Abstract: An intermediate network device includes a local caching module that caches user information from a remote server before a local user requests the information. In particular, the local caching module securely obtains and caches one-time passwords for a local user. The local caching device maintains separate sets of one-time passwords for each user. The local caching module may access the locally cached one-time passwords to authenticate a local user to a resource protected by a one-time password.

Abstract: A packet switching equipment and a switch control system employing the same performs operation of the switch core portion independent of content of decision of an arbiter portion and overall equipment can be constructed with simple control structure. The packet switching equipment includes input buffer portions temporarily storing packets arriving to the input ports and outputting packets with adding labels indicative of destination port numbers, a switch core portion for switching the packets on the basis of labels added to the input buffer portions, and an arbiter portion adjusting input buffer portions to provide output permissions for outputting to the output ports. A sorting network autonomously sorting and concentrating the packets on the basis of the labels added to the packets is employed in the switch core portion.

Abstract: A system determines bandwidth use by queues in a network device. To do this, the system determines an instantaneous amount of bandwidth used by each of the queues and an average amount of bandwidth used by each of the queues. The system then identifies bandwidth use by each of the queues based on the instantaneous bandwidth used and the average bandwidth used by each of the queues.

Abstract: A network device constructs a notification corresponding to a received multicast data unit, where the notification includes administrative data associated with the multicast data unit that does not include a payload of the multicast data unit. The network device replicates the notification at least three different processing elements at different locations in a processing path of the network device to produce multiple replicated data items and produces a copy of the multicast data unit for each of replicated notifications. The network device forwards each copy of the multicast data unit towards a multicast destination.

Abstract: Methods, apparatus, and products for routing frames in a network using bridge identifiers, wherein the network includes a plurality of bridge nodes. At least one of the bridge nodes operates as an ingress bridge node through which frames are received into the network. At least one of the bridge nodes operates as an egress bridge node through which frames are transmitted out of the network. One of the bridge nodes receives, from the ingress bridge node, a frame for transmission to a destination node. The destination node connects to the network through the egress bridge node. The frame includes an ingress bridge identifier and an egress bridge identifier. The bridge that received the frame then routes the frame to the egress bridge node through which the destination node connects to the network in dependence upon the ingress bridge identifier and the egress bridge identifier included in the frame.

Abstract: A network device may include an input device and a packet forwarding engine. The input device receives a data packet. The packet forwarding engine includes logic configured to determine that the data packet is to be multicast. The logic is also configured to identify one of multiple forwarding schemes, where each of the forwarding schemes is configured such that the packet forwarding engine generates and forwards no more than two copies of the data packet.

Abstract: A bandwidth divider and method for allocating bandwidth between a plurality of packet processors. The bandwidth divider includes a plurality of counters for measuring the bandwidth of data packets transferred from the bandwidth divider to a respective packet processor; and a controller for analyzing the plurality of counters and transferring a data packet to a selected packet processor based on the contents of the counters. The method monitors the bandwidth consumed by the packet processors; determines, based on the bandwidth consumed by the packet processors, which packet processor has consumed the least amount of bandwidth; and allocates a next data packet to the packet processor which has consumed the least amount of bandwidth.

Abstract: A network device may operate to increase application performance over a wide area network. In one particular implementation, the network device may monitor accesses to a disk drive from entities and determine whether an entity is accessing the disk drive in a manner that causes a disproportionate amount of performance degradation. If so, the network device may throttle access to the disk drive for the entity.

Abstract: A network device includes one or more processing units and an external memory. Each of the one or more processing units includes a centralized counter configured to perform accounting for the respective processing unit. The external memory is associated with at least one of the one or more processing units and is configured to store a group of count values for the at least one processing unit.

Abstract: A networking device, method, and web server software architecture are provided. The device may include a web server application program configured to run on an operating system of the device, and an event-based signaling mechanism configured to signal the web server application program when data has arrived on a socket of the operating system, by triggering an operating system-level signaling event. The web server application program is configured to read data off of the socket in response to detecting the event, without polling the socket first to determine that data is ready to be read from the socket.

Abstract: A system allocates resources in a network. The system receives an allocation request for a first flow and a second flow from an application and identifies the application based on the allocation request. The system schedules resources for the first flow based on the identification of the application and the second flow.

