Abstract: A method for enabling secure communication between a client on an open network and a server apparatus on a secure network. The method is generally performed on a intermediary apparatus coupled to the secure network and the open network. The method includes the steps of negotiating a secure communications session with the client apparatus via the open network; negotiating an open communications session with the server via the secure network; receiving encrypted packet application data having a length greater than a packet length via multiple data packets; decrypting the encrypted packet application data in each data packet; forwarding decrypted, unauthenticated application data to the server via the secure network; and authenticating the decrypted packet data on receipt of a final packet of the segment.

Abstract: A system receives data in multiple streams from an upstream device. The system temporarily stores the data in a first buffer and asserts a forward flow control signal when a capacity of the first buffer exceeds a first threshold value. The system reads the data from the first buffer and selectively processes the data based on the forward flow control signal. The system temporarily stores the selectively processed data in a number of second buffers, generates a backward flow control signal when a capacity of one of the second buffers exceeds a second threshold value, and sends the backward flow control signal to the upstream device.

Abstract: Processing of numeric addresses is facilitated by using a user interface, rather than system modules, to handle name resolution. Processing the addresses at the user interface level avoids delays and packet blocking problems associated with using system modules to perform the task. Relieving the system modules from the responsibility of processing numeric addresses allows them to process other requests, improving overall system efficiency.

Abstract: A scheduler and method for scheduling packet forwarding operations is provided. Packet forwarding request information associated with a first set of input port/output port combinations is received. Packet forwarding request information associated with a second set of input port/output port combinations different from the first set of input port/output port combinations is received, where the first set of input port/output port combinations and the second set of input port/output port combinations are selected to not conflict with each other. Packet forwarding for both the first set of input port/output port combinations at a first future time slot and the second set of input port/output port combinations at a second future time slot are simultaneously scheduling at a first scheduler and a second scheduler, respectively, based on the received packet forwarding request information.

Abstract: The invention performs frequency estimation over both the burst preamble, during which known symbols are transmitted, and also during the burst's data packet, which is subsequent to the preamble and extracted by the local detector. During the preamble, an initial frequency estimate is obtained. This estimate is based on a time average of either phase or correlation samples. Atypical phase or correlation samples, attributable to detector symbol errors during the data packet, are detected and filtered, so as to avoid including the atypical samples in a time-averages used to provide the frequency estimate. In a first embodiment correlation samples are time averaged, and atypical correlation samples are suppressed prior to correlation time averaging. In a second embodiment, phase slope values are time averaged, and atypical values of phase slope are suppressed prior to phase slope time averaging.

Abstract: A system manages a buffer having a group of entries. The system receives information relating to a read request for a memory. The system determines whether an entry in the buffer contains valid information. If the entry is determined to contain valid information, the system transmits the information in the entry in an error message. The system may then store the received information in the entry. In another implementation, the system stores data in one of the entries of the buffer, removes an address corresponding to the one entry from an address list, and starts a timer associated with the one entry. The system also determines whether the timer has exceeded a predetermined value, transferring the data from the one entry when the timer has exceeded the predetermined value, and adds the address back to the address list.

Abstract: A data compression system and method for that is capable of detecting and eliminating repeated phrases of variable length within a window of virtually unlimited size.

Abstract: A network management system is described for assuring that a network device complies with a device-specific configuration policy. One example of the network management system contains one or more business rules that describe a business policy regarding a computer network in a network-independent form. In general, the business rules refer to high-level business requirements and not to device-specific configuration information. The network management system uses the business rule to determine which business policies are currently in force. In addition, the network management system contains one or more network design rules that describe relationship between the business policy and one or more device-specific configuration policies. The network management server uses the network design rules to determine whether to deploy a device-specific configuration policies.

Abstract: A packet switching equipment and a switch control system employing the same performs operation of the switch core portion independent of content of decision of an arbiter portion and overall equipment can be constructed with simple control structure. The packet switching equipment includes input buffer portions temporarily storing packets arriving to the input ports and outputting packets with adding labels indicative of destination port numbers, a switch core portion for switching the packets on the basis of labels added to the input buffer portions, and an arbiter portion adjusting input buffer portions to provide output permissions for outputting to the output ports. A sorting network autonomously sorting and concentrating the packets on the basis of the labels added to the packets is employed in the switch core portion.

Abstract: A system precomputes data for possible use by a processor. The system receives data units, and determines the types of the data units. The system then identifies one or more bit masks based on the types of the data units, where the one or more bit masks include bits corresponding to at least some portions of the data units. The system uses the one or more bit masks to select one or more portions of the data units and perform one or more functions using the one or more portions of the data units to generate function results. The system stores the function results in a first memory for subsequent selective use by the processor, and stores the data units in a second memory for subsequent retrieval by the processor.

