Abstract: Method for operating an electronic network having a hardware layer and requiring network functions, involves virtualizing networking functions to virtual machines; using an addressing overlay above the hardware layer providing identities to the virtual machines and other network entities, the virtual machines being likely to move around different hardware components over the network, and the identities moving with the virtual machines; directing data flows around the network via the virtual machines using software defined flow mapping, the flows being directed among the virtual machines using the moving identities. The identities are mapped to the hardware locations of the virtual machines and the mapping is updated upon moving of the machine.

Abstract: One or more firewalls are used to perform firewall functionality on packets based on the entry and exit accesses of each of the one or more firewalls being applied to a packet. For example, when firewalls are included in a router, the interfaces of the router are typically mapped to virtual firewalls and access thereof. Based on the determined routing of a particular packet, the firewalls to apply and their corresponding entry and exit accesses are identified. In order to decouple the application by the firewall itself of the security policies from the network topology and routing architecture (e.g., the network routing address information which is typically relied upon by current firewalls), the firewall functionality is defined based on the identified entry and exit accesses of a firewall, rather than based on network defined addresses, for example.

Abstract: Methods and apparatus are disclosed for sending a multicast packet from multiple network interfaces across multiple networks using the same media access source address (MAC source address). One implementation includes a processing element and a network interface for each of the multiple networks. The processing element generates and initiates sending of a multicast packet having a same media access source address (MAC source address) from at least two of the multiple network interfaces. In one implementation, a single copy of the multicast packet is buffered, and each of the network interfaces retrieves, such as via a direct memory access (DMA) request, the multicast packet and forwards it to an attached network.

Abstract: A novel and useful mechanism for detecting the nodes connected to a network device and for creating a ring network from the nodes detected thereby. The invention simplifies insertion, removal and modification of nodes in the ring by detecting and reconfiguring the S ring without requiring intervention by a user. Identification information messages generated by network devices and sent out on all links and received over a plurality of ports are used in identifying and determining the connectivity and topology of the network devices. The resulting topology information is stored in a node database. The contents of the node database are then used to generate one or more ring networks, wherein each ring generated corresponds to a unique line speed. The connectivity of the one or more rings generated is stored in a ring database and the rings configured therefrom.

Abstract: Connecting a new node to a double ring network or establishing a new network having a double ring network is greatly simplified by automatic mapping of logical interfaces to physical interfaces to conform to a mapping or polarity observed by other nodes in the network. A node may discover the network polarity via a message received from an adjacent node and, if necessary, invert the mapping between its two logical interfaces and two physical interfaces. This facilitates installation by relaxing the requirement that the correct media pair be connected to the correct node physical interface. Nodes equipped with this automatic side selection capability may interoperate with nodes that are not so-equipped.

Abstract: A novel and useful mechanism for detecting the nodes connected to a network device and for creating a ring network from the nodes detected thereby. The invention simplifies insertion, removal and modification of nodes in the ring by detecting and reconfiguring the S ring without requiring intervention by a user. Identification information messages generated by network devices and sent out on all links and received over a plurality of ports are used in identifying and determining the connectivity and topology of the network devices. The resulting topology information is stored in a node database. The contents of the node database are then used to generate one or more ring networks, wherein each ring generated corresponds to a unique line speed. The connectivity of the one or more rings generated is stored in a ring database and the rings configured therefrom.

Abstract: Connecting a new node to a double ring network or establishing a new network having a double ring network is greatly simplified by automatic mapping of logical interfaces to physical interfaces to conform to a mapping or polarity observed by other nodes in the network. A node may discover the network polarity via a message received from an adjacent node and, if necessary, invert the mapping between its two logical interfaces and two physical interfaces. This facilitates installation by relaxing the requirement that the correct media pair be connected to the correct node physical interface. Nodes equipped with this automatic side selection capability may interoperate with nodes that are not so-equipped.

