Abstract: A group poll mechanism (GPM) that schedules upstream bandwidth for cable modems by pointing a request opportunity normally reserved for a single service flow to more than one service flow. Essentially, instead of using the seldom-used poll requests one per service flow, this same request opportunity is pointed to multiple service flows. In such kind of a scheme the GPM gives the same mini-slot to multiple service flows. The GPM implements the use of place-holder SIDs and novel mapping of information elements in MAP messages.

Abstract: Methods and apparatuses for inspecting packets are provided. A primary security system may be configured for processing packets. The primary security system may be operable to maintain flow information for a group of devices to facilitate processing of the packets. A secondary security system may be designated for processing packets upon a failover event. Flow records may be shared from the primary security system with the secondary security system.

Abstract: A packet switching system capable of ensuring the sequence and continuity of packets and further compensating for delays in transmission is disclosed. Each of two redundant switch sections has a high-priority queue and a low-priority queue for each of output ports. A high-priority output selector selects one of two high-priority queues corresponding to respective ones of the two switch sections to store an output of the selected one into a high-priority output queue. A low-priority output selector selects one of two low-priority queues corresponding to respective ones of the two switch sections to store an output of the selected one into a low-priority output queue. The high-priority and low-priority output selectors are controlled depending on a system switching signal and a packet storing status of each of the high-priority and low-priority queues.

Abstract: A transmission source bridge collects packets sent from nodes connected to a serial bus in accordance the IEEE1394 Standards, into one packet in an order they are to be transmitted and then sends them onto an ATM network, so that a transmission destination bridge receives this packet and divides it into a plurality of smaller packets and transfers them, in the order they were sent, to nodes connected to the serial bus in accordance with the IEEE1394 Standards.

Abstract: A method and device for in-line processing a data packet is provided. The data packet is received at a first buffer. The data packet is divided into a number of cells that are stored in a first queue. For each cell, a cell state code is stored that indicates an address of the corresponding cell in the first queue and an indication of a sequence order of the cell within the data packet.

Abstract: A method for providing multiple media access control (MAC) addresses in a device of a master/slave system may include providing a first MAC address in a MAC address storage of the device. The method may also include providing a second MAC address in a multicast table entry of a multicast hash filter of the device.

Abstract: Techniques are described in which intermediate policy information is used to translate policy information between forwarding domains. For example, a network device comprises a control unit that associates intermediate policy information, such as intermediate CoS information, with a packet. The network device utilizes the intermediate CoS information to indirectly map first class of service (CoS) information that conforms with a first protocol to second CoS information that conforms to a second protocol. The network device may, for example, apply a first policy to map the first CoS information to the intermediate CoS information and a second policy to map the intermediate CoS information to the second CoS information.

Abstract: A method performed by a device includes receiving a first Hyper-Text Transfer Protocol (HTTP) packet, creating a first session based on the HTTP packet, and creating a session cache entry for the first session. The method also includes receiving a second HTTP packet, performing a session cache lookup to identify a match of the second HTTP packet with the session cache entry, and creating a second HTTP session based on the match of the second HTTP packet with the session cache entry.

Abstract: A packet switching equipment and a switch control system employing the same performs operation of the switch core portion independent of content of decision of an arbiter portion and overall equipment can be constructed with simple control structure. The packet switching equipment includes input buffer portions temporarily storing packets arriving to the input ports and outputting packets with adding labels indicative of destination port numbers, a switch core portion for switching the packets on the basis of labels added to the input buffer portions, and an arbiter portion adjusting input buffer portions to provide output permissions for outputting to the output ports. A sorting network autonomously sorting and concentrating the packets on the basis of the labels added to the packets is employed in the switch core portion.

Abstract: A network device connects between a client and a server. The network device is configured to store information regarding an application operating on the server; receive a first message, from the client, intended for the server; generate a second message in response to the first message; send the second message to the client; receive a third message from the client; generate, based on the information regarding the application on the server, a fourth message, that includes the information regarding the application operating on the server; send the fourth message to the client; receive a service request from the client in response to the fourth message; and establish, based on the service request, a connection between the client and the server.

Abstract: A system allocates resources in a network. The system receives an allocation request for a first flow and a second flow from an application and identifies the application based on the allocation request. The system schedules resources for the first flow based on the identification of the application and the second flow.

Abstract: A server includes first logic to receive a message identifying a subscriber device and including information relating to content requested by the subscriber device; and second logic to determine whether adequate network resources exist for providing the requested content to the subscriber device, and to reserve the network resources when adequate network resources are determined to exist.

