Abstract: A label switching router (LSR) is described that spoof checks Multi-protocol Label Switching (MPLS) packets to prevent malicious or inadvertent injection of MPLS packets within a label switched path (LSP). The LSR ensures that MPLS packets received from an upstream label switching router (LSR) contain labels that were advertised to that upstream LSR. A software module associated with a signaling protocol, such as the Resource Reservation Protocol (RSVP), the Label Distribution Protocol (LDP), or the Border Gateway Protocol (BGP), is extended to utilize an MPLS forwarding table, and MPLS interface table, and a remote autonomous system table. A set of interfaces for which the label was advertised may be checked to determine whether an interface on which a packet was received is contained in the set of interfaces. The MPLS forwarding table may contain a spoof-check field used to specify one of several different types of spoof checks and to specify the set of interfaces.

Abstract: A network device may include logic configured to receive a packet from a packet forwarding engine, create a flow ID for the packet, determine whether the flow ID matches one of a plurality of flow IDs in a table, determine whether the packet is associated with a flow to be sampled, sample the packet and additional packets associated with the flow that are received from the packet forwarding engine when the flow is to be sampled and transmit the flow ID and the sampled packets via a switch to an interface.

Abstract: A transmission source bridge collects packets sent from nodes connected to a serial bus in accordance the IEEE1394 Standards, into one packet in an order they are to be transmitted and then sends them onto an ATM network, so that a transmission destination bridge receives this packet and divides it into a plurality of smaller packets and transfers them, in the order they were sent, to nodes connected to the serial bus in accordance with the IEEE1394 Standards.

Abstract: A system and method that optimizes transmission control protocol (TCP) initial session establishment without intruding upon TCP's core algorithms. TCP's initially session establishment is accelerated by locally processing a source's initial TCP request within the source's local area network (LAN). A control module relatively near the source's local area network (LAN) and another control module relatively near a destination's LAN are utilized to complete the initial TCP session establishment within the source and the destination's respective LANs, thereby substantially eliminating the first round-trip time delay before the actual data flow begins. The first application-layer data packet thus can be transmitted at substantially the same time as the initial TCP request.

Abstract: A network device constructs an outgoing resource reservation message and determines an authentication value, using, for example, a cryptographic algorithm and at least a portion of the outgoing message. The network device identifies a destination node for the message and inserts the authentication value in the message. The network device sends the message across a network to the destination node for authentication at the destination node using the authentication value.

Abstract: The invention performs frequency estimation over both the burst preamble, during which known symbols are transmitted, and also during the burst's data packet, which is subsequent to the preamble and extracted by the local detector. During the preamble, an initial frequency estimate is obtained. This estimate is based on a time average of either phase or correlation samples. Atypical phase or correlation samples, attributable to detector symbol errors during the data packet, are detected and filtered, so as to avoid including the atypical samples in a time-averages used to provide the frequency estimate. In a first embodiment correlation samples are time averaged, and atypical correlation samples are suppressed prior to correlation time averaging. In a second embodiment, phase slope values are time averaged, and atypical values of phase slope are suppressed prior to phase slope time averaging.

Abstract: A method and apparatus for scheduling virtual upstream channels within one physical upstream channel is disclosed. A different MAP message is received by a receiver for each virtual upstream channel from that sent downstream. Where multiple upstream receivers are used, separate MAP messages can be sent for each receiver and consequently, each virtual upstream channel. The use of multiple upstream receivers is not necessary if the upstream receiver can change the upstream channel descriptors it is using per burst.

Abstract: A method and apparatus for switching a data packet between a source and destination in a network. The data packet includes a header portion and a data portion. The header portion includes routing information for the data packet. The method includes defining a data path in the router comprising a path through the router along which the data portion of the data packet travels and defining a control path comprising a path through the router along which routing information from the header portion travels. The method includes separating the data path and control path in the router such that the routing information can be separated from the data portion allowing for the separate processing of each in the router. The data portion can be stored in a global memory while routing decisions are made on the routing information in the control path.

Abstract: A router detects a network attack and forwards traffic associated with the network attack to a discard interface. The router applies one or more filters to calculate traffic flow statistics for the traffic forwarded to the discard interface. The router may exchange routing communications with one or more other routers to alert the routers of the network attack. For example, the router may generate a routing communication in accordance with a routing protocol that advertises a route to the targeted device, and includes a policy tag that indicates the existence of a network attack. The other routers update forwarding information in accordance with the advertised route, and automatically forward traffic to respective discard interfaces based on the policy tag, thereby diffusing the network attack.

Abstract: A compression device recognizes patterns of data and compressing the data, and sends the compressed data to a decompression device that identifies a cached version of the data to decompress the data. In this way, the compression device need not resend high bandwidth traffic over the network. Both the compression device and the decompression device cache the data in packets they receive. Each device has a disk, on which each device writes the data in the same order. The compression device looks for repetitions of any block of data between multiple packets or datagrams that are transmitted across the network. The compression device encodes the repeated blocks of data by replacing them with a pointer to a location on disk. The decompression device receives the pointer and replaces the pointer with the contents of the data block that it reads from its disk.

