Abstract: A number of wireless networks are established by a network device, each wireless network having an identifier. Requests are received from client devices to establish wireless network sessions via the wireless networks using the identifiers. Network privileges of the client devices are segmented into discrete security interfaces based on the identifier used to establish each wireless network session.

Abstract: An access request is transmitted from a first device to a second device causing one or more security functions to be executed on the first device. Whether to grant the access request is based on a result of the executed one or more security functions.

Abstract: Secure tunneled multicast transmission and reception through a network is provided. A join request may be received from a second tunnel endpoint, the join request indicating a multicast group to be joined. Group keys may be transmitted to the second tunnel endpoint, where the group keys are based at least on the multicast group. A packet received at the first tunnel endpoint may be cryptographically processed to generate an encapsulated payload. A header may be appended to the encapsulated payload to form an encapsulated packet, wherein the header includes information associated with the second tunnel endpoint. A tunnel may be established between the first tunnel endpoint and the second tunnel endpoint based on the appended header. The encapsulated packet may be transmitted through the tunnel to the second tunnel endpoint. The second tunnel endpoint may receive the encapsulated packet. Cryptographic processing of the encapsulated packet may reveal the packet having a second header.

Abstract: A check of a processing device is performed. A device may receive a network access request to access a network from a first processing device. A security check may be caused to be performed on the first processing device. Whether to grant the network access request to the first processing device is based on a result of the security check.

Abstract: In a cable modem system, increasing or decreasing the rate of an MPEG Transport Stream involves two separate, but related, tasks: 1) incorporating a sufficient number of additional packets (or discarding packets) to make up for the difference in data rates between input and output, and 2) altering timing information (for instance, PCR (Program Clock Reference) values) present in some incoming packets to reflect their altered positions in the output stream. Both of these tasks can be facilitated by the use of a FIFO (First-In, First-Out) structure, through which the data flows.

Abstract: Enhanced Cable Modem Termination System (CMTS) functionality, including programmable digital domain modulators and demodulators for dynamic channel assignment, is incorporated into Fiber Nodes (FNs) or mini Fiber Nodes (mFNs), yielding enhanced Fiber Nodes (eFNs). These eFns distribute CMTS functionality deep into Hybrid-Fiber-Coax Networks (HFCN) rather than centralizing the CMTS functions within a single location. Moving the cable modem terminations closer to the subscribers shortens the analog RF paths required to support cable modems. Communication of both subscriber data and CMTS control data is performed over Ethernet-compatible packet networks between the field-based CMTSs and an upstream facility (e.g., the Head End), which includes an Internet gateway. Packet data for multiple subscriber cable modems is easily compressed and merged over common network paths, reducing cabling plant complexity and increasing bandwidth utilization.

Abstract: A network device and system are provided. The network device may include a chassis configured to receive a line card and an input/output (I/O) card that operatively connects to a network via cabling. The chassis may include a bus structure. The bus structure may include an I/O interface to couple to a chassis interface of the I/O card, and a line card interface to couple to a chassis interface of the line card using a connector away that includes at least one RF conductor which may be associated with a set of connectors configured to shield the at least one RF conductor.

Abstract: A system schedules traffic flows on an output port using circular memory structures. The circular memory structures may include rate wheels that include a group of sequentially arranged slots. The traffic flows may be assigned to different rate wheels on a per-priority basis.

Abstract: A delay variation buffer controller allowing proper cell delay variation control reflecting an actual network operation status is disclosed. A detector detects an empty status of the data buffer when data is read out from the data buffer at intervals of a controllable time period. A counter counts the number of contiguous times the empty status was detected. A proper time period is calculated depending on a value of the counter at a time when the empty status is not detected and the value of the counter is not zero. A timing corrector corrects the controllable time period to match the proper time delay and setting the controllable time delay to a predetermined value when the empty status is not detected and the value of the counter is zero.

Abstract: A layer 2 transport network, and components thereof, supporting virtual network functionality among customer edge devices. Virtual private network configuration can be accomplished with merely local intervention by preprovisioning extra channel (or circuit) identifiers at each customer edge device and by advertising label base and range information corresponding to a list of channel (or circuit) identifiers.

Abstract: Improved approaches for providing secure remote access to resources maintained on private networks are disclosed. According to one aspect, predetermined elements, such as applets, can be modified to redirect all communications to and from an application server through an intermediate server. The intermediate server in turn communicates with the application servers. According to another aspect, a communication framework can be provided to funnel communication between an applet and a server through a communication layer so as to provide managed and/or secured communications there between.