Abstract: A novel and useful mechanism for detecting the nodes connected to a network device and for creating a ring network from the nodes detected thereby. The invention simplifies insertion, removal and modification of nodes in the ring by detecting and reconfiguring the ring without requiring intervention by a user. Identification information messages generated by network devices and sent out on all links and received over a plurality of ports are used in identifying and determining the connectivity and topology of the network devices. The resulting topology information is stored in a node database. The contents of the node database are then used to generate one or more ring networks, wherein each ring generated corresponds to a unique line speed. The connectivity of the one or more rings generated is stored in a ring database and the rings configured therefrom.

Abstract: Methods and apparatus are disclosed for a boot progression scheme for reliably initializing a system. A boot progression data structure is maintained to indicate which of multiple boot images should be initially loaded upon startup of the system. During a boot phase, the boot progression data structure (e.g., a stack or other data structure) is modified to indicate a next boot image to use upon a next startup of the system. If the boot image provides a functional system, then the boot progression data structure is updated to once again indicate to boot with this image, and possibly removing references to other boot images. Otherwise, a reset or restart operation is performed to boot using another image. In this manner, a remote system can be upgraded across a network, and should the upgrade not perform correctly, the system reverts to a previous boot image.

Abstract: A method for detecting leaks in an ATM network, the method including the steps of a) creating an entity interconnection map including mappings of port interconnections among a plurality of network nodes, the plurality of network nodes includes a plurality of network endpoints and at least one network switch, b) creating an endpoint map including at least one endpoint mapping of at least one port to at least one virtual identifier for at least one of the network endpoints and a leak indicator for the at least one network endpoint indicating that the network endpoint is either of a transmitting endpoint and a receiving endpoint, c) creating a switch map including at least one switch mapping of at least one port and virtual identifier grouping to at least one other port and virtual identifier grouping for the at least one network switch, d) initializing a leak indicator for each of the endpoint mappings and the switch mappings to indicate a leak condition, e) traversing a virtual channel connection from each tra

Abstract: A method whereby local area network (LAN) multicast traffic flows are defined and set up by the network management system (NMS). Network efficiency is maximized and performance degradation of the network and workstations connected thereto is reduced. The method utilizes standard 802.1D bridging infrastructure built into conventional level 2 network switching devices to permit a administrator to define a multicast flow, otherwise known as a virtual LAN (VLAN) or a ‘Session VLAN,’ as a multicast application that can be mapped to a multicast MAC address. The multicast MAC address is then utilized in the transmission of the multicast messages. The NMS declares a session VLAN across all the level 2 devices in the network utilizing standard SNMP and members of the session VLAN can be added and removed. Each device then translates the SNMP requests to an operation on its standard 802.1D static addresses.

Abstract: A network having at least one emulated local area network (LAN) therein includes groups of legacy LAN workstations, network switches and an ATM switch. The network switches are each connectable to one of the groups of the legacy LAN workstations. The ATM switch is connectable to the network switches and each network switch includes a cell memory, a cell memory manager, local switching apparatus and remote switching apparatus. The cell memory stores cells of data. The cell memory manager converts data back and forth between a format and a cell format, stores the cell format data in the cell memory and retrieves calls therefrom. The local switching apparatus locally switches cells of data among the group of legacy LAN workstations connectable to the network switch. The remote switching apparatus switches the cells of data from the network switch to a remote network switch via the ATM switch.

Abstract: A traffic management unit for implementing Traffic Management (TM) of Available Bit Rate (ABR) traffic on an Asynchronous Transfer Mode (ATM) network is described. The traffic management unit comprises a traffic management processor coupled to a traffic management memory. The traffic management processor is coupled between a data processor and an ATM interface. An Ethernet workstation is coupled to the data processor through an Ethernet interface. An ATM switch is coupled to the traffic management processor through the ATM interface. The traffic management unit is implemented as a unit separate from the cell scheduling data processor. In addition, in order to utilize network congestion information more efficiently, VCs are grouped according to their output destinations or their path through the network. Congestion feedback for one VC is applied to other VCs within the group.