Abstract: Systems and methods are provided for analyzing policy rules defined for a subscriber and determining packet treatment in a network. Definitions are retrieved pertaining to policy rules for a subscriber. At least one policy point in a network is determined based on the retrieved definitions. The packet treatment is determined at each of the at least one policy point. The packet treatment is shown for each of the at least one policy point. Packets may be injected into the network at injection points and statistics may be collected. The statistics may be compared with results of analyzing policy rules for the subscriber.

Abstract: A method includes receiving one or more of user information, role information, or authorization information associated with a user accessing a network, selecting a traffic flow to monitor that is associated with the one or more of user information, role information, or authorization information, monitoring the traffic flow, determining whether an anomaly exists with respect to the traffic flow based on a traffic behavior pattern associated with the one or more of user information, role information, or authorization information, and performing a security response when it is determined that the anomaly exists.

Abstract: A system balances bandwidth used by a data stream. The system receives data in the data stream and partitions the data into bursts. The system then identifies whether a size of a current one of the bursts is less than a size of a maximum burst associated with the data stream and schedules an additional burst in the data stream when the current burst size is less than the maximum burst size. The system transmits the current burst and the additional burst to balance bandwidth used by the data stream.

Abstract: A plurality of network devices monitor network traffic and generate profiling data that describes packet flows within the network traffic. The network devices output communications that include the profiling data. An aggregation device receives the communications and builds a correlation database to aggregate the profiling data generated by the plurality of network devices. The profiling data may relate low-level network elements associated with the packet flows and application-layer elements extracted from application-layer communications reassembled from the packet flows.

Abstract: A network device comprises a service card (e.g., a lawful intercept (LI) service card) executing a communication protocol to receive, from one or more sources (e.g., law enforcement agents), intercept information specifying at least one destination and criteria for matching one or more packet flows. The network device further includes a network interface card to receive a packet from a network, and a control unit to provide the packet from the interface card to the LI service card. The LI service card executes a flow match detection module that, when the packet matches the criteria of the intercept information, forwards the packet to the destination specified by the intercept information. The network device may provide real-time intercept and relaying of specified network-based communications. Moreover, the techniques described herein allow LEAs to tap packet flows with little delay after specifying intercept information, e.g., within 50 milliseconds, even under high-volume networks.

Abstract: A network device bundles packet over synchronous optical network (POS) data stream and asynchronous transfer mode (ATM) data stream into a synchronous optical network (SONET) data stream. The POS data stream and the ATM data stream are virtual channels or tributaries of the SONET data stream. The SONET data stream may be transmitted over a single optical fiber.

Abstract: A system includes a first network device and a second network device. The first network device includes a group of first logical portions and is configured to detect a problem with one of the first logical portions, and transmit a message identifying the one first logical portion. The second network device includes a group of second logical portions, where the group of second logical portions corresponds to the group of first logical portions. The second network device is configured to receive the message from the first network device, and activate the one second logical portion corresponding to the one first logical portion in response to receiving the message.

Abstract: A chassis may include a front section that contains a first electronic circuit board oriented in a first plane, a rear section that contains a second electronic circuit board oriented in a second plane, where the first plane and the second plane are substantially orthogonal, a midplane dividing the front and the rear sections, and a fan tray assembly including a plurality of fans to cool both the first electronic circuit board of the front section and the second electronic circuit board of the rear section.

Abstract: A network device includes a primary control unit that establishes a network tunnel with another network device. The network device applies a silent failover technique to failover from the primary control unit to a backup control unit while maintaining the network tunnel. The network tunnel may be, for example, a Layer 2 Tunneling Protocol (L2TP) tunnel, and the network device may be an L2TP Access Concentrator (LAC) or an L2TP Network Server (LNS). The techniques may prevent abnormal termination of the network tunnel during the failover. Once the failover from the primary control unit to the backup control unit is complete, the backup control unit synchronizes sequence numbers associated with the network tunnel with sequence numbers of the non-failed network device, and resolves inconsistencies between subscriber session databases of the backup control unit and the non-failed network device.

Abstract: Techniques are described that allow a network device, such as a router, to forward data packets received from a subscriber device to an Ethernet virtual local area network (VLAN) interface within the network device where the VLAN interface has been dynamically built based on a subscriber information string. For example, a primary VLAN sub-interface (PVS) and a subscriber VLAN sub-interface (SVS) may each be dynamically built over a statically built VLAN major interface. In particular, the network device comprises a forwarding controller, where the forwarding controller receives a data packet over an Ethernet port. The network device accesses upper-layer protocol information within the data packet to determine an SVS within the network device to which to forward the data packet based on the upper-layer protocol information.

