Abstract: An ATM switch allowing simplified OAM processing only on the line incoming side is disclosed. An incoming line circuit has a header conversion table storing information indicating whether the system is an end point of an OAM processing flow for each connection and an OAM table storing an AIS flag and an RDI flag for each connection. As for an OAM cell found by referring to these tables to be forced to go back to its own port, an switch output port number is rewritten in the OAM function section. In addition, in the case of an AIS cell, the function type is rewritten so as to become an RDI cell. In the case of an LB cell, the LB indication is rewritten so as to become a return LB cell, and switching to its own port is conducted in the ATM switch core.

Abstract: A method and apparatus for scheduling virtual upstream channels within one physical upstream channel is disclosed. A different MAP message is received by a receiver for each virtual upstream channel from that sent downstream. Where multiple upstream receivers are used, separate MAP messages can be sent for each receiver and consequently, each virtual upstream channel. The use of multiple upstream receivers is not necessary if the upstream receiver can change the upstream channel descriptors it is using per burst.

Abstract: In general, techniques are described for reducing response times to retrieve content in an intermediate network device. In particular, the intermediate network device receives a packet from a client device of a first network that requests content from a remote network device of a second network, inspects the packet to determine whether the requested content has been previously cached to either of a first and a second memory of the device, issues a request to load the requested content from the second memory to the first memory based on the determination and queues the packet within in the queue. After queuing the packet, the intermediate network device then processes the packet to assemble a response that includes the content from the memory.

Abstract: GPRS Tunneling Protocol (“GTP”) packets are intercepted by receiving a GTP tunnel packet, determining whether the GTP tunnel packet is to be intercepted, intercepting GTP tunnel packets if it is determined that the GTP tunnel packet is to be intercepted, and processing the intercepted GTP tunnel packets. Multiple tunnels may be intercepted simultaneously and GTP tunnel packets from different tunnels may be processed differently. Implementations include both inline and offline interception of GTP traffic between SGSN and GGSN.

Abstract: A toolbar that is provided or inserted in a markup language document so as to facilitate features or functionality provided by a server is disclosed. The toolbar is able to determine whether the toolbar should be displayed as part of the markup language page being displayed. In one embodiment the server is an intermediary server.

Abstract: A method performed by a provider edge device includes generating pseudo-wire tables based on virtual private local area network service advertisements from other provider edge devices, where the provider edge device services customer edge devices, and establishing pseudo-wires with respect to the other provider edge devices, based on the pseudo-wire tables, where the pseudo-wires include an active pseudo-wire and at least one standby pseudo-wire with respect to each of the other provider edge devices. The method also includes generating and advertising VPLS advertisement to the other provider edge devices, detecting a communication link failure associated with one of the customer edge devices in which the provider edge device services, and determining whether the at least one standby pseudo-wire needs to be utilized because of the communication link failure.

Abstract: A network device may include logic to establish an IP session, establish a BFD session within the established IP session, transmit BFD packets within the established BFD session, and determine that the established IP session is active based upon reception of the BFD packets. In another embodiment, the logic may also determine that an IP session is active using an inactivity timer that may also trigger transmission of BFD packets.

Abstract: A system for multicasting a packet of data to a single data stream is provided. The system may determine a size of the packet and may send a single copy of the packet if the size of the packet exceeds a threshold value. A number of copies of the packet yet to be multicast may be ascertained if the size of the packet of data does not exceed the threshold value. Copies of the packet may be transmitted based on the number of copies of the packet yet to be multicast.

Abstract: The invention is directed toward techniques for Multi-Protocol Label Switching (MPLS) upstream label assignment for the Resource Reservation Protocol with Traffic Engineering (RSVP-TE). The techniques include extensions to the RSVP-TE that enable distribution of upstream assigned labels in Path messages from an upstream router to two or more downstream routers of tunnel established over a network. The tunnel may comprise a RSVP-TE P2MP Label Switched Path (LSP) or an Internet Protocol (IP) multicast tunnel. The techniques also include extensions to the RSVP-TE that enable a router to advertise upstream label assignment capability to neighboring routers in the network. The MPLS upstream label assignment using RSVP-TE described herein enables a branch router to avoid traffic replication on a Local Area Network (LAN) for RSVP-TE P2MP LSPs.

Abstract: Techniques are described for providing hybrid forwarding within an Ethernet-based service domain established over one or more intermediate networks, such as a service provider (SP) network. For example, the Ethernet-based service domain may comprise a virtual private local area network service (VPLS) domain. A hybrid VPLS domain may transport layer two (L2) communications, such as Ethernet packets, between remote customer networks via the SP network. The techniques described herein enable a network device, e.g., a router, within a SP network to forward packets from a source device of a hybrid VPLS domain toward one or more subscriber devices of the hybrid VPLS domain (i.e., in a downstream direction) using P2MP forwarding semantics. The same network device forwards packets from one of the subscriber devices toward the source device (i.e., in an upstream direction) using P2P forwarding semantics.

