Abstract: Apparatus are provided for managing hierarchically organized subscriber profiles. According to one embodiment, a router includes multiple virtual interfaces and a policy engine. The virtual interfaces define connections between the router and corresponding subscribers of a service provider. A first virtual interface is operable to receive packets from a first subscriber and to process the packets in accordance with a first-level profile identifier. The policy engine is coupled with the virtual interfaces and operable to de-reference subscriber profiles of the subscribers on behalf of the virtual interfaces based on a database of hierarchically organized profile identifiers.

Abstract: An asynchronous speech data communication system, which is capable of making a hands-free phone conversation at a high speed without causing annoyance in a vehicle, and a communication method therefor are provided. A vehicle-mounted hands-free system includes a speech communication terminal having a speech data communication function, an access point for enabling communication using an asynchronous wireless LAN with other electronic devices, such as a PDA and a mobile audio, including the speech communication terminal, and a communication control section for limiting the packet size of data to be communicated of the other electronic devices when there is communication of speech data by the speech communication terminal.

Abstract: An exemplary method for mapping a network address translator on a packet based network that is between a client and a server comprises the steps of the client communicating a first message including a first client address to the server, the server extracting the first client address, and the server communicating a confirmation to the client including identifying data useful to identify the client to the server. Additional steps comprise the client communicating a mapper message to the server including the identifying data, the mapper message having external client address data when the server receives it, and the server extracting said identifying data and using it to identify the client. An additional step of comparing the external client address data to the first client address and using said comparison to map the one or more security devices is provided.

Abstract: A method and apparatus includes identifying an address portion of a first message in an address slice of a switch, the first message associated with a first priority, the address portion of the first message including a first routing portion specifying a network resource; identifying an address portion of a second message in the address slice, the second message associated with a second priority, the address portion of the second message including a second routing portion specifying the same network resource; identifying a non-address portion of the first message in a non-address slice of the switch; identifying a non-address portion of the second message in the non-address slice, wherein neither of the non-address portions includes a routing portion specifying the network resource; selecting, independently in each slice, the same one of the first and second messages based on the first and second priorities; transferring the address portion of the selected message to the network resource specified by the rout

Abstract: Methods and apparatus for managing subscriber profiles are described herein. In one embodiment, the method includes receiving, from a requester, a request to determine an operation to be performed on a data packet. The method also includes determining profile identifiers associated with the requester, wherein the profile identifiers include, a first-level profile identifier associated with a lower-level profile identifier that defines the operation. The method also includes determining, based on the profile identifiers, that the operation should be performed on the data packet and transmitting an indication of the operation to the requestor, wherein the requestor performs the operation on the data packet.

Abstract: A method and system for an aggregated virtual local area network (VLAN) architecture in which several VLANs in a network share the same default router address and subnet mask, but remain isolated from one another's network traffic. Instead of the traditional method of assigning one subnet to a VLAN, each VLAN is assigned only a portion of a subnet's IP address space, and is further grouped into a super-VLAN uniquely associated with that subnet. Intra-VLAN traffic is forwarded only to host IP addresses assigned to that same VLAN according to a VLAN identifier carried in the data packet. Inter-VLAN traffic is processed by a virtual router interface which routes the data packet by applying the routing configuration for the subnet uniquely associated with the super-VLAN, according to a super-VLAN identifier carried in the data packet.

Abstract: The invention is directed toward techniques for Multi-Protocol Label Switching (MPLS) upstream label assignment for the Resource Reservation Protocol with Traffic Engineering (RSVP-TE). The techniques include extensions to the RSVP-TE that enable distribution of upstream assigned labels in Path messages from an upstream router to two or more downstream routers of tunnel established over a network. The tunnel may comprise a RSVP-TE P2MP Label Switched Path (LSP) or an Internet Protocol (IP) multicast tunnel. The techniques also include extensions to the RSVP-TE that enable a router to advertise upstream label assignment capability to neighboring routers in the network. The MPLS upstream label assignment using RSVP-TE described herein enables a branch router to avoid traffic replication on a Local Area Network (LAN) for RSVP-TE P2MP LSPs.

Abstract: A method for data communication across a layer 2 bridged network having two or more edge nodes configured for receiving and transmitting multiprotocol data packets. The method includes creating a pseudowire circuit across the bridged network, receiving data packets at one of the edge nodes, encapsulating data packets into pseudowire frames, encapsulating the pseudowire frames inside MAC frames, and transmitting the encapsulated frames over the carrier bridged network.

Abstract: A method for expanding a service VLAN space of a provider network is provided. A bit number occupied by a taq protocol identifier (TPID) in a TPID field is reduced to leave a plurality of spare bits. The spare bits of the TPID field is then used to represent a first portion of a service VLAN identifier. A VLAN identifier field of a tag control information (TCI) field is used to represent a second portion of the service VLAN identifier. The first and second portions are then combined to obtain the service VLAN identifier of the packets completely.

Abstract: A system and method supporting efficient, scalable stateful switchover of transport layer connections in a telecommunications network element. One method involves receiving, at a network element comprising an active transport protocol process coupled to a standby protocol process, a request to configure a first transport layer connection maintained at the active transport protocol process for stateful switchover; receiving an event associated with the first transport layer connection; creating a message containing replicated event information based on the received event; sending the message to the standby transport protocol process; and processing the message at the standby transport protocol process, wherein the standby transport protocol process replicates state information for the first connection.