Abstract: Methods and devices for processing packets are provided. The processing device may include an input interface for receiving data units containing header information of respective packets; a first module configurable to perform packet filtering based on the received data units; a second module configurable to perform traffic analysis based on the received data units; a third module configurable to perform load balancing based on the received data units; and a fourth module configurable to perform route lookups based on the received data units.

Abstract: A packet header processing engine includes a memory having a number of distinct portions for respectively storing different types of descriptor information for a header of a packet. A packet header processing unit includes a number of pointers corresponding to the number of distinct memory portions. The packet header processing unit is configured to retrieve the different types of descriptor information from the number of distinct memory portions and to generate header information from the different types of descriptor information.

Abstract: A packet header processing engine includes a level 2 (L2) header generation unit and a level 3 (L3) header generation unit. The L2 and L3 header generation units are implemented in parallel with one another. The L2 generation unit writes L2 header information to a first buffer and the L3 generation unit writes L3 header information to a second buffer. When the L2 and L3 header generation units finish processing a packet, the packet may be unloaded from the first and second buffer while a new packet is simultaneously loaded to the packet header processing engine.

Abstract: In an ATM exchange, a cell transmission control section transmits an ATM cell to a transmission path of an ATM network A traffic monitor monitors traffic of the cell transmissions. A statistical process section performs a temporal statistical process on the result of the traffic monitoring using a clock and a memory. A CAC produces an instruction for traffic control over a transmission terminal based on the result of the statistical process. A UPC controls traffic of a transmission path from the transmission terminal in accordance with the instruction.

Abstract: A cross-bar switch includes a set of input ports to accept data packets and a set of sink ports in communication with the input ports to forward the data packets. Each sink port includes a communications link interface with a Retry input. When a signal is asserted on the Retry input, the sink port aborts transmission of a data packet and waits a predetermined period of time to retransmit the data packet.

Abstract: A method and apparatus for in-line processing a data packet while routing the packet through a router in a system transmitting data packets between a source and a destination over a network including the router. The method includes receiving the data packet and pre-processing layer header data for the data packet as the data packet is received and prior to transferring any portion of the data packet to packet memory. The data packet is thereafter stored in the packet memory. A routing through the router is determined including a next hop index describing the next connection in the network. The data packet is retrieved from the packet memory and a new layer header for the data packet is constructed from the next hop index while the data packet is being retrieved from memory. The new layer header is coupled to the data packet prior to transfer from the router.

Abstract: A processor architecture for processing data packets representing voice over Internet Protocol (VoIP) calls in a packet-switched network is disclosed. According to an embodiment, a VoIP processor executes a voice packet processing operating system that is configured to monitor or manipulate the packets at an IP layer, media layer and signaling layer of the call. The VoIP processor includes a plurality of independently callable primitive software functions that carry out low-level VoIP packet processing functions. The VoIP processor executes one or more application programs that selectively call one or more of the primitive software functions and are independent of any underlying protocols of the existing network, thereby isolating the application programs from low-level processing details. Further, techniques are described for modifying characteristics of VoIP traffic for the purpose of monitoring and directing the VoIP traffic through a network.

Abstract: A reorder engine classifies information relating to incoming data items as belonging to either a first, second, or third region. The information relating to the data items may arrive at the reorder engine out of order. The data items each include a sequence number through which the reorder engine may reconstruct the correct order of the data items. Based on the classification, the reorder engine may either process the data items normally or drop certain ones of the data items. The majority of incoming data items will fall in the first region and are processed normally. Data items arriving in the second region indicate that a previous data item is late or delayed. If this previous data item is delayed but does eventually arrive, it will arrive in the third region and is simply ignored.

Abstract: The invention provides an ATM switch which realizes hierarchical shaping for each virtual channel and each virtual path with a simple configuration. Cells are sent from cell buffers of an ATM core switch by FIFO operation to output side connection information application sections of output side circuit interfaces. In each of the output side circuit interfaces, the output side connection information application section acquires connection information such as a service class based on an intra-switch connection identification number applied to each cell and applies the connection information to the cell. An output cell buffer queues cells for each virtual channel. A VC cell rate control section reads out cells from the output cell buffer in accordance with the connection information and performs traffic priority control and rate control of the cells to be outputted.

Abstract: An ATM multiplexing apparatus of the present invention is the apparatus for selectively performing cell discard processing in the case of congestion on the basis of a use state of the same connection formed by cells from the side of an ATM switching unit and subscribers without installing UPC units, and the ATM multiplexing apparatus, which is connected to the ATM switching unit and each of plural subscribers through ATM communication lines and performs multiplexing processing to ATM cells sent from the plural subscribers, comprises: detection means 118 for detecting a level of a congestion state corresponding to the received ATM 157 from the subscribers; and discard means (111, 115 and 117) for selectively discarding the received ATM cells from the subscribers on the basis of a communication state determined by the received ATM cells 155 from the ATM switching unit and the received ATM cells from the subscribers and a level value of a warning signal 129 indicating the detected congestion state.