Abstract: In one embodiment, a local network device collects local optical power information for at least one of either a local optical transmit interface and a local optical receive interface of the local network device. The local network device may then exchange the local information for remote optical power information of corresponding remote optical receive and transmit interfaces of a remote network device at an opposing end of at least one corresponding optical link (fiber). For example, an exchange may use a point-to-point protocol which may dynamically determine/discover neighboring relationships between capable peer device interfaces and establish a suitable communication exchange between the capable peers. Based on the local information and exchanged remote information, the local network device may calculate an optical power loss of each corresponding optical link.

Abstract: Stackable Layer 2 switches may be upgraded through a stateless upgrade procedure that minimizes software upgrade complexity while leveraging the intrinsic redundancy of the network to minimize traffic disruption. Disclosed methods may be targeted to platforms that lack support for other non-disruptive upgrade technologies, but that can leverage the intrinsic network redundancy to minimize traffic impact during a stack upgrade.

Abstract: In one embodiment, an apparatus comprises a first logic configured to determine an identifier associated with a packet and determine a flow count index associated with the identifier, and a flow counter, coupled to the first logic and configured to count a number of packet flows associated with the flow count index. The embodiment also includes a second logic, coupled to the first logic and the flow counter, wherein the second logic is configured analyze the packet to determine if the packet is a part of a new packet flow that has not been counting in the flow counter, and if it has not been counted, incrementing the flow counter.

Abstract: Methods and apparatus for intelligent sharing and tighter integration between a service engine (SE) for network communication and a high-speed forwarding device, such that certain network flows may be offloaded from the SE to benefit from the high-speed forwarding capacity of such a device are provided. To accomplish the integration, an application binary interface (ABI) may be employed as an in-band high-priority communication protocol between the data planes of the SE and the high-speed forwarding device, and an application programming interface (API) may be utilized to leverage the ABI and any in-band or out-of-band channel to allow the master SE to control the high-speed slave device. Such integration techniques are not limited to a few specialized hardware components, but may also be applied to other types of hardware resources, such as flow tables, quality of service (QoS) tables, access control list (ACL) tables for security, forwarding and adjacency tables, etc.

Abstract: Automatic filter generation and maintenance comprises detecting, from network packets, an IP address and a first MAC address; the IP address and the first MAC address are used to determine that the IP address and another MAC address that are detected in second network packets is an illegal binding and the other MAC address is different from the first MAC address; causing a network element to create, in an ARP filter, based on the IP address and the first MAC address, rules that cause the network element to prevent an address resolution protocol table from including a binding that includes only one of the IP address and the first MAC address; in response to detecting the IP address and said another MAC address in the second network packets, preventing the address resolution protocol table from including the illegal binding that includes the IP address and the other MAC address.

Abstract: Automatic filter generation and maintenance comprises detecting, from network packets, an IP address and a first MAC address; the IP address and the first MAC address are used to determine that the IP address and another MAC address that are detected in second network packets is an illegal binding and the other MAC address is different from the first MAC address; causing a network element to create, in an ARP filter, based on the IP address and the first MAC address, rules that cause the network element to prevent an address resolution protocol table from including a binding that includes only one of the IP address and the first MAC address; in response to detecting the IP address and said another MAC address in the second network packets, preventing the address resolution protocol table from including the illegal binding that includes the IP address and the other MAC address.

Abstract: A method and network device to generate a remote traffic monitoring session using an automated technique to configure the source and destination devices of the monitoring system is disclosed. The method includes discovering a Layer 3 (L3) source device and an L3 destination device and automatically configuring the devices. The L3 source device passes target traffic that will be monitored via the L3 destination device in a remote traffic monitoring session. The method verifies configurations of the L3 source device and the L3 destination device, and determines remote monitoring capabilities common to the L3 source device and the L3 destination device. The method negotiates relevant parameters for the remote traffic monitoring session and establishes the remote traffic monitoring session between the L3 source device and the L3 destination device.

Abstract: A method is disclosed for automatic filter generation and maintenance. From information transmitted on a network, a first device identifier and a second device identifier are detected. Based on the first and second device identifiers, a filter is automatically configured to deny network-transmitted information that attempts to establish an association between the first device identifier and a device identifier other than the second device identifier.

Abstract: A method for cable diagnostics in a network includes performing a test to determine initial state information for each of a plurality of lines coupled to a switch and storing the initial state information in a database. When a change in the state of a line is detected, the test is re-run to determine new state information of the line. The new state information is stored in the database and a message that identifies the change in state and a likely cause of the state change is issued to a network operator. It is emphasized that this abstract is provided to comply with the rules requiring an abstract that will allow a searcher or other reader to quickly ascertain the subject matter of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or meaning of the claims.

Abstract: A method and network device to generate a remote traffic monitoring session using an automated technique to configure the source and destination devices of the monitoring system is disclosed. The method includes discovering a Layer 3 (L3) source device and an L3 destination device and automatically configuring the devices. The L3 source device passes target traffic that will be monitored via the L3 destination device in a remote traffic monitoring session. The method verifies configurations of the L3 source device and the L3 destination device, and determines remote monitoring capabilities common to the L3 source device and the L3 destination device. The method negotiates relevant parameters for the remote traffic monitoring session and establishes the remote traffic monitoring session between the L3 source device and the L3 destination device.

