Abstract: A network acceleration device provides application programming interface (API) that facilitates the sharing of cache resources among multiple network acceleration devices, thereby allowing the network acceleration devices to be clustered and share a common cache of network content. This clustered approach may advantageously allow clients serviced by one network acceleration device to benefit from previous network access requests issued by clients serviced by a different network acceleration device of the cluster.

Abstract: An inventory management system (IMS) is described herein that captures historical data for network elements of a computer network. The IMS maintains the historical data to provide a life cycle view of the elements as utilized within the computer network. For example, the IMS may include a network scan module that receives current inventory information from at least one of the network devices, wherein the current inventory information lists elements currently deployed within network device. An event generator compares the current inventory information with the stored inventory information. A database manager updates the database to store historical data for the network devices based on the comparison.

Abstract: A reorder engine classifies information relating to incoming data items as belonging to either a first, second, or third region. The information relating to the data items may arrive at the reorder engine out of order. The data items each include a sequence number through which the reorder engine may reconstruct the correct order of the data items. Based on the classification, the reorder engine may either process the data items normally or drop certain ones of the data items. The majority of incoming data items will fall in the first region and are processed normally. Data items arriving in the second region indicate that a previous data item is late or delayed. If this previous data item is delayed but does eventually arrive, it will arrive in the third region and is simply ignored.

Abstract: In an ATM exchange, a cell transmission control section transmits an ATM cell to a transmission path of an ATM network. A traffic monitor monitors traffic of the cell transmissions. A statistical process section performs a temporal statistical process on the result of the traffic monitoring using a clock and a memory. A CAC produces an instruction for traffic control over a transmission terminal based on the result of the statistical process. A UPC controls traffic of a transmission path from the transmission terminal in accordance with the instruction.

Abstract: A network system uses a management routing instance to route management information between elements involved in management of the system. The system registers each element in the management routing instance when the element comes on line. Based on the management routing instance, the system creates management forwarding tables. The system then uses the management forwarding tables to route management information between the elements. Multiple systems, for example systems connected by a network, may exchange management routing instance information to allow elements in different systems to communicate management information with each other.

Abstract: A method may include counting the number of times each of a plurality of entries in a content addressable memory (CAM) matches one or more searches; grouping entries in the CAM into a first subset and a second subset based on the number of times each of the plurality of entries in the CAM matches one or more searches; and searching the first subset for a matching entry and, if no matching entry is found, searching the second subset for the matching entry.

Abstract: To satisfy a quality required for each traffic and perform switching for a packet segmented into cells without packet reassembly, there is provided a node apparatus including a header processing section (2) for determining an output destination of an incoming packet and a quality class from the header information of the packet, a route table (3), and a quality description table (4), and storing the packet in an output queue (6) determined by the determined output destination and quality class, an output control section (7) for reading out a packet from the output queue in accordance with the quality set for each output queue (6) and sending out the read packet through a VC determined by the determined output destination and quality class, and a quality description table (4) which has at least a virtual dedicated network number field, a destination address/mask length field, a source address/mask length field, a fourth-layer protocol/destination port number field, and a destination port number field and in whi

Abstract: A printed circuit board (PCB) includes a ball grid array (BGA). The PCB further includes a first BGA pad having a circular shape, and a first via having a circular shape, where the circular shape of the first via overlaps a portion of the circular shape of the first BGA pad and is rotated diagonally relative to a center of the first BGA pad. The PCB also includes a second BGA pad having a circular shape, and a second via having a circular shape, where the circular shape of the second via overlaps a portion of the circular shape of the second BGA pad and is rotated diagonally relative to a center of the second pad, and where a center of the second via is located at a first distance from the center of the first via and at a first angle relative to an axis that crosses a center of the first via.

Abstract: This disclosure describes domain name system (DNS) caching techniques for providing integrated DNS caching services to multiple customers. For example, a virtual private network (VPN) device provides integrated DNS caching services to multiple customers even though each customer has a different corresponding VPN and may be serviced by a different DNS server. The VPN network device accesses the multiple, different DNS servers to retrieve correct IP addresses for the different customer VPNs, and internally stores the IP addresses in an integrated DNS cache in a manner that allows the IP addresses to be uniquely retrieved based on combinations of customer VPN identifiers and hostnames.

Abstract: A system processes data corresponding to multiple data streams. The system includes multiple queues that store the data, stream-to-queue logic, dequeue logic, and queue-to-stream logic. Each of the queues is assigned to one of the streams based on a predefined queue-to-stream assignment. The stream-to-queue logic identifies which of the queues has data to be processed. The dequeue logic processes data in the identified queues. The queue-to-stream logic identifies which of the streams correspond to the identified queues.

