Techniques for compiling firewall rules into byte code or assembly code that can be loaded into cache memory of a processor and executed to evaluate received data packets. Rather than representing firewall rules in mid- or high-level languages stored in main memory, the techniques described herein include compiling the firewall rules into bytecode or assembly code, and distributing the code to the data plane. A packet-processing device may load the code representing the firewall rules into instruction cache of the processor. Further, the packet-processing device receives a data packet and extracts packet context data indicating attributes of the packet, and load the packet context data into a data cache of the processor. The processor can then execute the byte code or assembly code representing the firewall rules to evaluate the packet context data without having to access main memory to determine whether allow or block the data packet.

In one embodiment, a method comprises: detecting, by a root network device in a low power and lossy network (LLN) operating in a downward-routing mode, an outage among at least a substantial number of LLN devices in the LLN; initiating, by the root network device, a dynamic suspension of network operations in the LLN during the outage, including causing existing Internet Protocol (IP) addresses of all the LLN devices to be maintained during the outage, and causing all the LLN devices to limit transmissions to Power Outage Notification (PON) messages, Power Restoration Notification (PRN) messages, or minimal-bandwidth data packets, based on the root network device switching the LLN from the downward-routing mode to a collection-only mode; and selectively restoring, by the root network device, the LLN to the downward-routing mode in response to detecting PRN messages from at least substantially all the substantial number of LLN devices.

Problems associated with providing a large Clos network having at least one top of fabric (ToF) node, a plurality of internal nodes, and a plurality of leaf nodes may be solved by: (a) providing L2 tunnels between each of the leaf nodes of the Clos and one or more of the at least one ToF node to ensure a non-partitioned IGP L2 backbone, and (b) identifying the L2 tunnels as non-forwarding adjacencies in link state topology information stored in ToF node(s) and leaf node(s) such that the L2 tunnels are not used for forwarding traffic. In some example implementations consistent with the present disclosure, the L2 tunnels are not used to compute routes from the link state topology information. Alternatively, in some other example implementations consistent with the present disclosure, the L2 tunnels are used to compute routes, but such routes are not used, or only used if no routes using only L1 (or L1-down adjacencies) are available. In some example implementations consistent with the present disclosure, L2 prefix information is leaked down to L1 of the IGP.

The present invention is provides a method and apparatus for routing a data packet in a network. For each nearby device capable of routing the packet toward a further destination, an associated cost or utility is determined. The device with lowest cost or highest utility is selected and the packet is forwarded toward same. The selecting may use a comparator tree. The cost or utility may be associated with forwarding the data packet from the candidate device toward the further destination. The cost or utility may be based on a distance from candidate device to the further destination, and may be determined using a Haversine function or approximation thereof, or by computing an inner product of a first vector and a second vector originating at a center of Earth, the first vector directed toward the candidate device, the second vector directed toward the further destination.

The subject technology addresses a need for improving utilization of network bandwidth in a multicast network environment. More specifically, the disclosed technology provides solutions for extending multipathing to tenant multicast traffic in an overlay network, which enables greater bandwidth utilization for multicast traffic. In some aspects, nodes in the overlay network can be connected by virtual or logical links, each of which corresponds to a path, perhaps through many physical links, in the underlying network.

The present invention relates to electronic systems for use in high demand or mission critical environments, including power stations, sub-stations, roadside transportation, rail, and industrial applications. The present invention provides a) increased resilience of mission critical communications infrastructure b) ability to maintain multiple independent RSTP domains over HSR ring d) method of using a hidden VLAN as an RSTP domain ID c) a method of creating multiple redundant protocols domains over HSR ring.

In a spanning tree network, topology change notifications are omitted when a port becomes forwarding if the peer port is an Alternate or Backup port in Discarding state. Other features are also provided.

Systems and methods for providing bandwidth congestion control in a private fabric in a high performance computing environment. An exemplary method can provide, at one or more microprocessors, a first subnet, the first subnet comprising a plurality of switches, and a plurality of host channel adapters, wherein each of the host channel adapters comprise at least one host channel adapter port, and wherein the plurality of host channel adapters are interconnected via the plurality of switches, and a plurality of end nodes. The method can provide, at a host channel adapter, an end node ingress bandwidth quota associated with an end node attached to the host channel adapter. The method can receive, at the end node of the host channel adapter, ingress bandwidth, the ingress bandwidth exceeding the ingress bandwidth quota of the end node.

A method implemented in a network device to enable scalable network path tracing. The method includes receiving a data packet with operations, administration and maintenance (OAM) information, updating a previous node identifier field in the OAM information, updating a current node identifier field in the OAM information, and sending a copy of the updated data packet with OAM information to a collector to build a packet trace.

Systems and methods for supporting unique multicast forwarding across multiple connected subnets in a high performance computing environment. In accordance with an embodiment, by enforcing that incoming (i.e., incoming on a router port of a subnet) multicast packets have SGIDs (source global identifiers) that correspond to a restricted set of source subnet numbers when entering the ingress router ports to a local subnet, it is possible to ensure that multicast packets sent from one subnet are never returned to the same subnet through a different set of connected router ports (i.e., avoid looping multicast packets).