One embodiment provides a system for facilitating efficient communication of an interest group packet indicating a collection of interests. During operation, the system receives, by an intermediate node, a first packet which has a name and indicates a set of member interests, wherein a member interest has a name, wherein a name is a hierarchically structured variable length identifier that includes contiguous name components ordered from a most general level to a most specific level. In response to obtaining a content object which satisfies a member interest, the system removes the indicated member interest from the first packet. The system adds an entry in a pending interest table for the first packet, wherein the entry indicates the name for the first packet, the name for each member interest, and an indicator of whether each member interest is satisfied. The system transmits the first packet to another node.

Aspects of the disclosure are directed to systems, network nodes, and methods performed in a network node. A network node can host a TCP/ICN proxy for routing TCP packets through an ICN network. The network node can serve as a forward proxy or a reverse proxy. As a forward proxy, the network node can receive a first packet at the network node, the first packet compliant with a Transmission Control Protocol (TCP) protocol; encapsulate one or more TCP headers from the first packet into a payload field of a second packet, the second packet compliant with an Information Centric Networking (ICN) protocol; and transmit the second packet to a destination through an ICN network. As a reverse proxy, the network node can receive an ICN packet from an ICN network, decapsulate the ICN packet to its TCP components, and transmit the TCP packet through a TCP network.

A routing table is represented as a binary search tree ordered by prefix lengths. Markers are placed to guide accessing nodes in designated subtrees to search for a longest prefix match with destination addresses of data packet. Destination descendant nodes in remote hierarchical levels of the tree are associated with the markers. The traversal of the binary search tree is conducted by accessing the respective destination descendant nodes while avoiding accessing nodes in intermediate hierarchical levels. The packet is processed using the longest prefix match.

The present disclosure discloses a method and network device for control plane protection for various tables using storm prevention entries. Specifically, the disclosed system receives a first packet, and creates an inactive entry in a table. The system then forwards the first packet from a first processor to a second processor for processing. Also, the system associates the inactive entry with a timestamp indicating when the first packet is forwarded to the second processor, and determines a configured interval (CI) associated with the table. Further, the system compares a difference between a current timestamp and the timestamp associated with the inactive entry against the CI upon receiving a second packet. If the difference is longer than the CI, the system associates the inactive entry with the current timestamp, and forwards the second packet to the second processor for processing. Otherwise, the system discards the second packet.

One embodiment provides a system that facilitates routing with minimum name disclosure in a CCN. During operation, the system adds a first entry to a local forwarding information base for a first name prefix and a corresponding first suffix encryption key indicated in a first advertisement. In response to receiving a first interest with a name that includes the first name prefix, the system performs a lookup in the forwarding information base for the first interest name to obtain the first entry. The system encrypts a suffix of the first interest name based on the first suffix encryption key, wherein the suffix begins from a name component following the first name prefix. The system forwards the first interest to one or more interfaces indicated in the first entry, thereby facilitating routing with minimum name disclosure in a content centric network.

A plurality of line cards with each line card having a respective network forwarding engine and a respective outgoing interface (OIF) list and at least one fabric module communicatively coupled with each line card with each fabric module can have a respective network forwarding engine. The local OIF list can be asymmetrically programmed. The network forwarding engine of a line card can be configured to receive a multicast packet, compare a multicast address associate with the received multicast packet with entries in the local OIF list of the line card and forward the received multicast packet to at least one interface associated with the multicast address in response to the comparison resulting in a match.

Procedures, methods and architectures for anchoring communication between IP-based devices in an ICN network or across an IP peer network are disclosed. Embodiments may enable the communication between two IP-based devices connected to an ICN, or one IP-based device connected to an ICN network while another IP-based device is connected either to an ICN network or IP network. In an embodiment, IP packets originating from an IP-based device may be encapsulated into ICN packets and forwarded via an ICN network. In an embodiment, IP packets received via an ICN network may be encapsulated in ICN packets and forwarded to an IP-based device. In an embodiment, IP packets originating from an IP-based device may be forwarded and received via an ICN network towards another IP network. In an embodiment, IP packets received by an ICN network may be forwarded towards an IP-based device via the ICN network.

A network switch includes a memory configurable to store alternate table representations of an individual trie in a hierarchy of tries. A prefix table processor accesses in parallel, using an input network address, the alternate table representations of the individual trie and searches for a longest prefix match in each alternate table representation to obtain local prefix matches. The longest prefix match from the local prefix matches is selected. The longest prefix match has an associated next hop index base address and offset value. A next hop index processor accesses a next hop index table in the memory utilizing the next hop index base address and offset value to obtain a next hop table pointer. A next hop processor accesses a next hop table in the memory using the next hop table pointer to obtain a destination network address.

A network device within a data communication network includes a plurality of network interfaces, each programmed with a respective set of Address Resolution Protocol (ARP) routing entries for correlating network addresses with physical addresses. Each network interface is further programmed with an additional respective set of Longest Prefix Match (LPM) routing entries for correlating other network addresses with designated network interfaces to enable traffic matching one of the LPM routing entries to be forwarded to the appropriate designated network interface within the network device.

This disclosure describes methods, devices, and systems related to routing packets over enterprise network sites. A method may be disclosed for routing packets between hosts at a first site and hosts at a second site in a network using a firewall. The method may comprise receiving a request, in a first packet, from a first router to send one or more packets to two or more hosts at the second site. The method may comprise receiving a first sub-network prefix, in a route advertisement, corresponding to two or more hosts at the first site from the first router, and receiving a first community value, in a first advertisement, associated with the first sub-network prefix. The method may comprise generating a first local preference value based at least in part on the first community value. And the method may comprise sending the request, first sub-network prefix, and first local preference value to a second router, in a second advertisement.