Abstract: A network device comprises a service card (e.g., a dynamic flow capture (DFC) service card) executing a communication protocol to receive, from one or more control sources, flow capture information specifying at least one destination and criteria for matching one or more packet flows. The network device includes a network interface card to receive a packet from a network, a packet replication module to replicate the packet, and a control unit to provide the replicated packet from the interface card to the DFC service card. The network device includes a filter cache that caches flow capture information recently received from the CSs. The network device may provide real-time intercept and relaying of specified network-based communications. Moreover, the techniques described herein allow CSs to tap packet flows with little delay after specifying flow capture information, e.g., within 50 milliseconds, even under high-volume networks.

Abstract: Packet processing is provided in a multiple processor system including a first processor to processing a packet and to create a tag associated with the packet. The tag includes information about the processing of the packet. A second processor receives the packet subsequent to the first processor and processes the packet using the tag information.

Abstract: A network layer device controls provision of data link layer functionality by a data link layer device to provide a requested multimedia service to a subscriber. For example, the network layer device may control the performance of multicast elaboration by the data link layer device, or the queuing and forwarding of packets by the data link layer device to facilitate transmission of packets according to a Quality of Service class. The network layer device may send control messages to the data link layer device to dynamically configure a control object stored by the data link layer device, such as multicast filter information or a Quality of Service profile. The network layer device may be a service edge router, and the data link layer device may be a customer premises equipment device, e.g., a modem or wireless access point, or a switch, e.g., a digital subscriber line access multiplier.

Abstract: A router comprises a route resolution module to maintain routing information in accordance with a topology of a network, and an indirect next hop manager to maintain indirect next hop data that associates protocol next hops with forwarding next hops. The route resolution module invokes an application programming interface (API) of the indirect next hop manager for associating and disassociating protocol next hops and forwarding next hops. In response to a network event, the route resolution module can modify the indirect next hop data to reduce the time and resources necessary to perform route resolution.

Abstract: A device comprises a programmable communication interface and a processor. The programmable communication interface communicates data via a set of signals. The processor configures the programmable communication interface to communicate the data in accordance with a programmed override state for at least one of the signals and actual states for the remaining signals. The programmable communication interface may be configured, for example, to programmably treat an overridden signal as asserted or de-asserted regardless of actual voltages present on one or more electrical connectors associated with the overridden signal. As a result, incorrectly wired electrical connectors of the programmable communication interface may be programmably overridden. Consequently, a technician need not manually rewire the programmable communication interface.

Abstract: In general, this disclosure describes techniques of storing data in and retrieving data from a cache of a computing device. More specifically, techniques are described for utilizing a “perfect hash” function to implement an associative cache within a computing device. That is, the associative cache implements a fully associative map between a predetermined set of addresses and data values, employing only a single tag fetch comparison.

Abstract: The invention is directed toward techniques for Multi-Protocol Label Switching (MPLS) upstream label assignment for the Resource Reservation Protocol with Traffic Engineering (RSVP-TE). The techniques include extensions to the RSVP-TE that enable distribution of upstream assigned labels in Path messages from an upstream router to two or more downstream routers of tunnel established over a network. The tunnel may comprise a RSVP-TE P2MP Label Switched Path (LSP) or an Internet Protocol (IP) multicast tunnel. The techniques also include extensions to the RSVP-TE that enable a router to advertise upstream label assignment capability to neighboring routers in the network. The MPLS upstream label assignment using RSVP-TE described herein enables a branch router to avoid traffic replication on a Local Area Network (LAN) for RSVP-TE P2MP LSPs.

Abstract: A network device integrates accounting functionality for generation of flow statistics with packet intercept functionality to provide a comprehensive traffic analysis environment. The device comprises a set of network interface cards to receive packets from a network, and a set of accounting service cards to calculate flow statistics for the packets. The device further comprises a control unit to receive the network packets from the interface cards and distribute the packets to the set of accounting service cards. The accounting service card comprises an interface for insertion within a slot of a network device. Accounting service cards may be added to easily scale the network device to support higher bandwidth communication links, such as OC-3, OC-12, OC048 and higher rate links. Additional accounting service cards may be used for purposes of redundancy to support continuous, uninterrupted packet processing and accounting in the event of a card failure.

Abstract: In one embodiment, a method includes receiving a portion of a hash key vector. The hash key vector can be defined based on a range value and based on at least a portion of an address value from a data packet queued within a multi-stage switch. The method also includes defining, based on the hash key vector, a hash value associated with a location in a hash table when the portion of the hash key vector matches a bit vector stored in a tag table.

Abstract: A method for sharing an aggregate bandwidth among a group of traffic classes may include allocating a portion of the aggregate bandwidth to one of the group of traffic classes having a first priority associated therewith, where the allocated portion is referred to as a first bandwidth. The method may include allocating an unused portion of the aggregate bandwidth to a second one of the group of traffic classes having a second priority associated therewith in conjunction with a parameter associated with a downstream device.