Abstract: A pipeline scheduler provides a minimum bandwidth guarantee by transporting cells from an input port to an output port in a two-phased approach. Cells that conform to a minimum cell rate (MCR) are selected from queues at the input port and arranged into supercells for transport to the output port, followed by nonconforming cells, to guarantee fairness by using scheduling modules to build the supercells first for conforming cells, and then for nonconforming cells. Reservation vectors are used to permit the same time slot of the next frame to be reserved by a first queue, and the same time slot of the following time frame to be held for reservation by a second queue, to ensure equal time slot access by the first and second queues over successive time frames.

Abstract: A network device is capable of recognizing and blocking network attacks associated with packet flows regardless of whether the packet flows are encapsulated within network tunnels. For example, the network device includes a filter module that receives packets associated with a network tunnel from an ingress device to an egress device. The filter module applies heuristics to determine whether the packets encapsulate encrypted data units. If the data units are not encrypted, the filter module extracts the data units and generates temporary packets for use within the network device. An attack detection engine within the device analyzes the temporary packets to detect any network attacks carried by the encapsulated data units. A forwarding component selectively forwards the packets to the egress device based on whether any network attacks are detected.

Abstract: In general, techniques are described for flooding VPLS traffic with a network device according to flood groups. The network device resides within a layer 3 (L3) network and includes a control unit that executes a virtual private LAN service (VPLS) protocol that enables a VPLS domain to operate over the L3 network. The network device further includes a plurality of packet forwarding engines, each of which include a plurality of interface cards that receive a layer 2 (L2) message originating from the L2 network. The packet forwarding engines associate the L2 packet with a configurable flood group, wherein the flood group defines criteria to determine which messages to associate to the flood group and indicates a set of the interface cards for forwarding the associated messages. The packet forwarding engines further flood the L2 packet via each interface card indicated by the associated flood group.

Abstract: In one embodiment, a method includes receiving a key associated with a portion of a data packet, comparing the key to a first range extreme, selecting a second range extreme, and comparing the key with the second range. The first range extreme is associated with a first range and the second range is associated with a second range. The second range is selected based on the comparing the key to the first range extreme. The method includes producing a policy vector associated with the first or second range.

Abstract: Methods, apparatus, and products are disclosed for routing frames in a TRILL network using service VLAN identifiers by: receiving a frame from an ingress bridge node for transmission through the TRILL network to a destination node that connects to the TRILL network through an egress node, the received frame including a customer VLAN identifier, a service VLAN identifier uniquely assigned to the ingress bridge node, and a destination node address for the destination node, the received frame not having mac-in-mac encapsulation; adding, in dependence upon the service VLAN identifier and the destination node address, a TRILL header conforming to the TRILL protocol, the TRILL header including an ingress bridge nickname and an egress bridge nickname; and routing, to the egress bridge node through which the destination node connects to the network, the frame in dependence upon the ingress bridge nickname and the egress bridge nickname.

Abstract: A device may receive a fragment of a fragmented data unit, determine a flow identifier that identifies a data flow with which the fragment is associated, and create a flow entry, based on the flow identifier, to store information associated with the data flow. The device may also determine a fragment key associated with the fragment, store a pointer to the flow entry based on the fragment key, correlate the fragment and another fragment, associated with the data flow, based on the fragment key and the pointer to the flow entry, and accumulate statistics associated with the fragment and the other fragment after correlating the fragment and the other fragment.

Abstract: To satisfy a quality required for each traffic and perform switching for a packet segmented into cells without packet reassembly, there is provided a node apparatus including a header processing section (2) for determining an output destination of an incoming packet and a quality class from the header information of the packet, a route table (3), and a quality description table (4), and storing the packet in an output queue (6) determined by the determined output destination and quality class, an output control section (7) for reading out a packet from the output queue in accordance with the quality set for each output queue (6) and sending out the read packet through a VC determined by the determined output destination and quality class, and a quality description table (4) which has at least a virtual dedicated network number field, a destination address/mask length field, a source address/mask length field, a fourth-layer protocol/destination port number field, and a destination port number field and in whi

Abstract: A method includes receiving a data unit, determining whether a current state, associated with a deterministic finite automata (DFA) that includes a portion of states in a bitmap and a remaining portion of states in a DFA table, is a bitmap state or not, and determining whether a value corresponding to the data unit is greater than a threshold value, when it is determined that the current state is not a bitmap state. The method further includes determining whether the current state is insensitive, when it is determined that the value corresponding to the data unit is greater than the threshold value, where insensitive means that each next state is a same state for the current state, and selecting a default state, as a next state for the current, when it is determined that the current state is insensitive.