Abstract: A method, computer readable medium and apparatus for performing content aware optimized tunneling in a communication network are disclosed. For example, the method authenticates a user endpoint device, establishes a tunnel to the user endpoint device if the user endpoint device is authenticated, analyzes content of a data packet transmitted through the tunnel to determine if the tunnel should be re-directed, and re-directs the tunnel to a gateway general packet radio services support node light based upon the content of the data packet.

Abstract: Systems and methods are described that employ multi-path BGP to realize dynamic multi-path load balancing based on an Intelligent Route Service Control Point (IRSCP) router control architecture that uses dynamic traffic flow information to perform dynamic load balancing to enable precise and effective load balancing.

Abstract: A route control architecture allows a network operator to flexibly control routing between the traffic ingresses and egresses in a computer network, without modifying existing routers. An intelligent route service control point (IRSCP) replaces distributed BGP decision processes of conventional network routers with a route computation that is flexible and logically centralized but physically distributed. One embodiment supplements the traditional BGP decision process with a ranking decision process that allows route-control applications to explicitly rank traffic egresses on a per-destination, per-router basis. A straightforward set of correctness requirements prevents routing anomalies in implementations that are scalable and fault-tolerant.

Abstract: Disclosed is a method and system for identifying a controller of a first computer transmitting a network attack to an attacked computer. To identify an attacker implementing the attack on the attacked computer, the present invention traces the attack back to the controller one hop at a time. The invention examines traces of the attacked computer to identify the first computer. Traffic transmitted to the first computer is redirected through a monitoring complex before being transmitted to the first computer. The controller is then detected from traffic monitoring by the monitoring complex.

Abstract: Methods and apparatus to migrate virtual machines between distributive computing networks across a wide area network are disclosed. A disclosed example method includes establishing a data link across a wide area network between a first distributive computing network and a second distributive computing network, the first distributive computing network including a virtual machine operated by a first host communicatively coupled to a virtual private network via a first virtual local area network, communicatively coupling a second host included within the second distributive computing network to the virtual private network via a second virtual local area network, and migrating the virtual machine via the data link by transmitting a memory state of at least one application on the first host to the second host while the at least one application is operating.

Abstract: A networking device connects to a router and to an autonomous system (AS). The networking device receives a routing table from the router, exchanges routing information with the AS, updates the routing table in response to exchanging information with the AS, coalesces the updated routing table into a compressed routing table, and sends the compressed routing table back to the router. The compressed routing table causes the router to forward data in a manner that is identical to the received routing table.

Abstract: A content delivery system includes a cache server, a domain name server, and a redirector. The domain name server is configured to receive a request for a cache server address, and provide an IPv6 anycast address. The redirector is configured to receive a content request addressed to the IPv6 anycast address from a client system, receive load information from the cache server, and determine if the cache server is available. The redirector is further configured to forward the content request to the cache server when the cache server is available. The cache server is configured to receive the content request forwarded from the redirectors, send a response to the content request to a client system, the response including an IPv6 unicast address of the cache server as a source address, an IPv6 unicast address of the client system as a destination address, and the IPv6 anycast address as a home address, and provide the content to the requestor.

Abstract: Methods for identifying wanted traffic on the Internet are provided. The methods include determining a traffic history for a user of the Internet; identifying wanted traffic in a stream of Internet traffic based on the determined traffic history; and prioritizing the identified wanted traffic such that unwanted traffic is assigned a lower priority than the wanted traffic. Related systems and computer program products are also provided.

Abstract: Described is a system and method for receiving a data packet including a destination address and a source address, the data packet corresponding to a port number, assigning an address risk value for the data packet based on the source address and a port risk value for the data packet based on the port number. The data packet is categorized into a community based on the source address, wherein the community is predefined by a user corresponding to the destination address, the community includes a utility value. The address risk value and the port risk value are compared to the utility value to yield a benefit coefficient and the data packet is treated based on the benefit coefficient.

Abstract: A receive device includes a plurality of demodulators and a tunnel destination. The demodulators are configured to receive multiple data streams, each of the multiple data streams having a bit rate that is lower than a bit rate of a transmit data stream. The tunnel destination is configured to recombine the multiple data streams to provide a receive data stream having a bit rate equal to the bit rate of the transmit data stream. At least one of multiple radio frequency channels is connected to a legacy user between a transmit site and the receive device.

