Abstract: In response to a detected loss of previously transmitted information by an apparatus communicating with a remote device (e.g., using TCP), the rate of transmission of information is increased by the apparatus in response to attributing the detected loss of previously transmitted information as not being caused by congestion. This attribution of the packet loss is typically determined based on roundtrip delays between sent information and received corresponding acknowledgments, which may be used directly or indirectly, such as by estimating network queuing delays based on the measured roundtrip delays.

Abstract: A method and system to detect an evasion attack are provided. The system may include a repository to store signature fragments that together constitute an attack signature, an interceptor to intercept a data packet associated with a network connection, a string-matching module to determine whether the payload of the data packet includes any of the stored signature fragments thereby identifying a match, a responder to perform a prevention action in response to the match, and a detector to detect that a size of the data packet is less than a size threshold. The system may further include a state machine to commence maintaining a state for the network connection in response to the detector determining that the size of the data packet is less than the size threshold.

Abstract: In response to a detected loss of previously transmitted information by an apparatus communicating with a remote device (e.g., using TCP), the rate of transmission of information is increased by the apparatus in response to attributing the detected loss of previously transmitted information as not being caused by congestion. This attribution of the packet loss is typically determined based on roundtrip delays between sent information and received corresponding acknowledgments, which may be used directly or indirectly, such as by estimating network queuing delays based on the measured roundtrip delays.

Abstract: In response to a detected loss of previously transmitted information by an apparatus communicating with a remote device (e.g., using TCP), the rate of transmission of information is increased by the apparatus in response to attributing the detected loss of previously transmitted information as not being caused by congestion. This attribution of the packet loss is typically determined based on roundtrip delays between sent information and received corresponding acknowledgments, which may be used directly or indirectly, such as by estimating network queuing delays based on the measured roundtrip delays.

Abstract: A method and system to detect an evasion attack are provided. The system may include a repository to store signature fragments that together constitute an attack signature, an interceptor to intercept a data packet associated with a network connection, a string-matching module to determine whether the payload of the data packet includes any of the stored signature fragments thereby identifying a match, a responder to perform a prevention action in response to the match, and a detector to detect that a size of the data packet is less than a size threshold. The system may further include a state machine to commence maintaining a state for the network connection in response to the detector determining that the size of the data packet is less than the size threshold.

Abstract: A scalable method and apparatus that detects frequent and dispersed invariants is disclosed. More particularly, the application discloses a system that can simultaneously track frequency rates and dispersion criteria of unknown invariants. In other words, the application discloses an invariant detection system implemented in hardware (and/or software) that allows detection of invariants (e.g., byte sequences) that are highly prevalent (e.g., repeating with a high frequency) and dispersed (e.g., originating from many sources and destined to many destinations).

Abstract: Class-based bandwidth partitioning of a sequence of packets of varying packet classes is performed, such as, but not limited to determining whether or not to admit a packet to a queue based on a probability corresponding to a class of packets associated with the packet, with this probability being based on measured arrival traffic and a fair share based on the length of the queue. Data path processing is performed on each packet to determine whether to admit or drop the packet, and to record the measured received traffic. Control path processing is periodically performed to update these probabilities based on determined arrival rates and fair shares for each class of packets. In this manner, a relatively small amount of processing and resources are required to partition bandwidth for a scalable number of classes of packets.

Abstract: A method for classifying a data packet containing a header is provided. The method may comprise parsing the header of a data packet into header elements. Rules in secondary lookup tables generated from a primary lookup table may be accessed. The respective header elements of the data packet may be compared to the respective fields of each of the secondary lookup tables, and rule results for each of the secondary lookup tables in a combinable format may be generated. In another embodiment, a method for generating secondary lookup tables from a primary lookup table is provided. The method may comprise accessing a primary lookup table defining packet classification rules and generating multiple secondary lookup tables from the primary lookup table. For each secondary lookup table, a selection of classification rules and a selection of fields of the multiple fields based on a rule set identifying predefined entries may be extracted.

Abstract: In response to a detected loss of previously transmitted information by an apparatus communicating with a remote device (e.g., using TCP), the rate of transmission of information is increased by the apparatus in response to attributing the detected loss of previously transmitted information as not being caused by congestion. This attribution of the packet loss is typically determined based on roundtrip delays between sent information and received corresponding acknowledgments, which may be used directly or indirectly, such as by estimating network queuing delays based on the measured roundtrip delays.

Abstract: A method for classifying a data packet containing a header is provided. The method may comprise parsing the header of a data packet into header elements. Rules in secondary lookup tables generated from a primary lookup table may be accessed. The respective header elements of the data packet may be compared to the respective fields of each of the secondary lookup tables, and rule results for each of the secondary lookup tables in a combinable format may be generated. In another embodiment, a method for generating secondary lookup tables from a primary lookup table is provided. The method may comprise accessing a primary lookup table defining packet classification rules and generating multiple secondary lookup tables from the primary lookup table. For each secondary lookup table, a selection of classification rules and a selection of fields of the multiple fields based on a rule set identifying predefined entries may be extracted.

Abstract: A method and device to process a packet received by a network device is described. The method may comprise analyzing the packet to identify at least one set of a plurality of sets, mapping the at least one set to at least one functional unit, and performing functionality associated with the at least one functional unit. Analyzing the packet to identify at least one of a plurality of sets may comprise determining when the packet includes at least one set identifier, and identifying the at least one set based on the at least one set identifier. A set status identifier may be defined for each set, the set status identifier indicating when set identifiers associated with a corresponding set are detected in the packet. The device may be a router, switch or any other device that processes digital data e.g., packet data including packets headers, payload or the like.

