Abstract: A source IPv6 mobile router is configured for establishing an IPv4 tunnel with destination IPv6 mobile router using a synthetic tag address, specifying a forwarding protocol, and IPv4 source and destination addresses. If an optional transport header is used (e.g, UDP port), the source port and destination port also are added to the synthetic tag address. The IPv6 packet includes a reverse routing header that enables the destination IPv6 mobile router to recover routing information for reaching the source IPv6 mobile router via the IPv4 network. Hence, all IPv4 routing information that may be needed by the destination IPv6 mobile router in sending an IPv6 reply packet back to the source IPv6 mobile router is maintained in the routing header specified in the IPv6 reply packet.

Abstract: A mobile router and a correspondent router, each configured for routing services for nodes within their routing prefixes associated with their respective routing tables, establish a secure, bidirectional tunnel based on a messaging protocol between each other and a route server resource having a prescribed security relationship with the mobile router and correspondent router. The mobile router sends a query via its home agent to the route server resource to identify the correspondent router serving the correspondent node. The mobile router sends a binding update request, specifying a home address and care-of address for the mobile router, to the correspondent router for establishment of a bidirectional tunnel. The correspondent router, upon validating the home address is reachable via the care-of address, establishes the bidirectional tunnel, and updates its routing tables to specify that prescribed address prefixes are reachable via the mobile router home address.

Abstract: A network includes network nodes and a gateway. Each network node has a corresponding unique in-site IPv6 address for communication within a prescribed site, each in-site IPv6 address having a first IPv6 address prefix that is not advertised outside of the prescribed site. Network nodes can obtain from within the prescribed site a unique extra-site IPv6 address for mobile or extra-site communications. The extra-site IPv6 address has a second IPv6 address prefix, distinct from the first IPv6 address prefix, advertised by the gateway to the prescribed site and the wide area network. The gateway establishes a secure connection (e.g., tunnel) with each corresponding IPv6 node using its corresponding extra-site IPv6 address, and creates a corresponding binding cache entry specifying the corresponding extra-site IPv6 address and in-site IPv6 address. Hence, the gateway provides wide area network access while maintaining secrecy of the in-site IPv6 addresses.

Abstract: In one embodiment, a method comprises transmitting onto a wireless connection, by a device, a first wireless data packet destined for a second device; in response to a determined absence by the device of a required acknowledgment of the first wireless data packet from the second device, queuing by the device the first wireless data packet while waiting for a second wireless data packet; receiving by the device the second wireless data packet; and transmitting, by the device, the first wireless data packet with the second wireless data packet to the second device via the wireless connection in response to the device receiving the second wireless data packet and before any other device can send a data frame on the wireless connection.

Abstract: In one embodiment, a method comprises an Internet Protocol (IP) router receiving sensor data from at least one of a second IP router or an attached host sensor node, the sensor data distinct from link data of a network link; the IP router generating sensor information based on storing the sensor data with metadata describing reception of the sensor data by the IP router in a routing information base; and the IP router executing a routing operation based on the sensor information stored in the routing information base.

Abstract: A gateway, configured for providing connectivity between a wide area network and mobile routers within a mobile ad hoc network, is configured for registering the mobile routers with their respective home agents using a prescribed mobile IP protocol. The gateway identifies the mobile routers using a prescribed proactive mobile ad hoc network routing protocol. The gateway locates, for each identified mobile router, its corresponding home agent via the wide area network according to the prescribed mobile IP protocol, and registers the corresponding identified mobile router with the home agent according to the prescribed mobile IP protocol. The gateway can then forward a packet received from a home agent to the corresponding mobile router. Hence, the gateway provides mobile routers within a mobile ad hoc network with access to the wide area network, without any necessity for the prescribed mobile IP protocol to be implemented within the mobile routers.

Abstract: Routers of a content network include routing entries that specify aggregation levels, enabling the routers to establish a tree-based topology within an aggregation realm for distribution of broadcast packets. Each router is configured to have a prescribed aggregation level within the aggregation realm, and identify a network-directed broadcast packet based on detecting a prescribed pluricast code at a corresponding prescribed prefix location relative to the prescribed aggregation level. Each router also is configured for storing a registration request within its routing entries, and propagating the registration request to other routers within the aggregation realm. Each registration request includes a bit mask according to one of the prescribed aggregation levels. Hence, client-based registration requests can be propagated throughout the aggregation realm for rules-based coalescence of subscriber groups throughout the aggregation realm.