Abstract: A network controls provision of access functionality by an access node to provide a network service to a subscriber device. For example, the network device may control the queuing and forwarding of packets by the access node to facilitate packet transmission according to, for example, a Quality of Service class. The network device may send control messages to the access node to dynamically configure a control object stored by the access node, such as a Quality of Service profile. The network device may be a router, and the access node may be a base station that wireless communicates with a subscriber device, e.g., a cellular phone. The access node may then delivery the packets in accordance with the dynamically configured control object.

Abstract: A network device includes a group of interfaces. Each interface is associated with at least one other interface of the group of interfaces and a group of network addresses. Each interface is configured to monitor at least one of the group of network addresses with which the each interface is associated or the at least one other interface with which the each interface is associated, and determine whether to logically shut down based on the monitoring.

Abstract: A call admission control technique allowing flexible and reliable call admissions at an ATM switch in the case of an ATM network including both QoS-specified and QoS-unspecified virtual connections is disclosed. In the case where a QoS (Quality of Service) specified connection request occurs, an estimated bandwidth is calculated which is to be assigned to an existing QoS-unspecified traffic on the link associated with the QoS-specified connection request. A call control processor of the ATM switch determines whether the QoS-specified connection request is accepted, depending on whether a requested bandwidth is smaller than an available bandwidth that is obtained by subtracting an assigned bandwidth and the estimated bandwidth from a full bandwidth of the link.

Abstract: A packet header processing engine receives a header of a packet. The received header includes a size of the packet. A maximum transfer unit size of a destination interface of the packet may be determined. The packet header processing engine determines whether the size of the packet exceeds the maximum transfer unit size of the destination interface. If the size of the packet does not exceed the maximum transfer unit size of the destination interface, the packet header processing engine generates a new header from the received header. If the size of the packet exceeds the maximum transfer unit size of the destination interface, the packet header processing engine generates a fragment header from the received header. The packet header processing engine may recycle the fragment header for further processing in addition to forming a first fragment packet from the fragment header.

Abstract: A method may include receiving input information related to communication over a network; performing processing to include setting an objective function associated with a link load in the network, setting a first constraint expression for determining the link load, generating a second constraint expression for determining path candidates for data traffic received at the network, generating a third constraint expression for determining a link band for the links based on the received data traffic, and generating a fourth constraint expression to determine a link capacity limit associated with the links, where the generating the second constraint expression and generating at least one of the first, third, or fourth constraint expressions are performed in parallel; and determining, based on the objective function and the first, second, third, and fourth constraint expressions, a path within the network for multiple point communication service from the path candidates.

Abstract: A system for determining the burst start timing of a signal includes logic configured to receive the signal, generate correlation moduli and generate a first timing output based on the correlation moduli. The logic may also be configured to receive operating mode information and timing information and generate search controls. The logic may further be configured to identify a maximum of the correlation moduli using the search controls and determine a second timing output associated with the maximum correlation modulus. The second timing output represents a more accurate approximation of a burst start time than the first timing output.

Abstract: A device and method are disclosed for correctly restoring a read clock when there are a plurality of STM data stream transmission sources. In a CES device of an ATM communication system, ATM cells from respective connections, which are to be delivered to the same outgoing line, are accumulated in a reassembly buffer memory and a PLO control unit aggregates the amount of ATM cells accumulated in the reassembly buffer memory for each connection. Subsequently, the PLO control unit calculates the frequency of a read clock based on the amount of accumulated ATM cells for each connection. A PLO restores the read clock which is applied to read data from the reassembly buffer memory for delivery to an STM network.

Abstract: A circuit simulation apparatus is disclosed by which, even if an STS-N frame of an abnormal length is detected by a reassembly buffer, the frame length can be compensated for while preventing an overflow of the reassembly buffer. When an STS-(N×M) frame formed by multiplexing M STS-N frames formed from different channels is cellularized into ATM cells or M different STS-N frames assembled from ATM cells are multiplexed into an STS-(N×M) frame, an ATM cell sync signal and ATM cell data from a buffer section are outputted as a frame pulse signal and frame data from a reassembly section to a circuit termination section, and frame length compensation of the frame pulse signal and the frame data is performed by the reassembly section.

Abstract: A system and method that optimizes transmission control protocol (TCP) flow control without intruding upon TCP's core algorithms. A control module relatively near a sender's local area network (LAN) automatically identifies a packet flow that has become window-limited. After the packet flow has been identified as window-limited, the control module relatively near the sender's LAN and another control module relatively near a receiver's LAN optimize the packet flow by increasing the window size indicated in the receiver's acknowledgment packet. Both control modules operate synchronously to transparently manage the packet flow between the sender and the receiver.