Abstract: In one embodiment, a connection verification (CV) message is initiated from an initiating maintenance end point (MEP) for an MPLS LSP, the CV message carried in a packet having a time-to-live (TTL) value of 1. Each maintenance intermediate point (MIP) along the MPLS LSP receives the packet and decrements the TTL, and in response to determining that the TTL equals 0, examines a payload of the packet to determine that the packet carries the CV message. The MIP may then append its MIP ID to a route record field of the payload having any previous MIP IDs of upstream MIPs, and forwards the CV message downstream along the MPLS LSP in a packet having a TTL value of 1. The end MEP receives the CV message, and sends a CV reply having the route record field with MIP IDs and an end MEP ID to the initiating MEP.

Abstract: In one embodiment, line cards of packet switching or other network devices are configured for terminating pseudowires. Typically, this includes multiple line cards being configured for terminating a same pseudowire, which allows the corresponding pseudowire traffic to be received by any one of these multiple line cards. Each of these pseudowire-terminating line cards is typically configured to apply one or more features to a pseudowire packet. Examples of these features include, but are not limited to: Access Control List, Quality of Service, Netflow, and Lawful Intercept. For a received packet to be sent out one of these pseudowires, a two-stage lookup operation can be used to first identify the pseudowire over which to forward the packet; and a second lookup operation based on the pseudowire to identify forwarding information corresponding to a path through a network over which a corresponding pseudowire is configured.

Abstract: A packet switching device maintains mappings of bridge identification values to line cards for each of multiple virtual bridges. When a packet is received that includes a bridge identification value, corresponding line card(s) are identified, with each being forwarded the packet. Each of these identified line cards, in response to receipt of the packet from the line card, determines whether to forward or drop the packet based on its maintained bridge table. In this manner, the original receiving line card does not need to maintain forwarding information based on destination addresses of received packets (e.g., does not need to maintain a bridge table for each virtual bridge), but rather forwards a packet to other line cards associated with the virtual bridge corresponding to the bridge identification value received in a packet.

Abstract: In one embodiment, an edge device of a core network may receive a plurality of packets from a peripheral network having a plurality of active connections to the core network, where each packet has a destination address and a source address. The edge device may compute a hash on the destination address or the source address of each packet, and determine whether the computed hash corresponds to the edge device. In response to the computed hash not corresponding to the edge device, the edge device may drop the packet, and in response to the computed hash corresponding to the edge device, the edge device may process the packet to forward the packet, where the dropping and processing load balances the plurality of packets over the active connections and prevents formation of loops in the core network.

Abstract: In one embodiment, single-homing and active-active multi-homing is provided in a Virtual Private LAN Service (VPLS). A customer edge node actively communicates frames of a same Virtual Private Network (VPN) instance with two or more VPLS nodes of a VPLS network. The VPLS nodes are configured to appropriately forward frames throughout the VPLS network: without looping of a frame sent by the same external node back to the same external node, without flooding multiple copies of a frame to the same external node, and while performing learning of addresses in forwarding tables of said VPLS nodes such that said forwarding tables of said VPLS nodes converge despite frames of the same LAN service being received by said at least two of said VPLS nodes from the same external node.

Abstract: In one embodiment, an access component of a local network edge device receives traffic, and generates a frame for the traffic that includes a remote context label that identifies an access component of the remote network edge device to which the traffic is to be forwarded upon arrival at the remote network edge device, and a virtual circuit label corresponding to a particular virtual service of the traffic. The local network edge device forwards the frame towards the remote network edge device. In another embodiment, the frame may be received at a core component of the remote network edge device, an in response to the remote context label identifying an access component of the remote network edge device, forwarded to the access component, which determines the particular virtual service, and forwards the traffic from the frame out the access component towards an endpoint for the traffic.

Abstract: In one embodiment, a connectivity verification protocol (CVP) session for a particular virtual interface (VI) may operate on a particular group of two or more line cards (LCs) on a network device. The group of LCs may then transmit CVP session packets, at a reduced rate that is sufficient to maintain the CVP session based on a negotiated CVP full rate, onto the particular VI through ingress path processing on the network device. Ingress path processing, in particular, takes transmitted CVP session packets and egresses them onto an appropriate LC of the network device currently responsible for the VI egress. Also, in response to receiving CVP session packets for the VI on an LC of the network device currently responsible for the VI ingress, the receiving LC may forward the received CVP session packets to the particular corresponding group of LCs, which may then process the received CVP session packets.

Abstract: A packet switching device maintains mappings of bridge identification values to line cards for each of multiple virtual bridges. When a packet is received that includes a bridge identification value, corresponding line card(s) are identified, with each being forwarded the packet. Each of these identified line cards, in response to receipt of the packet from the line card, determines whether to forward or drop the packet based on its maintained bridge table. In this manner, the original receiving line card does not need to maintain forwarding information based on destination addresses of received packets (e.g., does not need to maintain a bridge table for each virtual bridge), but rather forwards a packet to other line cards associated with the virtual bridge corresponding to the bridge identification value received in a packet.

Abstract: An example method includes detecting a failure at a first network element, the failure is associated with a link between the first network element and a second network element. The method also includes generating a list of network elements to be notified based on the failure, the second network element is included on the list. The method further includes generating an alarm indication signal (AIS) message, the AIS message identifies a plurality of tunnels affected by the failure. The AIS message is communicated to the second network element. In more detailed embodiments, each link between the first network element and the second network element includes a globally unique link identifier, which includes an associated autonomous system number. The globally unique link identifier can represent a string to be associated with the plurality of tunnels, the globally unique link identifier includes a source address and a destination address.

