A communication apparatus 1 is provided with a first communication interface 11, second communication interfaces 12 connected to a plurality of access routers 3 connected to an Internet 6, and a route determination unit which, for a packet being communicated from the first communication interface 11 to the second communication interfaces 12, determines the second communication interface 12 in accordance with an elapsed time since connecting start of a connection with a destination of the packet. Connections having started within a predetermined time are treated as connections constituting one user session. Therefore, connections constituting the same user session can be communicated via the same access router without the need of analyzing a protocol of a layer.

An example system includes a network having interconnected routers, a multicast source to transmit data through the network for receipt by receiving host devices, and a query agent communicatively coupled to each router of the interconnected routers. The query agent is to generate a flow tree for multicasting of the data from the multicast source to each receiving host device, the flow tree including flow paths from the multicast source to each receiving host device, query each router to determine a status of at least one flow path of the flow tree, and identify an anomaly associated with at least one router in the at least one flow path.

A physical network element is provided which is configured to operate as a plurality of separated routing entities, each functioning independently of the others, wherein the physical network element is characterized in that: a) each of the plurality of routing entities is provided with its own control, management and data planes, as well as with a dedicated routing information base table and a forwarding information base table; and b) all of the plurality of routing entities are configured to operate while sharing at least one member of a group that consists of: (i) one or more packet processors comprised in the physical network element; (ii) one or more central processing units (CPUs) comprised in the physical network element; (iii) one or more fabrics comprised in the physical network element; and (iv) one or more network interfaces comprised in the physical network element.

A method of determining an INP execution location for data processing in a name-based in-network system includes: receiving, by a first router, an INP interest packet; determining, by the first router, whether or not to perform an INP execution in the first router on the basis of user policy information and constraint information included in the INP interest packet. Herein, when the first router is capable of executing the INP, the first router generates an execution environment, and executes a function, and when the first router is not capable of executing the INP, the first router transfers the INP interest packet to a second router.

The invention concerns API proxy based adaptive security. The invention implements adaptive security for API servers, while avoiding data bottlenecks and maintaining client experience. The invention provides methods and configurations for API security that may be employed at proxies for implementing routing decisions involving client messages received at said proxies. The invention also involves generating or collecting at proxies, log information that captures data corresponding to received client messages and responses from API serverswhich log information correlates communications between clients, proxies and backend API servers, and includes data relevant for purposes generating API metrics and identifying anomalies and/or indicators of compromise. The invention yet further provides security server clusters configured for generating API metrics and/or identify anomalies or indicators of compromisewhich may be used by proxies to terminate existing connections and block subsequent requests or messages from clients associated with the identified anomalies or indicators of compromise.

The invention enables high-availability, high-scale, high security and disaster recovery for API computing, including in terms of capture of data traffic passing through proxies, routing communications between clients and servers, and load balancing and/or forwarding functions. The invention inter alia provides (i) a scalable cluster of proxies configured to route communications between clients and servers, without any single point of failure, (ii) proxy nodes configured for implementing the scalable cluster (iii) efficient methods of configuring the proxy cluster, (iv) natural resiliency of clusters and/or proxy nodes within a cluster, (v) methods for scaling of clusters, (vi) configurability of clusters to span multiple servers, multiple racks and multiple datacenters, thereby ensuring high availability and disaster recovery (vii) switching between proxies or between servers without loss of session.

A method for dynamic track allocation in a network comprising accessing a message to be routed to a target node; receiving from a path computation element (PCE), a track from the first node to the target node, wherein the track includes at least any intermediate nodes that provide a path from the first node to the target node, wherein the track comprises one or more allocated link resources to the first node, to any intermediate nodes, and to the target node; assigning a track identifier and an expiration time to the defined track; appending the assigned link resources, expiration time and track identifier to the message; and transmitting the message from the first node to the target node, wherein transmitting causes subsequent messages with the same assigned track identifier to be routed through the network along the same route and using the link resources configured by the message.

A system is described that includes an integrated circuit chip having a network-on-chip. The network-on-chip includes multiple routers arranged in a topology and a separate communication link coupled between each router and each of one or more neighboring routers of that router among the multiple routers in the topology. The integrated circuit chip also includes multiple nodes, each node coupled to a router of the multiple routers. When operating, a given router of the multiple routers keeps a record of operating states of some or all of the multiple routers and corresponding communication links. The given router then routes flits to destination nodes via one or more other routers of the multiple routers based at least in part on the operating states of the some or all of the multiple routers and the corresponding communication links.

A method is implemented by a network device functioning as a Border Gateway Protocol (BGP) speaker to adaptively control a flow of link-state information to a peer BGP speaker. The network device stores, in a database, link-state information pertaining to a network in which it operates. The method includes determining that a pending change to the link-state information in the link-state database exists, determining whether a length of a change list queue meets/exceeds a threshold value, holding off on enqueuing link-state information into the change list queue while the length of the change list queue meets or exceeds the threshold value, determining aggregated link-state information to transmit to the peer BGP speaker in response to a determination that the length of the change list queue falls below the threshold value, and enqueuing the aggregated link-state information into the change list queue for eventual transmission to the peer BGP speaker.

Packet classification apparatus includes a plurality of switches, including one or more leaf switches and one or more spine switches, each including a memory configured to hold packet classification entries. The ports of the leaf switches include external ports for connection to a packet network and internal ports, which are connected to the ports of at least one of the spine switches. The packet classification entries are selected from a database, which includes an outer partition, which is stored in the memory of the leaf switches, and at least one inner partition, which is stored in the memory of the one or more spine switches.