Abstract: A packet processing method for exchanging packet data through a plurality of layers is disclosed, that comprises the steps of storing the entire packet to a packet memory; and storing part of each packet of the packet data used in processes of a layer 2 processing portion and a layer 3 processing portion of the plurality of layers to a multi-port shared memory, the layer 2 processing portion and the layer 3 processing portion accessing the same memory space of the multi-port shared memory. In addition, a pipeline processing system is used so that when the layer 2 processing portion and the layer 3 processing portion access the shared memory, they do not interfere with each other.

Abstract: A policy device grants access to a client device, without authenticating the client device, when the client device provides a session identifier to the policy device that was previously granted to the client device by a second policy device upon authenticating the client device by the second policy device. In one example, a policy device includes a network interface that receives a session identifier from a client device, wherein the policy device comprises an individually administered autonomous policy server, and an authorization module that grants the client device access to a network protected by the policy device based on the session identifier without authenticating the client device by the policy device. In this manner, the client device need not provide authentication information multiple times within a short time span, and the policy device can deallocate resources when a session migrates to a second policy device.

Abstract: In general, this disclosure describes techniques of storing data in and retrieving data from a cache of a computing device. More specifically, techniques are described for utilizing a “perfect hash” function to implement an associative cache within a computing device. That is, the associative cache implements a fully associative map between a predetermined set of addresses and data values, employing only a single tag fetch comparison.

Abstract: Techniques are described in which a network device waits differing amounts of time for different network sockets before beginning processes to determine whether respective network connections from the network sockets have failed. An intermediate device may create a network socket for a network connection having a keep-alive wait time option set to a keep-alive wait time associated with a class of the network connection. If an amount of time specified by the keep-alive option of the socket passes after a last successful communication on the network connection, the socket may begin a process to determine whether the network connection has failed. If the intermediate device determines that the network connection has failed, the intermediate device may terminate the connection to free resources on the intermediate device allocated to the network connection.

Abstract: A secure socket layer virtual private network (SSL VPN) network appliance includes a set of virtual systems having respective context information. Each of the virtual systems represents a VPN for a different subscriber network. The network appliance includes a network interface to receive a first network communication associated with a first one of the virtual systems. In response to the network communication, the SSL VPN network appliance sets a context identifier that identifies the first one of the virtual systems. The network appliance further comprises a set of VPN software processes executing on the network appliance to process the first network communication, wherein the set of VPN software processes generate data access requests. A configuration access application programming interface (API) dynamically directs the data access requests from the VPN software processes to the first one of the virtual systems based on the context identifier.

Abstract: A network optimization device may receive a stream of data and generate a signature for a plurality of fixed length overlapping windows of the stream of data. The device may select a predetermined number of the generated signatures for each Ln-byte segment of the data stream, wherein Ln is greater than a length of each of the windows. The network device may store the selected signatures in a bucketed hash table that includes a linked-list of entries for each bucket.

Abstract: A network device for processing data packets includes an encryption services module, a number of network interfaces and a forwarding module. A network interface receives a packet requiring encryption services and forwards the packet. The forwarding module receives at least a portion of the data packet, where the portion includes header information. The forwarding module identifies a security association for the data packet, appends the security association to the portion of the data packet and forwards the portion of the data packet including the security association to the encryption services module. The encryption services module processes the packet in accordance with the security association.

Abstract: In one embodiment, an apparatus can include a policy vector module configured to retrieve a compressed policy vector based on a portion of a data packet received at a multi-stage switch. The apparatus can also include a decompression module configured to receive the compressed policy vector and configured to define a decompressed policy vector based on the compressed policy vector. The decompressed policy vector can define a combination of bit values associated with a policy.

Abstract: Techniques are described for centralized management of quality of service (QoS) characteristics of network data flows. A service management system maintains a database that associates access information, such as a username and password, with QoS information. A router or other network device associates a data flow with access information, and queries the service management system with the access information to obtain the QoS information. The router forwards data of the data flow in accordance with the QoS information obtained from the service management system. As the access information may be a username and password, an existing system, such as a Remote Authentication Dial-In User Service (RADIUS) system, may easily be adapted for use as the service management system. As a result, QoS information may easily be centrally managed for numerous routers or other network devices.

Abstract: A service deployment device responds to events originating internally or in a network using a set of condition/action rules. The condition/action rules are defined in terms of business-level information. A rules engine in the service deployment device translates the network events to business information and uses a forward-chaining algorithm to evaluate conditions associated with the rules. Based on the evaluation, the service deployment device enables actions associated with the rules. An enterprise using the service deployment device uses the condition/action rules to deploy business policies in the network.