Abstract: Various example embodiments of a reliable firewall are presented herein. Various example embodiments of a reliable firewall may be configured to provide a single, stateful firewall spanning multiple routers. Various example embodiments of a reliable firewall spanning multiple routers may be configured to provide a reliable firewall configured to protect high-availability network services, network services using multipath routing, or the like, as well as various combinations thereof. Various example embodiments of a reliable firewall spanning multiple routers may be configured to provide a reliable firewall by supporting synchronization of firewall synchronization information (e.g., firewall policy information, firewall session state information, or the like, as well as various combinations thereof) across the multiple routers.

Abstract: This disclosure generally discloses a tunnel-level fragmentation and reassembly capability configured to support tunnel-level fragmentation and reassembly of a packet being transported via a tunnel between a tunnel source node and a tunnel destination node. The tunnel-level fragmentation and reassembly capability may be configured to support tunnel-level fragmentation and reassembly of packets in a manner tending to prevent reassembly errors, that could cause malformed packets or packet drops at the tunnel destination nodes, due to multiple parallel tunnel contexts of the tunnel which may correspond to multiple parallel entry points into the tunnel at the tunnel source node. The tunnel-level fragmentation and reassembly capability may be configured to support tunnel-level fragmentation and reassembly of packets within various types of communication networks, for various types of tunnels, or the like.

Abstract: Various example embodiments of a reliable firewall are presented herein. Various example embodiments of a reliable firewall may be configured to provide a single, stateful firewall spanning multiple routers. Various example embodiments of a reliable firewall spanning multiple routers may be configured to provide a reliable firewall configured to protect high-availability network services, network services using multipath routing, or the like, as well as various combinations thereof. Various example embodiments of a reliable firewall spanning multiple routers may be configured to provide a reliable firewall by supporting synchronization of firewall synchronization information (e.g., firewall policy information, firewall session state information, or the like, as well as various combinations thereof) across the multiple routers.

Abstract: This disclosure generally discloses a tunnel-level fragmentation and reassembly capability configured to support tunnel-level fragmentation and reassembly of a packet being transported via a tunnel between a tunnel source node and a tunnel destination node. The tunnel-level fragmentation and reassembly capability may be configured to support tunnel-level fragmentation and reassembly of packets in a manner tending to prevent reassembly errors, that could cause malformed packets or packet drops at the tunnel destination nodes, due to multiple parallel tunnel contexts of the tunnel which may correspond to multiple parallel entry points into the tunnel at the tunnel source node. The tunnel-level fragmentation and reassembly capability may be configured to support tunnel-level fragmentation and reassembly of packets within various types of communication networks, for various types of tunnels, or the like.

Abstract: Various exemplary embodiments relate to a method, network node, and non-transitory machine-readable storage medium including one or more of the following: receiving, at the network device, an ownership indication that a first network processor is currently serving an anti-replay connection; and in response to receiving the ownership indication, effecting a presetting in a second network processor of a current sequence number (SN) for the anti-replay connection to a first value that is greater than or equal to a re-key threshold value, wherein the network device includes at least one of the first network processor and the second network processor wherein the re-key threshold value is a value beyond which an SN triggers re-keying of the anti-replay connection, and wherein the second network processor utilizes the current sequence number upon beginning to serve the anti-replay connection.

Abstract: Various exemplary embodiments relate to a method, network node, and non-transitory machine-readable storage medium including one or more of the following: receiving, at the network device, an ownership indication that a first network processor is currently serving an anti-replay connection; and in response to receiving the ownership indication, effecting a presetting in a second network processor of a current sequence number (SN) for the anti-replay connection to a first value that is greater than or equal to a re-key threshold value, wherein the network device includes at least one of the first network processor and the second network processor wherein the re-key threshold value is a value beyond which an SN triggers re-keying of the anti-replay connection, and wherein the second network processor utilizes the current sequence number upon beginning to serve the anti-replay connection.

Abstract: Various exemplary embodiments relate to a method and related network node including one or more of the following: determining that a first search value is associated with a first range field; determining a first bitmap associated with the first search value, wherein the first bitmap indicates at least one range encompassing the first search value; generating a search key based on the first bitmap; and accessing the ternary content addressable memory based on the search key.

Abstract: The invention is directed to a method and system for efficiently distributing Inverse Multiplexing over ATM (IMA) filler cells on IMA logical links having inactive or unusable IMA sub-links. Inactive IMA sub-links are identified during round-robin distribution of ATM data cells to active IMA sub-links. Predefined IMA filler cells are transmitted simultaneously on the identified inactive IMA sub-links when an ATM data cell is transmitted on an active IMA sub-link, thereby reducing the delay between transmitting ATM data cells.

Abstract: Various exemplary embodiments relate to a method and related network node including one or more of the following: determining that a first search value is associated with a first range field; determining a first bitmap associated with the first search value, wherein the first bitmap indicates at least one range encompassing the first search value; generating a search key based on the first bitmap; and accessing the ternary content addressable memory based on the search key.

Abstract: Embodiments of the invention are directed to providing a method for selecting a link for transmitting a data packet, from links of a Multi-Link Point-to-Point Protocol (MLPPP) bundle, by compiling a list of links having a minimum queue depth and selecting the link in a round robin manner from the list. Some embodiments of the invention further provide for a flag to indicate if the selected link has been assigned to a transmitter so that an appropriate link will be selected even if link queue depth status is not current.

Abstract: Various exemplary embodiments relate to a method and related network node having a playout buffer including one or more of the following: receiving, at the network device, a first packet belonging to a first flow, the first packet including a first sequence number (SN); receiving, at the network device, a second packet belonging to the first flow, the second packet including a second SN; determining that the second SN is not in sequence with the first SN; waiting to receive, at the network device, a third packet belonging to the first flow, the third packet including a third SN; and determining that a jump in SNs has occurred for the first flow between the first packet and the second packet based on determining that the third SN is in sequence with the second SN.

