Abstract: Techniques are presented herein for optimizing network traffic exchanged between devices in a network. A firewall device in a network detects a firewall failure event. In response to detecting the firewall failure event, the firewall device changes from a standby state to an active state in managing a network connection between a source device and a destination device in the network. The firewall device generates a synchronization message and sends the synchronization message to the destination device. The firewall device receives from the destination device a response message that includes synchronization information.

Abstract: The disclosed embodiments support mobility internal and external to enterprise networks. Service providers provide mobility by providing Home Agent functionality corresponding to each Enterprise network. In this manner, mobility may be provided to Mobile Nodes both internal and external to their enterprise networks. Moreover, data packets may be transmitted by Mobile Nodes to Correspondent Nodes, whether they are within their enterprise network, the Service Provider network, or the Internet.

Abstract: Techniques are presented herein for optimizing and load balancing network traffic exchanged between devices in a network environment. At a first device in a cluster of devices in a network, a packet is received from a second device in the cluster. The packet comprises identifier information that is assigned to the first device. The identifier information is reassigned to the second device in the cluster such that subsequent packets with the identifier information are sent directly to the second device. A mapping table is updated to indicate that the identifier information is reassigned to the second device.

Abstract: The disclosed embodiments support mobility internal and external to enterprise networks. Service providers provide mobility by providing Home Agent functionality corresponding to each Enterprise network. In this manner, mobility may be provided to Mobile Nodes both internal and external to their enterprise networks. Moreover, data packets may be transmitted by Mobile Nodes to Correspondent Nodes, whether they are within their enterprise network, the Service Provider network, or the Internet.

Abstract: Techniques are provided for seamless integration of wired and wireless functionality packet forwarding in network. A plurality of access switches are provided in each of a plurality of mobility sub-domains that are part of a mobility domain of a network. Each access switch serves one or more Internet Protocol (IP) subnets, each comprising a plurality of IP addresses. An access switch obtains an IP address for a wireless device according to the one or more IP subnets that the access switch serves. The access switch sends an association advertisement message to indicate the IP address of the wireless device and to enable other access switches and routers to compute a path to the wireless device. When a wireless device obtains an IP address, it can keep the same IP address as it roams in the mobility domain.

Abstract: Techniques are provided to enable support of roaming wireless devices in a network such that the wireless devices can keep their Internet Protocol (IP) addresses as they roam across mobility sub-domains. Traffic for a wireless device that roams is tunneled back to the access switch that serves the IP subnet which includes an IP address for the wireless device. Traffic is tunneled back to that access switch for the wireless device when the wireless device roams to another access switch which does not serve the IP subnet for the wireless device in the same mobility sub-domain and when the wireless device roams to a different mobility sub-domain, in which case the traffic is tunneled between tunneling endpoints in the respective mobility sub-domains.

Abstract: Techniques are provided to support roaming of wireless devices in a network such that the wireless devices can keep their Internet Protocol (IP) addresses as they roam within and across mobility sub-domains. When a wireless device roams from one access switch to another access switch, a tunneling endpoint apparatus in the wireless device's home mobility sub-domain is configured to serve as the point of presence for the roamed wireless device. Traffic for the roamed wireless device is tunneled from the access switch where the wireless device has roamed (where it is currently attached) to the tunneling endpoint apparatus. When the wireless device roams across mobility sub-domains, then traffic is tunneled from the access switch where the wireless device is currently attached to the tunneling endpoint apparatus in that mobility sub-domain (called a “foreign” mobility sub-domain) to the tunneling endpoint apparatus in the wireless device's home mobility sub-domain.

Abstract: In one embodiment, a method includes receiving, at a visited network node, policy for a roaming terminal from a home network of the roaming terminal. The policy is associated with a home Internet Protocol (IP) address of the roaming terminal. The visited network node applies the policy in the visited network to data packets that include the home IP address. Applying the policy to a data packet encompasses either enforcing the policy at the node that applies the policy or sending data that indicates the policy to a different node that applies the policy based on the data sent, or both.

Abstract: Methods and apparatus for applying a single virtual private network (VPN) address to tunnels or connections associated with different access interfaces are disclosed. In one embodiment, a method includes establishing a first tunnel between a node and a VPN server. The first tunnel has a first address. The method also includes assigning a VPN address to the first tunnel, as well as establishing a second tunnel between the node and the VPN server. The second tunnel has a second address. The VPN address is assigned to the second tunnel, and VPN address is accessed by both the first address and the second address.

Abstract: Methods and apparatus for dynamically generating authentication keys are disclosed. Specifically, a Mobile-Foreign authentication key is separately generated by both the Mobile Node and Foreign Agent. Similarly, a Foreign-Home authentication key is separately generated by the Foreign Agent and the Home Agent. In accordance with one embodiment, generation of the Mobile-Foreign authentication key and Foreign-Home authentication key are accomplished via the Diffie-Hellman key generation scheme.

Abstract: This disclosure relates to a system and method for offloading selected data traffic in logical tunnels to the Internet. The offloading provides another data path for selected data traffic that can relieve the burden on a mobile operator's network, such as the backhaul and core networks. As the proliferation of data rich content and increasingly more capable mobile devices has continued, the amount of data communicated over mobile operator's networks has increased. Upgrading the existing network that was designed for voice calls is not desirable or practical for many mobile operators. This disclosure provides systems and methods for offloading data to the Internet at a router to relieve congestion on the mobile operator's network.

