Abstract: A packet scheduler is configured to perform quality of service (QoS) scheduling on a per-data unit basis. A downstream processing engine is operatively connected to the packet scheduler for receiving forwarded packets. A feedback path is operatively connected between the downstream processing engine and the packet scheduler for transmitting a net data unit change value reflecting a change in packet size between an output of the packet scheduler and an output of the downstream processing engine.

Abstract: A packet processing method for exchanging packet data through a plurality of layers is disclosed, that comprises the steps of storing the entire packet to a packet memory; and storing part of each packet of the packet data used in processes of a layer 2 processing portion and a layer 3 processing portion of the plurality of layers to a multi-port shared memory, the layer 2 processing portion and the layer 3 processing portion accessing the same memory space of the multi-port shared memory. In addition, a pipeline processing system is used so that when the layer 2 processing portion and the layer 3 processing portion access the shared memory, they do not interfere with each other.

Abstract: Techniques are described for aggregating multiple media packets to improve end-to-end bandwidth efficiency. The techniques include using an RTP aggregation protocol that is not sensitive to packet loss to aggregate multiple media packets under a single header. According to the RTP aggregation protocol, the single header for an aggregated media packet comprises a version field, a zero field, a sequence number field and a trunk ID field. The single header encapsulates the aggregated payload, which is an aggregation of Real-Time Protocol (RTP) segments. An RTP segment either has a compressed format or an uncompressed format. The uncompressed RTP segment includes the complete uncompressed RTP packet copied from the original User Datagram Protocol (UDP) packet. The compressed RTP segment includes the payload of the original RTP rather than the complete original RTP packet.

Abstract: An apparatus for remotely releasing a connector, e.g., an RJ-45 connector, is described. Embodiments of the invention allow a user to release a cable comprising a connector from a connector jack when the connector jack is difficult to reach. The invention may be particularly useful to release cables from devices comprising an array of connector jacks.

Abstract: A standalone router is integrated into a multi-chassis router. Integrating the standalone router into a multi-chassis router requires replacing switch cards in the standalone router with multi-chassis switch cards. The multi-chassis switch cards forward packets to a central switch card chassis for routing within the multi-chassis router. By incrementally replacing standalone switch cards with multi-chassis switch cards in the standalone router, packet forwarding performance is maintained during the integration.

Abstract: A chassis may include a front section that contains a first electronic circuit board oriented in a first plane, a rear section that contains a second electronic circuit board oriented in a second plane, where the first plane and the second plane are substantially orthogonal, a midplane dividing the front and the rear sections, and a fan tray assembly including a plurality of fans to cool both the first electronic circuit board of the front section and the second electronic circuit board of the rear section.

Abstract: A network device constructs an outgoing resource reservation message and determines an authentication value, using, for example, a cryptographic algorithm and at least a portion of the outgoing message. The network device identifies a destination node for the message and inserts the authentication value in the message. The network device sends the message across a network to the destination node for authentication at the destination node using the authentication value.

Abstract: A network device receives control plane packets and data plane packets from a network. The network device includes a forwarding component that forwards the data plane packets in accordance with routing information maintained by a routing component. The forwarding component directs the control plane packets to a firewall component that processes the control plane packets to apply firewall services and detect network attacks. After processing, the firewall component loops the control plane packets back to the forwarding components for forwarding to the routing component. The firewall component may be a security service card.

Abstract: A network device switches variable length data units from a source to a destination in a network. An input port receives the variable length data unit and a divider divides the variable length data unit into uniform length data units for temporary storage in the network device. A distributed memory includes a plurality of physically separated memory banks addressable using a single virtual address space and an input switch streams the uniform length data units across the memory banks based on the virtual address space. The network device further includes an output switch for extracting the uniform length data units from the distributed memory by using addresses of the uniform length data units within the virtual address space. The output switch reassembles the uniform length data units to reconstruct the variable length data unit. An output port receives the variable length data unit and transfers the variable length data unit to the destination.

Abstract: A network device is described in which a dedicated resource scheduler monitors memory consumption to provide for improved processing of communication sessions. The scheduler maintains a dependency list of communication sessions, and reserves memory for communication sessions as requests for memory are received. The amount of memory reserved is determined based on the amount of memory currently reserved for the communication sessions in the dependency list. The network device may control ongoing communication sessions by way of window manipulation. Communication sessions are processed in a first mode when available memory has not reached a predetermined amount, while communication sessions are processed in a second mode when available memory reaches a predetermined amount.

Abstract: The present invention relates to workflow systems and methods. In one embodiment, the invention relates to integration of a calendar system with a workflow system where a calendar event can initiate a workflow by sending a message to a form route manager. The completion of a workflow or step in the workflow can result in sending a message to a calendar system to generate an event. In another embodiment, the invention relates to the integration of workflow with a project management system that includes project segments, which are processes that can be defined and controlled by workflow routes. The project management system sends a message to the workflow system to initiate workflow and the workflow system sends a message to the project management system, for example, at the completion of the workflow route. The relationship between the workflow routes can maintain the relationship between the project segments.

