PERFORMING RATE LIMITING WITHIN A NETWORK
Granted: November 18, 2010
Application Number:
20100290343
Methods and systems for performing rate limiting are provided. According to one embodiment, multiple paths are provided between each pair of multi-path load balancing (MPLB) components within a Layer 2 network by establishing overlapping loop-free topologies in which each MPLB component is reachable by any other via each overlapping topology. A first MPLB component receives packets associated with a flow sent by a source component at a particular rate. The first MPLB component forwards…
FAULT TOLERANT ROUTING IN A NON-HOT-STANDBY CONFIGURATION OF A NETWORK ROUTING SYSTEM
Granted: November 4, 2010
Application Number:
20100281296
Methods and systems for facilitating fault tolerance in a non-hot-standby configuration of a network routing system are provided. According to one embodiment, a failover method is provided. A fault manager executing on a control blade of multiple server blades of a network routing system actively monitors an active processing engine of multiple processing engines within the network routing system. Responsive to detecting a fault associated with the active processing engine, the active…
FIREWALL INTERFACE CONFIGURATION TO ENABLE BI-DIRECTIONAL VOIP TRAVERSAL COMMUNICATIONS
Granted: October 21, 2010
Application Number:
20100269172
Methods and systems for an intelligent network protection gateway (NPG) and network architecture are provided. According to one embodiment, a firewall provides network-layer protection to internal hosts against unauthorized access by hosts of an external network by performing network address translation (NAT) processing of Internet Protocol (IP) addresses. The firewall changes data in headers of VoIP packets and corresponding data contents of the VoIP packets, to enable bi-directional…
DATA STRUCTURE FOR POLICY-BASED REMEDIATION SELECTION
Granted: October 7, 2010
Application Number:
20100257585
A machine-actionable memory may include: one or more machine-actionable records arranged according to a data structure, the data structure including links that respectively map between at least one R_ID field, the contents of which denote an identification (ID) of a remediation (R_ID); and at least one POL_ID field, the contents of which denotes an ID of at least one policy (POL_ID), the at-least-one policy respectively defining a condition satisfaction of which is potentially indicative…
SERVICE PROCESSING SWITCH
Granted: September 2, 2010
Application Number:
20100220732
Methods and systems for providing IP services in an integrated fashion are provided. According to one embodiment, a system includes a switch fabric and a line interface/network module, multiple virtual routing engines (VREs) and a virtual services engine (VSE) coupled with the switch fabric. The line interface/network module receives packets, steers ingress packets to a selected VRE and transmits egress packets according to their relative priority. VREs determines if a packet associated…
HETEROGENEOUS MEDIA PACKET BRIDGING
Granted: September 2, 2010
Application Number:
20100220741
Methods and systems for bridging Ethernet frames transmitted over heterogeneous media channels are provided. According to one embodiment, multiple Ethernet frames encapsulated within multiple in-bound media transmissions having different media formats are received via a first set of multiple network interfaces of a network-computing device. The multiple in-bound media transmissions are relayed via a switch fabric of the network-computing device to a virtual bridge application running on…
ENABLING MEMORY TRANSACTIONS ACROSS A LOSSY NETWORK
Granted: August 12, 2010
Application Number:
20100205502
Methods and systems for enabling remote programmed I/O to be carried out across a “lossy” network are provided. According to one embodiment, a node maps a portion of a remote memory of a remote node into its physical address space. MTMs conforming to a processor bus protocol are received by a network interface of the node. The MTMs destined for the remote node are encapsulated within network packets. Each network packet is assigned a sending priority based upon a transaction type of…
VULNERABILITY-BASED REMEDIATION SELECTION
Granted: August 5, 2010
Application Number:
20100199353
A machine-actionable memory comprises one or more machine-actionable records arranged according to a data structure. Such a data structure may include links that respectively map between a remediation, at least one action, and at least two vulnerabilities. A method of selecting a remediation, that is appropriate to a vulnerability which is present on a machine to be remediated, may include: providing a machine-actionable memory as mentioned above; and indexing into the memory using: a…
IDENTIFYING NODES IN A RING NETWORK
Granted: July 29, 2010
Application Number:
20100189016
Methods, systems and data structure for facilitating identification of nodes in a ring network are provided. According to one embodiment, a data structure is stored on a computer-readable storage media of a node (e.g., a blade) participating in a ring network, within a multi-blade system, for example. The data structure includes a packet-ring master field, a control-node master field, a node characteristics field, a connection state field, a node identification field and a marker field.…
CENTRALIZED DATA TRANSFORMATION
Granted: June 17, 2010
Application Number:
20100153490
A method of facilitating transformation of survey data from being in at least one foreign format used by a survey-tool to being in a desired format may include: receiving instances of foreign data from survey-tools, the foreign data being in foreign format used by the survey-tools, respectively; and appending, to the instances of foreign data, service-keys to identify the service tools which gathered the foreign data, respectively, to produce a data block that includes…
SYSTEMS AND METHODS FOR PROCESSING ELECTRONIC DATA
Granted: June 17, 2010
Application Number:
