Abstract: A secure communication system enabling secure transport of information is disclosed. The system comprises a secure network with one or more packet processing units connected by links through an internal communication system. The secure network transports packets of information between credentialed and authenticated agents. Each packet is associated with a visa issued by a visa service. The visa specifies the procedures governing the processing of the packet by the packet processing units as it is transported along a compliant flow, between agents thorough the network, according to a set of policies specified in a network configuration. Packet processing units include docks and forwarders. Adaptors serving the agents communicate with the network through tie-ins to docks. The system also includes and admin service, accessible to one more admins, that facilitates configuration and management of the network.

Abstract: Methods, devices, and system related to secure communication systems are disclosed. In one example aspect, a secure communication system enabling secure transport of information includes a secure network comprising one or more nodes communicatively coupled by an internal communication system and a set of policies. The secure network internally transports the information in the form of internal packets. Each of the internal packets is associated with a visa that references the policies. A node among said one or more nodes transmits an internal packet of said information only if allowed by said policies as referenced by said visa.

Abstract: A secure communication system enabling secure transport of information is disclosed. The system comprises a secure network with one or more packet processing units connected by links through an internal communication system. The secure network transports packets of information between credentialed and authenticated agents. Each packet is associated with a visa issued by a visa service. The visa specifies the procedures governing the processing of the packet by the packet processing units as it is transported along a compliant flow, between agents thorough the network, according to a set of policies specified in a network configuration. Packet processing units include docks and forwarders. Adaptors serving the agents communicate with the network through tie-ins to docks. The system also includes and admin service, accessible to one more admins, that facilitates configuration and management of the network.

Abstract: A secure communication system enabling secure transport of information is disclosed. The system comprises a secure network with one or more packet processing units connected by links through an internal communication system. The secure network transports packets of information between credentialed and authenticated agents. Each packet is associated with a visa issued by a visa service. The visa specifies the procedures governing the processing of the packet by the packet processing units as it is transported along a compliant flow, between agents thorough the network, according to a set of policies specified in a network configuration. Packet processing units include docks and forwarders. Adaptors serving the agents communicate with the network through tie-ins to docks. The system also includes and admin service, accessible to one more admins, that facilitates configuration and management of the network.

Abstract: A secure communication system enabling secure transport of information is disclosed. The system comprises a secure network with one or more packet processing units connected by links through an internal communication system. The secure network transports packets of information between credentialed and authenticated agents. Each packet is associated with a visa issued by a visa service. The visa specifies the procedures governing the processing of the packet by the packet processing units as it is transported along a compliant flow, between agents thorough the network, according to a set of policies specified in a network configuration. Packet processing units include docks and forwarders. Adaptors serving the agents communicate with the network through tie-ins to docks. The system also includes and admin service, accessible to one more admins, that facilitates configuration and management of the network.

Abstract: A forwarding node decapsulates and encapsulates data. The decapsulation may be performed using pattern matching techniques and the encapsulation may be performed using pattern insertion techniques. The decapsulation and encapsulation are preferably performed by hardware devices such as application specific integrated circuits (ASICs) to enhance the speed of such operations. The decapsulation and encapsulation may be independent of each other and performed on a per virtual circuit basis.

Abstract: A forwarding node decapsulates and encapsulates data. The decapsulation may be performed using pattern matching techniques and the encapsulation may be performed using pattern insertion techniques. The decapsulation and encapsulation are preferably performed by hardware devices such as application specific integrated circuits (ASICs) to enhance the speed of such operations. The decapsulation and encapsulation may be independent of each other and performed on a per virtual circuit basis.

Abstract: A network device coordinates with other devices in a network to create a distributed filtering system. The device detects an attack in the network, such as a distributed denial of service attack, and forwards attack information to the other devices. The devices may categorize data into one or more groups and rate limit the amount of data being forwarded based on rate limits for the particular categories. The rate limits may also be updated based on the network conditions. The rate limits may further be used to guarantee bandwidth for certain categories of data.

Abstract: A forwarding node decapsulates and encapsulates data. The decapsulation may be performed using pattern matching techniques and the encapsulation may be performed using pattern insertion techniques. The decapsulation and encapsulation are preferably performed by hardware devices such as application specific integrated circuits (ASICs) to enhance the speed of such operations. The decapsulation and encapsulation may be independent of each other and performed on a per virtual circuit basis.

Abstract: An interconnect network for operation within communication node, wherein the interconnect network may have features including the ability to transfer a variety of communication protocols, scalable bandwidth and reduced down-time. According to one embodiment of the invention, the communication node includes a plurality of I/O channels for coupling information into and out of the node, and the interconnect network includes at least one local interconnect module having local transfer elements for transferring information between the plurality of I/O channels; and scaling elements for expanding the interconnect network to include additional local interconnect modules, such that information can be transferred between the local interconnect modules included in the interconnect network.

