Abstract: A virtual private network (VPN) tunnel is established that extends from a source spoke to a destination spoke in a hub-and-spoke enterprise network. Prior to establishing the VPN tunnel, packets are sent from the source spoke to the destination spoke through the hub network. In this manner, packets are not dropped while the VPN tunnel is being set up. The VPN tunnel is established by querying a server for the network address of a destination router in the destination spoke, then setting up the VPN tunnel using a secure communication protocol. An extension to the Internet Key Exchange (IKE) protocol is used to obtain the private network address of the destination router during setup of the VPN tunnel. A forwarding table is updated after the VPN tunnel is established to reroute the packets through the new VPN tunnel.

Abstract: A controller may include a measurement circuit configured to generate a proxy signal representing delay variations in the controller. The measurement circuit may also generate a measurement value from the proxy signal. A control circuit may be configured to convert the measurement value into a control value. A delay circuit may be adjusted by the control value to alter an amount of delay of a signal.

Abstract: A routing protocol, such as the Border Gateway Protocol (BGP), is extended in a manner that allows the protocol to opaquely carry routing attributes associated with an origin of a routing advertisement, e.g., a customer network of associated with a virtual private network (VPN). These attributes are carried within routing communications using a separate attribute set, and are automatically utilized when delivering the routing advertisement to other customer networks associated with the VPN. As a result, the customer networks are isolated from the routing attributes used within an intermediate network coupling the customer networks.

Abstract: A method and an apparatus for rapidly resuming, at times of failures, network traffic in a connection-oriented network by using an alternative route pre-computed and stored locally in nodes along an initial route without requiring signaling of upstream nodes or a master server.

Abstract: A system measures traffic in a device. The system tracks an amount of data and the data units and predicts the amount of padding associated with the data units. The system determines the amount of traffic in the device based on the predicted padding, the amount of data, and the number of data units.

Abstract: A method and device for string matching HTTP headers. The method typically includes identifying a predefined string, identifying an unknown string to compare with the predefined string, performing a bitwise exclusive OR operation on an ASCII binary representation of at least one segment of the unknown string and an ASCII binary representation of at least one segment of the predefined string, and identifying a case-insensitive string match based on the exclusive OR operation. The method may further include performing a bitwise operation with a predefined flag to determine the case-insensitive segment match.

Abstract: A network device is described that load-balances network traffic among a set of network servers based on electrical power consumption of the network servers. The network device may measure electrical power consumption in a variety of ways, and may generate and maintain a power consumption profile for each of the network server. The power consumption profile may describe the respective server power consumption in increasing granularity. For instance, each power consumption profile may specify electrical power consumption according to watts consumed by a server per average transaction, watts consumed per transaction for a specific type of software application, watts consumed per transaction for a software application for individual network resources, and so on. Furthermore, the profiles may be maintained for individual servers or aggregated for groups or sequences of servers.

Abstract: A method for processing high priority packets and low priority packets in a network device includes performing arbitration on high priority packets until no high priority packets remain. Arbitration then is enabled on low priority packets. A packet size associated with the selected low priority packet is compared with a programmable threshold. Low priority packets are excluded from subsequent arbitration for a programmable duration when the packet size exceeds the programmable threshold.

Abstract: A network device includes an interface (105), a TCP/IP protocol fast processing path (115), and a TCP/IP protocol slow processing path (110). The interface (105) receives a packet and parses the packets to determine a characteristic of the packet. The TCP/IP protocol fast processing path (115) processes the packet if the characteristic of the packet includes a first characteristic. The TCP/IP protocol slow processing path (110) processes the packet if the characteristic of the packet includes a second characteristic.

Abstract: In general, techniques are described of enabling a client-based web browser application to browse a directory structure provided by a server on a private network via a secure gateway. In particular, an intermediate gateway device is positioned on a network path between the client device and a server device. The gateway device communicates with the client device via a secure network connection (e.g., a Secure Sockets Layer connection). When the gateway device receives a resource identifier that identifies a directory structure from either the client device or the server device, the gateway device alters the resource identifier. In particular, the gateway device alters the resource identifier in such a way that when the client device transmits a request to view the directory structure identified by the resource identifier, the client device transmits a request to view the directory structure in a networking protocol that the gateway device permits to pass through the gateway device.

Abstract: There is provided a line redundant method for implementation of line switching in a switching matrix, including the bridge step of outputting a data signal to a plurality of redundant lines in the switching matrix, and the selector step of selecting only a data signal, of a plurality of data signals input from another switching matrix other than the switching matrix through the plurality of redundant lines, which is input through a redundant line required in the switching matrix, and not selecting the data signals input to the switching matrix through the lines other than the required redundant line. A line redundant system for implementing this method is also provided.