Abstract: Various exemplary embodiments relate to a method and related network node having a playout buffer including one or more of the following: receiving a first packet, a second packet, a first set of at least one subsequent packet, wherein each packet includes a sequence number (SN); determining that the second packet is not in sequence with the first packet by determining that the SN of the second packet is not equal to the SN of the first packet plus an expected increment value; determining whether the second packet represents a jump in SNs by determining whether the SN of a first subsequent packet is equal to the SN of the second packet plus the expected increment value; and when the second packet represents a jump in SNs, gradually normalizing the playout buffer upon receipt of each subsequent packet.

Abstract: A method and apparatus for handling, maintaining, and controlling network synchronization information emanating from a plurality of line card circuits is described. The technique described may be applied to a redundant pair of line card circuits, where one line card circuit is active, while the other is inactive. Line card activity latches are managed by means of hardware logic that may be configured at the time of line card commissioning. The activity latches are coupled to a logic element. An incoming clock signal is applied to the logic element. If an activity latch indicates that a line card circuit is active, the logic element provides the incoming clock signal as an outgoing clock signal to a control card circuit. If the activity latch indicates that the line card circuit is inactive, the logic element blocks the incoming clock signal from being passed and provides a static output level as the outgoing clock signal to the control card circuit.

Abstract: Embodiments of the invention are directed to providing a method for selecting a link for transmitting a data packet, from links of a Multi-Link Point-to-Point Protocol (MLPPP) bundle, by compiling a list of links having a minimum queue depth and selecting the link in a round robin manner from the list. Some embodiments of the invention further provide for a flag to indicate if the selected link has been assigned to a transmitter so that an appropriate link will be selected even if link queue depth status is not current.

Abstract: Various exemplary embodiments relate to a method and related network system including one or more of the following: receiving a packet having a header and belonging to a flow; identifying a context identifier (CID) associated with the flow; morphing the header into a pseudo-compressed header, the pseudo-compressed header including the CID associated with the flow; determining whether the packet should be transmitted with a compressed header, a full header, or an uncompressed header; morphing the pseudo-compressed header into a compressed header to form an outgoing packet when the packet should be transmitted with a compressed header; morphing the pseudo-compressed header into a full header to form an outgoing packet when the packet should be transmitted with a full header; restoring the uncompressed header to form an outgoing packet when the packet should be transmitted with an uncompressed header; and transmitting the outgoing packet over the communications network.

Abstract: Various exemplary embodiments relate to a method and related network node including one or more of the following: receiving a packet belonging to a flow, the packet including a marking used to identify a quality of service (QoS) required for the packet; performing buffer management to determine whether a current occupancy level of a buffer in the network node is greater than a threshold level; when the current occupancy level of the buffer does not exceed the threshold level, performing header compression on the packet in the network node; after performing header compression, performing traffic scheduling to queue the packet in a queue selected from a plurality of queues based on the marking in the packet and to output the packet from the selected queue; and forwarding the packet towards a destination, whereby buffer management, header compression, and traffic scheduling are all performed in a single network node.

Abstract: Various exemplary embodiments relate to a method and related network node including one or more of the following: receiving, at the network node, a packet belonging to a flow, the packet including a marking used to identify a quality of service (QoS) required for the packet; assigning a compression context identifier to the packet; queuing the packet in a queue selected from a plurality of queues based on the marking in the packet; identifying a period of congestion and, in response, blocking the packet; when the period of congestion has ended and the packet is dequeued, determining whether the QoS associated with the packet is the same as a QoS stored in a context identifier storage; and when the QoS associated with the packet is not the same as the QoS stored in the context identifier storage, determining that the flow has expired and discarding the packet.

Abstract: The invention is directed to a method and system for efficiently distributing Inverse Multiplexing over ATM (IMA) filler cells on IMA logical links having inactive or unusable IMA sub-links. Inactive IMA sub-links are identified during round-robin distribution of ATM data cells to active IMA sub-links. Predefined IMA filler cells are transmitted simultaneously on the identified inactive IMA sub-links when an ATM data cell is transmitted on an active IMA sub-link, thereby reducing the delay between transmitting ATM data cells.

Abstract: Various exemplary embodiments relate to a method and related network system including one or more of the following: receiving a packet having a header and belonging to a flow; identifying a context identifier (CID) associated with the flow; morphing the header into a pseudo-compressed header, the pseudo-compressed header including the CID associated with the flow; determining whether the packet should be transmitted with a compressed header, a full header, or an uncompressed header; morphing the pseudo-compressed header into a compressed header to form an outgoing packet when the packet should be transmitted with a compressed header; morphing the pseudo-compressed header into a full header to form an outgoing packet when the packet should be transmitted with a full header; restoring the uncompressed header to form an outgoing packet when the packet should be transmitted with an uncompressed header; and transmitting the outgoing packet over the communications network.

Abstract: Various exemplary embodiments relate to a method and related network node including one or more of the following: establishing a plurality of flows; assigning a context identifier to each flow, wherein a length of each context identifier for a first subset of the flows is a first number of bits and a length of each context identifier for a second subset of the flows is a second number of bits greater than the first number of bits; receiving a packet associated with a new flow, wherein a value of a context identifier assigned to the new flow must fit within the first number of bits; determining that the context identifiers for the plurality of flows have occupied all values within the first number of bits; assigning a context identifier of an existing flow to the new flow; and assigning a new context identifier to the existing flow.