Abstract: The present invention relates to a method and computer system device for applying a plurality of rules to data packets within a network computer system. A filter rule decision tree is updated by adding or deleting a rule. If deleting a filter rule then the decision tree is provided to a network data plane processor with an incremental delete of the filter rule. If adding a filter rule then either providing an incremental insertion of the filter rule to the decision tree or rebuilding the first decision tree into a second decision tree responsive to comparing a parameter to a threshold. In one embodiment the parameter and thresholds relate to depth values of the tree filter rule chained branches. In another the parameter and thresholds relate to a total count of rule additions since a building of the relevant tree.

Abstract: A method and system for controlling a plurality of pipes in a computer system including at least one central system is disclosed. The pipes provide traffic from a plurality of distributed systems. The method and system include providing a first plurality of data packets from a pipe of the plurality of pipes to a fast path or a slow path during a time interval such that none of the first plurality of data packets is dropped. The first plurality of data packets arrive in a time interval. The fast path includes a fast storage, while the slow path includes a bulk storage. The method and system also include providing a second plurality of data packets from the fast storage or the bulk storage to the central system in a first in first out order during the time interval.

Abstract: An intrusion detection system (IDS) comprises a network processor (NP) coupled to a memory unit for storing programs and data. The NP is also coupled to one or more parallel pattern detection engines (PPDE) which provide high speed parallel detection of patterns in an input data stream. Each PPDE comprises many processing units (PUs) each designed to store intrusion signatures as a sequence of data with selected operation codes. The PUs have configuration registers for selecting modes of pattern recognition. Each PU compares a byte at each clock cycle. If a sequence of bytes from the input pattern match a stored pattern, the identification of the PU detecting the pattern is outputted with any applicable comparison data. By storing intrusion signatures in many parallel PUs, the IDS can process network data at the NP processing speed. PUs may be cascaded to increase intrusion coverage or to detect long intrusion signatures.

Abstract: The present invention relates to a method and computer system device for applying a plurality of rules to data packets within a network computer system. A filter rule decision tree is updated by adding or deleting a rule. If deleting a filter rule then the decision tree is provided to a network data plane processor with an incremental delete of the filter rule. If adding a filter rule then either providing an incremental insertion of the filter rule to the decision tree or rebuilding the first decision tree into a second decision tree responsive to comparing a parameter to a threshold. In one embodiment the parameter and thresholds relate to depth values of the tree filter rule chained branches. In another the parameter and thresholds relate to a total count of rule additions since a building of the relevant tree.

Abstract: System and method for tracking inventory of a multiplicity of products. First RFID tags are associated with respective products or groups of products. Second Active RFID tags are associated with respective first containers for the multiplicity products. A third Active RFID tag is associated with a second container for the first containers. First RFID tags broadcast their respective identifications. Second Active RFID tags hash the identities of the first RFID tags within their respective first containers and broad their hashed values. Third Active RFID tag hash the hashed values broadcast by the second Active RFID tags. An expected value is compared to a result of the third Active RFID tag hashing the hashed values broadcast by the second Active RFID tags.

Abstract: The classification system of a network device includes a cache in which a mapping between predefined characteristics of TCP/IP packets and associated actions are stored in response to the first “Frequent Flyer” packet in of a session. Selected characteristics from subsequent received packets of that session are correlated with the predefined characteristics and the stored actions are applied to the received packets if the selected characteristics and the predefined characteristics match, thus reducing the processing required for subsequent packets. The packets selected for caching may be data packets. For mismatched characteristics, the full packet search of the classification system is used to determine the action to apply to the received packet.

Abstract: The classification system of a network device includes a cache in which a mapping between predefined characteristics of TCP/IP packets and associated actions are stored in response to the first “Frequent Flyer” packet in of a session. Selected characteristics from subsequent received packets of that session are correlated with the predefined characteristics and the stored actions are applied to the received packets if the selected characteristics and the predefined characteristics match, thus reducing the processing required for subsequent packets. The packets selected for caching may be data packets. For mismatched characteristics, the full packet search of the classification system is used to determine the action to apply to the received packet.

