Abstract: System and methods are provided for performing deep packet inspection of data packets. An example system includes a packet forwarding component and a virtual machine component. The packet forwarding component is configured to receive data packets for transmission and to select one or more of the data packets based at least in part on a first set of rules for deep packet inspection. The virtual machine component is configured to perform deep packet inspection on the selected data packets according to a second set of rules to determine whether the selected data packets are allowed for transmission. The packet forwarding component is further configured to transmit the selected data packets when the selected data packets are allowed for transmission after the deep packet inspection.

Abstract: An embodiment includes a method that includes receiving source commands to establish a configuration to control a computer networking function in a computer networking device, wherein the source commands are written in a source command language. The method selectively translates the source commands from the source command language to target commands written in a target command language, wherein the translation is based, at least in part, on a function-to-function translation model. The configuration is established in the computer networking device based on the target commands.

Abstract: In one or more embodiments, attributes other than a supplicant's MAC address can be used for the user name in the authentication process in a network computing environment. In at least some embodiments, doing so utilizes an association structure, such as a table, that is already resident at the authentication server. By using attributes other than a supplicant's MAC address, various matching scenarios can be provided by the authentication server in which authentication or authorization takes place responsive to satisfying conditions defined in the authentication server's association or database. Furthermore, a variety of non-authentication scenarios can be supported using the authentication server's association.

Abstract: A network device including a port, a packet classifier, and a processor. The port is configured to communicate with a network. The packet classifier is configured to select a plurality of packets according to a packet classification rule. The packet classification rule describes a packet characteristic. The processor is configured to execute a program. The program is configured to perform comparisons between (i) a portion of each of the selected packets and (ii) one or more predetermined patterns. One of the predetermined patterns is added to the program without having to reboot the network device.

Abstract: In one embodiment, an apparatus comprises a plurality of queues and a queue scheduler configured to schedule frames from a plurality of Transmission Control Protocol flows. The frames are buffered through one of the plurality of queues based, at least in part on, a pre-assigned priority of the frames. Congestion control logic is configured to change a pre-assigned priority of selected frames from the plurality of Transmission Control Protocol (TCP) flows to reduce TCP global loss synchronization among the plurality of TCP flows.

Abstract: As part of the system and method of the present invention, either a Client Agent and/or a Predictive Server intercept a request from a client to a server, and a response from the server to the client. Based on information derived from the client/server communication, either the Client Agent or the Predictive Server generates a predictive request for data. The server's response to the predictive request is stored at either the Client Agent or the Predictive Server, and is forward to the client when the client generates a request for the data contained in the response.

Abstract: A network device including a port configured to exchange packets of data with one or more networks. The network device further includes a rule storing circuit is configured to store a plurality of event classification rules. Each of the event classification rules describes at least one event characteristic for an event in the network device. At least one of the event classification rules includes a change in state of the at least one port of the network device. The change in state of the at least one port is generated by a change in spanning tree mode. The network device further includes an event classifier is configured to identify events having the at least one event characteristic described by any of the event classification rules, and a plurality of event counters configured to count the events identified by the event classifier for a respective one of the event classification rules.

Abstract: As part of the system and method of the present invention, either a Client Agent and/or a Predictive Server intercept a request from a client to a server, and a response from the server to the client. Based on information derived from the client/server communication, either the Client Agent or the Predictive Server generates a predictive request for data. The server's response to the predictive request is stored at either the Client Agent or the Predictive Server, and is forward to the client when the client generates a request for the data contained in the response.

Abstract: A switch having first, second, and third ports receives a multicast join message into the first port on a first VLAN, wherein the first and second ports are associated with the first VLAN, the second and third ports are associated with a second VLAN, and the first, second, and third ports are associated with a multicast VLAN, and wherein the multicast join message represents a first request to join a multicast group; creates an association between the multicast group and the ports associated with the multicast VLAN based on the multicast join message; transmits a network-layer routing protocol message from the second port, wherein the network-layer routing protocol message represents a second request to join the multicast group; receives a multicast packet for the multicast group into the second port; and transmits the multicast packet on the multicast VLAN based on the association.

Abstract: An embodiment includes a method that includes identifying a first functional effect that would be produced in an apparatus by executing in the apparatus one or more source commands. The embodiment includes determining whether the first functional effect is producible in the apparatus based on the apparatus executing one or more target commands written in a command language different than the language that the source commands are written in. The embodiment includes, in response to determining that the first functional effect is producible in the apparatus based on the apparatus executing the one or more target commands, producing an output comprising the one or more target commands for execution by the apparatus.