20100153507
A method of processing electronic data includes receiving electronic data, and scanning at least a portion of the electronic data against a first signature, wherein the first signature is not data-type dependent. A method of processing electronic data includes receiving electronic data to be scanned, identifying a portion of the electronic data, wherein the portion is represented as an object, and assigning one or more procedures to scan the portion based at least in part on the object.…
SYSTEMS AND METHODS FOR UPDATING CONTENT DETECTION DEVICES AND SYSTEMS
Granted: June 17, 2010
Application Number:
20100154064
A method of updating a content detection module includes obtaining content detection data, and transmitting the content detection data to a content detection module, wherein the transmitting is performed not in response to a request from the content detection module. A method of sending content detection data includes obtaining content detection data, selecting an update station from a plurality of update stations, and sending the, content detection data to the selected update station. A…
Scalable IP-Services Enabled Multicast Forwarding with Efficient Resource Utilization
Granted: June 10, 2010
Application Number:
20100142527
Methods and apparatus are provided for managing multicast Internet Protocol (IP) flows. According to one embodiment, a multicast IP flow is identified at an interface of a network device using information from a packet header. For any newly identified multicast IP flow, if flow-specific services are required, a new first transmit control block (TCB), which includes one or more attributes relating to flow-specific services required by the newly identified multicast IP flow, is created for…
ELECTRONIC MESSAGE AND DATA TRACKING SYSTEM
Granted: June 10, 2010
Application Number:
20100146627
Systems and methods for tracking electronic messages and data are provided. In one embodiment, the invention consists of a method of tracking email messages. In various embodiments, steps may include a) identifying an email message for tracking and b) inserting a linking object, into a tracked email message. Responsive to activation by a receiver of the email message, the linking object enables the receiver to submit information to a commercial anti-spam service or a commercial…
USE OF AUTHENTICATION INFORMATION TO MAKE ROUTING DECISIONS
Granted: May 20, 2010
Application Number:
20100125898
Methods and systems for utilizing authentication attributes to determine how to direct traffic flows are provided. According to one embodiment, a program storage device readable by a network device associated with a service provider is provided. The program storage device tangibly embodies a program of instructions executable by a processor of the network device to perform method steps for authenticating users and establishing appropriate service sessions. An end user from whom a…
SYSTEMS AND METHODS FOR DETECTING AND PREVENTING FLOODING ATTACKS IN A NETWORK ENVIRONMENT
Granted: May 13, 2010
Application Number:
20100122344
A method for processing network traffic data includes receiving a packet, and determining whether the packet is a previously dropped packet that is being retransmitted. A method for processing network traffic content includes receiving a plurality of headers, the plurality of headers having respective first field values, and determining whether the first field values of the respective headers form a first prescribed pattern. A method for processing network traffic content includes…
DETECTION OF SUSPICIOUS TRAFFIC PATTERNS IN ELECTRONIC COMMUNICATIONS
Granted: April 15, 2010
Application Number:
20100095377
Methods and systems for detecting suspicious traffic patterns in electronic communications are provided. According to one embodiment, an electronic mail (email) message is received by a mail filter (milter), which evaluates a traffic pattern represented by the email message by scanning information associated with the email message and comparing it to information associated with one or more traffic analysis profiles. If the email message is identified by the milter as being inconsistent…
MANAGING AND PROVISIONING VIRTUAL ROUTERS
Granted: April 15, 2010
Application Number:
20100094980
Methods and systems are provided for provisioning and managing network-based virtual private networks (VPNs). According to one embodiment, virtual routers (VRs) distributed among service processing switches are provisioned by a service management system (SMS) to support network-based customer virtual private networks (VPNs) by generating a routing configuration based on (i) site reachability information for the service processing switches and (ii) a global customer routing profile for at…
FAULT TOLERANT ROUTING IN A NON-HOT-STANDBY CONFIGURATION OF A NETWORK ROUTING SYSTEM
Granted: January 14, 2010
Application Number:
20100011245
Methods and systems for facilitating fault tolerance in a non-hot-standby configuration of a network routing system are provided. According to one embodiment, a method is provided for replacing an active processing engine with a non-hot-standby processing engine. Multiple processing engines within a network routing system are configured. The processing engines include an active processing engine having one or more software contexts, representative of a set of objects implementing a…
SYSTEMS AND METHODS FOR DETECTING AND PREVENTING FLOODING ATTACKS IN A NETWORK ENVIRONMENT
Granted: January 14, 2010
Application Number:
20100011124
A method for processing network traffic data includes receiving a packet, and determining whether the packet is a previously dropped packet that is being retransmitted. A method for processing network traffic content includes receiving a plurality of headers, the plurality of headers having respective first field values, and determining whether the first field values of the respective headers form a first prescribed pattern. A method for processing network traffic content includes…