Abstract: A medium and system for managing asynchronous transfer mode (ATM) traffic in a computer system is disclosed. The computer system is used in sending, receiving, or sending and receiving a plurality of ATM flows. Each ATM flow has a plurality of ATM cells, a minimum ATM bandwidth guarantee, and a maximum ATM bandwidth. The medium and system include determining whether excess bandwidth exists for the ATM flows. The method and system also include gracefully increasing a portion of the ATM cells transmitted for each ATM flow during periods of excess bandwidth. The portion of the ATM cells transmitted is not more than the maximum ATM bandwidth limit. If an ATM flow presents a sufficient offered load, the portion of the ATM cells transmitted in the flow is not less than a minimum ATM bandwidth guarantee.

Abstract: The present invention provides for a computer network method and system that applies “hysteresis” to an active queue management algorithm. If a queue is at a level below a certain low threshold and a burst of packets arrives at a network node, then the probability of dropping the initial packets in the burst is recalculated, but the packets are not dropped. However, if the queue level crosses beyond a hysteresis threshold, then packets are discarded pursuant to a drop probability. Also, according to the present invention, queue level may be decreased until it becomes less than the hysteresis threshold, with packets dropped per the drop probability until the queue level decreases to at least a low threshold. In one embodiment, an adaptive algorithm is also provided to adjust the transmit probability for each flow together with hysteresis to increase the packet transmit rates to absorb bursty traffic.

Abstract: System and method for tracking inventory of a multiplicity of products. First RFID tags are associated with respective products or groups of products. Second Active RFID tags are associated with respective first containers for the multiplicity products. A third Active RFID tag is associated with a second container for the first containers. First RFID tags broadcast their respective identifications. Second Active RFID tags hash the identities of the first RFID tags within their respective first containers and broad their hashed values. Third Active RFID tag hash the hashed values broadcast by the second Active RFID tags. An expected value is compared to a result of the third Active RFID tag hashing the hashed values broadcast by the second Active RFID tags.

Abstract: A system for reducing the size of a database includes a memory in which the database configured in a ternary matrix array structure is stored. A processor executing at least one reduction algorithm scans the database tagging superfluous entries that are subsequently deleted. The tagging and deleting are done in such a way that the logical contents of the original database is unchanged, even though the size of the database is reduced.

Abstract: A detection and response system that generates an Alert if unauthorized scanning is detected on a computer network that includes a look-up table to record state value corresponding to the sequence in which SYN, SYN/ACK and RST packets are observed. A set of algorithms executed on a processing engine adjusts the state value in response to observing the packets. When the state value reaches a predetermined value indicating that all three packets have been seen, the algorithm generates an Alert.

Abstract: A detection and response system that generates an Alert if unauthorized scanning is detected on a computer network that includes a look-up table to record state value corresponding to the sequence in which SYN, SYN/ACK and RST packets are observed. A set of algorithms executed on a processing engine adjusts the state value in response to observing the packets. When the state value reaches a predetermined value indicating that all three packets have been seen, the algorithm generates an Alert.

Abstract: Methods and apparatus are provided for metering data packets having a plurality of different packet lengths in a data communications network. A token count TC is incremented at a token increment rate CIR subject to an upper limit CBS on the token count. On arrival of a packet of length L tokens, it is determined if both TC>0 and TC+n?L, where n is a defined number of tokens. If so, the data packet is categorized as in profile and L tokens are subtracted from the token count TC. Otherwise the data packet is categorized out of profile. In some embodiments, n is set to a value in the range 0<n<(Lmax?1) where Lmax is the maximum length of data packets to be metered. In other embodiments, n is varied in the range 0?n?(Lmax?1) in dependence on at least one feedback signal indicating an operational condition in the network. The degree of conformance of the metering system is determined by the parameter n, whereby the conformance level can be tuned to particular multi-length packet environments.