Abstract: Apparatuses, systems, methods, algorithms, and software for distributed control and/or configuration of network switching devices. The apparatus generally comprises a plurality of network I/O ports, a local control I/O port, and a controller configured to, when the apparatus is a master, receive control input data from at least one of the network I/O ports, process the control input data, and provide control output data to at least one of the network I/O ports, and when the apparatus is a slave, receive the control input data from the local control I/O port, provide the control input data to at least one of the network I/O ports, receive the control output data from at least one of the network I/O ports, and provide the control output data to the local control I/O port. The present disclosure advantageously enables control and/or configuration of a stack of network switch devices by communicating through a local control port of at least one of the devices in the stack.

Abstract: A device includes a first memory with first and second memory segments. The first memory segment stores a full image file. A second memory segment stores a partial image file, which is a smaller file and has fewer features than the full image file. A second memory stores a boot program. A control module detects an error in the full image file and executes the boot program using the partial image file.

Abstract: A network device includes a plurality of ports configured to transmit and receive packets of data. A memory is configured to store a routing table. A forwarding engine is configured to transfer the packets of data between the plurality of ports based on the routing table. A processor is configured to define a routing interface. The routing interface comprises a group of the plurality of ports. The processor is configured to assign a media access control (MAC) address to the routing interface. The processor is configured to modify the routing table to direct each packet of data having the media access control (MAC) address as a destination address to a port in the routing interface.

Abstract: An apparatus includes an input circuit to receive a frame of data. The frame of data includes an address field. The address field includes an address. An encoder encodes a portion of the address into an encoded address. The encoded address includes at least two fewer bits relative to the portion of the address prior to being encoded. An address circuit replaces the address in the address field with the encoded address and at least two data bits. At least two data bits are provided based on the encoded address having at least two fewer bits. An output circuit outputs the frame of data having the encoded address and at least two data bits within the address field.

Abstract: A data link layer switch having an associated method and computer program comprises a processor; a plurality of ports to exchange packets of data with a network; a memory to store a switch table; and a packet processor to transfer the packets of data between the ports according to the switch table, the packet processor comprising a classifier to send copies of selected ones of the packets of data to the processor; wherein the processor determines whether an attack upon the data link layer switch has occurred based on the copies of the selected ones of the packets.

Abstract: A physical layer module (PHY) of a network device includes a control module and a cable-test module. The control module selectively generates a cable-test enable signal to test a cable including four pairs of twisted wire. The cable-test module tests the cable based on the cable-test enable signal. The cable-test module transmits test signals on the four pairs at a first time and receives return signals. The cable-test module determines that the cable is not faulty when the return signals received on first and second pairs of the four pairs have an amplitude less than a first predetermined amplitude, and when the return signals received on third and fourth pairs of the four pairs have an amplitude greater than a second predetermined amplitude and are received substantially contemporaneously.

Abstract: An apparatus includes at least one port to exchange packets of data with one or more networks and a user interface circuit that allows a user to input a plurality of event classification rules. Each of the event classification rules describes at least one event characteristic for an event in the apparatus. At least one of the event classification rules describes a plurality of the event characteristics. At least two of the event characteristics are selected from a group including a reboot of the apparatus, a change in state of a processor of the apparatus, a change in state of a memory of the apparatus, a change in state of the at least one port of the apparatus, a change in an attribute of a network interface of the apparatus, a user login, and a user logout. The change in state of the at least one port is generated by a change in spanning tree mode.

Abstract: An apparatus includes a processor and a silicon switch. The silicon switch includes a network port to exchange packets of data with one or more networks and a packet classifier to select packets that satisfy one or more packet classification rules. Each of the packet classification rules describes at least one packet characteristic. The silicon switch further includes an action circuit to perform actions in response to processor commands. The processor generates each of the processor commands based on a plurality of the selected packets. The processor performs comparisons between each of the selected packets and at least one pattern, and generates the processor commands based on a history of results of the comparisons. The processor executes a computer program written in a scripting language. The computer program performs the comparisons. A pattern is added to the computer program at runtime without rebooting the apparatus.

Abstract: An Ethernet network device includes a port logic module that is associated with a device port of the Ethernet network device. A packet processing module includes an ingress processing module that receives an incoming packet and that generates a control traffic tag. An ingress command execution module receives the incoming packet and the control traffic tag, generates a duplicate packet that is identical to the incoming packet, and generates a device interface code that identifies the port logic module based on the control traffic tag. A control traffic routing module receives the duplicate packet and the device interface code and forwards the duplicate packet to the port logic module. A network traffic analysis device receives the duplicate packet. The port logic module replaces a first destination header of the duplicate packet with a second destination header that is identical to a destination header of the incoming packet.

Abstract: A wireless network apparatus and corresponding method and computer program comprises a plurality of ports to transmit and receive data flows comprising packets of data; a memory to store a routing table; a forwarding engine to transfer the packets of data between the ports according to the routing table; and a processor to define a routing interface comprising a selected group of the ports, map a selected media access control (MAC) address to the routing interface, disable link aggregation between the ports in the routing interface, disable bridging between the ports in the routing interface, and modify the routing table to direct each of the data flows having the MAC address as a destination address to one of the ports in the routing interface.