Abstract: Methods of balancing network packet traffic among multiple checking functionalities (CFs) are described. A network has at least one client operatively connected to at least one source switch and multiple available CFs operatively connected to at least one destination switch. Each available CF has predetermined, but possibly different inspection capabilities. A source switch receiving packets from a client inspects each packet and can optionally choose an available CF having at least the minimum necessary inspection capabilities to inspect the particular packet, and tunnel the packet to the chosen CF.

Abstract: A network, network devices, and methods are described for packet processing indication. A method includes tunneling a packet from a first network device to a second network device associated with a first checking functionality. The second network device has an address different than an original destination address of the packet. The method also includes return-tunneling the packet from the second network device to the first network device with an indication of whether the packet was processed by the first checking functionality. The method includes tunneling the packet from the first network device to a third network device associated with a second checking functionality in response to the indication being that the packet was not processed by the first checking functionality. The third network device has an address different from the original destination address of the packet.

Abstract: In an embodiment of the invention, a method and apparatus for hardware throttling of network traffic, includes: receiving a packet; and preventing the packet from being copied, based on a rate field value associated with a new address in the packet information in the packet. The packet is not copied even if a copy rule is triggered.

Abstract: A method of transmitting an upstream communication packet from a distributed trunk (DT) switch is described. The method comprises receiving a packet from a device connected to a DT port of the DT switch; and transmitting the received packet via a non-DT port of the DT switch if the DT switch is the owner of the device and transmitting the received packet via a DT interconnect (DTI) port of the DT switch if the DT switch is not the owner of the device.

Abstract: A network, network devices, and methods are described for locating original port information. A network device includes a network chip having a number of network ports for the device for receiving and transmitting packets. The network chip includes logic to locate original port information for a packet returned from a checking functionality.

Abstract: System and methods for metering output packet traffic at network devices. Ingress packet lookups are employed in combination with egress packet meters, which can be arranged in parallel fashion, and used to meter traffic across multiple blades of a switch chassis. Also, egress packet traffic metering is accomplished while matching complex ingress rules without additional egress packet processing. The system has a first node for creating requests that contain a number of filter indicies for specifying packet forwarding criteria. The first node also specifies values for the filter and meter indicies based on a packet to be forwarded. The system also has a second node coupled to the first node and to a number of ports. The second node has at least one table for specifying which of the ports are to receive the packet based on the filter values, and at least one table for accounting for egress traffic bandwidth.

Abstract: A method for testing a network device having modules for receiving and sending data packets in a network includes generating in the network device at least one internal data structure associated with a data packet received by the network device from the network. A predefined action on the network device is then preformed responsive to the internal data structure indicating that the data packet satisfies a predefined condition.

Abstract: One embodiment disclosed relates to a method for remote mirroring of network traffic. A data packet to be remotely mirrored is received by an entry device. The entry device is pre-configured with a destination Internet Protocol (IP) address to which to mirror the data packet. An IP header is generated and added to IP encapsulate the data packet. The IP header includes the aforementioned destination IP address. The IP-encapsulated packet is forwarded to an exit device associated with the destination IP address. Subsequently, the exit device may decapsulate the IP-encapsulated packet to reproduce the original data packet.

Abstract: A network, network devices, and methods are described for packet processing. A method includes using logic on a first network device to select a checking functionality based on a number of criteria. The method uses logic on the first network device to select the checking functionality from a list of checking functionalities. The checking functionality is selected for processing packets identified by the first network device. The method also includes using logic on the first network device to configure a tunnel initiation to tunnel packets to a second network device that is associated with the selected checking functionality. The second network device has a destination address different from an original destination address of identified packets.

Abstract: An embodiment of the invention evaluates the suitability of routes for use in a network route cache. An embodiment of the invention allows the use of network routing caches to be optimized such that routes that are not used to route to a large number of destinations can be offloaded into a less expensive host route cache.

Abstract: Network devices, systems, and methods are provided for packet processing. One network device includes a network chip including logic and a number of network ports for the device for receiving and transmitting packets therefrom. The logic is operable to mirror packets on a per port per virtual local area network (VLAN) membership basis.

Abstract: Systems, devices, and methods, including executable instructions are provided for content addressable memory (CAM). One method includes defining the CAM into an array of data words having M rows and N columns, with each of N and M being greater than one. The data words of the CAM are arranged according to a 2-dimensional priority scheme. Data words outside a selected 1×M column are masked to be ignored in determining a match, and the CAM is searched. Each search includes N compare cycles and each compare cycle having a different 1×M column selected. A highest priority match per compare cycle is pipelined from a priority encoder with the pipelined matches arranged to communicate a priority order in a first dimension of the 2-dimensional priority scheme.

Abstract: Systems, devices, and methods, including executable instructions are provided for resolving content addressable memory (CAM) match address priority. One method includes retaining a first match address as the best match address. Subsequent match addresses are compared to the retained best match address, each match address being associated with a compare cycle during which a selected columnar portion of each CAM entry is compared to a corresponding portion of a search term. The best match address is updated as a result of the comparison.

Abstract: Network devices, systems, and methods are provided for packet processing. One network device includes a network chip including logic and a number of network ports for the device for receiving and transmitting packets therefrom. The logic is operable to group a number of ports into a membership group based on a criteria, and define a filter index in association with a network packet to indicate the membership group.

Abstract: Embodiments of the invention may include network devices, systems, and methods, including executable instructions and/or logic, for remote client remediation. One method includes identifying a client needing remediation, tunnel-encapsulating packets originating from the client during remediation, and forwarding the tunnel-encapsulated packets to a remote remediation functionality different from an original destination address of the packets and having membership in a remediation VLAN different from the original VLAN.

Abstract: A network, network devices, and methods are described for marked packet forwarding. A network device includes a network chip having a number of network ports for receiving and transmitting packets. The network chip includes logic to decapsulate a packet received from a tunnel, mark the packet with a handle associated with an originating network device of the packet using information from an encapsulation header, and forward the marked packet to a checking functionality having a destination address different from an original destination address of the packet.

Abstract: A network, network devices, and methods are described for locating original port information. A network device includes a network chip having a number of network ports for the device for receiving and transmitting packets. The network chip includes logic to locate original port information for a packet returned from a checking functionality.

Abstract: Network devices, systems, and methods are provided for packet processing. One network device includes a network chip having a number of network ports for the device. The network chip includes logic to select original data packets, based on a set of criteria, received from or destined to a particular port on the device and to tunnel the selected data packets to a second network device having a different destination address to that of the selected data packets.

Abstract: One embodiment disclosed relates to a method for mirroring of select network traffic. A data packet is received by a network device. A determination is made as to whether a designated aspect of the packet matches a flagged entry in a look-up table on the network device. If a match is found, then copy of the packet is sent to an associated mirror destination. Another embodiment disclosed relates to a networking apparatus. The apparatus includes at least an operating system, a look-up table, and a mirroring engine. The operating system includes routines utilized to control the apparatus, and the look-up table includes selection information for mirror sources. The mirroring engine forwards copies of selected packets to a corresponding mirror destination. Another embodiment disclosed relates to a method of selecting packets to mirror that includes checking state information relating to the network traffic against dynamic mirroring criteria.

Abstract: In an embodiment of the invention, a method and apparatus for hardware throttling of network traffic, includes: receiving a packet; and preventing the packet from being copied, based on a rate field value associated with a new address in the packet information in the packet. The packet is not copied even if a copy rule is triggered.