Abstract: Techniques are described for setting a maximum prefix limit within a network device. A network device, for example, is described that includes an exterior routing protocol module and an interior routing protocol module. The exterior routing protocol module exports network routes to the interior routing protocol module. The network device further includes a management interface to receive a command that specifies an export limit, and a control unit that prevents the exterior routing protocol module from exporting more than the export limit of the network routes to the interior routing module.

Abstract: A memory controller, such as a memory controller for reading data received from a DDR SDRAM memory, may detect the beginning and end of a read cycle. The memory controller may include a preamble detection circuit to receive a strobe signal and output a first control signal indicating detection of a preamble window in the strobe signal that indicates a beginning of the read cycle, where the first control signal is delayed based on a selectable delay period applied to the first control signal. The memory controller may further include a first gate to, based on the first control signal, either output the strobe signal for reading of the data lines or block the strobe signal, and the control logic to set an amount of the selectable delay period for the preamble detection circuit.

Abstract: A network device keeps track of multicast replication that is occurring at a later link in the network. The device may then intelligently adjust traffic to various end-users based on the bandwidth that is to be allotted to each end-user and based on the bandwidth that is expected to be “created” at the later link in the network. In one exemplary implementation, a device includes logic to process network traffic that includes multicast streams by performing traffic shaping functions that are based on, for each of a number of subscribers, a bandwidth of each of the multicast streams that is being subscribed to by a subscriber and a bandwidth of unicast traffic to the subscriber.

Abstract: A method may include receiving a reconfiguration to a first Virtual Local Area Network (VLAN)/spanning tree table, where the first VLAN/spanning tree table has a first identifier and is associated with a region of a network; updating the first VLAN/spanning tree table to generate a second VLAN/spanning tree table based on the reconfiguration; determining a second identifier of the second VLAN/spanning tree table; and generating a list of identifiers associated with the region of the network, the list including the first identifier and the second identifier.

Abstract: A method for performing multilink communications may include applying a quality-of-service (QoS) policy to incoming traffic, where the QoS policy operates to identify a first portion and a second portion of the incoming traffic. The method may include fragmenting the first portion of the incoming traffic into a group of fragments. The method may include sequencing the group of fragments and the second portion of the incoming traffic into a sequenced flow, where the sequencing causes the second portion to be interleaved among the group of fragments so that the sequenced flow can be made available to a first link and a second link as multilink traffic, where the first link carries a first portion of the multilink traffic and the second link carries a second portion of the multilink traffic.

Abstract: A network device may include logic to establish an IP session, establish a BFD session within the established IP session, transmit BFD packets within the established BFD session, and determine that the established IP session is active based upon reception of the BFD packets. In another embodiment, the logic may also determine that an IP session is active using an inactivity timer that may also trigger transmission of BFD packets.

Abstract: A network device is described that load-balances network traffic among a set of network servers based on electrical power consumption of the network servers. The network device may measure electrical power consumption in a variety of ways, and may generate and maintain a power consumption profile for each of the network server. The power consumption profile may describe the respective server power consumption in increasing granularity. For instance, each power consumption profile may specify electrical power consumption according to watts consumed by a server per average transaction, watts consumed per transaction for a specific type of software application, watts consumed per transaction for a software application for individual network resources, and so on. Furthermore, the profiles may be maintained for individual servers or aggregated for groups or sequences of servers.

Abstract: An acceleration apparatus is adapted to operate in a direct mode and a proxy mode. In the direct mode, the acceleration apparatus decrypts data packets received from a client and forwards the decrypted data packets to a server using a communication session negotiated by the client and the server. In the proxy mode, the acceleration apparatus responds to the client on behalf of the server and forwards the decrypted data packets to the server using a communication session negotiated by the acceleration device and the server. The acceleration apparatus automatically switches from the direct mode to the proxy mode upon detection of a communication error associated with the communication session negotiated by the client and the server.

Abstract: A method, performed in a network element, for communicating packet multimedia data between a first endpoint and a second endpoint, the method comprising the machine-implemented steps of receiving an outbound multimedia data packet; determining if the outbound multimedia data packet originated from a first endpoint that is logically behind a security device; determining and storing information identifying a logical pinhole in the security device, wherein the logical pinhole is associated with expected inbound multimedia data packets directed to the first endpoint; performing an action that keeps the logical pinhole open during all of a communication session between the first endpoint and the second endpoint; and forwarding inbound multimedia data packets directed from the second endpoint to the first endpoint via the logical pinhole.

Abstract: A front-to-back cooling system allows cooling of an apparatus containing two orthogonal sets of modules. Each set of modules is independently cooled. A vertical set of modules is cooled with vertical air flow across the modules that enters from a front of the apparatus and exhausts from a back of the apparatus. A horizontal set of modules is cooled with horizontal front-to-back air flow. When the horizontal set of modules is at the front of the apparatus, a plenum extending exterior to the vertical set of modules allows exhausting horizontally flowing air to the rear of the apparatus. When the horizontal set of modules is at the rear of the apparatus, a plenum extending exterior to the vertical set of modules allows moving air from the front of the apparatus to a chamber holding the horizontal modules.

