Abstract: In some embodiments, an apparatus includes a spectral scanning controller configured to interrupt service at a wireless access point (WAP) such that the WAP performs spectral scanning during service interruption. The spectral scanning controller is configured to interrupt service at the WAP at a first scanning frequency when the spectral scanning controller is in a first configuration. The spectral scanning controller is configured to interrupt service at the WAP at a second scanning frequency different from the first scanning frequency when the spectral scanning controller is in a second configuration. The spectral scanning controller is configured to move from the first configuration to the second configuration in response to a change in at least one of a service demand, a service quality, a spectral scanning demand or a spectral scanning quality.

Abstract: This disclosure describes techniques to sample electrical data streams in coherent receivers. For instance, an analog-to-digital converter (ADC) samples the received electrical data stream at a sampling rate that is nominally twice or greater than twice the symbol rate of the electrical data stream that the ADC receives. A digital filter receives the digital data stream from the ADC, and digitally filters the digital data streams to output a filtered digital electrical data stream at an effective sampling rate that is less than the sampling rate and less than twice the symbol rate, and greater than or equal to the symbol rate.

Abstract: In some embodiments, an apparatus includes a network device configured to receive an anomaly database of a first image that stores a set of differences between the first image and a base image. The network device is configured to compare the anomaly database of the first image with an anomaly database of a second image storing a set of differences between the second image and the base image to determine if the first and second images include at least one incompatible critical feature or incompatible non-critical feature. The network device is configured to send a signal associated with a first action if the first and second images include the at least one incompatible critical feature. The network device is configured to send a signal associated with a second action different from the first action if the first and second images include the at least one incompatible non-critical feature.

Abstract: In response to receiving a reply message for reserving bandwidth along a primary path for a first label switched path (LSP) for carrying data traffic from an ingress network device to an egress network device, a point of local repair (PLR) network device establishes a second LSP from the PLR to a merge point (MP) network device along a subset of the primary path. The second LSP is dedicated to carrying operations, administration and management (OAM) messages to verify connectivity of the subset of the primary path, and is not used for sending data traffic. The PLR sends an OAM message to verify connectivity of at least one protected resource along the subset of the primary path to a next hop along the second LSP, wherein the OAM message is encapsulated by a second label associated with the second LSP.

Abstract: In some embodiments, an apparatus includes a register having a first portion and a second portion. The first portion of the register has multiple bits and the second portion of the register has multiple bits. Each bit from the multiple bits of the first portion of the register is associated with a bit from the multiple bits of the second portion of the register such that a bit from the multiple bits of the first portion of the register is set for its associated bit from the multiple bits of the second portion of the register to be written.

Abstract: In general, the invention is directed to techniques for enabling single sign-on (SSO) for a client seeking access to multiple resources protected by a certificate-based authentication scheme. For example, as described herein, a secure gateway comprises a certificate repository to store a digital certificate as well as a policy that includes one or more policy rules. A network interface of the secure gateway receives a message from a client device, wherein the message comprises a request to access a protected resource and an identifier for the requesting agent. The secure gateway also comprises a resource authentication module to map the identifier and the protected resource to the digital certificate based on the policy. The resource authentication module retrieves the digital certificate from the certificate repository and sends the digital certificate to the protected resource to authenticate the secure gateway to the protected resource.

Abstract: An integrated, multi-service virtual private network (VPN) network client for cellular mobile devices is described. The multi-service network client can be deployed as a single software package on cellular mobile network devices to provide integrated services including secure enterprise VPN connectivity, acceleration, security management including monitored and enforced endpoint compliance, and collaboration services. The multi-service client integrates with an operating system of the device to provide a VPN handler to establish a VPN connection with a remote VPN security device. The VPN network client includes to data acceleration module exchange network packets with the VPN handler and apply at least one acceleration service to the network packets, and a VPN control application that provides a unified user interface that allows a user to configure both the VPN handler and the data acceleration module.

Abstract: The invention is directed to techniques for initiating lawful intercept of packets associated with subscriber sessions on a network device of a service provider network based on identification triggers. A law enforcement agency may send an intercept request for a subscriber to an administration device of the service provider network. The administration device may then configure one or more identification triggers for the subscriber based on the intercept request. The techniques described herein initiate lawful intercept when one or more subscriber sessions on a network device match the one or more identification triggers. The techniques described herein include configuring trigger rules that include identification triggers for subscribers on a network device via a command line interface (CLI) of the network device. In addition, the techniques described herein include configuring identification triggers in a subscriber profile on an authentication device connected to a network device.

Abstract: A device receives topology and capability information associated with an access point, access devices, and aggregation devices of a wireless local area network (WLAN), and determines, based on the topology and capability information, a nearest capable access device or aggregation device to the access point. The device also provides an instruction that instructs the access point or the nearest capable access device or aggregation device to create a tunnel between the access point and the nearest capable access device or aggregation device. The access point or the nearest capable access device or aggregation device creates the tunnel between the access point and the nearest capable access device or aggregation device based on the instruction.

Abstract: An example network management device includes a network management module, and a reconstruction module. The network management module is configured to generate a data retrieval command to direct a managed device to retrieve a set of management variables stored within a database within the managed network device and send the data retrieval command to the managed device. The reconstruction module is configured to receive a plurality of partial responses generated by a deconstruction module of the managed device in response to receiving the data retrieval command and determining that the set of management variables does not fit in a single response, and combine the received plurality of partial responses into the requested set of management variables, wherein each of the plurality of partial responses is received as a separate message from the managed network device and includes a different portion of the requested set of management variables.