Abstract: Disclosed are, inter alia, methods, apparatus, computer-storage media, mechanisms, and means associated with the coordinated updating of forwarding information bases (FIBs) in a multistage packet switching device, which performs at least lookup operations on multiple different FIBs in determining how to forward a packet. One embodiment uses lookup operations on two different FIBs, with these being an ingress FIB on an ingress line card and an egress FIB on an egress line card. In response to a change in the forwarding information for a stream of packets, the egress FIBs are first updated to include both the old and new forwarding information. After all egress FIBs have been updated, the ingress FIBs are updated to use the new forwarding information. This update procedure is designed to eliminate loss or duplication of packets induced during the updating of these FIBs to use the new forwarding information.

Abstract: In one embodiment, a protected switching provider edge (S-PE) and a backup S-PE may be operated, where the protected S-PE has at least one multi-segment pseudowire (MS-PW) and is between a first and second provider edge (PE) on the MS-PW. To protect the protected S-PE, the first and second PE may be informed of the backup S-PE and a backup label to reach the second and first PE, respectively, via the backup S-PE to remain on the MS-PW. Upon detecting loss of connectivity with the protected S-PE, the first and/or second PE may forward packets of the MS-PW to the backup S-PE with the corresponding backup label to reach the second or first PE, respectively, on the MS-PW.

Abstract: In one embodiment, an initiating maintenance end point (MEP) may transmit a lock message to lock a circuit traversing one or more maintenance intermediate points (MIPs) between the initiating MEP and an end MEP. The initiating MEP may then transmit an in-band packet containing a loopback request to a particular MIP along the circuit using a particular time-to-live (TTL) value in the packet to reach the particular MIP. Upon receiving the packet at the particular MIP, and in response to determining that the TTL has expired, the particular MIP inspects the packet to discover the loopback request, and correspondingly operates in a loopback mode.

Abstract: In one embodiment, a protected switching provider edge (S-PE) and a backup S-PE may be operated, where the protected S-PE has at least one multi-segment pseudowire (MS-PW) and is between a first and second provider edge (PE) on the MS-PW. To protect the protected S-PE, the first and second PE may be informed of the backup S-PE and a backup label to reach the second and first PE, respectively, via the backup S-PE to remain on the MS-PW. Upon detecting loss of connectivity with the protected S-PE, the first and/or second PE may forward packets of the MS-PW to the backup S-PE with the corresponding backup label to reach the second or first PE, respectively, on the MS-PW.

Abstract: In one embodiment, a connection verification (CV) message is initiated from an initiating maintenance end point (MEP) for an MPLS LSP, the CV message carried in a packet having a time-to-live (TTL) value of 1. Each maintenance intermediate point (MIP) along the MPLS LSP receives the packet and decrements the TTL, and in response to determining that the TTL equals 0, examines a payload of the packet to determine that the packet carries the CV message. The MIP may then append its MIP ID to a route record field of the payload having any previous MIP IDs of upstream MIPs, and forwards the CV message downstream along the MPLS LSP in a packet having a TTL value of 1. The end MEP receives the CV message, and sends a CV reply having the route record field with MIP IDs and an end MEP ID to the initiating MEP.

Abstract: LDP label switching may be discontinued gracefully on one or more selected ones of multiple links interconnecting a pair of label switched routers (LSRs) while leaving label switching in operation on the remaining LDP-enabled links. Mechanisms for graceful shutdown of LDP on a selected link are added by way of modification to one or more of: e.g., LDP discovery Hello messages, LDP Label Withdraw/Label Release messages, LDP Notification messages.

Abstract: Local rerouting around a failed component link of a link bundle is provided by immediately substituting one or more other component links of the same link bundle. The substitution of component links is performed at the point of failure without signaling to other nodes. This minimizes signaling traffic particularly when large numbers of LSPs are impacted by a single component link failure. Also, since LSP repair can be accomplished very quickly, traffic disruption is minimized.

Abstract: A method and apparatus for adding and updating protocol inspection knowledge/information to a firewall system during operation and without interrupting firewall services. The invention allows inspection modules, which contain protocol information, to be added and updated to the system without requiring a service restart of the firewall system.

Abstract: A system and method for advertising out-of-resources (OOR) conditions for entities, such as nodes, line cards and data links, in a manner that does not involve using a maximum cost to indicate the entity is “out-of-resources.” According to the technique, an OOR condition for an entity is advertised in one or more type-length-value (TLV) objects contained in an advertisement message. The advertisement message is flooded to nodes on a data network to inform them of the entity's OOR condition. Head-end nodes that process the advertisement message may use information contained in the TLV object to determine a path for a new label switched path (LSP) that does not include the entity associated with the OOR condition.

Abstract: LDP label switching may be discontinued gracefully on one or more selected ones of multiple links interconnecting a pair of label switched routers (LSRs) while leaving label switching in operation on the remaining LDP-enabled links. Mechanisms for graceful shutdown of LDP on a selected link are added by way of modification to one or more of: e.g., LDP discovery Hello messages, LDP Label Withdraw/Label Release messages, LDP Notification messages.

Abstract: Local rerouting around a failed component link of a link bundle is provided by immediately substituting one or more other component links of the same link bundle. The substitution of component links is performed at the point of failure without signaling to other nodes. This minimizes signaling traffic particularly when large numbers of LSPs are impacted by a single component link failure. Also, since LSP repair can be accomplished very quickly, traffic disruption is minimized.