Abstract: Methods and apparatus for intelligent sharing and tighter integration between a service engine (SE) for network communication and a high-speed forwarding device, such that certain network flows may be offloaded from the SE to benefit from the high-speed forwarding capacity of such a device are provided. To accomplish the integration, an application binary interface (ABI) may be employed as an in-band high-priority communication protocol between the data planes of the SE and the high-speed forwarding device, and an application programming interface (API) may be utilized to leverage the ABI and any in-band or out-of-band channel to allow the master SE to control the high-speed slave device. Such integration techniques are not limited to a few specialized hardware components, but may also be applied to other types of hardware resources, such as flow tables, quality of service (QoS) tables, access control list (ACL) tables for security, forwarding and adjacency tables, etc.

Abstract: A method of testing a primary device for two-way communication between the primary device and one or more other devices in communication therewith in a network is disclosed. The method includes inserting into an echo packet an originating device identifier in an originating device field and a primary device identifier in a primary device field, and transmitting the echo packet from the primary device. Two-way communication is detected if a reply packet received at the primary device contains the originating device identifier in the originating device field and the primary device identifier in the primary device field. A system for testing a primary device for two-way communication between the primary device and neighbor devices coupled to the primary device is also disclosed.

Abstract: A method is disclosed for automatic filter generation and maintenance. From information transmitted on a network, a first device identifier and a second device identifier are detected. Based on the first and second device identifiers, a filter is automatically configured to deny network-transmitted information that attempts to establish an association between the first device identifier and a device identifier other than the second device identifier.

Abstract: In one embodiment, a local network device collects local optical power information for at least one of either a local optical transmit interface and a local optical receive interface of the local network device. The local network device may then exchange the local information for remote optical power information of corresponding remote optical receive and transmit interfaces of a remote network device at an opposing end of at least one corresponding optical link (fiber). For example, an exchange may use a point-to-point protocol which may dynamically determine/discover neighboring relationships between capable peer device interfaces and establish a suitable communication exchange between the capable peers. Based on the local information and exchanged remote information, the local network device may calculate an optical power loss of each corresponding optical link.

Abstract: In one embodiment, an apparatus comprises a first logic configured to determine an identifier associated with a packet and determine a flow count index associated with the identifier, and a flow counter, coupled to the first logic and configured to count a number of packet flows associated with the flow count index. The embodiment also includes a second logic, coupled to the first logic and the flow counter, wherein the second logic is configured analyze the packet to determine if the packet is a part of a new packet flow that has not been counting in the flow counter, and if it has not been counted, incrementing the flow counter.

Abstract: A method is disclosed for automatic filter generation and maintenance. From information transmitted on a network, a first device identifier and a second device identifier are detected. Based on the first and second device identifiers, a filter is automatically configured to deny network-transmitted information that attempts to establish an association between the first device identifier and a device identifier other than the second device identifier.

Abstract: Disclosed are mechanisms for facilitating the use of DHCP (dynamic host configuration protocol) binding data. In general, certain applications include mechanisms for intercepting data being sent from a node and then determining whether the data corresponds to a valid IP address and MAC address binding. Embodiments of the present invention provide mechanisms for sharing such DHCP binding data between routers (or other type of network devices) in a redundancy group so that any of the routers may take over the data inspection to validate DHCP bindings. In particular aspects of the invention, the DHCP binding data is validated in procedures related to DHCP snooping, dynamic ARP (address resolution protocol) inspection, and the like.

Abstract: The invention uses a layer 2 switch (L2 switch), or bridge, to separate user's message traffic by use of Virtual Local Area Networks (VLANs) defined within the switch. Three new types of ports are defined, “promiscuous” ports “isolated” ports, and “community” ports. Three types of VLANs internal to the switch are defined, “primary” VLANs, “isolated” VLANs and “community” VLANs. The promiscuous ports are connected to layer 3 or layer 4 devices. Isolated ports and community ports are connected to individual user's servers, etc., and maintain traffic for each user separate from other users. The primary VLAN connects to all promiscuous ports, to all isolated ports, and to all community ports. The primary VLAN is a one way connection from promiscuous ports to isolated or community ports. An isolated VLAN connects to all promiscuous ports and to all isolated ports. The isolated VLAN is a one way connection from an isolated port to the promiscuous ports.

Abstract: A system and method are provided to prevent the formation of loops in a network. The network device includes a plurality of ports for receiving and forwarding network messages and a spanning tree protocol engine. The spanning tree protocol engine, in one embodiment, implements the Rapid Spanning Tree Protocol (RSTP) to transitions the ports among a plurality port states, including a discarding state, a learning state and a forwarding state. The network device further includes a loop guard engine that is in a communicating relationship with the spanning tree protocol engine and the ports. The loop guard engine monitors the receipt of bridge protocol data units (BPDUs) by the ports. If a given port stops receiving BPDUs, the loop guard engine prevents the spanning tree protocol engine from transitioning the given port to the forwarding state. Instead, the loop guard engine causes the port to transition to loop inconsistent state.

Abstract: A method of testing a primary device for two-way communication between the primary device and one or more other devices in communication therewith in a network is disclosed. The method includes inserting into an echo packet an originating device identifier in an originating device field and a primary device identifier in a primary device field, and transmitting the echo packet from the primary device. Two-way communication is detected if a reply packet received at the primary device contains the originating device identifier in the originating device field and the primary device identifier in the primary device field. A system for testing a primary device for two-way communication between the primary device and neighbor devices coupled to the primary device is also disclosed.