Abstract: Techniques are described for scaling Multiprotocol Label Switching (MPLS) across areas of an autonomous system using a labeled interior Border Gateway Protocol (iBGP). A method includes executing a first label distribution protocol at a border node at a border between two of a plurality of interior gateway protocol (IGP) areas of a single autonomous system (AS), and exchanging label distribution messages using the first label distribution protocol to establish a first intra-area label switched path (LSP) within a first one of IGP areas. The method also includes executing a labeled interior border gateway protocol at the border node, and exchanging label distribution messages using the labeled interior border gateway protocol to establish a hierarchical inter-area LSP that runs over the previously established first intra-area LSP, wherein the hierarchical inter-area LSP extends across the plurality of IGP areas of the AS.

Abstract: A first network client requests initiation of a data transfer with a second network client. An admission control facility (ACF) responds to the initiation request by performing admission analysis to determine whether to initiate the data transfer. The ACF sends one or more packets to the second network client. In response, the second network client sends acknowledgment packets back to the ACF. The ACF performs admission analysis based on the packets sent and the acknowledgment packets, and determines whether the data transfer should be initiated based on the analysis. The admission analysis may be based on a variety of factors, such as the average time to receive an acknowledgment for each packet, the variance of the time to receive an acknowledgment for each packet, a combination of these factors, or a combination of these and other factors.

Abstract: Ordering logic ensures that data items being processed by a number of parallel processing units are unloaded from the processing units in the original per-flow order that the data items were loaded into the parallel processing units. The ordering logic includes a pointer memory, a tail vector, and a head vector. Through these three elements, the ordering logic keeps track of a number of “virtual queues” corresponding to the data flows. A round robin arbiter unloads data items from the processing units only when a data item is at the head of its virtual queue.

Abstract: A method may include detecting a presence of a first server device; communicating, with the first server device, to obtain information associated with the first server device; sending, to a second server device, a request for authentication services, where the request includes the information associated with the first server device; receiving, from the second server device, a notification that the first server device has been authenticated, where the notification includes a session threshold; and establishing, based on the notification, a session with the first server device by associating the first server device with a virtual local area network (VLAN), where the associating permits network traffic to be received from or sent to the first server device via the VLAN, and where the network node uses the session threshold received from the second server device, instead of a threshold associated with the VLAN, to determine a duration permitted for the session.

Abstract: Techniques are described for providing point-to-multipoint (P2MP) Ethernet service in a L2 network. Routers providing the Ethernet service allow an administrator to classify local attachment circuits as either “leaf” attachment circuits or “root” attachment circuits to define a tree-like architecture for forwarding Ethernet frames within a VPLS domain. Based on the classifications, each of router constructs flood domains, referred to herein as mesh groups, that control switching behavior between attachment circuits and pseudowires that transport the L2 communications through the VPLS domain. The routers utilize the mesh groups when switching L2 communications to enforce the requirements of E-TREE service or other L2 services in which L2 traffic is constrained within the L2 VPN to tree-like connectivity.

Abstract: A method and apparatus optimizes storage on solid-state memory devices. The system aggregates object storage write requests. The system determines whether objects associated with the object storage requests that have been aggregated fit in a block of the solid-state memory device within a defined tolerance. Upon the aggregation of object storage write requests that fit in a block of the solid-state memory device, the system writes the objects associated with the aggregated object storage write requests to the solid-state memory device.

Abstract: In one example, a method includes receiving, with a network device, a portion of a subscriber session packet flow for a subscriber session, and reassembling application-layer data from data packets in the subscriber session packet flow into one or more application flows for the subscriber session. The method includes identifying, from the application flows, application identity information for the application flows, and applying a first session policy to the subscriber session. Applying the first session policy includes applying one or more application policies to the application flows in the subscriber session based on subscriber information and the application identity information for the application flows. The method includes processing the application flows in the subscriber session for accessing a packet data network in accordance with the application policies.

Abstract: A transmission source bridge collects packets sent from nodes connected to a serial bus in accordance the IEEE1394 Standards, into one packet in an order they are to be transmitted and then sends them onto an ATM network, so that a transmission destination bridge receives this packet and divides it into a plurality of smaller packets and transfers them, in the order they were sent, to nodes connected to the serial bus in accordance with the IEEE1394 Standards.

Abstract: In general, techniques are described for facilitating multi-tenancy of a server accessed by virtual networks of a data center. A device included within a data center comprising one or more processors may perform the techniques. The processors may be configured to execute a virtual switch that supports a number of virtual networks executing within the data center. The virtual switch may be configured to receive a request regarding data associated with an identifier that is unique within one of the virtual networks that originated the request. The virtual switch may then translate the identifier included within the request to generate a globally unique identifier that is unique within the plurality of virtual networks, update the request to replace the identifier included within the request with the globally unique identifier, and transmit the updated request to a server of the data center.

