Abstract: A routing system for providing multicast access control includes a plurality of routers including a multicast source router and a plurality of multicast receiver routers, the plurality of routers providing a multicast service, wherein the routers are configured to enforce multicast access control policies for the multicast service including a receiver access policy that controls which multicast receivers are allowed to receive packets from the multicast service and a sender access policy that controls which multicast sources are allowed to send packets to the multicast service for distribution to the multicast receivers.

Abstract: A router advertises an aggregated service or route that can be evaluated by other routers as a unitary segment rather than as a group of individual links/paths associated with the aggregated service or route. The aggregated service or route can be based on service and topology state information received from one or more other routers and can be advertised with the router as the nexthop for the aggregated service or route. The router can advertise an aggregated metric for the aggregated service or route for use in such evaluation. An aggregated route can be associated with different aggregated metrics for different services.

Abstract: A routing system for routing packets for a route or service comprises a plurality of routers including a source router, wherein the source router is configured to receive, using a service and topology exchange protocol, service and topology state information from a STEP repository for at least one other router based on configured relationships between routers; determine a first path to a destination for a route or service based on the service and topology state information, the first path including an ordered list of successive routers to receive a packet associated with the route or service starting with a first successive router and ending with a destination router; and transmit a packet toward the first successive router with first metadata including a list of at least one remaining router of the ordered list of routers to receive the packet associated with the route or service.

Abstract: A routing system for implementing a service and topology exchange protocol (STEP) comprises a primary STEP server configured to maintain a STEP repository and a plurality of routers, each router including a STEP client in communication with the primary STEP server. The STEP client of each router is configured to transmit, using the service and topology exchange protocol, service and topology state information for at least one route or service available through the router to the primary STEP server for storage in the STEP repository.

Abstract: A routing system for providing multicast access control includes a plurality of routers including a multicast source router and a plurality of multicast receiver routers, the plurality of routers providing a multicast service, wherein the routers are configured to enforce multicast access control policies for the multicast service including a receiver access policy that controls which multicast receivers are allowed to receive packets from the multicast service and a sender access policy that controls which multicast sources are allowed to send packets to the multicast service for distribution to the multicast receivers.

Abstract: A packet routing method and apparatus for managing packets of a bi-directional session between a first node and a second node in an IP network receives a mid-stream packet at an intermediate node. The intermediate node is not part of the bi-directional session. Next, the method identifies the bi-directional session (“identified session”) from which the mid-stream packet originated. The identified session includes a bi-directional path between the first node and the second node, while the bi-directional path includes a plurality of nodes for bi-directionally forwarding packets between the first node and the second node. The method then directs that one or more packets of the identified session be routed to at least one of the plurality of nodes of the identified session.

Abstract: An intermediate node obtains a lead packet of a plurality of packets in a session having a unique session identifier, modifies the lead packet to identify at least the intermediate node and also to identify source and destination port numbers assigned by the intermediate node for a possible forward association, and then forwards the lead packet toward the destination node though an intermediate node electronic output interface to the IP network. The intermediate node also may receive, through an intermediate node electronic input interface in communication with the IP network, a backward message from a next node having a next node identifier. Both the intermediate node and the next node form an association between the intermediate node identifier, the next node identifier, and the source and destination port numbers assigned by the intermediate node. This association is part of a forward association for the intermediate node and is part of a return associate for the next node.

Abstract: A routing method checks a network path selected for transmitting a stream of packets between a first routing node and a second routing node in a computer network. The stream of packets complies with a first transport protocol. The method forwards, from the first routing node toward the second routing node, a set of handshake packets. The set of handshake packets includes change information indicating a change in the transport protocol for a plurality of the packets in the stream. The method modifies the plurality of packets in the stream (“modified packets”). Specifically, the method modifies the first transport protocol header in the plurality of packets in the stream to have a second transport protocol header of a second transport protocol. This modification preferably does not increase the packet size of each of modified packets.

Abstract: A method routes packets from a source to a destination across an IP network having a plurality of nodes (including the source and destination), and a plurality of network segments interconnecting the plurality of nodes. The source and destination are configured to use a given service. To those ends, the method receives information relating to the given service, and forms a path between the source and the destination. The path includes a) at least one intermediate node between the source and the destination and b) a plurality of specific network segments extending from the source to the destination. The plurality of specific network segments are a sub-set of the plurality of network segments. To form the path, the method assigns the plurality of specific network segments to the network path between the source and the destination as a function of the information relating to the given service.

Abstract: A packet routing method for directing packets of a session in an IP network causes an intermediate node to obtain a lead packet of a plurality of packets in a given session. The intermediate node has an electronic interface in communication with the IP network and obtains the lead packet through that same interface. The method maintains, in a routing database, state information relating to a plurality of sessions in the IP network. Each session includes a single stateful session path formed by an ordered plurality of nodes in the IP network, and the state information includes information about the ordered plurality of nodes in the sessions. The method further accesses the routing database to determine the state of a plurality of sessions, and forms a stateful given path for packets of the given session across the IP network as a function of the state information in the routing database.