Abstract: Techniques are described that allow a network device, such as a router, to dynamically build VLAN interfaces based on subscriber information strings included within packets. In particular, the network device comprises an interface controller and a forwarding controller, where the forwarding controller receives the packet over an Ethernet port and forwards the received packet to the interface controller. The packet includes both Ethernet tagging information and a subscriber information string. The interface controller comprises an Ethernet module that dynamically builds a primary virtual local area network (VLAN) sub-interface (PVS) based on the Ethernet tagging information. The Ethernet module also dynamically builds a subscriber VLAN sub-interface (SVS) based on the subscriber information string. The SVS allows the network device to distinguish between subscribers residing on the same VLAN, and, therefore, to provide subscriber specific services.

Abstract: An asynchronous transfer mode connection band control system in a system for transmitting and receiving an asynchronous transfer mode cell utilizing an asynchronous transfer mode network, has data storage means for storing a connection band of a preferential switched virtual connection having high preference in the asynchronous transfer mode network being stored preliminarily as a band acquiring data and storing acquired band data of a switched virtual connection currently established connection, and connection band control means for performing control of connection band on the basis of a total number of bands derived by a sum of the band acquiring data and the acquired band data stored in the data storage means.

Abstract: A method, performed in a network element, for communicating packet multimedia data between a first endpoint and a second endpoint, the method comprising the machine-implemented steps of receiving an outbound multimedia data packet; determining if the outbound multimedia data packet originated from a first endpoint that is logically behind a security device; determining and storing information identifying a logical pinhole in the security device, wherein the logical pinhole is associated with expected inbound multimedia data packets directed to the first endpoint; performing an action that keeps the logical pinhole open during all of a communication session between the first endpoint and the second endpoint; and forwarding inbound multimedia data packets directed from the second endpoint to the first endpoint via the logical pinhole.

Abstract: A pipeline scheduler provides a minimum bandwidth guarantee by transporting cells from an input port to an output port in a two-phased approach. Cells that conform to a minimum cell rate (MCR) are selected from queues at the input port and arranged into supercells for transport to the output port, followed by nonconforming cells, to guarantee fairness by using scheduling modules to build the supercells first for conforming cells, and then for nonconforming cells. Reservation vectors are used to permit the same time slot of the next frame to be reserved by a first queue, and the same time slot of the following time frame to be held for reservation by a second queue, to ensure equal time slot access by the first and second queues over successive time frames.

Abstract: A network device seamlessly handles multicast traffic flow between virtual private networks (VPNs) and content providers located external to the VPNs. For example, the network device, such as a router, comprises an interface card and a forwarding component. The forwarding component maintains forwarding data for a public network and forwarding data for the virtual private network. The interface card receives a multicast packet from a virtual private network destined for a multicast content provider external to the virtual private network. When forwarding the multicast packet, the forwarding component bypasses the forwarding data for the public network and forwards the multicast packet to the multicast content provider in accordance with the forwarding data for the public network.

Abstract: Techniques are described for dynamically configuring an interface in a network service provider. The techniques allow dynamic configuration of, for example, a dual stacked interface that includes both Internet Protocol version 6 (IPv6) and Internet Protocol version 4 (IPv4) on the same layer 2 link. In this way, a customer network having an existing IPv4 connection to a network service provider will be able to run both IPv4 and IPv6 over the same interface. A network device within the network service provider may receive a control packet from a subscriber device. The packet may be received on an ATM hybrid permanent virtual circuit (PVC) that supports multiple interface columns. The network device is capable of auto-sensing multiple packet protocols and may dynamically create multiple interface columns over the same ATM interface based on the encapsulation type of the received packets.

Abstract: Graceful restart in routers having redundant routing facilities may be accomplished by replicating network (state/topology) information.

Abstract: Link failure messages are sent through a network to accelerate convergence of routing information after a network fault. The link failure messages reduce the oscillations in routing information stored by routers, which otherwise can cause significant problems, including intermittent loss of network connectivity as well as increased packet loss and latency. For example, the link failure messages reduce the time that a network using a path vector routing protocol, such as the Border Gateway Protocol (BGP), takes to converge to a stable state. More particularly, upon detecting a network fault, a router generates link failure information to identify the specific link that has failed. In some types of systems, the router communicates the link failure information to neighboring routers as well as a conventional update message withdrawing any unavailable routes. Once other routers receive the link failure information, the routers do not attempt to use routes that include the failed link.

Abstract: In general, the invention is directed to techniques for establishing secure connections with devices residing behind a security device. In accordance with the techniques, a managed device initiates a transmission control protocol (TCP) session to establish a TCP session with a management device such that the management device acts as the TCP server and the managed device acts as a TCP client. Once established, the managed device sends a role reversal message specifying an identity of the managed device via the TCP session. Upon receiving the role reversal message, the management device initiates a secure connection over the TCP session in accordance with a secure protocol such that the management device acts as the secure protocol client and the managed device acts as the secure protocol server. By properly establishing the secure session, each of the devices assumes the proper roles and administrators may more easily configure the devices.