Abstract: In one embodiment, an apparatus includes a physical port and a plurality of logical sub-interfaces under the physical port. The physical port and the logical sub-interfaces are configured as a Bidirectional Forwarding Detection (BFD) neighbor group. The physical port being configured to run BFD sessions to detect failures at a first rate that is substantially faster as compared to a second rate of BFD sessions to detect failures on the logical sub-interfaces. The physical port notifies the logical sub-interfaces of a BFD failure at the physical port, with the logical sub-interfaces shutting down responsive to the notification.

Abstract: The disclosure presents an apparatus and method for measuring viscosity of a lubricating oil. The apparatus has a piezo-resistive cantilever sensor for sensing a first oil viscosity parameter. The sensor has a cantilever having a pressure receiving portion for receiving pressure exerted by the lubricating oil as the lubricating oil comes into contact with the pressure receiving portion. The cantilever also has first and second resistive portions in electrical communication with a first lead and a second lead, respectively, which are in electrical communication with an electrical circuit amplification element, for creating an output signal indicative of a change in the resistive characteristics of the first and second resistive portions of the cantilever as the lubricating oil comes into contact with the pressure receiving portion. The output signal can be used for determining oil viscosity.

Abstract: A router for routing data from a client through load-balancing nodes to a selected load-balanced server among a plurality of servers in a network involves: receiving, at a last load balancing node associated with a selected server among the plurality of servers, a first packet of a server reply to a request from the client; storing identifiers of ingress interfaces on which the packet arrives, in a send path list for server load balancing, as the first packet of the server reply is routed from the last load balancing node to the client using hop-by-hop decisions; receiving subsequent packets of the client request; and forwarding the subsequent packets to the selected server only on a route that is defined by the send path list and without hop-by-hop routing decisions. Packet flows are routed from the same client to the same server without hop-by-hop routing decisions or repeated load-balancing decisions.

Abstract: A method of routing data to a load-balanced server through a network having one or more load-balancing nodes is disclosed, comprising receiving a label value; storing the label value in a load balancing mapping at a load-balancing node in a network, wherein the load balancing mapping associates the label with a packet flow and with interface identifying information; and forwarding subsequent packets of the flow to a selected load-balancing server. The forwarding route is defined by the load-balancing mapping and without hop-by-hop routing decisions. The first server response packet is switched hop-by-hop and the label is stored at each node traversed by the response packets, with a flow identifier and interface identifiers. For other request and response packets, nodes fast-switch the packets based on the label mappings; thus, packet flows are rapidly routed from the client to the same server without time-consuming hop-by-hop routing or repeated load-balancing decisions.

Abstract: An approach for establishing secure multicast communication among multiple event service nodes is disclosed. The event service nodes, which can be distributed throughout an enterprise domain, are organized in a logical tree that mimics the logical tree arrangement of domains in a directory server system. The attributes of the event service nodes include the group session key and the private keys of the event service nodes that are members of the multicast or broadcast groups. The private keys provide unique identification values for the event service nodes, thereby facilitating distribution of such keys. Because keys as well as key version information are housed in the directory, multicast security can readily be achieved over any number of network domains across the entire enterprise. Key information is stored in, and the logical tree is supported by, a directory service.

Abstract: A method and apparatus providing highly scalable server load balancing are disclosed. Data packets from a client are routed through one or more routers to a server load balancer, which is selected from among a plurality of server load balancers in a network. In response to receiving a request packet, a particular server site to process the client request is selected. A first path to a second router associated with the particular server site, and a second path to a server load-balancing device associated with the second router, are determined. A mapping of flow identifying information, associated with the packet, to a first label value that identifies the first path and to a second label value that identifies the second path, is created. The first label value and the second label value are stored in the packet. All subsequent packets associated with the client request are forwarded to the server load-balancing device based on looking up the first label value and second label value in the mapping.

