Abstract: A device receives, from a wireless access point, a pairwise master key identification (PMKID) based on a known pairwise master key (PMK), and determines whether the received PMKID matches one of multiple PMKIDs stored in a cache associated with the device. The device dynamically generates a PMKID based on the known PMK when the received PMKID does not match one of the multiple PMKIDs stored in the cache, and performs a fast four-way handshake to establish a secure connection between the device and the wireless access point when the dynamically generated PMKID matches the received PMKID.

Abstract: Air flow ducts for improving the air flow within data processing units are described herein. In some embodiments, a duct includes an inlet portion and an outlet portion. An interior surface of the outlet portion of the duct defines, at least in part, a portion of a flow path. The duct is configured to be coupled to a printed circuit board within a data processing unit such that a first portion of a cooling fluid can flow within the flow path between the inlet portion of the duct and an electronic device coupled to the printed circuit board. An exterior surface of the outlet portion of the duct is configured to redirect a second portion of the cooling fluid to a volume within the data processing unit apart from the electronic device.

Abstract: Methods and systems for identifying a source of an attack in a network include transmitting an address associated with the attack target to a number of network devices. Each network device may then determine whether a received packet is destined for the attack target and identify, for each packet destined for the attack target, an input interface upon which the packet arrived. Each network device may also count the amount of data destined for the attack target per input interface. A potential source of the attack may then be identified based on the amount of data destined for the attack target.

Abstract: In some embodiments, a method includes sending a signal to a first module associated with a stage of a switch fabric and receiving a signal from the first module a first amount of time after sending the signal to the first module. A signal is sent to a second module associated with the stage of the switch fabric and a signal is received from the second module a second amount of time after sending the signal to the second module. The second amount of time is less than the first amount of time. A cell of a first data packet is sent to the first module and a cell of a second data packet is sent to the second module a third amount of time after sending the cell of the first data packet. The third amount of time is associated with the difference between the first amount of time and the second amount of time.

Abstract: Constraint information associated with peering links is taken into account when establishing label switched paths (LSPs) to exit points of a network. Devices within the network, such as routers, designate interfaces associated with peering links as “passive interfaces” to indicate that the interfaces should be included for bandwidth accounting purposes and internal path computation. Other devices within the network utilize the constraint information, e.g., bandwidth availability, when computing and establishing LSPs to the exit points of the network to avoid congested peering links.

Abstract: A number of wireless networks are established by a network device, each wireless network having an identifier. Requests are received from client devices to establish wireless network sessions via the wireless networks using the identifiers. Network privileges of the client devices are segmented into discrete security interfaces based on the identifier used to establish each wireless network session.

Abstract: A method may include authenticating a node over layer 2 in a network based on authentication rules; sending a node authentication code to the node; and providing layer 3 network access based on the node authentication code.

Abstract: A communication network design circuit can derive a path and a necessary link capacity for multiple point communication service permitting arbitrary communication within a predetermined range of communication amount by providing traffic amount of data in-flowing through an ingress node and traffic amount of data flowing out through an egress node. The communication network designing circuit has setting means for setting a mathematical programming problem for deriving the multiple point communication service and optimizing means for solving the mathematical programming problem set by the setting means and obtaining the path for the multiple point communication service.

Abstract: A network device implements automatic configuration of Quality of Service (QoS) parameters in response to operator specification of a relatively few and easily understandable “high level” parameters such as, for example, latency requirements or an acceptable rate of packet drops. In one implementation, a network device may receive user preference information that relates to a Quality of Service (QoS) for network traffic passing through the network device and may measure traffic patterns through the network device. The device further generates a configuration template based on the measured traffic patterns and on the user preference information transmit the data in an order of transmission that is prioritized according to a bandwidth allocation policy defined by the configuration template.

Abstract: A printed circuit board (PCB) includes a ball grid array (BGA). The PCB further includes a first BGA pad having a circular shape, and a first via having a circular shape, where the circular shape of the first via overlaps a portion of the circular shape of the first BGA pad and is rotated diagonally relative to a center of the first BGA pad. The PCB also includes a second BGA pad having a circular shape, and a second via having a circular shape, where the circular shape of the second via overlaps a portion of the circular shape of the second BGA pad and is rotated diagonally relative to a center of the second pad, and where a center of the second via is located at a first distance from the center of the first via and at a first angle relative to an axis that crosses a center of the first via.

Abstract: In general, techniques are described for intelligently selecting test cases within testing environments. Specifically, a computing device may include a user interface with which a user interacts to specify a safety level. The device also includes a control unit that determines those functions of source code that changed. Based on these changed functions, the control unit determines those functions of the source code not changed but impacted by the changes within a set distance. The control unit then selects, for each of these determined functions, one or more test cases in accordance with one or more test selection algorithms by adaptively applying these algorithms in order of decreasing safety assurances and increasing precision. The control unit further aggregates these selected test cases and implement the test cases to ensure the safety level with respect to a percentage of functional errors occurring within a software program compiled from the source code.

