Abstract: A method for load balancing selects one of a set of distribution formulas to associate packets of each of multiple communications sessions traversing a link to one of a plurality of output links and assigns the associated packets of at least one of the communications sessions to a different output link.

Abstract: A system and method for extending the implementation of one or more Intrusion Prevention Systems (IPSs) such that each user can be placed in the IPS traffic path to create secure containment areas at a granular level, port types and port counts are increased, and higher network connection speeds are supported. In different embodiments of the invention, traffic load is balanced across two or more IPSs, enabling enhanced availability during system failures, replacements or updates. IPS performance is improved by enhancing traffic management of “trusted” (e.g., pass-through) and “known bad” (e.g., discarded) traffic flows and decreasing configuration task workloads. Other embodiments of the invention include, but are not limited to, extending the implementation of proxy devices, virtual private networks (VPNs), session border controllers (SBCs), firewalls, protocol gateways and other bump-in-the-wire systems.

Abstract: A network node includes a classify engine interfaced with the Internet. The classify engine accepts packets from the Internet and determines classification information for each packet. A process engine is interfaced with the classify engine, and has ports, each port being associated with a function. A controller is interfaced with the classify engine and the process engine. The controller programs the classify engine with a dataflow program to route each packet to a predetermined port of the process engine based on the classification information of the packet.

Abstract: A system and method provides a broadband network node for a best effort network such as the Internet or intranets which supports the inexpensive and rapid deployment of services to the best efforts network. Separate data path and control path mechanisms allow high-speed data transfers with parallel processing flows for the data path that are controlled across data flows by the control path. Packets are classified, modified and shaped to enable the service on the network with an accountant to track packet traffic for control and billing purposes. A series of processing blades perform a modification function for each blade that processes packets according to classifications. The processing blades are modular and scalable for insertion in the broad band switch to rapidly adapt the broadband network node for new services.

Abstract: Distribution of network processing load among a set of packet processing devices is improved by employing means for eliminating, controlling, or otherwise affecting redundant packet processing operations. In one embodiment, at least two packet processing devices are present, both capable of processing data packets flowing therethrough, such as, inspecting, detecting, and filtering data packets pursuant to one or more filters from a filter set. Redundancy is controlled by providing or enabling either or both of the packet processing devices with capability for detecting during its said inspection of said data packets that, for example, one or more filters had been previously executed on said data packets by the other packet processing device, and then not executing the previously-executed filters on said data packets.

Abstract: A system and method provides a broadband network node for a best effort network such as the Internet or intranets which supports the inexpensive and rapid deployment of services to the best efforts network. Separate data path and control path mechanisms allow high-speed data transfers with parallel processing flows for the data path that are controlled across data flows by the control path. Packets are classified, modified and shaped to enable the service on the network with an accountant to track packet traffic for control and billing purposes. A series of processing blades perform a modification function for each blade that processes packets according to classifications. The processing blades are modular and scalable for insertion in the broadband switch to rapidly adapt the broadband network node for new services.

Abstract: A system and method provides a broadband network node for a best effort network such as the Internet or intranets which supports the inexpensive and rapid deployment of services to the best efforts network. Separate data path and control path mechanisms allow high-speed data transfers with parallel processing flows for the data path that are controlled across data flows by the control path. Packets are classified, modified and shaped to enable the service on the network with an accountant to track packet traffic for control and billing purposes. A series of processing blades perform a modification function for each blade that processes packets according to classifications. The processing blades are modular and scalable for insertion in the broad band switch to rapidly adapt the broadband network node for new services.

Abstract: A method for load balancing selects one of a set of distribution formulas to associate packets of each of multiple communications sessions traversing a link to one of a plurality of output links and assigns the associated packets of at least one of the communications sessions to a different output link.

Abstract: A method and system for introducing controlled delay of packet processing at a network entity using multiple delay loop paths (DLPs). For each packet received at the network entity, a determination will be made as to whether or not processing should be delayed. If delay is necessary, one of a plurality of DLPs will be selected according to a desired delay for the packet and a path delay determined for each DLP. Upon completion of a DLP delay, a packet will be returned for processing, an additional delay, or some other action. Multiple DLPs may be enabled with packet queues, and may be used advantageously by security devices, such as Intrusion Prevention Systems (and other packet processing platforms) for which in-order processing of packets may be desired or required.

Abstract: A system and method for extending the implementation of one or more Intrusion Prevention Systems (IPSs) such that each user can be placed in the IPS traffic path to create secure containment areas at a granular level, port types and port counts are increased, and higher network connection speeds are supported. In different embodiments of the invention, traffic load is balanced across two or more IPSs, enabling enhanced availability during system failures, replacements or updates. IPS performance is improved by enhancing traffic management of “trusted” (e.g., pass-through) and “known bad” (e.g., discarded) traffic flows and decreasing configuration task workloads. Other embodiments of the invention include, but are not limited to, extending the implementation of proxy devices, virtual private networks (VPNs), session border controllers (SBCs), firewalls, protocol gateways and other bump-in-the-wire systems.