Abstract: A network router management interface offers two different presentation modes for viewing configuration and operational information encoded in extensible markup language output obtained from a network router. The network router management interface provides an application programming interface (API) that permits client applications to formulate configuration and operational requests according to an extensible markup language, such as XML. In response to the configuration and operational requests submitted by a client application, the router produces XML output. On a selective basis, the user may elect to view or archive the XML output in either a rendered or unrendered format. In this manner, clients such as network administrators, installation technicians and applications developers can view raw XML output on a selective basis for use in development and debugging.

Abstract: Techniques are described for performing non-revertive failover with network devices. A network device including a control unit and interface cards receives routing information protocol (RIP) updates each having a metric value. The control unit signals bidirectional forwarding detection (BFD) sessions based on the metric values of each of the RIP updates with, for example, a media gateway. The control unit also selectively installs a RIP route based on the metric values. The media gateway monitors the BFD sessions, and upon failure of an active BFD session, indicates the network device to perform non-revertive failover by sending a revised plurality of RIP updates. The network device performs non-revertive failover according to the revised plurality of RIP updates. Because of the flexibility of BFD, the network device need not revert back to a previous RIP route, therefore curtailing excessive failover.

Abstract: Techniques are described for synchronizing state information between a plurality of control units. A router, for example, is described that includes a primary control unit and a standby control unit. The primary control unit maintains router resources to ensure operation of the router. To ensure operation, the primary control unit receives state information from the router resources and maintains the state information for consumers, i.e. router resources that require or “consume” state information. Prior to updating the consumers with the state information, the primary control unit synchronizes the state information with the standby control unit. In the event the primary control unit fails, the standby control unit assumes control of the router resources. Upon assuming control, the standby control unit resumes updating the consumers with state information without having to “relearn” state information, e.g., by way of power cycling the router resources to a known state.

Abstract: A cross-bar switch includes a set of input ports for receiving data packets and a set of sink ports for transmitting the received packets to identified targets. A set of data rings couples the input ports to the sink ports. Each sink port utilizes the set of data rings to simultaneously accept multiple data packets targeted to the same destination—creating a non-blocking cross-bar switch. Sink ports are also each capable of supporting multiple targets—providing the cross-bar switch with implicit multicast capability.

Abstract: Methods and apparatuses for inspecting packets are provided. A primary security system may be configured for processing packets. The primary security system may be operable to maintain flow information for a group of devices to facilitate processing of the packets. A secondary security system may be designated for processing packets upon a failover event. Flow records may be shared from the primary security system with the secondary security system.

Abstract: A method may include receiving a data unit and identifying a state of a memory storing data units. The method may include selecting a threshold value having a first threshold unit or a second threshold unit based on the state of the memory. The method may include comparing the threshold value to a queue state using the first threshold unit if the memory is in a first state. The method may include comparing the threshold value to the queue state using the second threshold unit if the memory is in a second state.

Abstract: To satisfy a quality required for each traffic and perform switching for a packet segmented into cells without packet reassembly, there is provided a node apparatus including a header processing section (2) for determining an output destination of an incoming packet and a quality class from the header information of the packet, a route table (3), and a quality description table (4), and storing the packet in an output queue (6) determined by the determined output destination and quality class, an output control section (7) for reading out a packet from the output queue in accordance with the quality set for each output queue (6) and sending out the read packet through a VC determined by the determined output destination and quality class, and a quality description table (4) which has at least a virtual dedicated network number field, a destination address/mask length field, a source address/mask length field, a fourth-layer protocol/destination port number field, and a destination port number field and in whi

Abstract: A service provider system connects to systems associated with a group of business-partners. Each of the business-partners sells services, of an extensible set of services provided by the service provider system, to its customers. The service provider system provides a common interface via which the business-partner systems can request one or more services from the extensible set of services. The service provider system exposes subsets of the common interface to each of the business-partner systems by controlling access to the extensible set of services by the business-partner systems.

Abstract: A communication connection merge method and a node to be employed in the same can merge parameter of LSP, such as request bandwidth or the like, upon performing merging. The communication connection merge method performs merge process for consolidating a plurality of communication connection of a connection-oriented network at a node on the way of transfer route into a common communication connection by making judgment of possibility to have a common transfer route from a node to merge to an egress node upon merging new communication connection on setting for existing communication connection, modifying collateral parameter of the existing communication connection which is judged to merge the new communication connection for enabling accommodation of the new communication connection in the existing communication connection, and performing merge after modification of parameter of the existing communication connection.

Abstract: A system and method for intrusion detection and prevention processing are described. Spin state information associated with a signature may be prefetched by a network device having one or more buffers. The spin state information may be stored by the buffer. Context data may be searched using the spin state information stored by the buffer.