Abstract: Packets are communicated between forwarding contexts (e.g., virtual routers, logical routers, and/or private networks) using virtual interfaces in communications and computing systems, especially routers, packet switching systems, and other devices. A virtual interface refers to the interface infrastructure (e.g., buffers, memory locations, other data structures), but does not connect to an external cable or other communications mechanism such as is a physical interface. Packets are moved between forwarding contexts by automatically moving a packet placed in a first virtual interface associated with a first forwarding context to a second virtual interface associated with a second forwarding context (assuming the packet is not dropped by a feature applied to the packet at the first virtual interface).

Abstract: In one embodiment, a router receives a call request for establishing a multimedia exchange between two remote endpoints. The router selects a processing entity to manage a subset of connections with the remote endpoints according to an endpoint identification such as a remote address included in the call request. A different processing entity manages the remaining connections with the remote endpoints. Accordingly, the load of managing signaling for establishing the multimedia exchange is balanced between a plurality of processing elements that appear externally as a single entity such that modification of remote endpoint behavior is not required.

Abstract: Connecting a new node to a double ring network or establishing a new network having a double ring network is greatly simplified by automatic mapping of logical interfaces to physical interfaces to conform to a mapping or polarity observed by other nodes in the network. A node may discover the network polarity via a message received from an adjacent node and, if necessary, invert the mapping between its two logical interfaces and two physical interfaces. This facilitates installation by relaxing the requirement that the correct media pair be connected to the correct node physical interface. Nodes equipped with this automatic side selection capability may interoperate with nodes that are not so-equipped.

Abstract: The boot operations of one or more systems may be redirected. For example, a master boot processor may configure a slave boot processor to boot over a communication bus existing between the processors, which typically eliminates the need for boot software in slave systems. This can be accomplished such as by the master system updating a programmable interface of the slave system to identify an image from which to boot, such as from a remote boot image stored external to the slave system.

Abstract: A novel and useful mechanism for optical ring networks providing concentrator redundancy in the event of a failure of a concentrator. The nodes in a network are connected to dual concentrators to form bi-directional dual counter-rotating optical rings. The failure of one of the concentrators is detected and the internal connections of the surviving concentrator are reconfigured to form a single ring that provides an alternate communication path thus preventing the collapse of the ring. Reliability of optical rings is improved by enabling the ring to continue to function in the event of a concentrator failure.

Abstract: Packets are communicated between forwarding contexts (e.g., virtual routers, logical routers, and/or private networks) using virtual interfaces in communications and computing systems, especially routers, packet switching systems, and other devices. A virtual interface refers to the interface infrastructure (e.g., buffers, memory locations, other data structures), but does not connect to an external cable or other communications mechanism such as is a physical interface. Packets are moved between forwarding contexts by automatically moving a packet placed in a first virtual interface associated with a first forwarding context to a second virtual interface associated with a second forwarding context (assuming the packet is not dropped by a feature applied to the packet at the first virtual interface).

Abstract: A novel and useful mechanism for detecting the nodes connected to a network device and for creating a ring network from the nodes detected thereby. The invention simplifies insertion, removal and modification of nodes in the ring by detecting and reconfiguring the S ring without requiring intervention by a user. Identification information messages generated by network devices and sent out on all links and received over a plurality of ports are used in identifying and determining the connectivity and topology of the network devices. The resulting topology information is stored in a node database. The contents of the node database are then used to generate one or more ring networks, wherein each ring generated corresponds to a unique line speed. The connectivity of the one or more rings generated is stored in a ring database and the rings configured therefrom.

Abstract: One or more firewalls are used to perform firewall functionality on packets based on the entry and exit accesses of each of the one or more firewalls being applied to a packet. For example, when firewalls are included in a router, the interfaces of the router are typically mapped to virtual firewalls and access thereof. Based on the determined routing of a particular packet, the firewalls to apply and their corresponding entry and exit accesses are identified. In order to decouple the application by the firewall itself of the security policies from the network topology and routing architecture (e.g., the network routing address information which is typically relied upon by current firewalls), the firewall functionality is defined based on the identified entry and exit accesses of a firewall, rather than based on network defined addresses, for example.

Abstract: Streams of packets are dynamically switched among dedicated and shared queues. For example, when a packet stream is in a maintenance mode (such as to keep a tunnel or packet stream associated with a server active) all packet traffic received over a packet stream is directed into the shared queue while the packet stream is not associated with one of the dedicated queues. In response to a detected change in the packet activity status of packet traffic (e.g., the establishment of a call or an increase in packet traffic, especially desirous of individualized quality of service) over a particular packet stream of the packet streams, the particular packet stream is associated with a particular group of dedicated queues such that at least non-control data traffic received over the particular packet stream is subsequently directed into the particular group of dedicated queues while the particular packet stream remains associated with the particular group of dedicated queues.

Abstract: Methods and devices for managing traffic are described. Traffic from a source in a virtual private network (VPN) is received. The traffic is directed to a virtual interface that is designated to receive traffic from the VPN. The virtual interface is configured to associate the traffic with an identifier that uniquely identifies the VPN to a session border controller (SBC). The SBC can use the identifier to determine whether the source and the destination of the traffic are in the same VPN.

Abstract: Disclosed are, inter alia, methods, apparatus, data structures, computer-readable media, mechanisms, and means for applying features to packets in an order specified by a selected feature order template. By providing multiple feature order templates, a network device manufacturer can provide the user of the network device the ability to select among a variety of orders in which features are applied, while limiting the possible selectable orderings such as to those capable by the hardware and software of the network device, and/or to a subset of orderings thereof which has been thoroughly tested. Some devices further allow a user to define new feature order templates via a user interface.

Abstract: Connecting a new node to a double ring network or establishing a new network having a double ring network is greatly simplified by automatic mapping of logical interfaces to physical interfaces to conform to a mapping or polarity observed by other nodes in the network. A node may discover the network polarity via a message received from an adjacent node and, if necessary, invert the mapping between its two logical interfaces and two physical interfaces. This facilitates installation by relaxing the requirement that the correct media pair be connected to the correct node physical interface. Nodes equipped with this automatic side selection capability may interoperate with nodes that are not so-equipped.

Abstract: A novel and useful mechanism for detecting the nodes connected to a network device and for creating a ring network from the nodes detected thereby. The invention simplifies insertion, removal and modification of nodes in the ring by detecting and reconfiguring the ring without requiring intervention by a user. Identification information messages generated by network devices and sent out on all links and received over a plurality of ports are used in identifying and determining the connectivity and topology of the network devices. The resulting topology information is stored in a node database. The contents of the node database are then used to generate one or more ring networks, wherein each ring generated corresponds to a unique line speed. The connectivity of the one or more rings generated is stored in a ring database and the rings configured therefrom.

Abstract: Methods and apparatus are disclosed for a boot progression scheme for reliably initializing a system. A boot progression data structure is maintained to indicate which of multiple boot images should be initially loaded upon startup of the system. During a boot phase, the boot progression data structure (e.g., a stack or other data structure) is modified to indicate a next boot image to use upon a next startup of the system. If the boot image provides a functional system, then the boot progression data structure is updated to once again indicate to boot with this image, and possibly removing references to other boot images. Otherwise, a reset or restart operation is performed to boot using another image. In this manner, a remote system can be upgraded across a network, and should the upgrade not perform correctly, the system reverts to a previous boot image.