Methods, systems, and computer readable media for stateless load balancing of network traffic flows
Granted: July 30, 2013
Patent Number:
8499093
Methods, systems, and computer readable media for performing stateless load balancing of network traffic flows are disclosed. According to one aspect, the subject matter described herein includes a method for performing stateless load balancing of network traffic flows. The method occurs at a layer 3 packet forwarding and layer 2 switching device. The method includes responding to address resolution protocol (ARP) requests from clients, the ARP requests including a virtual IP (VIP)…
Integrated network policy enforcement
Granted: June 11, 2013
Patent Number:
8464312
A method and system for integrating network policy enforcement into an existing network infrastructure comprises a communications bus that links expert policy devices, such as intrusion prevention devices, with one or more connection points. The connection points are network devices that are equipped with enforcement logic for receiving reports of events via a published interface on the communications bus about the existing network infrastructure from either the policy devices or the…
Memory array error correction
Granted: June 11, 2013
Patent Number:
8464093
A memory array comprises N+1 memory elements. N memory elements store data and one or more error check bits respectively derived from the stored data. A separate N+1 memory element stores parity bits generated from the data stored in the N memory elements. These parity bits are stored in. To recover from data errors, data in each N memory element are first checked using their respective error check bits. If faulty data are detected in one of the N memory elements, an exclusive-or…
Software control plane for switches and routers
Granted: May 14, 2013
Patent Number:
8442030
A Provider Network Controller (PNC) addresses the challenges in building services across Next Generation Network (NGN) architectures and creates an abstraction layer as a bridge, or glue, between the network transport and applications running over it. The PNC is a multi-layer, multi-vendor dynamic control plane that implements service activation and Layer 0-2 management tools for multiple transport technologies including Carrier Ethernet, Provider Backbone Transport (PBT), Multi-protocol…
Pseudo wire processing in a packet forwarding device
Granted: May 7, 2013
Patent Number:
8437359
A method is provided for pseudo wire processing in a packet forwarding device in which a packet is processed based on whether the ports through which the packet is transmitted are real or pseudo wire ports. The inbound and outbound port information is encoded using a predefined range of index values such that index values falling within one range of values are used for passing real port information, and index values falling within another range of values are used for passing pseudo wire…
Method of and system for analyzing the content of resource requests
Granted: April 2, 2013
Patent Number:
8412838
Systems and methods are described for analyzing the content of resource requests. A tokenizer parses the resource request and derives a key therefrom. A database associates values of the key with categories of service. An association engine uses the key to obtain one or more matching entries from the database, and derive therefrom the desired category of service for the resource request. A cookie engine derives cookie information from a cookie located in the resource request. A session…
Customer isolation using a common forwarding database with hardware learning support
Granted: February 5, 2013
Patent Number:
8369344
A network switch includes a plurality of isolated ports, each associated with a private domain. The switch also includes a network port associated with the private domain. A memory in the switch maintains a hardware-based forwarding table for the private domain. Processing logic in the network switch prevents forwarding of packets between isolated ports within the private domain based at least in part on a privacy level associated with each entry in the hardware-based forwarding table…
Methods, systems, and computer readable media for automatically selecting between internet protocol switching modes on a per-module basis in a packet forwarding device
Granted: December 11, 2012
Patent Number:
8331373
The subject mailer described herein includes methods, systems, and computer readable media for automatically selecting between Internet protocol switching modes on a per-module basis in a packet forwarding device. According to one aspect, a method may include determining capacities of hardware longest prefix matching (LPM) tables located on each input/output (I/O) module in a multi-module IP packet forward device. The number of routes currently stored in a software LPM table may be…
VoIP security
Granted: October 23, 2012
Patent Number:
8295188
A network switch automatically detects Voice over Internet Protocol (VoIP) traffic and mirrors the VoIP traffic to a security management device. The security management device measures a rate of call setup packets in the VoIP traffic. The security management device detects an attack based on a comparison of the measured rate of call setup packets to a threshold rate. Detected attacks are mitigated.