Abstract: Techniques are described for configuration of a multi-chassis router for managing periodic communications between the multi-chassis router and other network devices. The multi-chassis router selectively processes data received from a network by determine whether the data: (1) indicates an operational state of a network device in association with a routing protocol, or (2) conveys routing information for the routing protocol. Data conveying routing information are processed by a master routing component of the multi-chassis router, while data indicating an operational state of a network device are processed by one or more slave routing components of the multi-chassis router.

Abstract: An approach is provided for implementing IPsec in PEP environments. The approach generally involves preserving TCP header data contained in packets prior to IPsec encryption and making the TCP header data available to PEP applications. For example, TCP header data is identified in a packet that conforms to the TCP and a copy of the TCP header data is generated. Encrypted packet data is generated by encrypting at least a portion of the packet using IPsec. For example, the TCP header data and payload may be encrypted to generate the encrypted packet data. A modified copy of the TCP header data is generated by modifying length data contained in the copy of the TCP header data to reflect a length of at least the encrypted packet data. A new packet is generated that includes the modified copy of the TCP header data and the encrypted packet data.

Abstract: A modular Cable Modem Termination System (CMTS) includes a packet shelf operating a Data Over Cable Service Interface Specifications (DOCSIS) Media Access Control (MAC) framer. One or more downstream Physical Interface (PHY) shelves receive DOCSIS data from the packet shelf over a packet switched network and modulate the DOCSIS data for sending on a downstream path of a cable plant. One or more upstream PHY shelves send DOCSIS data received from an upstream path of the cable plant over the packet switched network to the packet shelf. By separating the PHY components from the MAC and from the system software, the PHY components for a Hybrid Fiber Coax (HFC) plant may be replaced with different PHY components for other access technologies such as wireless, Digital Subscriber Lines (DSL), Ethernet-to-the-Home, Fiber-to-the-Home, or fiber Passive Optical Networks (PONs).

Abstract: Synchronizing audio and video streams in packet-based networks requires synchronization of packet timestamps. The present invention provides such synchronization without resort to a network time standard. In one embodiment of the present invention, pairs of timestamp synchronized signals, such as audio and video signals, not having a common timestamp clock are mixed. One of the signals, for example, the audio signals, is mixed first while preserving the original audio timestamps. The preserved timestamp information is then used to synchronize the timestamps of the unmixed signals, in this example the video signals, to provide synchronization of all signals. In another embodiment, the present invention uses packets containing calibration of timestamps to reduce jitter. The present invention also includes specifications for a packet for transmitting timestamp information.

Abstract: A method of improving convergence in networks that use path vector protocols. In one embodiment using Border Gateway Protocol (BGP) for inter-domain route and reachability communication, nodes that need to remove routes using EBGP NLRI announcements send BGP WITHDRAW messages containing a new route originator attribute that identifies an originator of a specified withdrawn route. A receiving node removes the specified route from its routing information base (RIB), and matches the originator to other paths in the RIB. Matching paths are marked as ineligible for consideration in a best path computation, thereby preventing the use of routes that are unreachable but not yet withdrawn by an originating node. The approach causes faster BGP convergence, reduces unnecessary route flapping, and alleviates unnecessary route dampening.

Abstract: An IPv4 host is able to maintain connectivity within an access network while moving among access points of the access network, based on receiving a unique assigned IPv4 address from a clusterhead of the access network. Any DHCP request by the IPv4 host is sent via the connecting access point to the clusterhead. The clusterhead, providing connectivity for hosts in the access network to a wide area network based on respective entries, assigns the IPv4 address to the IPv4 host, based on storing an entry including the IPv4 address and an IP-based identifier of the connecting access point, and sends a DHCP response to the IPv4 host via the connecting access point. A second DHCP request from the IPv4 host to a second access point causes the clusterhead to update the entry with the second access point identifier, enabling the IPv4 host to continue use of the assigned IPv4 address.

Abstract: A shaping apparatus comprising a plurality of buffer memories allocated for different flows, bandwidth control units associated with the buffer memories, and a read control unit, wherein each of the bandwidth control units issues a first frame output request based on a maximum allowed bandwidth and a second frame output request based on a minimum guaranteed bandwidth, and the read control unit selects a bandwidth control unit to be permitted for frame output execution out of bandwidth control units that are issuing the first or second frame output request, giving priority to the second frame output request.

Abstract: A method for automatically sensing a transmission method in a network, includes transmitting at least one packets to a first host via a first transmission method, transmitting at least one packets to the first host via a second transmission method, and configuring for communication with the first host in accordance with the second transmission method, provided a response to a packet transmitted in accordance with a second transmission method is received.

Abstract: A method and system for providing delay bound and prioritized packet dropping are disclosed. The system limits the size of a queue configured to deliver packets in FIFO order by a threshold based on a specified delay bound. Received packets are queued if the threshold is not exceeded. If the threshold is exceeded, a packet having a precedence level less than that of the precedence level of the received packet is dropped. If all packets in the queue have a precedence level greater than that of the packet received, then the received packet is dropped if the threshold is exceeded.

Abstract: A method for evaluating number of additional admissible calls for use in call admission control includes tracking a percentage of channel busy time and transmission time of downlink and uplink voice packets, receiving a call admission request, and calculating the number of admissible calls. The number of admissible calls is calculated based on a channel bandwidth requirement determined from the percentage of channel busy time and a voice packet queuing requirement determined from the transmission time of downlink and uplink voice packets. The call admission request is approved if the number of admissible calls is greater than one and rejected if the number of admissible calls is less than one.