Abstract: Two nodes in a communication system exchange link monitoring protocol messages including special metadata that allows each node to determine the status of source NAT on communication links to and from the other node, e.g., if source NAT is present on the communication link, or if there is a change in source NAT configuration (e.g., from enabled to disabled, from disabled to enabled, or from one translation to another translation). The special metadata also allows true source information (e.g., source address and source port number) to be conveyed between nodes even in the presence of source NAT, because the source NAT device does not change the metadata in the message because the metadata is considered to be part of the message payload. In certain exemplary embodiments, knowledge regarding the presence of source NAT devices as well as the true source information conveyed through the source NAT devices via the special metadata can be used in the context of “stateful” routing.

Abstract: In exemplary embodiments of the present invention, special metadata is added to link monitoring protocol messages exchanged by pairs of adjacent nodes to allow such nodes to detect communication link failures and determine whether the failure affects an incoming communication link or an outgoing communication link. The link monitoring protocol messages may be augmented BFD messages.

Abstract: A packet routing method and apparatus for managing packets of a bi-directional session between a first node and a second node in an IP network receives a mid-stream packet at an intermediate node. The intermediate node is not part of the bi-directional session. Next, the method identifies the bi-directional session (“identified session”) from which the mid-stream packet originated. The identified session includes a bi-directional path between the first node and the second node, while the bi-directional path includes a plurality of nodes for bi-directionally forwarding packets between the first node and the second node. The method then directs that one or more packets of the identified session be routed to at least one of the plurality of nodes of the identified session.

Abstract: A routing method checks a network path selected for transmitting a stream of packets between a first routing node and a second routing node in a computer network. The stream of packets complies with a first transport protocol. The method forwards, from the first routing node toward the second routing node, a set of handshake packets. The set of handshake packets includes change information indicating a change in the transport protocol for a plurality of the packets in the stream. The method modifies the plurality of packets in the stream (“modified packets”). Specifically, the method modifies the first transport protocol header in the plurality of packets in the stream to have a second transport protocol header of a second transport protocol. This modification preferably does not increase the packet size of each of modified packets.

Abstract: An intermediate node obtains a lead packet of a plurality of packets in a session having a unique session identifier, modifies the lead packet to identify at least the intermediate node, and then forwards the lead packet toward the destination node though an intermediate node electronic output interface to the IP network. The intermediate node also receives, through an intermediate node electronic input interface in communication with the IP network, a backward message from a next node having a next node identifier. The backward message includes the next node identifier and the session identifier. The intermediate node forms an association between the next node identifier and the session identifier, stores the association in memory to maintain state information for the session, and obtains (e.g., receives) additional packets of the session. Substantially all of the additional packets in the session are forwarded toward the next node using the stored association.

Abstract: An intermediate node obtains a lead packet of a plurality of packets in a session having a unique session identifier, modifies the lead packet to identify at least the intermediate node and also to identify source and destination port numbers assigned by the intermediate node for a possible forward association, and then forwards the lead packet toward the destination node though an intermediate node electronic output interface to the IP network. The intermediate node also may receive, through an intermediate node electronic input interface in communication with the IP network, a backward message from a next node having a next node identifier. Both the intermediate node and the next node form an association between the intermediate node identifier, the next node identifier, and the source and destination port numbers assigned by the intermediate node. This association is part of a forward association for the intermediate node and is part of a return associate for the next node.

Abstract: In exemplary embodiments of the present invention, special metadata is added to link monitoring protocol messages exchanged by pairs of adjacent nodes to allow such nodes to detect communication link failures and determine whether the failure affects an incoming communication link or an outgoing communication link. The link monitoring protocol messages may be augmented BFD messages.

Abstract: Two nodes in a communication system exchange link monitoring protocol messages including special metadata that allows each node to determine the status of source NAT on communication links to and from the other node, e.g., if source NAT is present on the communication link, or if there is a change in source NAT configuration (e.g., from enabled to disabled, from disabled to enabled, or from one translation to another translation). The special metadata also allows true source information (e.g., source address and source port number) to be conveyed between nodes even in the presence of source NAT, because the source NAT device does not change the metadata in the message because the metadata is considered to be part of the message payload. In certain exemplary embodiments, knowledge regarding the presence of source NAT devices as well as the true source information conveyed through the source NAT devices via the special metadata can be used in the context of “stateful” routing.

Abstract: In exemplary embodiments of the present invention, a router determines whether or not to establish a stateful routing session based on the suitability of one or more candidate return path interfaces. This determination is typically made at the time a first packet for a new session arrives at the router on a given ingress interface. In some cases, the router may be configured to require that the ingress interface be used for the return path of the session, in which case the router may evaluate whether the ingress interface is suitable for the return path and may drop the session if the ingress interface is deemed by the router to be unsuitable for the return path. In other cases, the router may be configured to not require that the ingress interface be used for the return path, in which case the router may evaluate whether at least one interface is suitable for the return path and drop the session if no interface is deemed by the router to be suitable for the return path.

Abstract: An intermediate node obtains a lead packet of a plurality of packets in a session having a unique session identifier, modifies the lead packet to identify at least the intermediate node, and then forwards the lead packet toward the destination node though an intermediate node electronic output interface to the IP network. The intermediate node also receives, through an intermediate node electronic input interface in communication with the IP network, a backward message from a next node having a next node identifier. The backward message includes the next node identifier and the session identifier. The intermediate node forms an association between the next node identifier and the session identifier, stores the association in memory to maintain state information for the session, and obtains (e.g., receives) additional packets of the session. Substantially all of the additional packets in the session are forwarded toward the next node using the stored association.