Self-configuring network
Granted: October 2, 2012
Patent Number:
8279874
A self-configuring network comprises network devices that are automatically provisioned with appropriate network resources upon the occurrence of a network event. A profile containing one or more commands to provision a network device with appropriate network resources is deployed to selected connecting devices. The selected connecting devices are targeted for deployment based on the network device and/or port groups to which they belong as determined from a network management system.…
Method and apparatus for providing quality of service across a switched backplane for multicast packets
Granted: September 25, 2012
Patent Number:
8274974
A method and system is provided to enable quality of service across a backplane switch for multicast packets. For multicast traffic, an egress queue manager manages congestion control in accordance with multicast scheduling flags. A multicast scheduling flag is associated with each egress queue capable of receiving a packet from a multicast ingress queue. When the multicast scheduling flag is set and the congested egress queue is an outer queue, the egress queue manager refrains from…
Network threat detection and mitigation
Granted: August 28, 2012
Patent Number:
8255996
A network switch automatically detects undesired network traffic and mirrors the undesired traffic to a security management device. The security management device determines the source of the undesired traffic and redirects traffic from the source to itself. The security management device also automatically sends a policy to a switch to block traffic from the source.
Communication of location information for an IP telephony communication device
Granted: July 31, 2012
Patent Number:
8233474
Techniques for providing location information describing a communication device configured to exchange telephony information over a computer network. A switching device of the computer network receives a first message according to a node-to-node communication protocol, the first message indicating that the endpoint communication device includes a configuration for a mode of operation on behalf of a telephone service account. The switching device determines from the first message an…
Methods, systems, and computer readable media for conserving multicast port list resources in an internet protocol (IP) packet forwarding device
Granted: June 26, 2012
Patent Number:
8208418
The subject matter described herein includes methods and systems for conserving multicast port lists in an IP packet forwarding device. According to one embodiment, the method includes providing an IP multicast packet port data structure containing at least a first port list and a second port list. The first and second port lists each contain zero or more port addresses for indicating the ports to which a received IP multicast packet including a group IP address is to be forwarded. An IP…
Backplane device for non-blocking stackable switches
Granted: June 19, 2012
Patent Number:
8204070
A backplane device to connect to a plurality of stackable network switch devices. According to one aspect of the intention, each of the plurality of stackable network switch devices can implement its own internal non-blocking switching. According to another aspect of the intention, the relative configuration of connectors and signal lines of the backplane device provide for a switch device to be readily connected into (or disconnected from) a switch stack implementing combined…
Methods, systems, and computer readable media for dynamically rate limiting slowpath processing of exception packets
Granted: May 8, 2012
Patent Number:
8174980
The subject matter described herein includes methods and systems for dynamically rate limiting slowpath processing of exception packets. According to one embodiment, a method includes monitoring processing resources in a packet forwarding device used for performing slowpath processing of exception packets at the packet forwarding device. It is determined whether usage of the processing resources used for slowpath processing exceeds a first threshold and, in response to determining that…
Network convergence in response to a topology change
Granted: April 17, 2012
Patent Number:
8159936
In response to a network topology change, packets are initially flooded on ports of a network device. In addition, a bit array is cleared in response to the topology change. Each bit in the bit array is associated with a particular forwarding entry on the network device. In connection with the clearing of the bit array, the flooding of packets on ports of the network device is made conditional, reducing failover time of the network.
Optimal reading of forwarding database from hardware
Granted: April 17, 2012
Patent Number:
8160074
Forwarding database entries in a memory of a network device are scanned. Each port on the network device maintains a forwarding database in the memory. A filtered list of forwarding database entries is automatically sent to a management module.
Packet data modification processor
Granted: April 17, 2012
Patent Number:
8161270
A programmable processor configured to perform one or more packet modifications through execution of one or more commands. A pipelined processor core comprises a first stage configured to selectively shift and mask data in each of a plurality of categories in response to one or more decoded commands, and combine the selectively shifted and masked data in each of the categories. The pipelined processor core further comprises a second stage configured to selectively perform one or more…
Command selection in a packet forwarding device
Granted: March 20, 2012
Patent Number:
8139583
Packet modification is performed in the switch fabric by selecting a conditional command belonging to a set of commands for modifying a packet. The set of commands is identified based on an index value, and selecting a conditional command belonging to the set of commands is based on a mask value, where the index and mask values are determined based on data in the packet undergoing modification, such as the packet's source and destination, or incoming label. Among other advantages,…
