Abstract: An intermediate node obtains a lead packet of a plurality of packets in a session having a unique session identifier, modifies the lead packet to identify at least the intermediate node, and then forwards the lead packet toward the destination node though an intermediate node electronic output interface to the IP network. The intermediate node also receives, through an intermediate node electronic input interface in communication with the IP network, a backward message from a next node having a next node identifier. The backward message includes the next node identifier and the session identifier. The intermediate node forms an association between the next node identifier and the session identifier, stores the association in memory to maintain state information for the session, and obtains (e.g., receives) additional packets of the session. Substantially all of the additional packets in the session are forwarded toward the next node using the stored association.

Abstract: A method has provides a router having an input, an output, and a shared memory. The router also has a forwarding path to forward a plurality of packets from the input to the output, and a service path to manage statistical data relating to packets forwarded through the forwarding path. The forwarding path has a counter to count aggregate packet information relating to the plurality of packets it forwards. Next, the method counts, using the counter(s), aggregate packet information relating to the packets forwarded through the forwarding path to produce count information. After producing the count information, the method uses the forwarding path to store the count information in the shared memory of the router, and then causes the service path to retrieve the count information from the shared memory. The service path ultimately produces statistical information using the count information retrieved from the shared memory.

Abstract: An intermediate node obtains a lead packet of a plurality of packets in a session having a unique session identifier, modifies the lead packet to identify at least the intermediate node and also to identify source and destination port numbers assigned by the intermediate node for a possible forward association, and then forwards the lead packet toward the destination node though an intermediate node electronic output interface to the IP network. The intermediate node also may receive, through an intermediate node electronic input interface in communication with the IP network, a backward message from a next node having a next node identifier. Both the intermediate node and the next node form an association between the intermediate node identifier, the next node identifier, and the source and destination port numbers assigned by the intermediate node. This association is part of a forward association for the intermediate node and is part of a return associate for the next node.

Abstract: A method processes a session having a first session packet received by a current node in an IP network having a plurality of nodes. The plurality of nodes includes a next node, and the current node that communicates with the next node using a Layer 3 protocol. The method receives the first session packet, which has a digital signature, payload data, and meta-data, at the current node. The method uses the payload data and meta-data to produce validation information, and uses the digital signature to produce a comparator digital signature. Next, the method compares the validation information with the comparator digital signature. If the validation information does not match the comparator digital signature, then the method discards the first session packet. If there is a match, then the method digitally signs the first session packet, and routes the first session packet to the next node via the IP network.

Abstract: An apparatus and/or method secures session communications between a first network (having a first encryption device configured to encrypt at least some session communications from the first network to the second network) and a second network. The apparatus and/or method receive, at the first network, given session packets of a given session between the first and second networks, and determine that at least one of the received given session packets is encrypted (“encrypted given session packet”). The given session involves a Layer 7 application that encrypted the at least one encrypted given session packet. Next, the apparatus and/or method controls, in response to determining that the given session packet is encrypted, the first encryption device to permit communication of the given session with the second network without further encrypting a plurality of the encrypted given session packets. Preferably, the first encryption device encrypts none of the given session packets.

Abstract: A method of routing data across a network receives a session request from a client node to access at least one node in a local network having a plurality of nodes. The method also receives a client certificate (e.g., a digital certificate at least partially specified by known standards, such as the “X509 Standard”) from the client node. The client certificate has client information specifying at least one node to receive packets from the client node. Next, the method uses the client certificate to execute an authentication process. If the authentication process authenticates the client node, then the method routes data packets from the client node to at least one node in the local network as specified by the client information in the client certificate.

Abstract: An intermediate node obtains a lead packet of a plurality of packets in a session having a unique session identifier, modifies the lead packet to identify at least the intermediate node, and then forwards the lead packet toward the destination node though an intermediate node electronic output interface to the IP network. The intermediate node also receives, through an intermediate node electronic input interface in communication with the IP network, a backward message from a next node having a next node identifier. The backward message includes the next node identifier and the session identifier. The intermediate node forms an association between the next node identifier and the session identifier, stores the association in memory to maintain state information for the session, and obtains (e.g., receives) additional packets of the session. Substantially all of the additional packets in the session are forwarded toward the next node using the stored association.

Abstract: An intermediate node obtains a lead packet of a plurality of packets in a session having a unique session identifier, modifies the lead packet to identify at least the intermediate node and also to identify source and destination port numbers assigned by the intermediate node for a possible forward association, and then forwards the lead packet toward the destination node though an intermediate node electronic output interface to the IP network. The intermediate node also may receive, through an intermediate node electronic input interface in communication with the IP network, a backward message from a next node having a next node identifier. Both the intermediate node and the next node form an association between the intermediate node identifier, the next node identifier, and the source and destination port numbers assigned by the intermediate node. This association is part of a forward association for the intermediate node and is part of a return associate for the next node.

Abstract: An advanced routing system and protocol (referred to herein as “Route Exchange” or “REX”) hides familiar IPv4 and IPv6 addresses and replaces traditional routing logic with words and relationships between named elements. Among other things, this makes IP routing tables significantly easier to understand. In addition, a single routing scheme can be used for any combination of private networks, public networks, IPv4 addressing models, and IPv6 addressing models. Underneath the words lie real IP addresses that move the packets from place to place. These routing addresses abstract away the underlying network.

Abstract: An intermediate node obtains a lead packet of a plurality of packets in a session having a unique session identifier, modifies the lead packet to identify at least the intermediate node, and then forwards the lead packet toward the destination node though an intermediate node electronic output interface to the IP network. The intermediate node also receives, through an intermediate node electronic input interface in communication with the IP network, a backward message from a next node having a next node identifier. The backward message includes the next node identifier and the session identifier. The intermediate node forms an association between the next node identifier and the session identifier, stores the association in memory to maintain state information for the session, and obtains (e.g., receives) additional packets of the session. Substantially all of the additional packets in the session are forwarded toward the next node using the stored association.