Abstract: Methods and apparatus for establishing an optimized route between a node and a Correspondent Node are disclosed. In a Mobile Router supporting Mobile IP, the Mobile Router having one or more networks associated therewith, a method of establishing a route between one or more nodes associated with one of the networks of the Mobile Router and a Correspondent Node includes composing a HOTI message on behalf of at least one of the nodes, which is sent from the Mobile Router to a Correspondent Node via a Home Agent supporting the Mobile Router. The Mobile Router sends a COTI message to the Correspondent Node on behalf of the node. The Mobile Router receives a HOT message from the Correspondent Node.

Abstract: Methods and apparatus for performing proxy registration on behalf of a node with a Home Agent supporting Mobile IP are disclosed. A first registration request is composed on behalf of the node and transmitted to the Home Agent via a first Local Mobility Anchor, wherein the first Local Mobility Anchor is a regional controller via which registration is performed when the node moves within a region associated with the first Local Mobility Anchor. When the node moves within a region or between regions, the node is re-registered. Specifically, a second registration request is composed and transmitted to the first Local Mobility Anchor when the node moves within the region associated with the first Local Mobility Anchor.

Abstract: Techniques are provided to support roaming of wireless devices in a network such that the wireless devices can keep their Internet Protocol (IP) addresses as they roam within and across mobility sub-domains. When a wireless device roams from one access switch to another access switch, a tunneling endpoint apparatus in the wireless device's home mobility sub-domain is configured to serve as the point of presence for the roamed wireless device. Traffic for the roamed wireless device is tunneled from the access switch where the wireless device has roamed (where it is currently attached) to the tunneling endpoint apparatus. When the wireless device roams across mobility sub-domains, then traffic is tunneled from the access switch where the wireless device is currently attached to the tunneling endpoint apparatus in that mobility sub-domain (called a “foreign” mobility sub-domain) to the tunneling endpoint apparatus in the wireless device's home mobility sub-domain.

Abstract: Techniques are provided for seamless integration of wired and wireless functionality packet forwarding in network. A plurality of access switches are provided in each of a plurality of mobility sub-domains that are part of a mobility domain of a network. Each access switch serves one or more Internet Protocol (IP) subnets, each comprising a plurality of IP addresses. An access switch obtains an IP address for a wireless device according to the one or more IP subnets that the access switch serves. The access switch sends an association advertisement message to indicate the IP address of the wireless device and to enable other access switches and routers to compute a path to the wireless device. When a wireless device obtains an IP address, it can keep the same IP address as it roams in the mobility domain.

Abstract: Techniques are provided to enable support of roaming wireless devices in a network such that the wireless devices can keep their Internet Protocol (IP) addresses as they roam across mobility sub-domains. Traffic for a wireless device that roams is tunneled back to the access switch that serves the IP subnet which includes an IP address for the wireless device. Traffic is tunneled back to that access switch for the wireless device when the wireless device roams to another access switch which does not serve the IP subnet for the wireless device in the same mobility sub-domain and when the wireless device roams to a different mobility sub-domain, in which case the traffic is tunneled between tunneling endpoints in the respective mobility sub-domains.

Abstract: In one embodiment, a system for providing mobile Internet Protocol (IP) connectivity includes a memory and a processor. The memory stores one or more user level policies associated with an access terminal. The processor establishes a mobile IP connection with the access terminal. The processor receives the user level policies from a home IP gateway of the access terminal, and applies the user level policies to the mobile IP connection.

Abstract: Methods and apparatus for performing proxy registration on behalf of a node with a Home Agent supporting Mobile IP are disclosed. A first registration request is composed on behalf of the node and transmitted to the Home Agent via a first Local Mobility Anchor, wherein the first Local Mobility Anchor is a regional controller via which registration is performed when the node moves within a region associated with the first Local Mobility Anchor. When the node moves within a region or between regions, the node is re-registered. Specifically, a second registration request is composed and transmitted to the first Local Mobility Anchor when the node moves within the region associated with the first Local Mobility Anchor.

Abstract: Methods and apparatus for performing proxy registration on behalf of a node with a Home Agent supporting Mobile IP are disclosed. A first registration request is composed on behalf of the node and transmitted to the Home Agent via a first Local Mobility Anchor, wherein the first Local Mobility Anchor is a regional controller via which registration is performed when the node moves within a region associated with the first Local Mobility Anchor. When the node moves within a region or between regions, the node is re-registered. Specifically, a second registration request is composed and transmitted to the first Local Mobility Anchor when the node moves within the region associated with the first Local Mobility Anchor.

Abstract: Techniques for allowing a home agent to provide location/presence-based services are provided. In one embodiment, a point of attachment of an access network receives a discovery request from a mobile node. A mobile node is associated with a home agent in a home network different from the access network. Location/presence-based information is determined at the point of attachment. The location/presence-based information is added to a registration request at the layer 3 protocol layer. The registration request is then sent from the point of attachment to the home agent. When the registration request is received at the home agent, the home agent parses the registration request to determine the location/presence information from the request. The home agent then performs a location/presence service using the location/presence information.