Abstract: A method of routing data from a client through one or more load-balancing routers to a selected load-balanced server among a plurality of servers in a network involves: receiving, at a load balancing node in a path from the client to the plurality of servers, a first packet of a request from a client; creating and storing a mapping of flow identifying information, associated with the first packet, to a client stickiness identifier; pushing the client stickiness label into a sending path list that is stored in association with the first packet; storing the client stickiness label in a mapping of client stickiness labels to server identifiers at a last load balancing node associated with the plurality of servers, wherein the mapping associates the client stickiness label with a server identifier that uniquely identifies a selected server that has been selected from among the plurality of servers to receive the client request; and forwarding all subsequent packets associated with the client request to the same s

Abstract: In one embodiment, an apparatus includes a physical port and a plurality of logical sub-interfaces under the physical port. The physical port and the logical sub-interfaces are configured as a Bidirectional Forwarding Detection (BFD) neighbor group. The physical port being configured to run BFD sessions to detect failures at a first rate that is substantially faster as compared to a second rate of BFD sessions to detect failures on the logical sub-interfaces. The physical port notifies the logical sub-interfaces of a BFD failure at the physical port, with the logical sub-interfaces shutting down responsive to the notification. It is emphasized that this abstract is provided to comply with the rules requiring an abstract that will allow a searcher or other reader to quickly ascertain the subject matter of the technical disclosure.

Abstract: The disclosure presents an apparatus and method for measuring viscosity of a lubricating oil. The apparatus has a piezo-resistive cantilever sensor for sensing a first oil viscosity parameter. The sensor has a cantilever having a pressure receiving portion for receiving pressure exerted by the lubricating oil as the lubricating oil comes into contact with the pressure receiving portion. The cantilever also has first and second resistive portions in electrical communication with a first lead and a second lead, respectively, which are in electrical communication with an electrical circuit amplification element, for creating an output signal indicative of a change in the resistive characteristics of the first and second resistive portions of the cantilever as the lubricating oil comes into contact with the pressure receiving portion. The output signal can be used for determining oil viscosity.

Abstract: An approach for establishing secure multicast communication among multiple members that participate in a multicast group is disclosed. In one feature, multiple multicast proxy service nodes (MPSNs) are defined and control when members join or leave the multicast group. The MPSNs are logically represented by a first binary tree in which each node of the first binary tree is associated with a domain of a directory service and one or more of the MPSNs. A second binary tree is created that has leaf nodes representing each member. The second binary tree is stored in a domain of the directory service with a root node that represents one or more of the MPSNs. The members can each establish multicast communication and serve as a key distribution center. When a member joins the multicast group, a new group session key is determined by replicating a branch of the second binary tree.

Abstract: An approach for managing addition or deletion of nodes in a multicast or broadcast group, which avoids introducing a single point of failure at a group controller, certificate authority, or key distribution center, is disclosed. A central group controller utilizes a binary tree structure to generate and distribute session keys for the establishment of a secure multicast group among multiple user nodes. The central group controller is replicated in a plurality of other group controllers, interconnected in a network having a secure communication channel and connected to a load balancer. The secure communication channel is established using a public key exchange protocol. The load balancer distributes incoming join/leave requests to a master group controller. The master group controller processes the join or leave, generates a new group session key, and distributes the new group session key to all other group controller replicas.

Abstract: An approach for arriving at a shared secret key in a multicast or broadcast group environment is disclosed. The key exchange protocol permits nodes within a multicast or broadcast group to compute a shared secret key in a binary fashion, whereby a shared secret key is generated for a pair of nodes at a time. Once the shared secret key is computed by the pair, the nodes within the pair is viewed as a single entity by a node that is to be joined. This process is iteratively performed until all the nodes within the multicast group attain a common shared secret key. Under this approach, the number of messages exchanged between the nodes for establishing the secured channel is significantly reduced.

Abstract: A method of routing data from a client through one or more load-balancing nodes to a selected load-balanced server among a plurality of servers in a network involves: receiving, at a last load balancing node associated with a selected server among the plurality of servers, a first packet of a server reply to a request from the client; setting a first flag value in the first packet of the server reply; storing one or more identifiers of ingress interfaces on which the packet arrives, in a send path list for server load balancing, as the first packet of the server reply is routed from the last load balancing node to the client using hop-by-hop decisions; receiving one or more subsequent packets of the client request; setting a second flag value in each of the subsequent packets; and forwarding the subsequent packets to the selected server only on a route that is defined by the send path list and without hop-by-hop routing decisions.