Abstract: Scheduling virtual upstream channels within one physical upstream channel is disclosed. The MAP messages of the virtual upstream channels that share the same physical upstream channel are synchronized together such that any one transmission opportunity for a given virtual upstream channel does not overlap with transmission opportunities of any other virtual channel. This includes converting all requests for transmission opportunities into a common unit and then scheduling these requests as appropriate.

Abstract: A network device switches variable length data units from a source to a destination in a network. An input port receives the variable length data unit and a divider divides the variable length data unit into uniform length data units for temporary storage in the network device. A distributed memory includes a plurality of physically separated memory banks addressable using a single virtual address space and an input switch streams the uniform length data units across the memory banks based on the virtual address space. The network device further includes an output switch for extracting the uniform length data units from the distributed memory by using addresses of the uniform length data units within the virtual address space. The output switch reassembles the uniform length data units to reconstruct the variable length data unit. An output port receives the variable length data unit and transfers the variable length data unit to the destination.

Abstract: A circuit simulation apparatus is disclosed by which, even if an STS-N frame of an abnormal length is detected by a reassembly buffer, the frame length can be compensated for while preventing an overflow of the reassembly buffer. When an STS-(N×M) frame formed by multiplexing M STS-N frames formed from different channels is cellularized into ATM cells or M different STS-N frames assembled from ATM cells are multiplexed into an STS-(N×M) frame, an ATM cell sync signal and ATM cell data from a buffer section are outputted as a frame pulse signal and frame data from a reassembly section to a circuit termination section, and frame length compensation of the frame pulse signal and the frame data is performed by the reassembly section.

Abstract: A network device may include a first memory to store a primary multicast tree state table for storing next-hop information for a multicast tree corresponding to a multicast stream; a second memory to store a secondary multicast tree, different than the primary multicast tree, state table for storing the next-hop information for the multicast tree corresponding to the multicast stream; a receiver to receive a data unit from a neighbor network device, the data unit including information regarding a next-hop in the multicast tree; and one or more processors. The one or more processors may update the primary multicast tree state table based on the information regarding the next-hop in the multicast tree, and update the secondary multicast tree state table, in response to the one or more processors updates the primary multicast tree state table, based on the information regarding the next-hop in the multicast tree.

Abstract: A redundant power supply may obtain a rule for increasing mean time between failures (MTBF) for a first internal power supply and a second internal power supply connected to an electronic device, apply the rule to the first and second power supplies, activate the second internal power supply based on the rule to permit the second internal power supply to provide power to the electronic device, and deactivate the first internal power supply based on the rule.

Abstract: An intermediate device is described that reduces the number of signaling registration requests and responses flowing across a network. For example, a load reducing device intercepts the registration requests, filters a portion of the requests, and outputs autonomous response for each filtered registration request. The load reducing device forwards an unfiltered portion of the registration requests sufficient to maintain registration of the requesting device. The autonomous responses keep a logical pinhole in a firewall in an open state so that the registering device behind the firewall can receive session initiation invitations. At the same time, filtering the portion of the requests reduces the number of requests and responses that traverse any intermediate networks between the load reducing device and an intended recipient of the request.

Abstract: When a node has to restart its control component, or a (e.g., label-switched path signaling) part of its control component, if that node can preserve its forwarding information across the restart, the effects of such restarts on label switched path(s) the include the restarting node are minimized. A node's ability to preserve forwarding information across a control component (part) restart is advertised. In the event of a restart, stale forwarding information can be used for an limited time before. The restarting node can use its forwarding information, as well as received label-path advertisements, to determine which of its labels should be associated with the path, for advertisement to its peers.

Abstract: Computer program products and methods of inspecting a log of security records in a computer network are provided. The method includes retrieving a log record, processing the log record including deriving a key to a table, determining a data value from information in the log record and adding the data value to a list of data values associated with the key if the data value is unique. One or more entries of the table are evaluated based on predetermined criteria to detect attempted security breaches.

Abstract: Principles of the invention are directed to techniques for allowing a router forwarding packets within a computer network to perform two or more forwarding tree decisions per memory access. The router may implement forwarding information in the form of a radix tree having a number of nodes, and received packets may contain keys identifying a packet destination. The router may traverse the tree by testing two or more path control bits within the key per each of the traversed nodes. The values of the path control bits in the key determine the path traversed along the tree. The router also stores intermediate bit patterns at each node and tests intermediate bits in the key to determine whether a particular node is the best match to the routing prefix contained in the key, thereby eliminating a need to backtrack up the tree.

Abstract: This disclosure describes techniques for determining whether network traffic contains one or more computer security threats. In order to determine whether a symbol stream conforms to the symbol pattern, a security device stores a full deterministic finite automaton (fDFA) that accepts streams of symbols that conform to the symbol pattern. The security device also creates a partial deterministic finite automaton (pDFA) that includes nodes that correspond to the nodes in the fDFA that have the highest visitation levels. The security device processes each symbol in the symbol stream using the pDFA until a symbol causes the pDFA to transition to a failure node or to an accepting node. If the symbol causes the pDFA to transition to the failure node, the security device processes the symbol and subsequent symbols in the symbol stream using the fDFA.