Abstract: A method for classifying a data packet containing a header is provided. The method may comprise parsing the header of a data packet into header elements. Rules in secondary lookup tables generated from a primary lookup table may be accessed. The respective header elements of the data packet may be compared to the respective fields of each of the secondary lookup tables, and rule results for each of the secondary lookup tables in a combinable format may be generated. In another embodiment, a method for generating secondary lookup tables from a primary lookup table is provided. The method may comprise accessing a primary lookup table defining packet classification rules and generating multiple secondary lookup tables from the primary lookup table. For each secondary lookup table, a selection of classification rules and a selection of fields of the multiple fields based on a rule set identifying predefined entries may be extracted.

Abstract: Methods and apparatus are disclosed for simultaneously scheduling multiple priorities of packets, such as in systems having a non-blocking switching fabric. In one implementation, the maximum bandwidth which a particular input can send is identified. During a scheduling cycle, a current bandwidth desired for a first priority of traffic is identified, which leaves the remaining bandwidth available for a second priority of traffic without affecting the bandwidth allocated to the first priority of traffic. By determining these bandwidth amounts at each iteration of a scheduling cycle, multiple priorities of traffic can be simultaneously scheduled. This approach may be used by a wide variety of scheduling approaches, such as, but not limited to using a SLIP algorithm or variant thereof. When used in conjunction with a SLIP algorithm, the current desired bandwidths typically correspond to high and low priority requests.

Abstract: A method for classifying a data packet containing a header is provided. The method may comprise parsing the header of a data packet into header elements. Rules in secondary lookup tables generated from a primary lookup table may be accessed. The respective header elements of the data packet may be compared to the respective fields of each of the secondary lookup tables, and rule results for each of the secondary lookup tables in a combinable format may be generated. In another embodiment, a method for generating secondary lookup tables from a primary lookup table is provided. The method may comprise accessing a primary lookup table defining packet classification rules and generating multiple secondary lookup tables from the primary lookup table. For each secondary lookup table, a selection of classification rules and a selection of fields of the multiple fields based on a rule set identifying predefined entries may be extracted.

Abstract: A method and device to process a packet received by a network device is described. The method may comprise analyzing the packet to identify at least one set of a plurality of sets, mapping the at least one set to at least one functional unit, and performing functionality associated with the at least one functional unit. Analyzing the packet to identify at least one of a plurality of sets may comprise determining when the packet includes at least one set identifier, and identifying the at least one set based on the at least one set identifier. A set status identifier may be defined for each set, the set status identifier indicating when set identifiers associated with a corresponding set are detected in the packet. The device may be a router, switch or any other device that processes digital data e.g., packet data including packets headers, payload or the like.

Abstract: Disclosed are, inter alia, methods, apparatus, data structures, computer readable media, mechanisms, and means for partitioning and filtering a search space of particular use for determining a longest prefix match thereon, such as for routing packets. One implementation uses one or more filtering mechanisms to filter portions of a lookup word against a first set of lookup values, such as, but not limited to the value of any corresponding portion of any entry in the search space. A set of possible matching prefixes defined by consecutive matching portions of the lookup word from the highest-order position are determined, and lookup operations are typically performed in parallel on each of these possible matching prefixes to generate a set of matching results (if any), which is typically used to identify the longest matching prefix.

Abstract: A method and system to detect an evasion attack are provided. The system may include a repository to store signature fragments that together constitute an attack signature, an interceptor to intercept a data packet associated with a network connection, a string-matching module to determine whether the payload of the data packet includes any of the stored signature fragments thereby identifying a match, a responder to perform a prevention action in response to the match, and a detector to detect that a size of the data packet is less than a size threshold. The system may further include a state machine to commence maintaining a state for the network connection in response to the detector determining that the size of the data packet is less than the size threshold.

Abstract: Methods and apparatus are disclosed for scheduling packets, such as in systems having a non-blocking switching fabric and homogeneous or heterogeneous line card interfaces. In one implementation, multiple request generators, grant arbiters, and acceptance arbiters work in conjunction to determine this scheduling. A set of requests for sending packets from a particular input is generated. From a grant starting position, a first n requests in a predetermined sequence are identified, where n is less than or equal to the maximum number of connections that can be used in a single packet time to the particular output. The grant starting position is updated in response to the first n grants including a particular grant corresponding to a grant advancement position. In one embodiment, the set of grants generated based on the set of requests is similarly determined using an acceptance starting position and an acceptance advancement position.

Abstract: A flexible scheduler in an ATM switch. The scheduler enables each connection to be served fairly according to associated quality of service parameters, while enabling several other features. A connection can be shaped while minimizing additional memory and processing requirements. Specifically, the conformance time of cells of a connections need not be stored when significant backlog exists in the transmission of the cells. The shaping rate can be dynamically varied. Sequence of cells forming a frame are buffered in the ATM switch until the end of frame cell is received. All the cells of a frame are then sent in quick succession.

Abstract: Methods and apparatus are disclosed for scheduling packets, such as in systems having a non-blocking switching fabric and homogeneous or heterogeneous line card interfaces. In one implementation, multiple request generators, grant arbiters, and acceptance arbiters work in conjunction to determine this scheduling. A set of requests for sending packets from a particular input is generated. From a grant starting position, a first n requests in a predetermined sequence are identified, where n is less than or equal to the maximum number of connections that can be used in a single packet time to the particular output. The grant starting position is updated in response to the first n grants including a particular grant corresponding to a grant advancement position. In one embodiment, the set of grants generated based on the set of requests is similarly determined using an acceptance starting position and an acceptance advancement position.