A network switch using a search engine to generate chained table lookup requests. After the search engine executes a first lookup, the next-pass logic in the search engine uses the first lookup result and information in the master key to generate a second lookup key as well as other parts of a second lookup request. A next-pass crossbar routes the second lookup request to a target memory, and the search logic executes the second lookup. The first lookup request may originate from a processing engine coupled to the search engine. The first and the second lookup results, if any, can then be returned back to the processing engine for further processing or decision making. The chain of lookups can be configured by software by specifying various operational parameters of the processing engines and the next-pass logic, including specifying a key construction mode for the second lookup.

A network node (1) is configured to receive an interest message comprising a request for a data object and metadata. The metadata specifies one or more criteria for selecting a subset of a plurality of items. The network node is further configured to determine whether there is a match between the requested data object and a plurality of items (e.g. from a CS or FIB) and select a subset of the plurality of items by applying the one or more criteria if the match has been determined to exist. At least one of the criteria is a preference specified for at least one of: factual properties of the plurality of items, usage data related to the plurality of items, usage data related to the at least one communication interface, an effort to obtain data from another network node, and a position in a range specified in the interest message.

A method of enabling access to content in a network implementing Internet Protocol version 6 (IPv6) is described, the method including accessing a content addressing file including entries each comprising a content portion location associated with the content portion. The content portion location associated with the content portion is extracted for an entry and, based on the content portion location, a section of an IPv6 address for the content portion is formed. Methods of addressing content for storage and retrieving content are also described.

The present application provides parameter notification and obtaining methods and devices. The parameter notification method comprises: a first node determines parameters comprised in non-default maximally redundant tree (MRT) Profile; the first node notifies the parameters comprised in the non-default MRT Profile to a second node by means of interior gateway protocol (IGP) extensions. Embodiments of the present application also provide a computer storage medium.

A method of streaming media content over a network from a media cache node is described. The method includes receiving a request for a media content item from a client device, the request comprising an address identifying a media content item to be streamed. In response to the request, a streaming engine process is allocated to the media content item for fulfilling the request. Based on the address identifying the media content item, a location comprising a media cache node able to provide the media content item is determined and the media content item is streamed to the client device using the streaming engine process allocated to the media content item. Further methods of streaming a media content item and providing access to media content are also described.

Systems, methods, and computer-readable media for validating routing table information in a network. A network assurance appliance may be configured to retrieve routing table information from a plurality of nodes in a network fabric. The routing table information includes path information from at least one source node to at least one destination node. A graph representation of the routing table information is constructed with the at least one destination node as a sink vertex for the graph representation. The network assurance appliance determines, for each leaf node in the network fabric, whether the leaf node can reach the sink vertex based on the graph representation and determines that there is a misconfiguration of the network fabric based on whether each leaf node in the fabric can reach the sink vertex.

Example methods and network devices for tunnel-based routing calculation. One example method may comprise establishing a tunnel between a first tunnel interface and a second tunnel interface; establishing a first session for routing information exchange between a first tunnel endpoint and an underlay network device; establishing a second session for routing information exchange between the first tunnel interface and the second tunnel interface over the tunnel. In response to receiving first routing information over the first session, the underlay network device may be configured to be a next hop to reach the second tunnel endpoint by updating a routing table to include a first entry. In response to receiving second routing information from the second tunnel interface over the second session, the underlay network device may be retained as the next hop based on an excluded address specified in the second routing information.

Systems and methods for providing an integrated or Smart NIC-based hardware accelerator for a network security device to facilitate identification and mitigation of DoS attacks is provided. According to one embodiment, a processor of a network security device receives an application layer protocol request from a client, directed to a domain hosted by various servers and protected by the network security device. The application layer protocol request is parsed to extract a domain name and a path string. The hardware acceleration sub-system updates rate-based counters based on the application layer protocol request by performing a longest prefix match on the domain name and the path string. When a rate threshold associated with the rate-based counters is exceeded, a challenge message is created and transmitted to the client, having embedded therein the application layer protocol request; otherwise the application layer protocol request is allowed to pass through the network security device.

Retrieving content in an Internet Protocol version 6 (IPv6) network may be provided. A lookup request associated with content may be received from a network node at a server having a mapping database. A response having an ordered list of more than one IPv6 addresses may be generated. The ordered list of the more than on IPv6 addresses may include IPV6 prefixes. Each of the more than one IPv6 addresses may include a first portion having a content identifier and a second portion having an indication of a location of the content. The response may be transmitted to the network node.

In general, the invention relates to a method for programming a network element. The method includes detecting an addition of a first route in a routing information base (RIB) on the network element, adding, in response to detecting the addition, a first route network prefix associated with the first route to a network prefix trie (NPT), identifying, based on the adding, a first parent network prefix for the first route network prefix using the NPT, making a first determination that the first route network prefix and the first parent network prefix are reachable via a first common next hop connected to the network element, and waiving, based on the first determination, a creation of a forwarding information base (FIB) entry associated with the first route network prefix in a FIB on the network element.