Method and mechanism for port redirects in a network switch
Granted: March 13, 2012
Patent Number:
8135007
A method for selectively redirecting a data packet to a port on a switching device which is associated with a corresponding network service. In one embodiment, the data packet is redirected to an intrusion prevention service (IPS) for security analysis of the data packet. In another embodiment, the switching device performs a data link layer redirecting of the data packet based at least in part on whether the data packet is to be flooded from the switching device.
Methods, systems, and computer program products for providing accidental stack join protection
Granted: February 14, 2012
Patent Number:
8117336
The subject matter described herein includes methods and systems for providing accidental stack join protection. According to one embodiment, a method includes connecting stacking ports of a first switch that is a member of a first stack and a second switch that is a member of a second stack and thereby joining the first and second stacks. The configurations of the first stack and of the second stack are detected and it is determined whether the detected configurations indicate a…
Detection and mitigation of rapidly propagating threats from P2P, IRC and gaming
Granted: February 14, 2012
Patent Number:
8117657
A network switch detects at least two simultaneous connections on a single network port. The simultaneous connections use different protocols despite using the same port. The network switch mirrors network traffic associated with the simultaneous connections to a security management device on the network. The security management device then determines a source or destination of the network traffic.
Reducing traffic loss in an EAPS system
Granted: January 31, 2012
Patent Number:
8107383
A ring network with an automatic protection switching domain includes a control VLAN and at least one data VLAN. A master node in the ring is connected to at least one transit node. Each node in the ring network is linked to an adjacent node by a primary port or a secondary port. The master node receives notification of a fault via the control VLAN, the fault indicating a failed link between adjacent nodes. In response, the master node unblocks its secondary port to traffic on the data…
Systems for supporting packet processing operations
Granted: December 27, 2011
Patent Number:
8085779
Several systems for supporting packet processing are described. A first system supports virtual routing of a packet. A second system supports de-multiplexing of a packet. A third system supports advanced MPLS label processing of a packet.
Methods, systems, and computer program products for controlling enqueuing of packets in an aggregated queue including a plurality of virtual queues using backpressure messages from downstream queues
Granted: December 6, 2011
Patent Number:
8072887
Methods, systems, and computer program products for controlling enqueuing of packets in an aggregated queue including a plurality of virtual queues are disclosed. According to one method, packets are received at the input side of a queuing system. Each packet is classified into a virtual queue corresponding to one of a plurality of output queues. The output queue sends backpressure messages to the enqueue controller. The enqueue controller determines whether to place the packets in the…
Method and system for automatic expansion and contraction of IP host forwarding database
Granted: November 15, 2011
Patent Number:
8059658
An indication of a host route to be added to a forwarding database table as an entry is received. The host route is added to a first hardware table or a second hardware table if a space is available in the second hardware table or in a first storage area of the first hardware table. The first hardware table has both a first storage area and a second storage area. If a space is not available in the second hardware table or the first storage area of the first hardware table, the first…
Enforcing host routing settings on a network device
Granted: November 8, 2011
Patent Number:
8055800
A method and system for enforcing host routing settings in a network device comprises network devices having enforcement logic for extracting host routing settings from a DHCP packet issued by a DHCP server to a DHCP client connecting to a network. The network devices generate enforcement rules based on the host routing settings and apply those rules to ports through which the DHCP client connects to the network. The enforcement rules include access control lists having one or more match…
Methods, systems, and computer program products for transmitting and receiving layer 2 frames associated with different virtual local area networks (VLANs) over a secure layer 2 broadcast transport network
Granted: August 16, 2011
Patent Number:
8000344
Methods, systems, and computer program products for sending and receiving frames associated with different VLANs over a secure layer 2 broadcast transport network are disclosed. According to one method, a layer 2 frame is received at a transmit port of a layer 2 forwarding device. The layer 2 frame is to be sent over a secure layer 2 broadcast transport network. A VLAN identifier corresponding to a first VLAN is extracted from the layer 2 frame. The first VLAN identifier is mapped to a…
Redundant Ethernet automatic protection switching access to virtual private LAN services
Granted: August 2, 2011
Patent Number:
7990850
Embodiments disclosed herein provide redundant connectivity between an Ethernet Automatic Protection Switching (EAPS) access network and a Virtual Private LAN Service (VPLS) network. A first VPLS node is provided to function as an EAPS controller node. A second VPLS node is provided to function as an EAPS partner node. The first and second VPLS nodes are linked by a pseudowire and an EAPS shared-link. Additional EAPS nodes are also provided. The additional EAPS nodes are linked to each…
Method, apparatus and system for a stackable ethernet switch
Granted: July 19, 2011
Patent Number:
7983192
Implementation of non-blocking switch stacking capability for a switch device using a plug-in stacking module to connect to the switch device. In one embodiment, the plug-in stacking module receives switched data from one switch means of the connected switch device and switches the received switch data to another switch means of the same switch device. In another embodiment, switching configurations are changed so that operation of the switch device in combination with the plug-in…
Look up table (LUT) for Point-to-Point Protocol identification (PPP ID)
Granted: May 17, 2011
Patent Number:
7944942
A Point-to-Point Protocol (PPP) identifier (PPP ID) value of a PPP frame, including data, is converted to an associated Ethernet Virtual Local Area Network (VLAN) tag identifier (ID) value to enable the PPP ID value information to be communicated in an Ethernet frame to the next transmission layer for use in routing the data from the PPP frame.