Abstract: A correlation database stores profiling data that describes packet flows within a network. A network device presents a user interface by which a user defines a database trigger to detect database operations that change to the profiling data stored within the correlation database. The network device may maintain a log to record the detected database operations. The database trigger may specify a combination of low-level network elements associated with the packet flows and application-layer elements extracted from application-layer communications reassembled from the packet flows.

Abstract: A system comprises a plurality of processing modules, one of which is designated to be the primary processing module and the others are designated to be secondary processing modules. During operation, state is maintained in the primary processing module and at least one of the secondary processing modules. A switchover controller causes outputs from the secondary modules to be discarded. When the switchover controller receives an indication that the primary processing module has failed, it designates one of the secondary processing modules to be the primary processing module. Because the newly designated primary processing module already has current state information at switchover, the module is able to operate with minimal delay.

Abstract: Ordering logic ensures that data items being processed by a number of parallel processing units are unloaded from the processing units in the original per-flow order that the data items were loaded into the parallel processing units. The ordering logic includes a pointer memory, a tail vector, and a head vector. Through these three elements, the ordering logic keeps track of a number of “virtual queues” corresponding to the data flows. A round robin arbiter unloads data items from the processing units only when a data item is at the head of its virtual queue.

Abstract: Identifiers are assigned to devices communicating via a number of virtual channels. If additional identifiers are needed, one or more new virtual channels are created and the identifiers are reused for the new virtual channel.

Abstract: An automated method for identifying confidential information may include inputting a search term based on a set of policy rules into a search engine, and causing the search engine to perform a search based on the search term. The method may also include analyzing search results obtained from the search engine against the policy rules to identify the search results containing confidential information.

Abstract: A method and apparatus for in-line processing a data packet while routing the packet through a router in a system transmitting data packets between a source and a destination over a network including the router. The method includes receiving the data packet and pre-processing layer header data for the data packet as the data packet is received and prior to transferring any portion of the data packet to packet memory. The data packet is thereafter stored in the packet memory. A routing through the router is determined including a next hop index describing the next connection in the network. The data packet is retrieved from the packet memory and a new layer header for the data packet is constructed from the next hop index while the data packet is being retrieved from memory. The new layer header is coupled to the data packet prior to transfer from the router.

Abstract: A data processing unit includes a chassis configured to contain a line card. The chassis defines, at least in part, a portion of a first flow pathway and a portion of a second flow pathway. The chassis is configured such that a first portion of a gas can flow within the first flow pathway between an intake region and the first end portion of the line card such that the first portion of the gas flows across a first end portion of the line card in a first direction. The chassis is configured such that a second portion of the gas can flow within the second flow pathway between the intake region and a second end portion of the line card such that the second portion of the gas flows across the second end portion of the line card in a second direction opposite the first direction.

Abstract: State information is synchronized between a plurality of routing engines in a multi-chassis router according to a synchronization gradient. An example multi-chassis router is described that includes a primary routing engine and a standby routing engine in each chassis. According to the synchronization gradient, the primary routing engine of a control node updates state information on the standby routing engine of the control node prior to updating the primary routing engines of the other chassis. The primary routing engines of the other chassis update state information in respective standby routing engines prior to updating state information in consumers. If a primary routing engine fails, the corresponding standby routing engine assumes control of the primary routing engine's duties. Upon assuming control, a standby routing engine resumes updating state information without having to resend state information or interrupt packet forwarding.

Abstract: Forwarding liveness, such as the ability of an interface to send and receive packets and forwarding capabilities of the interface, is determined. The determined forwarding liveness may be sent in a single message, allowing forwarding liveness information to be sent more frequently which permits fast detection of failures. The message may also include aggregating liveness information for multiple protocols.

Abstract: Principles of the invention are described for providing virtual private local area network service (VPLS) multicast instances across a public network by utilizing multicast trees. In particular, the VPLS multicast instances transport layer two (L2) multicast traffic, such as Ethernet packets, between customer networks via the public network. The principles described herein enable VPLS multicast instances to handle high bandwidth multicast traffic. The principles also reduce the state and the overhead of maintaining the state in the network by removing the need to perform snooping between routers within the network.