract: The principles of the invention allow an intermediate device, such as a router, to intelligently filter redundant data streams provided by one or more hosts. In the event of a network disturbance, the router may stop filtering one of the now needed redundant data streams in a manner that may reduce the consumption of network resources, such as bandwidth, without having to modify end-user applications residing on subscriber devices. Therefore, the router acting in accordance with the principles of the invention may transparently provide data streams to subscriber devices despite the occurrence of a network disturbance that may otherwise prevent the subscriber devices from receiving the data streams.

Abstract: A router includes multiple routing engines. If the active routing engine fails, a backup one of the routing engines detects the failure and assumes the role of active routing engine. A redundancy controller circuit, connected to the multiple routing engines, facilitates the selection and switching of the routing engines. Portions of the packet forwarding engine, in addition to the routing engine, may be redundantly implemented. The active routing engine controls the selection of the redundant portion of the packet forwarding engine.

Abstract: A network device identifies an Open Shortest Path First (OSPF) link between the network device and a layer 2 network as one of a point-to-multipoint over broadcast interface or a point-to-multipoint over non-broadcast multi access (NBMA) interface, and performs database synchronization and neighbor discovery and maintenance using one of a broadcast model or a NBMA model. The network device also generates a link-state advertisement for the network device, where the link-state advertisement includes a separate link description for each point-to-point link within the layer 2 network; and sends the link-state advertisement to each fully adjacent neighbor in the layer 2 network.

Abstract: Communicating keys between network devices on a network using asymmetric cryptographic techniques, for which asymmetric keys may be derived from a single (same) password. Knowledge or partial knowledge of the password may be the only information shared between parties prior to execution of a key exchange, and may be the only criteria by which one party will base trust in the other. A first network device may encrypt a key using a password-based key derived from a password, and authenticate a second device based on the second network device's ability to decrypt the encrypted key using a key derived from the same password. Knowledge of the password may be conveyed by the second device to the first device—a session key may be generated as a function of the decrypted key, and a function of this session key may be communicated from the second device to the first device.

Abstract: A correlation database stores profiling data that describes packet flows within a network. A network device stores a set of rules for permissible packet flows within the network. The network device queries the correlation database and identifies any of the packet flows within the correlation database that are exceptions to the rules. Each of the rules may specify network elements and application-layer elements to define permissible traffic characteristics for the network.