Abstract: A gateway for screening packets transferred over a network. The gateway includes a plurality of network interfaces, a memory and a memory controller. Each network interface receives and forwards messages from a network through the gateway. The memory temporarily stores packets received from a network. The memory controller couples each of the network interfaces and is configured to coordinate the transfer of received packets to and from the memory using a memory bus. The gateway includes a firewall engine coupled to the memory bus. The firewall engine is operable to retrieve packets from the memory and screen each packet prior to forwarding a given packet through the gateway and out an appropriate network interface. A local bus is coupled between the firewall engine and the memory providing a second path for retrieving packets from memory when the memory bus is busy.

Abstract: When a node has to restart its control component, or a (e.g., label-switched path signaling) part of its control component, if that node can preserve its forwarding information across the restart, the effects of such restarts on label switched path(s) the include the restarting node are minimized. A node's ability to preserve forwarding information across a control component (part) restart is advertised. In the event of a restart, stale forwarding information can be used for an limited time before. The restarting node can use its forwarding information, as well as received label-path advertisements, to determine which of its labels should be associated with the path, for advertisement to its peers.

Abstract: A system provides congestion control and includes multiple queues that temporarily store data and a drop engine. The system associates a value with each of the queues, where each of the values relates to an amount of memory associated with the queue. The drop engine compares the value associated with a particular one of the queues to one or more programmable thresholds and selectively performs explicit congestion notification or packet dropping on data in the particular queue based on a result of the comparison.

Abstract: A controller may include a measurement circuit configured to generate a proxy signal representing delay variations in the controller. The measurement circuit may also generate a measurement value from the proxy signal. A control circuit may be configured to convert the measurement value into a control value. A delay circuit may be adjusted by the control value to alter an amount of delay of a signal.

Abstract: Techniques are described for dynamically constructing a label switching protocol interface in a network device. For example, the techniques allow dynamic construction of a Multi-Protocol Label Switching (MPLS) interface. According to some embodiments, upon receiving a network communication from a subscriber, a network device determines whether the subscriber requires support for the label switching protocol. If the subscriber requires such support, the network device creates an interface stack for the subscriber that includes an interface for the label switching protocol. In this way, the network device may route packets from the subscriber across a network of computing devices that use the label switching protocol, and forward packets from such a network to the subscriber. The subscriber and the network device need not communicate according to the label switching protocol and, in example embodiments, instead communicate according to a layer 2 communication protocol.

Abstract: A system and method for managing connections between a server and a plurality of clients at a network connection management device is provided. The method comprises maintaining at least one connection to the server, receiving requests from the clients, transmitting the requests to the server, receiving responses to the requests from the server, and monitoring a server response time for a selected request sent to the server, the server response time for the selected request being the time elapsed between transmitting the selected request to the server and receiving a corresponding response from the server. A method according to the present invention may also include basing the number of connections to the server on the server response time.

Abstract: A method for processing high priority packets and low priority packets in a network device includes performing arbitration on high priority packets until no high priority packets remain. Arbitration then is enabled on low priority packets. A packet size associated with the selected low priority packet is compared with a programmable threshold. Low priority packets are excluded from subsequent arbitration for a programmable duration when the packet size exceeds the programmable threshold.

Abstract: A system includes a group of devices and a shared memory that is partitioned into blocks that are capable of being allocated to the group of devices using linked lists. The system also includes check logic configured to store a group of bits, where each bit corresponds to one of the blocks, and counter logic configured to count for a predetermined period of time. The system further includes logic configured to clear the group of bits stored in the check logic, cause the counter logic to count for the predetermined period of time, monitor a de-allocation of the blocks in the shared memory, set, for each of the blocks that is de-allocated during the predetermined period of time, the corresponding bit in the check logic, identify, after the predetermined period of time, one or more bits that have not been set, and mark the blocks corresponding to the one or more bits as available for allocation.

Abstract: Techniques are described that increase the reliability and quality of data transmissions of computer networks. The techniques provide for the generation of at least two duplicate data flows for carrying data in a computer network. The duplicate data flows are transmitted to a receiving device along paths within one or more intermediate networks. In addition, network devices, such as routers or switches within the network, for example, may cooperate to select paths for the data flows that have reduced or minimal common network elements. The network devices may share “fate-sharing” information that relates groups of network elements according to common characteristics, attributes or shared resources, e.g., a shared power supply, close proximity, common physical interface, for the purposes of facilitating selection of independent paths.

Abstract: A switching device in a network system for transferring data includes one or more source line cards, one or more destination line cards and a switching fabric coupled to the source line cards and the destination line cards to enable data communication between any source line card and destination line card. Each source line card includes a request generator to generate a request signal to be transmitted in order to obtain an authorization to transmit data. Each destination line card includes a grant generator to generate and send back a grant signal to the source line card in response to the request signal received at the destination line card to authorize the source line card to transmit a data cell to the destination line card.

Abstract: An ATM switching system 1 is provided with an ATM switch 11, a reserved connection memory 12 for storing reserved connection information, a call history memory 13 for maintaining call histories of requests for connection from subscriber's terminal units 21 to 2n, and a call-signal processing section 15. The call-signal processing section 15 generates a request for connection with respect to a trunk ATM switching network 3 by the use of the call histories in the call history memory 13 in the case where no call was issued from the subscriber's terminal units, and stores response results thereof in the reserved connection memory 16. Thereafter, when there was a call from the subscriber's terminal units 2?1 to 2?n, and contents of the request for connection thereof are the same as the reserved connection information, which has been stored in the reserved connection memory 16, processing for connection is executed by the use of the reserved connection information.