Abstract: In some embodiments, a method includes calculating, at a wireless access point (WAP) from a set of WAPs within a network, an interference value for each channel from a set of channels of the WAP. The method includes calculating, based on the interference value for each channel, a total move weight of the WAP. The method includes receiving, at the WAP, a total move weight from each remaining WAP. The method includes selecting one WAP from the set of WAPs based on a random number, the total move weight of the WAP, the total move weights from the remaining WAPs, and a rank of the WAPs. The method further includes changing, if the WAP is selected, a designated channel of the WAP to one of the remaining channels; and sending a signal to modify an active channel of the WAP to correspond with the designated channel.

Abstract: A communication network design circuit can derive a path and a necessary link capacity for multiple point communication service permitting arbitrary communication within a predetermined range of communication amount by providing traffic amount of data in-flowing through an ingress node and traffic amount of data flowing out through an egress node. The communication network designing circuit has setting means for setting a mathematical programming problem for deriving the multiple point communication service and optimizing means for solving the mathematical programming problem set by the setting means and obtaining the path for the multiple point communication service.

Abstract: Techniques for classifying and managing network flows associated with a network service using application classification information and active signaling relay are described. A network device, for example, includes a signaling interceptor and a network flow interface. The signaling interceptor monitors a communication between a customer device and an application server, and identifies a network flow associated with a network service provided to the customer device by the application server. The network flow interface applies a policy to the identified network flow. An active signaling relay module communicates with the application server using data injected within the signaling communications, and utilizes the injected data to further control the network flows and the delivery of the network service.

Abstract: In one embodiment, an apparatus includes a first access point within a wireless network. The first access point is configured to identify a communication device within a radio frequency (RF) range of the first access point. The first access point is also configured to request a session key associated with the communication device from a first network controller associated with the first access point in response to the communication device being identified. The first access point is further configured to receive the session key associated with the communication device from a second network controller associated with a second access point having an RF range partially overlapping the RF range of the first access point.

Abstract: An ATM (asynchronous transfer mode) cell transfer apparatus includes an input interface, a switch block, and an OAM cell processing hardware block having a memory unit. The input interface receives an SDH/SONET signal on each of a plurality of first transfer paths to output an input OAM cell corresponding to the SDH/SONET signal to one of a plurality of input ports of the switch block corresponding to the first transfer path for the SDH/SONET signal to be transferred. The switch block receives the input OAM (operation and maintenance) cell from the corresponding input port as an OAM input port to output to the OAM cell processing hardware block together with a port number of the OAM input port, and receives at least one output OAM cell from the OAM cell processing hardware block to output to at least one of the plurality of output ports based on the received output OAM cell.

Abstract: Access switches in a switching system may use virtual aggregated links. When a link between an aggregation switch and an access switch fails, the link failure may be reflected in the virtual aggregated link and data traffic to another access switch may be switched away from the failed switch. A forwarding table in the access switch stores a number of entries that each define a correspondence between destination addresses and an output identifier for the switch. At least a first output identifier includes an aggregated link that represents a first set of possible output links. At least a second output identifier includes a virtual aggregated link, associated with a second network switch that represents a second set of possible output links. Destination addresses in the forwarding table for the virtual aggregated link correspond to network devices connected to the second network switch.

Abstract: A method for managing a shared buffer between a data processing system and a network. The method provides a communication interface unit for managing bandwidth of data between the data processing system and an external communicating interface connecting to the network. The method performs, by the communication interface unit, a combined de-queue and head drop operation on at least one data packet queue within a predefined number of clock cycles. The method also performs, by the communication interface unit, an en-queue operation on the at least one data packet queue in parallel with the combined de-queue operation and head drop operation within the predefined number of clock cycles.

Abstract: An example network device includes a control plane and a filter lookup module that includes a Bloom filter that supports parallel lookup of a maximum number of different prefix lengths. The filter lookup module accesses the Bloom filter to determine a longest length prefix that matches an entry in a set of prefixes. The control plane receives prefix lengths that include more than the maximum number of different prefix lengths supported by the Bloom filter, wherein the set of prefix lengths is associated with one application, generates, based on the received set of prefix lengths, two or more groups of different prefix lengths, wherein each of the two or more groups of different prefix lengths includes no more than the maximum number of different prefix lengths, and programs the filter lookup module with the two or more groups of different prefix lengths associated with the one application.

Abstract: Printed circuit boards and assemblies for cooling electronic devices in processing units are described herein. In some embodiments, a printed circuit board configured to be coupled to an electronic device defines a first set of lumens configured to receive a mounting portion of a frame. The frame and a portion of a first surface of the printed circuit board collectively define an internal volume within which at least a portion of the electronic device can be disposed and an external volume that is external to the internal volume. The printed circuit board defines a second set of lumens positioned to place at least a portion of the external volume in fluid communication with the internal volume.

Abstract: An example network system includes a plurality of endpoint computing resources, a business policy graph of a network that includes a set of the plurality of endpoint computing resources configured as a security domain, a set of policy enforcement points (“PEPs”) configured to enforce network policies, and a network management module (“NMM”). The NMM is configured to receive an indication of a set of network policies to apply to the security domain, automatically determine a subset of PEPs of the set of PEPs are required to enforce the set of network policies based on physical network topology information readable by the NMM that includes information about the location of the endpoint computing resources and the set of PEPs within the network, and apply the network policies to the subset of PEPs in order to enforce the network policies against the set of endpoint computing resources of the security domain.