Abstract: Techniques are described to provide multicast service within a virtual network using a virtual network controller and endpoint replication without requiring multicast support in the underlying network. The virtual network controller is configured to create a multicast tree for endpoint devices of a multicast group in the virtual network at a centralized location instead of in a distributed fashion. The virtual network controller communicates the multicast tree to one or more of the endpoint devices of the multicast group to instruct the endpoint devices to replicate and forward multicast packets to other endpoint devices according to the multicast tree. The replication and forwarding of multicast packets is performed by virtual switches executed on the endpoint devices in the virtual network. No replication is performed within the underlying network. The techniques enable multicast service within a virtual network without requiring multicast support in the underlying network.

Abstract: A network interface card may issue interrupts to a host in which the determination of when to issue an interrupt to the host may be based on the incoming packet rate. In one implementation, an interrupt controller of the network interface card may issue interrupts to that informs a host of the arrival of packets. The interrupt controller may issue the interrupts in response to arrival of a predetermined number of packets, where the interrupt controller re-calculates the predetermined number based on an arrival rate of the incoming packets.

Abstract: A route for a data unit through a network may be defined based on a number of next hops. Exemplary embodiments described herein may implement a router forwarding table as a chained list of references to next hops. In one implementation, a device includes a forwarding table that includes: a first table configured to store, for each of a plurality of routes for data units in a network, a chain of links to next hops for the routes; and a second table configured to store the next hops. The device also includes a forwarding engine configured to assemble the next hops for the data units based on using the chain of links in the first table to retrieve the next hops in the second table and to forward the data units in the network based on the assembled next hops.

Abstract: Techniques for facilitating the operation of one or more virtual networks are described. In some examples, a system may include a first controller node device configured to control operation of a first set of elements in the one or more virtual networks, wherein the first set of elements includes a first server device. The system may also include a second controller node device configured to control operation of a second set of elements in the one or more virtual networks, wherein the second set of elements includes the second server device. The first controller node device and the second controller node device are peers according to a peering protocol by which the first controller node device and the second controller node device exchange information relating to the operation of the first set of elements and the second set of elements.

Abstract: A network device may include a lawful interception module, a routing module, and a multicast distribution table. The lawful interception module may receive a lawful interception request for a subscriber, may inform the routing module about the subscriber, and may provide, to the routing module, a tap interface corresponding to the subscriber. The routing module may receive a multicast join request from the subscriber, and may insert, when the multicast join request is received, the tap interface in the multicast distribution table, as a forwarding interface.

Abstract: In general, the invention is directed to techniques for reducing deadlocks that may arise when performing fabric replication. For example, as described herein, a network device includes packet replicators that each comprises a plurality of resource partitions. A replication data structure for a packet received by the network device includes packet replicator nodes that are arranged hierarchically to occupy one or more levels of the replication data structure. Each of the resource partitions in each of the plurality of packet replicators is associated with a different level of the replication data structure. The packet replicators replicate the packet according to the replication data structure, and each of the packet replicators handles the packet using the one of the resource partitions of the packet replicator that is associated with the level of the replication data structure occupied by the node that corresponds to that particular packet replicator.

Abstract: This document describes techniques for continuing execution of intrusion detection software when a process exception caused by a protocol decoder is thrown during processing. In one example, a method includes receiving a packet, and processing the packet using intrusion detection software that includes a processing engine and a plurality of protocol decoders. The method also includes detecting an exception that occurs during processing of the packet, identifying a memory location associated with the exception, and determining whether the exception was caused by one of the protocol decoders based on the memory location associated with the exception. The method further includes handling the exception and continuing execution of the intrusion detection software after determining that the exception was caused by one of the protocol decoders. In some implementations, handling the exception may include determining which one of the protocol decoders caused the exception, and disabling the decoder.

Abstract: A network device is configured to monitor a data size of data transmitted to a particular destination during a particular time period, determine, based on the monitored data size, an average data size for the particular destination and for the particular time period, establish a data connection toward the particular destination during the particular time period, set an initial data size for the data connection based on the average data size, and transmit data on the data connection in an amount equal to the initial data size.

Abstract: In general, techniques are described for mapping precedence domains between a network device of a content access network and a wireless communication device. For example, a Policy Charging and Enforcement Function (PCEF) entity maps relatively high-resolution mobile network policy and charging and control (PCC) rule precedence to relatively low-resolution packet filter precedence. The PCEF performs the mapping to maintain a packet filter precedence ordering for packet filters that accords with a precedence ordering among respective PCC rules from which the PCEF derives the packet filters.

Abstract: A system facilitates initialization of devices in a cable modem network. The system may provide downstream channels for transmitting data to the devices and upstream channels for receiving data from the devices. At least one of the upstream channels may be dedicated to providing initialization opportunities. This dedicated upstream channel(s) includes less than all of the upstream channels. The system may transmit upstream channel identifiers on the downstream channels, where each of the upstream channel identifiers identifies one of the upstream channels. The system receives initialization data on the dedicated upstream channel(s).

Abstract: Using the ALTO Service, networking applications can request through the ALTO protocol information about the underlying network topology from the ISP or Content Provider. The ALTO Service provides information such as preferences of network resources with the goal of modifying network resource consumption patterns while maintaining or improving application performance. This document describes, in one example, an ALTO server that implements enhancements to the ALTO service to enable initiating incremental updates of network and cost maps to ALTO clients upon receiving status information from a content delivery network (CDN) node.