Abstract: A network device coordinates with other devices in a network to create a distributed filtering system. The device detects an attack in the network, such as a distributed denial of service attack, and forwards attack information to the other devices. The devices may categorize data into one or more groups and rate limit the amount of data being forwarded based on rate limits for the particular categories. The rate limits may also be updated based on the network conditions. The rate limits may further be used to guarantee bandwidth for certain categories of data.

Abstract: A network device coordinates with other devices in a network to create a distributed filtering system. The device detects an attack in the network, such as a distributed denial of service attack, and forwards attack information to the other devices. The devices may categorize data into one or more groups and rate limit the amount of data being forwarded based on rate limits for the particular categories. The rate limits may also be updated based on the network conditions. The rate limits may further be used to guarantee bandwidth for certain categories of data.

Abstract: A forwarding node decapsulates and encapsulates data. The decapsulation may be performed using pattern matching techniques and the encapsulation may be performed using pattern insertion techniques. The decapsulation and encapsulation are preferably performed by hardware devices such as application specific integrated circuits (ASICs) to enhance the speed of such operations. The decapsulation and encapsulation may be independent of each other and performed on a per virtual circuit basis.

Abstract: A network device bundles packet over synchronous optical network (POS) data stream and asynchronous transfer mode (ATM) data stream into a synchronous optical network (SONET) data stream. The POS data stream and the ATM data stream are virtual channels or tributaries of the SONET data stream. The SONET data stream may be transmitted over a single optical fiber.

Abstract: An interconnect network for operation within communication node, wherein the interconnect network may have features including the ability to transfer a variety of communication protocols, scalable bandwidth and reduced down-time. According to one embodiment of the invention, the communication node includes a plurality of I/O channels for coupling information into and out of the node, and the interconnect network includes at least one local interconnect module having local transfer elements for transferring information between the plurality of I/O channels; and scaling elements for expanding the interconnect network to include additional local interconnect modules, such that information can be transferred between the local interconnect modules included in the interconnect network.

Abstract: An interconnect network for operation within communication node, wherein the interconnect network may have features including the ability to transfer a variety of communication protocols, scalable bandwidth and reduced down-time. According to one embodiment of the invention, the communication node includes a plurality of I/O channels for coupling information into and out of the node, and the interconnect network includes at least one local interconnect module having local transfer elements for transferring information between the plurality of I/O channels; and scaling elements for expanding the interconnect network to include additional local interconnect modules, such that information can be transferred between the local interconnect modules included in the interconnect network.

Abstract: A network device coordinates with other devices in a network to create a distributed filtering system. The device detects an attack in the network, such as a distributed denial of service attack, and forwards attack information to the other devices. The devices may categorize data into one or more groups and rate limit the amount of data being forwarded based on rate limits for the particular categories. The rate limits may also be updated based on the network conditions. The rate limits may further be used to guarantee bandwidth for certain categories of data.

Abstract: An interconnect network for operation within communication node, wherein the interconnect network may have features including the ability to transfer a variety of communication protocols, scalable bandwidth and reduced down-time. According to one embodiment of the invention, the communication node includes a plurality of I/O channels for coupling information into and out of the node, and the interconnect network includes at least one local interconnect module having local transfer elements for transferring information between the plurality of I/O channels; and scaling elements for expanding the interconnect network to include additional local interconnect modules, such that information can be transferred between the local interconnect modules included in the interconnect network.

Abstract: An interconnect network for operation within communication node, wherein the interconnect network may have features including the ability to transfer a variety of communication protocols, scalable bandwidth and reduced down-time. According to one embodiment of the invention, the communication node includes a plurality of I/O channels for coupling information into and out of the node, and the interconnect network includes at least one local interconnect module having local transfer elements for transferring information between the plurality of I/O channels; and scaling elements for expanding the interconnect network to include additional local interconnect modules, such that information can be transferred between the local interconnect modules included in the interconnect network.

Abstract: A switch/router contains intelligence for more quickly determining a next hop for an network layer packet. A network forwarding lookup table or array structure is configured so as to minimize the number of memory accesses required. This results in a decrease in time due to memory access and a decrease in computational overhead due to the memory accesses. In one embodiment, a first forwarding lookup is indexed by the first 16 bits of a destination address. A second forwarding lookup is indexed by the subsequent 8 bits of the destination address, and a final third forwarding lookup is indexed by the last 8 bits of the destination address. Each entry within a forwarding lookup contains either direction as to how properly forward the packet or reference to a next subsequent forwarding lookup.