Abstract: In a method for terminating a plurality of ATM lines for a base station modulator/demodulator in a mobile communication system for data communication between upper stations and a base station by a transmission method wherein ATM cells are mapped utilizing an existing leased line as a physical medium sublayer, when an increase in capacity of the base station necessitates leased line interfaces corresponding to a plurality of upper stations, processing is carried out in such a manner that leased line numbers are added to respective HEC regions of ATM cells sent from each upper station into a leased line interface section, whereby the addition of the function of the leased line interface section involved in an increase in the leased line can be minimized and the additional function can be simply designed utilizing a conventional technique.

Abstract: Techniques are described for centralized management of quality of service (QoS) characteristics of network data flows. A service management system maintains a database that associates access information, such as a username and password, with QoS information. A router or other network device associates a data flow with access information, and queries the service management system with the access information to obtain the QoS information. The router forwards data of the data flow in accordance with the QoS information obtained from the service management system. As the access information may be a username and password, an existing system, such as a Remote Authentication Dial-In User Service (RADIUS) system, may easily be adapted for use as the service management system. As a result, QoS information may easily be centrally managed for numerous routers or other network devices.

Abstract: A router comprises a route resolution module to maintain routing information in accordance with a topology of a network, and an indirect next hop manager to maintain indirect next hop data that associates protocol next hops with forwarding next hops. The route resolution module invokes an application programming interface (API) of the indirect next hop manager for associating and disassociating protocol next hops and forwarding next hops. In response to a network event, the route resolution module can modify the indirect next hop data to reduce the time and resources necessary to perform route resolution.

Abstract: A network layer device controls provision of data link layer functionality by a data link layer device to provide a requested multimedia service to a subscriber. For example, the network layer device may control the performance of multicast elaboration by the data link layer device, or the queuing and forwarding of packets by the data link layer device to facilitate transmission of packets according to a Quality of Service class. The network layer device may send control messages to the data link layer device to dynamically configure a control object stored by the data link layer device, such as multicast filter information or a Quality of Service profile. The network layer device may be a service edge router, and the data link layer device may be a customer premises equipment device, e.g., a modem or wireless access point, or a switch, e.g., a digital subscriber line access multiplier.

Abstract: A network device comprises a service card (e.g., a dynamic flow capture (DFC) service card) executing a communication protocol to receive, from one or more control sources, flow capture information specifying at least one destination and criteria for matching one or more packet flows. The network device includes a network interface card to receive a packet from a network, a packet replication module to replicate the packet, and a control unit to provide the replicated packet from the interface card to the DFC service card. The network device includes a filter cache that caches flow capture information recently received from the CSs. The network device may provide real-time intercept and relaying of specified network-based communications. Moreover, the techniques described herein allow CSs to tap packet flows with little delay after specifying flow capture information, e.g., within 50 milliseconds, even under high-volume networks.

Abstract: A compression device recognizes patterns of data and compressing the data, and sends the compressed data to a decompression device that identifies a cached version of the data to decompress the data. In this way, the compression device need not resend high bandwidth traffic over the network. Both the compression device and the decompression device cache the data in packets they receive. Each device has a disk, on which each device writes the data in the same order. The compression device looks for repetitions of any block of data between multiple packets or datagrams that are transmitted across the network. The compression device encodes the repeated blocks of data by replacing them with a pointer to a location on disk. The decompression device receives the pointer and replaces the pointer with the contents of the data block that it reads from its disk.

Abstract: A multi-chassis router allows an administrator to install software from a single user interface. The multi-chassis router automatically forwards the software to each chassis within the multi-chassis router when given a single command to install the software from an administrator. The multi-chassis router also automatically validates the software on each chassis. This allows each chassis within the multi-chassis router to have the same software during all stages of a software installation and ensures software on each chassis is compatible with software on every other chassis. In effect, an administrator does not need to account for the multiple chassis configuration, and an administrator familiar with software installation on a standalone router can use that knowledge to install software on the multi-chassis router.

Abstract: A system selectively drops data from queues. The system includes a drop table that stores drop probabilities. The system selects one of the queues to examine and generates an index into the drop table to identify one of the drop probabilities for the examined queue. The system then determines whether to drop data from the examined queue based on the identified drop probability.

Abstract: Packet processing is provided in a multiple processor system including a first processor to processing a packet and to create a tag associated with the packet. The tag includes information about the processing of the packet. A second processor receives the packet subsequent to the first processor and processes the packet using the tag information.