Abstract: A system includes a first network device and a second network device. The first network device includes a group of first logical portions and is configured to detect a problem with one of the first logical portions, and transmit a message identifying the one first logical portion. The second network device includes a group of second logical portions, where the group of second logical portions corresponds to the group of first logical portions. The second network device is configured to receive the message from the first network device, and activate the one second logical portion corresponding to the one first logical portion in response to receiving the message.

Abstract: A correlation database stores profiling data that describes packet flows within a network. A network device presents a user interface by which a user defines a database trigger to detect database operations that change to the profiling data stored within the correlation database. The network device may maintain a log to record the detected database operations. The database trigger may specify a combination of low-level network elements associated with the packet flows and application-layer elements extracted from application-layer communications reassembled from the packet flows.

Abstract: A network device includes a primary control unit that establishes a network tunnel with another network device. The network device applies a silent failover technique to failover from the primary control unit to a backup control unit while maintaining the network tunnel. The network tunnel may be, for example, a Layer 2 Tunneling Protocol (L2TP) tunnel, and the network device may be an L2TP Access Concentrator (LAC) or an L2TP Network Server (LNS). The techniques may prevent abnormal termination of the network tunnel during the failover. Once the failover from the primary control unit to the backup control unit is complete, the backup control unit synchronizes sequence numbers associated with the network tunnel with sequence numbers of the non-failed network device, and resolves inconsistencies between subscriber session databases of the backup control unit and the non-failed network device.

Abstract: A network device bundles packet over synchronous optical network (POS) data stream and asynchronous transfer mode (ATM) data stream into a synchronous optical network (SONET) data stream. The POS data stream and the ATM data stream are virtual channels or tributaries of the SONET data stream. The SONET data stream may be transmitted over a single optical fiber.

Abstract: A plurality of network devices monitor network traffic and generate profiling data that describes packet flows within the network traffic. The network devices output communications that include the profiling data. An aggregation device receives the communications and builds a correlation database to aggregate the profiling data generated by the plurality of network devices. The profiling data may relate low-level network elements associated with the packet flows and application-layer elements extracted from application-layer communications reassembled from the packet flows.

Abstract: A network device comprises a service card (e.g., a lawful intercept (LI) service card) executing a communication protocol to receive, from one or more sources (e.g., law enforcement agents), intercept information specifying at least one destination and criteria for matching one or more packet flows. The network device further includes a network interface card to receive a packet from a network, and a control unit to provide the packet from the interface card to the LI service card. The LI service card executes a flow match detection module that, when the packet matches the criteria of the intercept information, forwards the packet to the destination specified by the intercept information. The network device may provide real-time intercept and relaying of specified network-based communications. Moreover, the techniques described herein allow LEAs to tap packet flows with little delay after specifying intercept information, e.g., within 50 milliseconds, even under high-volume networks.

Abstract: A system balances bandwidth used by a data stream. The system receives data in the data stream and partitions the data into bursts. The system then identifies whether a size of a current one of the bursts is less than a size of a maximum burst associated with the data stream and schedules an additional burst in the data stream when the current burst size is less than the maximum burst size. The system transmits the current burst and the additional burst to balance bandwidth used by the data stream.

Abstract: A chassis may include a front section that contains a first electronic circuit board oriented in a first plane, a rear section that contains a second electronic circuit board oriented in a second plane, where the first plane and the second plane are substantially orthogonal, a midplane dividing the front and the rear sections, and a fan tray assembly including a plurality of fans to cool both the first electronic circuit board of the front section and the second electronic circuit board of the rear section.

Abstract: Techniques are described that allow a network device, such as a router, to forward data packets received from a subscriber device to an Ethernet virtual local area network (VLAN) interface within the network device where the VLAN interface has been dynamically built based on a subscriber information string. For example, a primary VLAN sub-interface (PVS) and a subscriber VLAN sub-interface (SVS) may each be dynamically built over a statically built VLAN major interface. In particular, the network device comprises a forwarding controller, where the forwarding controller receives a data packet over an Ethernet port. The network device accesses upper-layer protocol information within the data packet to determine an SVS within the network device to which to forward the data packet based on the upper-layer protocol information.

Abstract: Principles of the invention are described for providing virtual private local area network service (VPLS) multicast instances across a public network by utilizing multicast trees. In particular, the VPLS multicast instances transport layer two (L2) multicast traffic, such as Ethernet packets, between customer networks via the public network. The principles described herein enable VPLS multicast instances to handle high bandwidth multicast traffic. The principles also reduce the state and the overhead of maintaining the state in the network by removing the need to perform snooping between routers within the network.