Abstract: In one embodiment, a method comprises attaching, by a mobile router, to an attachment router according to a protocol requiring establishment of a tree topology having a single clusterhead, the attaching by the mobile router based on the mobile router receiving, from the attachment router, an advertisement message specifying an attachment prefix; outputting a second advertisement message specifying availability of a prescribed address prefix used by the mobile router, and further specifying attributes of the mobile router relative to the tree topology; receiving a plurality of sensor data messages from at least one attached sensor host node, each sensor data message specifying at least one sensor data element specifying a detected sensor parameter; aggregating the sensor data elements from the sensor data messages into aggregated sensor data; and generating and outputting a neighbor advertisement message to the attachment router, the neighbor advertisement message specifying the aggregated sensor data.

Abstract: In one embodiment, a method comprises initiating neighbor discovery in response to detecting an absence of an IP destination address of a received data packet within a neighbor cache, including outputting a neighbor solicitation message targeting the IP destination address into a network served by the router, generating a hash index value based on the IP destination address combined with a randomized token stored in the router, and storing the data packet in a selected one of a plurality of pending message queues in the router based on the corresponding hash index value, each pending message queue configured for storing stored data packets having the corresponding hash index value and awaiting respective solicited neighbor advertisement messages from the network; and detecting whether the router is encountering a neighbor discovery denial of service attack based on a determined distribution of the stored data packets among the pending message queues.

Abstract: In one embodiment, a method comprises receiving, by a router in a network, a router advertisement message on a network link of the network; detecting within the router advertisement message, by the router, an advertised address prefix and an identified router having transmitted the router advertisement message within the network; determining, by the router, whether the identified router is authorized to at least one of advertise itself as a router, or advertise the advertised address prefix on the network link; and selectively initiating, by the router, a defensive operation against the identified router based on the router determining the identified router is not authorized to advertise itself as a router, or advertise the advertised address prefix on the network link.

Abstract: In one embodiment, a method comprises receiving by an agent a request from a network node for generation of a secure IPv6 address for use by the network node, the request including a selected subset of parameters selected by the network node and required for generation of the secure IPv6 address according to a prescribed secure address generation procedure, the selected subset including at least a public key owned by the network node; dynamically generating by the agent at least a second of the parameters required for generation of the secure IPv6 address; generating by the agent the secure IPv6 address based on the selected subset and the second of the parameters required for generation of the secure IPv6 address; and outputting, to the network node, an acknowledgment to the request and that includes the secure IPv6 address, and the parameters required for generation of the secure IPv6 address.

Abstract: Methods and apparatus for processing registration requests by a Home Agent supporting Mobile IP are disclosed. A registration request is received from each of a plurality of Mobile Nodes, the registration request specifying a care-of address, which may be allocated by the Foreign Agent. A binding is established between each of the plurality of Mobile Nodes and the associated care-of address, each of the plurality of Mobile Nodes being associated with one another. For instance, the plurality of Mobile Nodes may be statically or dynamically assigned the same Home Address. A tunnel is then created between the Home Agent and the care-of address for each of the plurality of Mobile Nodes, thereby enabling a server request to be distributed by the Home Agent to one of the plurality of Mobile Nodes or to a cluster of Mobile Nodes (e.g., associated with the care-of address) via the associated tunnel.

Abstract: A source IPV6 mobile node is configured for forwarding an IPV6 packet via an IPV4 connection with a destination IPV6 router. The IPV4 packet includes IPV4 source and destination addresses, a UDP source port and UDP destination port, and a synthetic tag address in the IPV6 destination address field. The synthetic tag address, a valid (routable) IPV6 care of address, has an address prefix routed to the IPV6 router. The address prefix specifies a forwarding protocol, the IPV4 destination address for the IPV6 router, and a site-level aggregation identifier. An address suffix for the synthetic tag address specifies the IPV4 source address, the UDP source port and UDP destination port. Hence, the synthetic tag address enables the destination IPV6 router to send an IPV6 reply packet back to the source IPV6 mobile node via the IPV4 network.