Abstract: System and method for tracking inventory of a multiplicity of products. First RFID tags are associated with respective products or groups of products. Second Active RFID tags are associated with respective first containers for the multiplicity products. A third Active RFID tag is associated with a second container for the first containers. First RFID tags broadcast their respective identifications. Second Active RFID tags hash the identities of the first RFID tags within their respective first containers and broad their hashed values. Third Active RFID tag hash the hashed values broadcast by the second Active RFID tags. An expected value is compared to a result of the third Active RFID tag hashing the hashed values broadcast by the second Active RFID tags.

Abstract: A method and system for managing asynchronous transfer mode (ATM) traffic in a computer system is disclosed. The computer system is used in sending, receiving, or sending and receiving a plurality of ATM flows. Each ATM flow has a plurality of ATM cells, a minimum ATM bandwidth guarantee, and a maximum ATM bandwidth. The method and system include determining whether excess bandwidth exists for the ATM flows. The method and system also include gracefully increasing a portion of the ATM cells transmitted for each ATM flow during periods of excess bandwidth. The portion of the ATM cells transmitted is not more than the maximum ATM bandwidth limit. If an ATM flow presents a sufficient offered load, the portion of the ATM cells transmitted in the flow is not less than a minimum ATM bandwidth guarantee.

Abstract: Methods and apparatus are provided for managing a data packet queue corresponding to a resource of a network device. A token count TC is maintained for a predefined flow of data packets, and the transmission of packets in the flow into the queue is controlled in dependence on this token count. The token count is decremented when packets in the flow are transmitted into the queue, and the token count is incremented at a token increment rate C. A bandwidth indicator, indicative of bandwidth availability in the resource, is monitored, and the token increment rate C is varied in dependence on this bandwidth indicator. The bandwidth-dependent variation of the token increment rate C is such that, when available bandwidth is indicated, the increment rate C is increased, and when no available bandwidth is indicated the increment rate C is decreased.

Abstract: A flow control method and system including an algorithm for deciding to transmit an arriving packet into a processing queue or to discard it, or, in the case of instructions or packets that must not be discarded, a similar method and system for deciding at a service event to transmit an instruction or packet into a processing queue or to skip the service event. The transmit probability is increased or decreased in consideration of minimum and maximum limits for each flow, aggregate limits for sets of flows, relative priority among flows, queue occupancy, and rate of change of queue occupancy. The effects include protection of flows below their minimum rates, correction of flows above their maximum rates, and, for flows between minimum and maximum rates, reduction of constituent flows of an aggregate that is above its aggregate maximum. Practice of the invention results in low queue occupancy during steady congestion.

Abstract: The amount of chip power that is consumed for cache storage size maintenance is optimized by the close monitoring and control of frequency of missed requests, and the proportion of frequently recurring items to all traffic items. The total number of hit slots is measured per interval of time and is compared to the theoretical value based on random distribution. If the missed rate is high, then the observed effect and value of increasing cache size are deduced by observing how this increase affects the distribution of hits on all cache slots. As the number of frequently hit items in proportion to the total traffic items increases, the benefits of increasing the cache size decreases.

Abstract: Methods and apparatus are provided for controlling flow rates of a plurality of data packet flows into a queue 4 corresponding to a resource 3 of a network device 1. The flows comprise a set 7 of non-responsive flows, and a set 8 of other flows which may comprise responsive flows and/or flows whose responsiveness is unknown. The flow rates are managed in accordance with a queue management scheme such that adjustments are made to each flow rate in dependence on excess bandwidth in the resource, the amounts of the adjustments being dependent on one or more adjustment parameters for each flow. An error signal is generated based on the deviation from a desired allocation ratio of the ratio of the total flow rates into the queue 4 for the sets of flows 7, 8. At least one adjustment parameter for at least one flow is then varied in dependence on the error signal in such a manner as to reduce the aforementioned deviation.