Abstract: A method processes a session having a first session packet received by a current node in an IP network having a plurality of nodes. The plurality of nodes includes a next node, and the current node that communicates with the next node using a Layer 3 protocol. The method receives the first session packet, which has a digital signature, payload data, and meta-data, at the current node. The method uses the payload data and meta-data to produce validation information, and uses the digital signature to produce a comparator digital signature. Next, the method compares the validation information with the comparator digital signature. If the validation information does not match the comparator digital signature, then the method discards the first session packet. If there is a match, then the method digitally signs the first session packet, and routes the first session packet to the next node via the IP network.

Abstract: A method has provides a router having an input, an output, and a shared memory. The router also has a forwarding path to forward a plurality of packets from the input to the output, and a service path to manage statistical data relating to packets forwarded through the forwarding path. The forwarding path has a counter to count aggregate packet information relating to the plurality of packets it forwards. Next, the method counts, using the counter(s), aggregate packet information relating to the packets forwarded through the forwarding path to produce count information. After producing the count information, the method uses the forwarding path to store the count information in the shared memory of the router, and then causes the service path to retrieve the count information from the shared memory. The service path ultimately produces statistical information using the count information retrieved from the shared memory.

Abstract: An intermediate node obtains a lead packet of a plurality of packets in a session having a unique session identifier, modifies the lead packet to identify at least the intermediate node and also to identify source and destination port numbers assigned by the intermediate node for a possible forward association, and then forwards the lead packet toward the destination node though an intermediate node electronic output interface to the IP network. The intermediate node also may receive, through an intermediate node electronic input interface in communication with the IP network, a backward message from a next node having a next node identifier. Both the intermediate node and the next node form an association between the intermediate node identifier, the next node identifier, and the source and destination port numbers assigned by the intermediate node. This association is part of a forward association for the intermediate node and is part of a return associate for the next node.

Abstract: A method processes a session having a first session packet received by a current node in an IP network having a plurality of nodes. The plurality of nodes includes a next node, and the current node that communicates with the next node using a Layer 3 protocol. The method receives the first session packet, which has a digital signature, payload data, and meta-data, at the current node. The method uses the payload data and meta-data to produce validation information, and uses the digital signature to produce a comparator digital signature. Next, the method compares the validation information with the comparator digital signature. If the validation information does not match the comparator digital signature, then the method discards the first session packet. If there is a match, then the method digitally signs the first session packet, and routes the first session packet to the next node via the IP network.

Abstract: An intermediate node obtains a lead packet of a plurality of packets in a session having a unique session identifier, modifies the lead packet to identify at least the intermediate node, and then forwards the lead packet toward the destination node though an intermediate node electronic output interface to the IP network. The intermediate node also receives, through an intermediate node electronic input interface in communication with the IP network, a backward message from a next node having a next node identifier. The backward message includes the next node identifier and the session identifier. The intermediate node forms an association between the next node identifier and the session identifier, stores the association in memory to maintain state information for the session, and obtains (e.g., receives) additional packets of the session. Substantially all of the additional packets in the session are forwarded toward the next node using the stored association.

Abstract: Systems and methods of establishing IP telephony sessions between enterprises are disclosed. A first enterprise requests an association with a second enterprise. Both enterprises and the second enterprise belong to the same federation. The association request is accepted, to establish an association between the first and second enterprises. In response to the acceptance, a direct routed path is established between the first enterprise and the second enterprise. One of the associated enterprises requests activation of an IP telephony service. If the request to activate references the association, an IP telephony session is established using the direct routed path.

Abstract: Systems and methods of establishing IP telephony sessions between enterprises are disclosed. A first enterprise requests an association with a second enterprise. Both enterprises and the second enterprise belong to the same federation. The association request is accepted, to establish an association between the first and second enterprises. In response to the acceptance, a direct routed path is established between the first enterprise and the second enterprise. One of the associated enterprises requests activation of an IP telephony service. If the request to activate references the association, an IP telephony session is established using the direct routed path.

Abstract: Methods and systems for routing call signaling messages are disclosed. One such method is performed in a session router. The method includes: maintaining a telephony route information base (TRIB) stored in the session router as a result of participation of the session router in telephony routing over internet protocol (TRIP). The TRIB allows multiple routes to the same destination. The method further comprises: using the TRIB to route the received call signaling messages to another session router. One such system includes memory and a processor. The processor is configured by instructions retrieved from the memory to: build and maintain, as a result of participation of the router in telephony routing over internet protocol (TRIP), a telephony route information base (TRIB) that allows multiple routes to the same destination; and use the TRIB to route a received call signaling message to another router.

Abstract: Systems and methods of establishing IP telephony sessions between enterprises are disclosed. A first enterprise requests an association with a second enterprise. Both enterprises and the second enterprise belong to the same federation. The association request is accepted, to establish an association between the first and second enterprises. In response to the acceptance, a direct routed path is established between the first enterprise and the second enterprise. One of the associated enterprises requests activation of an IP telephony service. If the request to activate references the association, an IP telephony session is established using the direct routed path.

Abstract: Systems and methods of establishing IP telephony sessions between enterprises are disclosed. A first enterprise requests an association with a second enterprise. Both enterprises and the second enterprise belong to the same federation. The association request is accepted, to establish an association between the first and second enterprises. In response to the acceptance, a direct routed path is established between the first enterprise and the second enterprise. One of the associated enterprises requests activation of an IP telephony service. If the request to activate references the association, an IP telephony session is established using the direct routed path.