Abstract: A secure arrangement in which stations in a communications network are informed of the addresses of their neighbors by means of identifying messages transmitted by the stations. To prevent the insertion of illegitimate stations into the network, the system makes use of passwords included in the station-identifying messages. In networks where eavesdropping is possible, the passwords are encrypted versions of the identities of the stations transmitting the messages and in systems where stations can also be impersonated, the encrypted passwords also include time stamps.

Abstract: Methods and apparatus for selecting a parallel bridge number for a bridge connecting a first and second LAN in a network comprised of LANs and bridges connected between the LANs. The parallel bridge numbers are used to distinguish two or more bridges which are connected between the same LANs. The designated bridge for the LAN stores a database associating the identifiers of multiple bridges connected between the first and second LANs to the parallel bridge numbers which are assigned to those bridges. To obtain a parallel bridge number, a bridge between the first and second LANs transmits a request message identifying itself and the second LAN to the designated bridge. In response, the designated bridge selects a parallel bridge number which has not been associated with any bridge connected to the second LAN (other than the requesting bridge), and transmits this parallel bridge number to the requesting bridge.

Abstract: To avoid exponential proliferation of explorer packets through a LAN/Bridge network, each bridge gathers information sufficient to compute routes through the network by sharing routing messages with other bridges. Then, to find a route from a particular source end system to a particular destination end system, a broadcast message identifying the desired source and destination is sent to the bridges. In response, the bridges compute the optimal route to each attached LAN, convert the broadcast message into one or more counterfeit explorer messages by incorporating these routes, and then transmit the counterfeit explorer messages to the LANs for which the incorporated route was computed. The destination end system then receives one or more of the counterfeit explorer messages and responds to the source end system as if the counterfeit explorer message was genuine.

Abstract: Use of a multicast address in a LAN, where the LAN does not support an adequate multicast address space, is implemented. An apparatus is provided for delivering a multicast address to a station on a local area network, where the local area network does not support the multicast address. The frame is transmitted onto the local area network, where the frame has: a predetermined field containing a reference to the multicast address; an indicator, the indicator capable of being interpreted by a receiving station to mean that the multicast address may be recovered from the frame by parsing the frame; and an applications program may be executed in response to the multicast address. Also, the apparatus may have a receiving station capable of receiving the frame, and an applications program may be executed in the receiving station in response to the multicast address.

Abstract: A method of merging networks across a common backbone network in which destinations are grouped into domains based on needs of network users to communicate with one another. Domain information is added to the level one routing control packets transmitted by the grouped destinations to identify the logical address (destination number coupled with domain number) of a specific destination. Additionally, routers in the network are configured with mapping information that relates the destination number of each associated destination with its logical address. Filtering information may be included in the configuration of the level one and level two routers. Filtering information identifies domains that associated destinations may transmit information to or receive information from. With filtering information, system routers can be configured to announce the reachability of specific destinations in selected domains based on overall system considerations.

Abstract: A device and related method for coupling segments of an extended local area network (LAN) in such a way that message traffic employing inter-network protocols such as TCP/IP will be handled without the difficulties usually associated with bridges, and without the complexity and expense of full IP router capability. The device operates like a bridge for non-TCP/IP traffic. For TCP/IP traffic it operates in a bridge-like manner but maintains a database associating extended LAN segment addresses with port numbers in the device, so that packets can be automatically forwarded over a spanning tree connecting the network segments. A host computer in any network segment can address others in different network segments of the extended LAN as though all were in a single LAN. The device of the invention functions to block the flow of ARP messages and to generate ARP replies that render the device of the invention transparent to hosts within the extended LAN.

Abstract: A technique for issuing and revoking user certificates of authenticity in a public key cryptography system, wherein certificates do not need expiration dates, and the inconvenience and overhead associated with routine certificate renewals are minimized or avoided entirely. A Certification Authority issues certificates as required, and issues a blacklist having a start date, an expiration date, and an entry for every invalid certificate issued after the start date. Users assume that every certificate issued prior to the blacklist start date is invalid, and that invalid certificates issued after the start date will be included in the current blacklist. A new blacklist is issued prior to expiration of the current one, and the blacklist start date is changed only when the blacklist becomes unmanageably long.

Abstract: A method for connecting a network so that TCP/IP and OSI 8473 packets may be routed in the same domain. The independence of the addresses is maintained: one device in the network may be assigned only a TCP/IP address, and another device may be assigned only a ISO 8473 address. Furthermore, all of the routers share link state information by using a common link state packet format (such as the ISO 10589 format); thus routes through the network may be computed without regard for the protocols supported by the routers along the route. Where necessary, packets are encapsulated and forwarded through routers which are not capable in the protocol of the packet. In some disclosed embodiments, all of the routers in a given area support a given protocol (or, in fact, have identical capabilities, in which case encapsulation is not required). In these embodiments, the encapsulation is performed by suitable modifications to each router's packet forwarding procedures.

Abstract: A technique for distributing updated distance vectors used in routers, which are connected by point-to-point links having datagram service. Distance vectors are used by routers to route messages over the most desirable paths, but must be continually modified as a result of update messages passed between routers, to reflect changes in network topology. Datagram service does not normally ensure that such update messages will reach other routers, but the technique of the invention uses unique sequence numbers on all information packets containing distance vector update messages, and achieves efficient and timely distribution of updated distance vector information with only a modest storage requirements. Unlike reliable service, which requires each message to be delivered exactly once and in the order sent, the invention allows subsequent update messages to be delivered to the same neighboring router even if previous messages have not yet been received and processed.

Abstract: A method and related apparatus for establishing a point-to-point cross-link between two bridges in a bridged communication network. The bridged communication network is first configured in a loop-free arrangement by a spanning tree algorithm that selects which links of every bridge to activate in order to form the spanning tree active configuration. Then at least one cross-link not defined by the spanning tree configuration is established for routing of messages as an alternative to a spanning tree path. A protocol in each bridge ensures that no loops are formed and that only messages to preselected locations are passed over the cross-link. An optional optimization procedure measures message propagation times in both directions between the two bridges and over both the cross-link path and the spanning tree path, to determine whether to modify usage of the cross-link.

Abstract: Stored information used for routing packets of a network of nodes interconnected by links. A link state packet is sent to the first node indicating the states of links connected to some given node in the network. At the first node, an attempt is made to derive from the link state packet sent in step (a), the states of the links. If the states of fewer than all of the links connected to the given node are derived in step (b), the stored information used for routing packets is updated using the derived link states without regard to other link state packets sent to the first node. Another aspect features organizing, at a node in a network of nodes interconnected by links, a database of entries concerning respective links, by (a) providing indicators associated with the entries, (b) when a link becomes inoperable, setting or clearing the indicator associated with the entry related to the link, and (c) when the link becomes operable, clearing or setting the indicator.

Abstract: A method and apparatus for creating and managing databases in routers of a routing network. The databases store link state packets, each packet being originated by nodes in the network, and transmitted to other nodes through the network. Each packet contains data identifying its originating node, a sequence number in a linear space indicating its place in the sequence of packets generated by its originating node, and an age value indicating the time remaining before it expires. The contents of the databases are updated by newly received packets. In addition, the nodes themselves are reset if the packets currently in the network have later sequence numbers than new packets. Also, a mechanism is provided to purge the databases of packets from a given router by issuing a purging packet.