Abstract: Communicating keys between network devices on a network using asymmetric cryptographic techniques, for which asymmetric keys may be derived from a single (same) password. Knowledge or partial knowledge of the password may be the only information shared between parties prior to execution of a key exchange, and may be the only criteria by which one party will base trust in the other. A first network device may encrypt a key using a password-based key derived from a password, and authenticate a second device based on the second network device's ability to decrypt the encrypted key using a key derived from the same password. Knowledge of the password may be conveyed by the second device to the first device—a session key may be generated as a function of the decrypted key, and a function of this session key may be communicated from the second device to the first device.

Abstract: Intermediate network devices, such as routers, are configured to discover a maximum transmission unit (MTU) for a path between two network endpoints by removing data from packets when the packet size exceeds a link MTU to a next hop. An example intermediate network device includes a forwarding engine to determine an interface card through which to forward a received packet and to determine a link MTU for a link corresponding to the interface card, wherein the received packet comprises a header and a payload, the header indicating not to fragment the packet, and a PMTU determination module to determine whether a size of the received packet exceeds the link MTU, and to remove a portion of data from the payload of the packet, discard the removed portion, and adjust the header of the packet according to the removed portion when the size of the received packet exceeds the link MTU.

Abstract: A system provides congestion control and includes multiple queues that temporarily store data and a drop engine. The system associates a value with each of the queues, where each of the values relates to an amount of memory associated with the queue. The drop engine compares the value associated with a particular one of the queues to one or more programmable thresholds and selectively performs explicit congestion notification or packet dropping on data in the particular queue based on a result of the comparison.

Abstract: A device provides layer two (L2) services between customer networks that are coupled by one or more intermediate computer networks. The device comprises a routing process that receives label information for a label switched path (LSP) through the intermediate networks. The device further comprises a L2 service that receives L2 service information from a device associated with second customer networks. In accordance with the label information, the device transports L2 communications between the first and second customer networks through the one or more intermediate networks. By utilizing label information in this manner, the device may minimize the impact of providing L2 services through the intermediate networks.

Abstract: A key engine that performs route lookups for a plurality of keys may include a data processing portion configured to process one data item at a time and to request data when needed. A buffer may be configured to store a partial result from the data processing portion. A controller may be configured to load the partial result from the data processing portion into the buffer. The controller also may be configured to input another data item into the data processing portion for processing while requested data is obtained for a prior data item. A number of these key engines may be used by a routing unit to perform a large number of route lookups at the same time.

Abstract: A load balancing SSL acceleration device. The device includes a processor, memory and communications interface. A TCP communications manager capable of interacting with a plurality of client devices and server devices simultaneously is provided, along with a secure communications manager. The apparatus further includes an encryption and decryption engine instructing the processor to encrypt data from a secure communications session and direct it to said second communication session. Still further, the apparatus includes a load balancing engine associating ones of said client devices with ones of said servers for a communications session based on calculated processing loads of each said server. In a further aspect, a method for performing SSL acceleration of data communications between a plurality of customer devices attempting to communicate with an enterprise having a plurality of servers is disclosed.

Abstract: Techniques are described for verifying a status of a set of paths through a computer network for two or more connectivity protocols. For example, a node uses a first connectivity protocol to concurrently learn information that will cause packets conforming to the first connectivity protocol and packet conforming to a second connectivity protocol to traverse a set of paths through a computer network. After learning this information, the node may verify a status of each of the paths using the first connectivity protocol. In addition, the node may verify a status of each of the paths using the second connectivity protocol. By verifying the status of the paths using both the first and the second connectivity protocols, the node may be able to quickly and accurately determine whether a path has failed.

Abstract: A network device provides services for multiple virtual private networks (VPNs) via one or more virtual hosts. For example, a router receives packets from multiple VPNs, and communicates the packets to a service card via a logical interface in accordance with a forwarding information base. A virtual host within the service card processes the packets and provides a service for the network device from which the packet was sent. The virtual host may, for example, provide print services for network devices within a corresponding VPN. The virtual host acts, in essence, as a print server within the corresponding VPN. In this manner, the router may eliminate the need for the customer associated with the VPN to maintain print servers within remote customer sites.

Abstract: A system protects database operations performed on a shared resource. The system may chunk memory to form a set of memory chunks which have memory blocks, at least some of the memory blocks including database objects. The system may configure at least one binary search tree using the memory chunks as nodes and buffer a set of pointers corresponding to the memory blocks. The system may further validate the buffered pointers and dereference validated buffered pointers.

Abstract: Methods, apparatus, and products are disclosed for forwarding frames in a computer network using shortest path bridging (‘SPB’). The network includes multiple bridges, and each edge bridge is assigned a unique service virtual local area network (‘VLAN’) identifier. One of the bridges receives a frame for transmission to a destination node. The received frame includes a service VLAN identifier for the ingress bridge through which the frame entered the network and a customer VLAN identifier. The one bridge identifies an SPB forwarding tree in dependence upon the service VLAN identifier. The SPB forwarding tree specifies a shortest route in the network from the ingress bridge through the one bridge to the other bridges in the network. The one bridge then forwards the received frame to the egress bridge without MAC-in-MAC encapsulation in dependence upon the SPB forwarding tree and the customer VLAN identifier.