Systems for statistics gathering and sampling in a packet processing system
Granted: May 3, 2011
Patent Number:
7936687
A system for statistically sampling packets is described. In this system, upon or after the occurrence of a predefined statistical event in relation to a packet, a pseudo-random value is obtained and compared to a predetermined threshold. Responsive to this comparison, the system selectively arranges to have the packet statistically sampled. A system for compiling statistics for packets undergoing processing by a packet processing system is described. In this system, upon or after the…
Method for optimizing IP route table size through IP route aggregation
Granted: May 3, 2011
Patent Number:
7936764
A subset of route entries having the same next hop is identified in a route table. The subset of entries falls within a range of prefixes. Gaps in the subset of route entries that prevent the subset from being contiguous are identified. The gaps in the subset are filled with route entries to make the subset contiguous. All of the route entries in the contiguous subset of route entries have the same next hop, thus the contiguous subset can be aggregated into a single route entry in a…
Traffic forwarding in a traffic-engineered link aggregation group
Granted: March 22, 2011
Patent Number:
7912091
A data packet is received at a network switch. The packet has a destination address that is reached via a Link Aggregation group on a virtual local area network (VLAN). A forwarding database lookup is performed to determine a Link Aggregation port reference number for the data packet on the VLAN. A Link Aggregation port table is then searched to determine the primary Link Aggregation port and a backup Link Aggregation port for forwarding the packet. A port array for ports in the Link…
Method of performing table lookup operation with table index that exceeds cam key size
Granted: March 15, 2011
Patent Number:
7908431
In a packet switching device or system, such as a router, switch, combination router/switch, or component thereof, a method of and system for performing a table lookup operation using a lookup table index that exceeds a CAM key size is provided. Multiple CAM accesses are performed, each using a CAM key derived from a subset of lookup table index, resulting in one or more CAM entries. One or more matching table entries are derived from the one or more CAM entries resulting from the…
Method and system for compressing route entries in a route table based on equal-cost multi-paths (ECMPs) matches
Granted: March 8, 2011
Patent Number:
7903666
A route compression algorithm is applied to route entries of a route table. The route entries are maintained as nodes in a routing tree. The compression algorithm compresses child nodes having a common gateway with their respective parent nodes. The route entries associated with uncompressed nodes are installed into a forwarding table of a routing device that employs longest prefix match (LPM) lookup to forward data packets.
Method of providing virtual router functionality
Granted: February 22, 2011
Patent Number:
7894451
A method of presenting different virtual routers to different end users, classes of service, or packets is provided. An incoming packet is received having a VLAN field and at least one additional field. A key is formed from the VLAN field and at least one other packet field, and mapped into a virtual router identifier (VRID) using an indirection mapping process. The VRID identifies a particular virtual router configuration from a plurality of possible virtual router configurations. A…
Method of and system for transferring overhead data over a serial interface
Granted: February 15, 2011
Patent Number:
7889658
A method of and system for transferring overhead data from a sender to a receiver over a serial interface is provided. The overhead data is transferred over one or more data lines of the interface during one or more time periods in which excess bandwidth is available on the one or more data lines or while the transfer of the overhead data does not substantially impede the throughput of the payload transfer.
Method of extending default fixed number of processing cycles in pipelined packet processor architecture
Granted: February 15, 2011
Patent Number:
7889750
In a packet processing system, where a packet processor normally performs a fixed number of processing cycles on a packet as it progresses through a processing pipeline, a method of extending the fixed number of processing cycles for a particular packet is provided. During the processing of a packet, an extension bit associated with the packet is set to an “on” state if extended processing of the packet is needed. While the extension bit is set to that state, updating of a count,…