Abstract: Principles of the invention are described for providing multicast virtual private networks (MVPNs) across a public network that are capable of carrying high-bandwidth multicast traffic with increased scalability. In particular, the MVPNs may transport layer three (L3) multicast traffic, such as Internet Protocol (IP) packets, between remote sites via the public network. The principles described herein may reduce the overhead of protocol independent multicast (PIM) neighbor adjacencies and customer control information maintained for MVPNs. The principles may also reduce the state and the overhead of maintaining the state in the network by removing the need to maintain at least one dedicated multicast tree per each MVPN.

Abstract: A voice relaying apparatus includes a receiving a cell from a network, a plurality of cell assembling/disassembling units for assembling and disassembling the cells, and a transmitting section for transmitting the cells assembled by each of the plurality of cell assembling/disassembling units. Each of the plurality of cell assembling/disassembling units is composed of a cell disassembling section for disassembling for cell received by the receiving section, a detecting section for detecting whether the voice relaying apparatus is carrying out a relay switch operation, and a cell assembling the cell disassembled by the cell disassembling section and for sending the cell to the transmitting section if the detecting section detects that the voice relaying apparatus is carrying out the relay switch operation.

Abstract: Techniques are described for reliable restoration of archived configuration. For example, a device, such as a router, comprises a first memory to store operational configuration data and a second memory to store candidate configuration data. The candidate configuration data represents a working copy of the operational configuration data. The device further includes a control unit to lock the candidate configuration data, load archived configuration data to replace the locked candidate configuration data and commit the candidate configuration data to restore the archived configuration data as the operational configuration data of the device. In locking the candidate configuration, the device ensures reliable restoration of the candidate configuration by helping prevent the device from becoming both unreachable and inoperable.

Abstract: Principles of the invention are described for providing multicast virtual private networks (MVPNs) across a public network that are capable of carrying high-bandwidth multicast traffic with increased scalability. In particular, the MVPNs may transport layer three (L3) multicast traffic, such as Internet Protocol (IP) packets, between remote sites via the public network. The principles described herein may reduce the overhead of protocol independent multicast (PIM) neighbor adjacencies and customer control information maintained for MVPNs. The principles may also reduce the state and the overhead of maintaining the state in the network by removing the need to maintain at least one dedicated multicast tree per each MVPN.

Abstract: A system improves bandwidth used by a data stream. The system receives data from the data stream and partitions the data into bursts. At least one of the bursts includes one or more idles. The system selectively removes the idles from the at least one burst and transmits the bursts, including the at least one burst.

Abstract: A network router employs a single board architecture that includes both a forwarding engine and an interface card concentrator. All of the circuits involved in routing are incorporated into a single board, reducing the system cost of the router. A single processor performs various functions in connection with these circuits, such as management of interface cards and the forwarding engine. In addition to lowering the system cost, the compact architecture allows higher density installation of interface cards.

Abstract: The invention provides a PVC switching control method for an ATM communication network which allows high speed changeover of a connection upon occurrence of/release from a trouble and is superior in reliability and maintenance facility and simple in control. A master PVC connection and an OAM connection are set between two ATM exchanges, and a bypassing PVC connection and an OAM connection prepared in advance for bypassing are set between the two ATM exchanges. If occurrence of/release from a trouble with and of the master PVC connection is recognized by the ATM exchanges using an OAM function, then the operative PVC connection is switched between the master PVC connection and the bypassing PVC connection.

Abstract: Principles of the invention are described for providing multicast virtual private networks (MVPNs) across a public network that are capable of carrying high-bandwidth multicast traffic with increased scalability. In particular, the MVPNs may transport layer three (L3) multicast traffic, such as Internet Protocol (IP) packets, between remote sites via the public network. The principles described herein may reduce the overhead of protocol independent multicast (PIM) neighbor adjacencies and customer control information maintained for MVPNs. The principles may also reduce the state and the overhead of maintaining the state in the network by removing the need to maintain at least one dedicated multicast tree per each MVPN.

Abstract: A multi-chassis network device sends state information to internal consumers within the multi-chassis device via a hierarchical distribution. As one example, a primary master routing engine within a control node of a multi-chassis router forwards state information to local routing engines within other chassis, which in turn distribute the state information to consumers on each chassis. Each local routing engine defers sending acknowledgement to the master routing engine until acknowledgements have been received from all consumers serviced by the local routing engine. Embodiments of the invention may reduce control plane data traffic and convergence times associated with distribution of state updates in the multi-chassis network device.

Abstract: Techniques for comparing sets of configuration information for data forwarding devices, such as routers, are disclosed. Scoping may be used to limit comparisons to particular hierarchical levels and/or categories of sets of configuration information. Different users may have different permissions regarding viewing, or editing different parts of configuration information.