Abstract: A method of routing data from a client through one or more load-balancing routers to a selected load-balanced server among a plurality of servers in a network involves: receiving, at a load balancing node in a path from the client to the plurality of servers, a first packet of a request from a client; creating and storing a mapping of flow identifying information, associated with the first packet, to a client stickiness identifier; pushing the client stickiness label into a sending path list that is stored in association with the first packet; storing the client stickiness label in a mapping of client stickiness labels to server identifiers at a last load balancing node associated with the plurality of servers, wherein the mapping associates the client stickiness label with a server identifier that uniquely identifies a selected server that has been selected from among the plurality of servers to receive the client request; and forwarding all subsequent packets associated with the client request to the same s

Abstract: An approach for establishing secure multicast communication among multiple event service nodes is disclosed. The event service nodes, which can be distributed throughout an enterprise domain, are organized in a logical tree that mimics the logical tree arrangement of domains in a directory server system. The attributes of the event service nodes include the group session key and the private keys of the event service nodes that are members of the multicast or broadcast groups. The private keys provide unique identification values for the event service nodes, thereby facilitating distribution of such keys. Because keys as well as key version information are housed in the directory, multicast security can readily be achieved over any number of network domains across the entire enterprise. Key information is stored in, and the logical tree is supported by, a directory service. Replication of the directory accomplishes distribution of keys.

Abstract: An optimized approach for arriving at a shared secret key in a multicast or broadcast group environment is disclosed. The key exchange method is mathematically equivalent to the standard broadcast version of the Diffie-Hellman public-key algorithm. However, from an implementation perspective, nodes within a multicast or broadcast group are treated in a binary fashion, whereby a shared secret key is generated for a pair of nodes at a time. Once the shared secret key is computed by the pair, the nodes within the pair are viewed as a single entity by a node that is to be joined. This process is iteratively performed until all the nodes within the multicast group attain a common shared secret key. Under this approach, the number of messages exchanged between the nodes for establishing the secured channel is significantly reduced compared to the standard broadcast Diffie-Hellman method.

Abstract: Apparatus and computer-readable media are disclosed for establishing secure multicast communication among multiple multicast proxy service nodes of domains of a replicated directory service that spans a wide area network. Domains are organized in a logical tree. Each domain has a logical tree that organizes the multicast proxy service nodes, a group manager at the root node, a multicast key distribution center, multicast service agent, directory service agent and key distribution center. Multicast proxy service nodes store a group session key and a private key. Replication of the directory performs key distribution. A multicast group member joins or leaves the group by publishing message. The local key distribution center and multicast service agent obtain the publisher's identity from a local directory service agent. Based on the identity, a secure channel is established with the directory service agent in the group member's domain.

Abstract: A method of routing data to a load-balanced server through a network having one or more load-balancing nodes is disclosed. The first packet of a client request is received at one of the load-balancing nodes, which stores information identifying a flow associated with the packet and an incoming interface identifier. The node then makes a server load-balancing decision and stores an outgoing interface identifier. When the packet reaches the last load-balancing node before the selected server, that last node also requests an MPLS label to uniquely identify the flow, connection and route. The label is stored in a mapping at the last node that associates the label with the flow and interface identifying information. The packet is routed to the selected server. The first server response packet is switched hop-by-hop and the MPLS label is stored at each node traversed by the response packets, in association with a flow identifier and incoming and outgoing interface identifiers.

Abstract: An approach for establishing secure multicast communication among multiple multicast proxy service nodes of domains of a replicated directory service that spans a wide area network. The domains are organized in a logical tree and each domain stores a logical tree that organizes the multicast proxy service nodes. Each domain also comprises a group manager at the root node of the binary tree, a multicast key distribution center, multicast service agent, and directory service agent and key distribution center (Unicast). Multicast proxy service nodes each store a group session key and a private key. Replication of the directory accomplishes distribution of keys. A Multicast group member joins or leaves the group by publishing a message. The local key distribution center and multicast service agent obtain the identity of the publisher from a local directory service agent. Based on the ID value, a secure channel is established with the DSA of the group member's domain.