Abstract: A device receives, from a client device, a request for a resource available from an origin device, and determines whether the resource is cached in a cache server. When the resource is cached, the device provides a first command instructing the client device to request the resource from the cache server, receives, from the client device, a first new request for the resource, and enables, based on the first new request, the client device to receive the resource from the cache server. When the resource is not cached, the device creates a firewall filter, provides a second command instructing the client device to request the resource from the origin device, receives, via the firewall filter and from the client device, a second new request for the resource, and enables, based on the second new request, the client device to receive the resource from the origin device.

Abstract: A system includes a virtual machine (VM) server and a policy engine server. The VM server includes two or more guest operating systems and an agent. The agent is configured to collect information from the two or more guest operating systems. The policy engine server is configured to: receive the information from the agent; generate access control information for a first guest OS, of the two or more guest operating systems, based on the information; and configure an enforcer based on the access control information.

Abstract: A system includes a first device and a second device. The first device is configured to transmit a discover message on a first upstream channel, where the discover message includes information representing capabilities of the first device. The second device is configured to receive the discover message from the first device and determine whether to switch the first device to a second upstream channel based on the capabilities information in the discover message. The second device makes the determination before a registration of the first device. The second device transmits a message to the first device instructing the first device to switch to the second upstream channel based on a result of the determination.

Abstract: In general, techniques are described for measuring packet data unit (PDU) loss in a L2 virtual private network (L2VPN) service, such as a VPLS instance. In one example of the techniques, provider edge (PE) routers that participate in the L2VPN measure known unicast and multicast PDU traffic at the service endpoints for the instance to determine unicast PDU loss within the service provider network. As the routers learn the outbound service (i.e., core-facing) interfaces and outbound local (i.e., customer-facing) interfaces for L2 addresses of customer devices that issue packets to the VPLS instance, the routers establish respective unicast transmit and receipt counters for the service endpoints that serve the customer devices. In another example, PE routers that participate in the L2VPN measure multicast PDU traffic at the service endpoints for the instance and account for internal replication by intermediate service nodes to determine multicast PDU loss within the service.

Abstract: A system provides a set of services. The system includes nodes that are in communication with each other. The system segregates the services into at least first and second groups of services, assigns the first group of services to a first set of the nodes, and assigns the second group of services to a second set of nodes. The first set of nodes provides the first group of services, and the second set of nodes provides the second group of services.

Abstract: A device receives, from a client device, a request for a resource that is available from an origin device, and determines whether the resource is cached in a cache server or not cached in the cache server. The device forwards the request to the cache server regardless of whether or not the resource is cached in the cache server, and receives, when the resource is not cached in the cache server, a redirect command from the cache server based on the request. The device forwards the received redirect command to the client device, where the redirect command instructs the client device to obtain the resource from the origin device. The device receives, from the cache server and based on the request, the resource when the resource is cached in the cache server, and forwards the received resource to the client device.

Abstract: A device maintains, in a database, a plurality of data items, each data item of the plurality of data items being associated with a respective category. The device associates, in the database, a first counter value with each data item, the first counter value indicating a number of times the respective category has been deleted from the database at a time when the data item was stored in the database. The device associates, in the database or another database, a second counter value with the respective category, the second counter value indicating a current value for a number of times the respective category has been deleted from the database. The device selectively deletes, from the database, one or more data items of the plurality of data items from the database based on the first counter values and the second counter value.

Abstract: An apparatus and method are described for compensating for frequency and phase variations of electronic components by processing packet delay values. In one embodiment, a packet delay determination module determines packet delay values based on time values associated with a first and a second electronic component. A packet delay selection module selects a subset of the packet delay values based on the maximum frequency drift of the first electronic component. A statistical parameter determination module evaluates a first and a second parameter based on portions of the subset of packet delay values. A validation module validates the parameters when each portion the subset of packet delay values includes a minimum of at least two packet delay values. An adjustment module compensates for at least one of a frequency variation and a phase variation of the first electronic component based on the parameters if the parameters are both validated.

Abstract: Network devices in a multicast network exchange multicast optimization data to improve efficiency of multicasting in the network. A protocol, e.g., a routing protocol or a multicast protocol, may be extended to allow the network devices to exchange the multicast optimization data. Alternatively, a separate protocol may be established for exchanging MOD. A network device may receive a message from an upstream device located between the device and a source for a multicast group, wherein the message includes multicast optimization data that specifies at least one criterion for selecting an upstream device. The device may use the data to intelligently select an optimal upstream device for receiving multicast using any of a variety of criteria to rank the upstream routers, such as minimization of multicast traffic duplication, load balancing current bandwidth levels, and avoiding paths experiencing communication delays.