Abstract: An IPv4 node is able to send an IPv4 packet to an IPv4 destination via an IPv6 access network, based on translation of the IPv4 packet into an IPv6 packet for transmission via the IPv6 access network. The IPv4 packet is translated into the IPv6 packet by a local gateway. The IPv6 packet has an IPv6 source address that includes a prescribed address prefix assigned to the local gateway, and an IPv4 address of the IPv4 node. The IPv6 packet also includes an IPv6 destination address that includes a second address prefix assigned to a remote gateway, and a second IPv4 address of the IPv4 destination. The IPv6 packet is converted by the remote gateway into an IPv4 packet for reception by the IPv4 destination via an IPv4 network.

Abstract: In one embodiment, a method comprises detecting, by a router, an unsolicited first router advertisement message from an attachment router that provides an attachment link used by the router, the first router advertisement message specifying a first IPv6 address prefix owned by the attachment router and usable for address autoconfiguration on the attachment link; detecting, by the router, an unsolicited delegated IPv6 address prefix from the attachment router and that is available for use by the router; and automatically selecting by the router a second IPv6 address prefix based on concatenating a suffix to the delegated IPv6 address prefix, including dynamically generating the suffix based on a prescribed distributed hash operation executed by the router, the second IPv6 address prefix for use on at least one ingress link of the router.

Abstract: In one embodiment, a method includes a mesh point receiving mesh advertisement messages from advertising mesh points of a wireless mesh network having a mesh portal with a wired connection to a wired network. Each mesh advertisement message specifies a corresponding metric for reaching the mesh portal and has a corresponding signal strength indicator. An ordered group of parent access points, ordered based on the respective metrics, is generated from among the advertising mesh points, starting with a first parent access point having a corresponding optimum metric for reaching the mesh portal and independent of the corresponding signal strength indicator. A registration message is sent to each of the parent access points identifying a corresponding specified priority based on a corresponding position in the ordered group, for use by the corresponding parent access point in selecting a minimum interframe spacing for forwarding a wireless packet received from the mesh point.

Abstract: Mobile routers establish a tree-based network topology in an ad hoc mobile network, the tree-based network topology having a single clusterhead and attached mobile routers. Each attached mobile router has a default egress interface configured for sending messages toward the clusterhead, and ingress interfaces configured for receiving messages from attached network nodes that are away from the clusterhead. A neighbor advertisement message received from an ingress interface away from a clusterhead is used by the attached mobile router to identify specified network prefixes that are reachable via the source of the neighbor advertisement message. The attached mobile router outputs on its default upstream interface a second neighbor advertisement message that specifies the network prefix used by the attached mobile router, and the specified network prefixes from the neighbor advertisement message received on the ingress interface. Hence, connectivity is established with minimal routing overhead.

Abstract: In one embodiment, a first router attaches to an attachment router based on detecting a first router advertisement message specifying an attachment prefix and a first tree information option. The first tree information option includes a first IP host address of a first clusterhead having established a first tree topology. The first router receives a second advertisement from a second router specifying a second address prefix, distinct from the attachment prefix and the first address prefix of the first router, and a second tree information option specifying a second IP host address of a second clusterhead having established a second distinct tree topology. If the first and second routers are at equal depths relative to the respective first and second clusterheads, routing information is shared, including first address prefix reachable via the first router, and a host route for reaching the first IP host address via the first router.

Abstract: A real-time data transport protocol directed to aggregating multiple packets of a real-time protocol session and transmitting redundant copies of the packets as defined by a sliding window. In particular implementations, a method comprising accessing a plurality of packets of a real-time protocol session; aggregating, over a sliding window, a contiguous sequence of packets in the plurality of packets into real-time data transport packets, and transmitting the real-time data transport packets to a receiving node.

Abstract: In one embodiment, a mobile router receives a multicast-supported router advertisement message from an attachment mobile router in a mobile ad hoc network, the multicast-supported router advertisement message specifying an attachment prefix and a multicast-capable identifier. The mobile router attaches to the attachment mobile router in response to the multicast-supported router advertisement message and according to a protocol requiring establishment in the mobile ad hoc network of a tree topology having a single multicast clusterhead, and selects a default attachment address within an address space of the attachment prefix. The mobile router receives a multicast request, from an attached node, for receiving a multicast stream, and the mobile router outputs a neighbor advertisement message with multicast extension, to the attachment router, that specifies that access to the multicast stream is requested via the default attachment address.