Abstract: A method of setting a path in a network using an Internet protocol to facilitate voice communications between two devices includes determining whether a first path having an adequate bandwidth for transferring a voice over Intent protocol (VoIP) packet between two label switch routers exists. The method also includes setting a new path having a bandwidth that is at least two times the necessary bandwidth for transferring a VoIP packet, when it is determined that the first path does not exist.

Abstract: A computer implemented method and system for transferring data packets includes intercepting a stream of data packets at the connectionless network layer from a client or server, encoding and encapsulating the data packets, transmitting the encoded data packets, decoding and decapsulating the data packets, and injecting the decoded and decapsulated data packets into the connectionless network layer at a client or server. The encoding of the packets is based on detecting repetitions that could exist anywhere in the data stream. The repetitions are not necessarily within a single packet but could occur across multiple packets and multiple sessions. One of the encoding algorithms includes comparing the payloads of packets with identical signatures and transmitting the full packet only when the payload had not previously been sent.

Abstract: Testing the liveliness of a data plane of a label switched path (LSP) using a two stage approach. The first stage may use a general echo request operation that may be implemented using hardware. Therefore, the first stage does not heavily burden the control plane of the LSR. If a suspect LSP passes the first stage of the diagnostic operation, nothing more needs to be done. If, however, the suspect LSP fails the first stage, the diagnostic operation proceeds to a second stage. The second stage of the diagnostic operation sends probing massages through the suspect LSP, but uses the control plane to deliver the acknowledging messages. If the suspect LSP fails the second stage of the diagnostic operation, the ingress LSR can infer that the LSP is down, and begin recovery actions. The probing messages may include padding so that MTU limits can be tested.

Abstract: A multi-chassis network device includes a plurality of nodes that operate as a single device within the network and a switch fabric that forwards data plane packets between the plurality of nodes. The switch fabric includes a set of multiplexed optical interconnects coupling the nodes. For example, a multi-chassis router includes a plurality of routing nodes that operate as a single router within a network and a switch fabric that forwards packets between the plurality of routing nodes. The switch fabric includes at least one multiplexed optical interconnect coupling the routing nodes. The nodes of the multi-chassis router may direct portions of the optical signal over the multiplexed optical interconnect to different each other using wave-division multiplexing.

Abstract: Upon receipt of a synchronization request from the CPU, the AAL1 device of the act system causes its cell forming section to extract the allocation position information for the SAR-PDU payload about a particular time slot in the current frame and, via the synchronization information send/receive section, transfers the information to the AAL1 device of the standby system. The AAL1 device of the standby system causes its operation processing section to calculate the allocation position of a particular time slot in the next frame for the SAR-PDU payload based on the above allocation position information. The AAL1 device of the standby system starts allocation of the data of and following a particular time slot of the next frame to the SAR-PDU payload starting from the position indicated by the calculation result.

Abstract: In general, the invention provides for the relaying of ATM cells through an IP network. In one embodiment, an apparatus, such as a routing device, comprises a first interface card for coupling to an asynchronous transfer mode (ATM) network, and a second interface card for coupling to an Internet Protocol (IP) network. The apparatus further comprises a control unit to assign labels to inbound cells from the ATM network to form outbound Multiprotocol Label Switching (MPLS) packets for forwarding to the IP network, and to remove labels from inbound MPLS packets from the IP network to form outbound cells for forwarding to the ATM network. The apparatus can encapsulate the ATM cells within MPLS packets, and route the MPLS packets through the IP network without regard to the content of the ATM cells. In this manner, the routers may relay ATM cells of any type, including data and control cells.

Abstract: An apparatus for remotely releasing a connector, e.g., an RJ-45 connector, is described. Embodiments of the invention allow a user to release a cable comprising a connector from a connector jack when the connector jack is difficult to reach. The invention may be particularly useful to release cables from devices comprising an array of connector jacks.

Abstract: Computer program products and methods of inspecting a log of security records in a computer network are provided. The method includes retrieving a log record, processing the log record including deriving a key to a table, determining a data value from information in the log record and adding the data value to a list of data values associated with the key if the data value is unique. One or more entries of the table are evaluated based on predetermined criteria to detect attempted security breaches.

Abstract: A label switching router (LSR) is described that spoof checks Multi-protocol Label Switching (MPLS) packets to prevent malicious or inadvertent injection of MPLS packets within a label switched path (LSP). The LSR ensures that MPLS packets received from an upstream label switching router (LSR) contain labels that were advertised to that upstream LSR. A software module associated with a signaling protocol, such as the Resource Reservation Protocol (RSVP), the Label Distribution Protocol (LDP), or the Border Gateway Protocol (BGP), is extended to utilize an MPLS forwarding table, and MPLS interface table, and a remote autonomous system table. A set of interfaces for which the label was advertised may be checked to determine whether an interface on which a packet was received is contained in the set of interfaces. The MPLS forwarding table may contain a spoof-check field used to specify one of several different types of spoof checks and to specify the set of interfaces.