Abstract: An electronic communication network includes a connectivity plane and a control plane. The control plane includes at least one control node for inspecting packets received by the control plane. The control plane is configured to perform network traffic control functions on the packets received by the at least one control node before transmitting the packets to any other node in the network. The network traffic control functions include one or more of access control, attack control, and application control.

Abstract: A system and method classifies packets with a programmably fixed network processor program and dynamically updated data structures. The network processor program selects predetermined packet field values of the packets transmitted across the network and classifies the packets by matching one or more packet field values with a data structure. New packet classifications are dynamically created by updating the data structure to associate one or more predetermined packet field values with the new packet classification. For instance, a parse tree program extracts packet header information and matches the packet header information to the data structure. A pattern tree data structure provides longest prefix matches and an ordered tree data structure provides combination matches so that classification of arbitrary Boolean combinations of extracted header fields can be formed.

Abstract: A variety of methods and systems related to automated quantitative analyses via digital spectroscopy techniques can be used to determine the quantity of one or more analytes in a sample. A parameter file can be used to control automated analysis. Suspect conditions related to parameters can be identified and-appropriate advisories provided. Suspect conditions related to analysis can be identified and appropriate warnings provided. Various algorithmic techniques are supported and can be selected by a user by modifying parameters via a parameter-editing user interface presented by software.

Abstract: Packets are classified by content across a packet flow by sequencing packets according to packet flows through a content engine. A sequencer tracks packet flows, sending and buffering out-of-order packets to have missing packets resent. A regular expression engine determines matches of regular expressions and subexpressions with regular expressions encoded as non-deterministic finite automata with field programmable gate arrays and subexpression matches computed with a hash and determined by a hash look-up table. A tag module establishes a classification tag for a packet based on the packet's content by matching the tag with the regular expression and subexpressions of the packet.

Abstract: A system and method provides a broadband network node for a best effort network such as the Internet or intranets which supports the inexpensive and rapid deployment of services to the best efforts network. Separate data path and control path mechanisms allow high-speed data transfers with parallel processing flows for the data path that are controlled across data flows by the control path. Packets are classified, modified and shaped to enable the service on the network with an accountant to track packet traffic for control and billing purposes. A series of processing blades perform a modification function for each blade that processes packets according to classifications. The processing blades are modular and scalable for insertion in the broad band switch to rapidly adapt the broadband network node for new services.

Abstract: Disclosed herein are methods for identifying and developing safe and effective nutritional supplement formulations; associated regimens for administering such formulations; and methods for distributing such formulations. The nutritional supplement formulations and associated regimens are adapted to prevent and/or treat specific medical or health conditions. Also disclosed herein are methods for prescribing and supplying nutritional supplement formulations to patients according to appropriate regimens. Particular embodiments of the invention relate to safe and effective nutritional supplement formulations and associated regimens for the prevention and/or treatment of cardiovascular disease (“CVD”). Various embodiments of the invention provide advantages over the prior art in areas such as patient safety, medical effectiveness, physician supervision, patient compliance, and consumer costs.

Abstract: A partial evaluator, or pre-compiler, for a computer program enables a user to provide, at suitable places within a program, language constructs which cause certain expressions within the program to be evaluated at runtime or at partial evaluation time. These language constructs can be used to shorten runtime, such as by avoiding unnecessary duplication of code at runtime.

Abstract: A system and method classifies packets with a programmably fixed network processor program and dynamically updated data structures. The network processor program selects predetermined packet field values of the packets transmitted across the network and classifies the packets by matching one or more packet field values with a data structure. New packet classifications are dynamically created by updating the data structure to associate one or more predetermined packet field values with the new packet classification. For instance, a parse tree program extracts packet header information and matches the packet header information to the data structure. A pattern tree data structure provides longest prefix matches and an ordered tree data structure provides combination matches so that classification of arbitrary Boolean combinations of extracted header fields can be formed.

Abstract: Packets are classified by content across a packet flow by sequencing packets according to packet flows through a content engine. A sequencer tracks packet flows, sending and buffering out-of-order packets to have missing packets resent. A regular expression engine determines matches of regular expressions and subexpressions with regular expressions encoded as non-deterministic finite automata with field programmable gate arrays and subexpression matches computed with a hash and determined by a hash look-up table. A tag module establishes a classification tag for a packet based on the packet's content by matching the tag with the regular expression and subexpressions of the packet.

Abstract: A system and method provides a broadband network node for a best effort network such as the Internet or intranets which supports the inexpensive and rapid deployment of services to the best efforts network. Separate data path and control path mechanisms allow high-speed data transfers with parallel processing flows for the data path that are controlled across data flows by the control path. Packets are classified, modified and shaped to enable the service on the network with an accountant to track packet traffic for control and billing purposes. A series of processing blades perform a modification function for each blade that processes packets according to classifications. The processing blades are modular and scalable for insertion in the broad band switch to rapidly adapt the broadband network node for new services.