Abstract: A data processing unit includes a chassis configured to contain a line card. The chassis defines, at least in part, a portion of a first flow pathway and a portion of a second flow pathway. The chassis is configured such that a first portion of a gas can flow within the first flow pathway between an intake region and the first end portion of the line card such that the first portion of the gas flows across a first end portion of the line card in a first direction. The chassis is configured such that a second portion of the gas can flow within the second flow pathway between the intake region and a second end portion of the line card such that the second portion of the gas flows across the second end portion of the line card in a second direction opposite the first direction.

Abstract: State information is synchronized between a plurality of routing engines in a multi-chassis router according to a synchronization gradient. An example multi-chassis router is described that includes a primary routing engine and a standby routing engine in each chassis. According to the synchronization gradient, the primary routing engine of a control node updates state information on the standby routing engine of the control node prior to updating the primary routing engines of the other chassis. The primary routing engines of the other chassis update state information in respective standby routing engines prior to updating state information in consumers. If a primary routing engine fails, the corresponding standby routing engine assumes control of the primary routing engine's duties. Upon assuming control, a standby routing engine resumes updating state information without having to resend state information or interrupt packet forwarding.

Abstract: A method and apparatus for in-line processing a data packet while routing the packet through a router in a system transmitting data packets between a source and a destination over a network including the router. The method includes receiving the data packet and pre-processing layer header data for the data packet as the data packet is received and prior to transferring any portion of the data packet to packet memory. The data packet is thereafter stored in the packet memory. A routing through the router is determined including a next hop index describing the next connection in the network. The data packet is retrieved from the packet memory and a new layer header for the data packet is constructed from the next hop index while the data packet is being retrieved from memory. The new layer header is coupled to the data packet prior to transfer from the router.

Abstract: Forwarding liveness, such as the ability of an interface to send and receive packets and forwarding capabilities of the interface, is determined. The determined forwarding liveness may be sent in a single message, allowing forwarding liveness information to be sent more frequently which permits fast detection of failures. The message may also include aggregating liveness information for multiple protocols.

Abstract: A method for providing multiple media access control (MAC) addresses in a device of a master/slave system may include providing a first MAC address in a MAC address storage of the device. The method may also include providing a second MAC address in a multicast table entry of a multicast hash filter of the device.

Abstract: A method and device for in-line processing a data packet is provided. The data packet is received at a first buffer. The data packet is divided into a number of cells that are stored in a first queue. For each cell, a cell state code is stored that indicates an address of the corresponding cell in the first queue and an indication of a sequence order of the cell within the data packet.

Abstract: Techniques are described in which intermediate policy information is used to translate policy information between forwarding domains. For example, a network device comprises a control unit that associates intermediate policy information, such as intermediate CoS information, with a packet. The network device utilizes the intermediate CoS information to indirectly map first class of service (CoS) information that conforms with a first protocol to second CoS information that conforms to a second protocol. The network device may, for example, apply a first policy to map the first CoS information to the intermediate CoS information and a second policy to map the intermediate CoS information to the second CoS information.

Abstract: A network device connects between a client and a server. The network device is configured to store information regarding an application operating on the server; receive a first message, from the client, intended for the server; generate a second message in response to the first message; send the second message to the client; receive a third message from the client; generate, based on the information regarding the application on the server, a fourth message, that includes the information regarding the application operating on the server; send the fourth message to the client; receive a service request from the client in response to the fourth message; and establish, based on the service request, a connection between the client and the server.

Abstract: In general, techniques are described for flooding VPLS traffic with a network device according to flood groups. The network device resides within a layer 3 (L3) network and includes a control unit that executes a virtual private LAN service (VPLS) protocol that enables a VPLS domain to operate over the L3 network. The network device further includes a plurality of packet forwarding engines, each of which include a plurality of interface cards that receive a layer 2 (L2) message originating from the L2 network. The packet forwarding engines associate the L2 packet with a configurable flood group, wherein the flood group defines criteria to determine which messages to associate to the flood group and indicates a set of the interface cards for forwarding the associated messages. The packet forwarding engines further flood the L2 packet via each interface card indicated by the associated flood group.

Abstract: In one embodiment, a method includes receiving a key associated with a portion of a data packet, comparing the key to a first range extreme, selecting a second range extreme, and comparing the key with the second range. The first range extreme is associated with a first range and the second range is associated with a second range. The second range is selected based on the comparing the key to the first range extreme. The method includes producing a policy vector associated with the first or second range.