Abstract: Described are systems, methods, and computer-program product embodiments for providing Session Initiation Protocol (SIP) network security. In some embodiments, a SIP processing system includes a SIP device configured to receive a packet stream from a first SIP user agent and facilitate a SIP communication session between the first SIP user agent and a second SIP user agent. The SIP device receives the SIP messages in the SIP communication session and opens one or more socket connections with one or more security systems. The SIP device transmits metadata of the SIP messages to the one or more security systems configured to detect threats. Based on a threat status generated by and received from the one or more security systems, the SIP device controls the SIP communication session.

Abstract: Described are systems, methods, and computer-program product embodiments for providing Session Initiation Protocol (SIP) network security. In some embodiments, a SIP processing system includes a SIP device configured to receive a packet stream from a first SIP user agent and facilitate a SIP communication session between the first SIP user agent and a second SIP user agent. The SIP device receives the SIP messages in the SIP communication session and opens one or more socket connections with one or more security systems. The SIP device transmits metadata of the SIP messages to the one or more security systems configured to detect threats. Based on a threat status generated by and received from the one or more security systems, the SIP device controls the SIP communication session.

Abstract: Described are systems, methods, and computer-program product embodiments for providing Session Initiation Protocol (SIP) network security. In some embodiments, a SIP processing system includes a SIP device configured to receive a packet stream from a first SIP user agent and facilitate a SIP communication session between the first SIP user agent and a second SIP user agent. The SIP device receives the SIP messages in the SIP communication session and opens one or more socket connections with one or more security systems. The SIP device transmits metadata of the SIP messages to the one or more security systems configured to detect threats. Based on a threat status generated by and received from the one or more security systems, the SIP device controls the SIP communication session.

Abstract: Described are systems, methods, and computer-program product embodiments for providing Session Initiation Protocol (SIP) network security. In some embodiments, a SIP processing system includes a SIP device configured to receive a packet stream from a first SIP user agent and facilitate a SIP communication session between the first SIP user agent and a second SIP user agent. The SIP device receives the SIP messages in the SIP communication session and opens one or more socket connections with one or more security systems. The SIP device transmits metadata of the SIP messages to the one or more security systems configured to detect threats. Based on a threat status generated by and received from the one or more security systems, the SIP device controls the SIP communication session.

Abstract: Described are systems, methods, and computer-program product embodiments for providing Session Initiation Protocol (SIP) network security. In some embodiments, a SIP processing system includes a SIP device configured to establish and control a SIP communication session between SIP user agents. In some embodiments, the SIP processing system includes a SIP device that establishes a recording session with a first server to receive SIP messages relayed in the SIP communication session. The first server decodes the SIP messages based on metadata in the SIP messages to extract multimedia content. Then, the first server opens a socket connection to establish a security session with a security system configured to determine whether the portion is associated with a detected threat and transmits a portion of the decoded multimedia to the security system. Based on a threat status generated by and received from the security system, the first server controls the SIP communication session.

Abstract: Described are systems, methods, and computer-program product embodiments for providing Session Initiation Protocol (SIP) network security. In some embodiments, a SIP processing system includes a SIP device configured to establish and control a SIP communication session between SIP user agents. In some embodiments, the SIP processing system includes a SIP device that establishes a recording session with a first server to receive SIP messages relayed in the SIP communication session. The first server decodes the SIP messages based on metadata in the SIP messages to extract multimedia content. Then, the first server opens a socket connection to establish a security session with a security system configured to determine whether the portion is associated with a detected threat and transmits a portion of the decoded multimedia to the security system. Based on a threat status generated by and received from the security system, the first server controls the SIP communication session.

Abstract: A computer apparatus comprising a processor and a forwarding engine arranged to forward LDP multicast traffic along a multicast tree having a primary and a backup path in a converged network topology, the processor being configured to cause the forwarding engine to forward traffic via the backup path upon a topology change and send a changed topology label and path vector to at least one neighbor node in the changed topology.

Abstract: A method, apparatus and computer program product for minimizing or preventing duplicate traffic during point to multipoint tree switching in a network. In its operation, embodiments disclosed herein utilize control plane trigger mechanisms to handle the receipt of duplicate traffic by network entities after the occurrence of a network failure event. Generally, the control plane trigger mechanism prevents a network entity from processing multicast traffic from both old and new upstream data paths resulting from typical network convergence procedures. The methods and apparatus describe herein apply to standard rerouting procedures as well as fast rerouting procedures for multicast traffic in a network.

Abstract: A method of distributing labels in a label distribution protocol multicast network having a root node and at least one leaf node comprises the steps, performed at a receiving node, of receiving a label and path vector from a distributing node, carrying out loop or convergence detection from the received path vector and, if convergence or no loop is detected, sending a receiving node label and path vector to its nexthop node in the network.

Abstract: A method and apparatus method for providing fast rerouting in a network is presented. The method and apparatus assign a first local label for a prefix, and assign a second local label for the prefix. The first local label is advertised to an upstream peer and the second local label is advertised to a downstream peer. A forwarding entry from the first local label for a prefix is switched to the second local label for the prefix when a failure of a link or next hop is detected.

Abstract: A method, apparatus and computer program product for minimizing or preventing duplicate traffic during point to multipoint tree switching in a network. In its operation, embodiments disclosed herein utilize control plane trigger mechanisms to handle the receipt of duplicate traffic by network entities after the occurrence of a network failure event. Generally, the control plane trigger mechanism prevents a network entity from processing multicast traffic from both old and new upstream data paths resulting from typical network convergence procedures. The methods and apparatus describe herein apply to standard rerouting procedures as well as fast rerouting procedures for multicast traffic in a network.

Abstract: The invention provides unique architectures and techniques for routing redundancy in a data switch configured to use label switching. Multiple label switch controllers (LSCs) each operate concurrently but independently of each other to provide routes through a data switching mechanism. Preferred embodiments provide a plurality of LSCs offering MPLS capabilities coupled to a single switch, such as an ATM switch. The similarly configured LSCs each can concurrently support a route for data (e.g., labeled ATM cells) within the data switching mechanism in parallel, thereby providing the ability to support redundant and multiple parallel data networks. The configuration is called a label switch router (LSR). A fully-meshed embodiment allows selected routes to share bandwidth on ports, while a fully parallel embodiment provides separate ports for selected routes.