Abstract: A multi-staged framework for detecting and diagnosing Denial of Service attacks is disclosed in which a low-cost anomaly detection mechanism is first used to collect coarse data, such as may be obtained from Simple Network Management Protocol (SNMP) data flows. Such data is analyzed to detect volume anomalies that could possibly be indicative of a DDoS attack. If such an anomaly is suspected, incident reports are then generated and used to trigger the collection and analysis of fine grained data, such as that available in Netflow data flows. Both types of collection and analysis are illustratively conducted at edge routers within the service provider network that interface customers and customer networks to the service provider. Once records of the more detailed information have been retrieved, they are examined to determine whether the anomaly represents a distributed denial of service attack, at which point an alarm is generated.

Abstract: The invention discloses a method of acquiring, storing and transmitting data, which includes the provision of a database having at least three record sets in which data, such as medical examination data, can be accurately stored in suitable numerical format.

Abstract: Methods and apparatus to debug a network application are described. A described example network includes a live control network to collect control messages to create a history of network states, the history of network states reflecting an order in which control messages are processed, the live control network to roll back from a current state to a past state upon detection of an improper sequence of messages and to process the messages in a corrected sequence, the corrected sequence to be stored in the history. The described example network further includes a virtualized network corresponding to the live control network, the virtualized network responsive to a command from an operator to step through the history to facilitate debugging.

Abstract: A content delivery network includes first and second sets of cache servers, a domain name server, and an anycast island controller. The first set of cache servers is hosted by a first autonomous system and the second set of cache servers is hosted by a second autonomous system. The cache servers are configured to respond to an anycast address for the content delivery network, to receive a request for content from a client system, and provide the content to the client system. The first and second autonomous systems are configured to balance the load across the first and second sets of cache servers, respectively. The domain name server is configured to receive a request from a requestor for a cache server address, and provide the anycast address to the requestor in response to the request.

Abstract: A controller is used to provide a sharable, programmable and composable infrastructure. The controller includes a user manager to take input of user application programming interface calls that correspond to actions accepted from users. A physical manager fulfills requests from the user manager by manipulating distributed physical resources and logical devices in a network controlled by the controller. A configuration effector implements configuration changes to the physical resources and logical devices. A device monitor determines a status of the physical resources and logical devices, propagates the status to the physical manager for detecting a failure of the physical resources and logical devices in real-time, and mitigates the failure.

Abstract: A system includes first and second cache servers a domain name server, and a route controller. The cache servers are each configured to respond to an anycast address. Additionally, the first cache server is configured to respond to a first unicast address, and the second cache server is configured to respond to a second unicast address. The router controller configured to determine wither the status of the first cache server is non-overloaded, overloaded, or offline. The route controller is further configured to instruct the domain name server to provide the second unicast address when the status is overloaded or offline, and modify routing of the anycast address to direct a content request sent to the anycast address to the second cache server when the status is offline. The domain name server is configured to receive a request from a requestor for a cache server address.

Abstract: A system includes a memory storing a set of instructions executable by a processor. The set of instructions is operable to receive a process for accomplishing a network management task, the process including a plurality of events including configuration changing events and condition checking events; receive parameters related to the task; include the parameters in the process; and execute the process.

Abstract: Systems and methods are described that manage routing information in an IP network using extensible indexing and use the indexing to control the network. The indexing and associated controls apply to any router within the routing domain.

Abstract: Methods and apparatus to communicatively couple virtual private networks to virtual machines within distributive computing networks are disclosed. A disclosed example method includes receiving a request to provision a virtual machine from a virtual private network, determining a host for the virtual machine within a distributive computing network, creating the virtual machine within the host, communicatively coupling the virtual machine to a virtual local area network switch within the distributive computing network, configuring a portion of a router to be communicatively coupled to the virtual machine via the virtual local area network switch by specifying an address space within the router associated with at least one of the virtual machine or the virtual private network communicatively coupled to the router, and communicatively coupling the portion of the router to the virtual private network.

Abstract: A system that incorporates teachings of the present disclosure may include, for example, network device having a controller to combine network data sources enabling simplified database queries across a plurality of data sources, normalize the data from the plurality of data sources, continuously collect routing information between two routers of interest, selectively and automatically extract network data involving network events and routing, determine a temporal correlation among identified network events, determine a spatial correlation among identified network events, and troubleshoot an interactive media service based on a combination of the temporal correlation and the spatial correlation determined between the defined edge routers. Other embodiments are disclosed.