Abstract: The invention is directed toward techniques for Multi-Protocol Label Switching (MPLS) upstream label assignment for the Label Distribution Protocol (LDP). The techniques include extensions to the LDP that enable distribution of upstream assigned labels from an upstream router to two or more downstream routers of a tunnel established over a network. The tunnel may comprise a LDP Point to Multi-Point (P2MP) Label Switched Path (LSP), an Internet Protocol (IP) multicast tunnel, or a Resource Reservation Protocol with Traffic Engineering extensions (RSVP-TE) P2MP LSP. The techniques also include extensions to the LDP that enable a router to advertise upstream label assignment capability to neighboring routers in the network. The MPLS upstream label assignment using LDP described herein enables a branch router to avoid traffic replication on a Local Area Network (LAN) for LDP P2MP LSPs.

Abstract: Techniques allow network devices to set up multiple multicast distribution structures for a given multicast group and source. According to the techniques, a multicast protocol is extended to include an instance number in the control messages, where the instance number corresponds to one of a plurality of instances for the multicast group and source. The network device sends a join request for each of the N instances for the multicast group to a plurality of upstream routers. Each of the join requests specifies a different instance of the multicast group to be joined. The source device for the multicast group selects one of the N instances, for example using a unicast Equal Cost Multipath (ECMP) hashing algorithm, and sends multicast content for the multicast group to via the multicast distribution structure corresponding to the selected one of the N instances.

Abstract: A method and a network device for sharing bandwidth among a group of classes of traffic for an interface are provided. Bandwidth may be allocated to at least one traffic class of a first priority for the interface. At least some unused bandwidth of the at least one traffic class may be allocated to at least one other traffic class of a second priority for the interface. In some implementations, weighted constituents may be allocated unused interface bandwidth based on an assigned weight of each of the weighted constituents of the interface.

Abstract: The invention relates to a universal Address Pool Manager (APM) for processing network access address requests from clients operating at one of many access protocols. The APM, located within a network device, such as a router, manages an aggregated pool of network addresses and assigns addresses to the clients from the pool in accordance with the multiple access protocols. The aggregated address pool may be co-located within the network device with the APM, or alternatively, the address pool may be located within an off-box network device, such as an off-box authentication server or an off-box DHCP server. Utilization of an APM that manages an aggregated address pool for processing requests from multiple access protocols may reduce operational costs for network service providers that support multiple access networks.

Abstract: In one embodiment, a method, comprising producing a first policy vector based on a first portion of a data packet received at a multi-stage switch. The method also includes producing a second policy vector based on a second portion of the data packet different than the first portion of the data packet. A third policy vector is produced based on a combination of at least the first policy vector and at least the second policy vector. The third policy vector including a combination of bit values configured to trigger an element at the multi-stage switch to process the data packet.

Abstract: In general, techniques are described to dynamically redefine a preference value used during route resolution. A network device, such as a router, may implement the techniques to improve a usability aspect of the router. The router may comprise an interface card that receives messages describing one or more of a plurality of routes. The router may also include a control unit that stores data defining a policy. The policy may comprise rules by which the router determines the preference value for one of the plurality of routes. The policy dynamically redefines the preference value as two or more bit fields rather than viewing the preference value as an integer value. The control unit further sets each of the two or more bit fields of the local preference value in accordance with the policy and associates the at least one of the routes with the determined local preference value.

Abstract: A method for enabling autonegotiation over an interface for which no autonegotiation standard exists comprises establishing network communication between a first network device and a second network device over a communication link. The first network device includes a first media access controller (MAC) associated with a communication port coupled to the communication link and a second MAC positioned between the first MAC and the communication port, and the second MAC operates as a proxy MAC for the first MAC. The first MAC outputs an outbound data communication to the communication port at a first communication rate. The proxy MAC intercepts the outbound data communication. The proxy MAC then outputs the outbound data communication to the communication port at a second communication rate different from the first communication rate.

Abstract: In a network device, a line card includes a first scheduler configured to perform scheduling for data units of a first type and a second scheduler that is connected in series to the first scheduler and configured to perform scheduling for data units of a second type. The schedulers may be configured in a variety of ways to achieve certain data unit flow characteristics.

Abstract: A network device is configured to receive a registration message from a private user device including a private internet protocol (IP) address associated with the private user device. A public IP address and discrete port number are assigned to the private user device and private IP address and stored in an incoming call table. The registration message is translated to include the public IP address and discrete port number. The registration message is forwarded to a proxy server for registration. An incoming call invitation message is received from a public user device, where the call invitation message is directed to the public IP address and discrete port number associated with the private user device. The call invitation message is translated to include the private IP address associated with the private user device based on the received public IP address and discrete port number and the incoming call table. The call invitation message is forwarded to the private user device.