A network device provides a search key corresponding to a packet to a TCAM. The TCAM determines that the search key matches one or more search patterns stored in the TCAM. The network device selects one search pattern among the one or more search patterns at least by analyzing respective priority information associated with the one or more search patterns. The respective priority information indicates one or more respective priority levels that are independent from one or more physical locations of the one or more search patterns within the TCAM. In connection with selecting the one search pattern, the network device determines one or more actions to be performed on the packet by the network device, the one or more actions corresponding to the selected one search pattern.

A packet processor of a network device repeatedly determines a fill level of a forwarding table that is populated with associations between network addresses and network interfaces of, or coupled to, the network device. The packet processor adjusts, based on the fill level of the forwarding table, a maximum rate according to which the packet processor is permitted to send messages to a central processing unit (CPU) coupled to the packet processor, the messages indicating network addresses that are to be stored in the forwarding table by the CPU. The packet processor of the network device receives packets via network links coupled to the network device; identifies new network addresses of the packets that are not in the forwarding table; and sends messages to the CPU at a rate that does not exceed the maximum rate, the messages indicating the new network addresses are to be added to the forwarding table.

The present disclosure provides a method for communication between a network device and a terminal device, where the network device stores a correspondence between a link-layer address and an IP address that are of the terminal device, and the method includes: obtaining, by the network device, a first link-layer address; determining whether a quantity of IP addresses corresponding to the first link-layer address reaches a threshold; if the quantity reaches the threshold, selecting an IP address from the IP addresses, where a quantity of selected IP addresses is not greater than the maximum quantity; saving a correspondence between the first link-layer address and the selected IP address; and sending, according to the selected IP address, a message to a terminal device having the first link-layer address, where the message is used to notify the terminal device whether an IP address is selected by the network device.

Systems, methods, and computer-readable media for scaling a source network. A system may be configured to receive a network configuration for a source network, wherein the source network comprising a plurality of nodes, receive and a scale target for a scaled network, and identify, based on the scale target, one or more selected nodes in the plurality of nodes in the source network for implementing in the scaled network. The system may further be configured to reconfigure data plane parameters and control plane parameters for each node in the one or more selected nodes.

A networking router process, by a hardware data plane, a first incoming packet by matching the packet with a routing table of the hardware data plane. A software data plane processes a second incoming packet by matching the packet with a routing table of the software data plane. In response to the processing of the first incoming packet by the hardware data plane failing, subsequently processing, by the software data plane, the first incoming packet by matching the packet with the routing table of the software data plane. The method comprises delivering, from the software and hardware data plane, network traffic flow information to a flow analyzer. The flow analyzer analyzes the network traffic flow information and updates at least one of the routing tables based at least on the analyzed network traffic flow information.

A network element includes multiple ports and a packet classifier. The packet classifier is configured to receive rules and Rule Patterns (RPs), each RP corresponding to a subset of the rules and specifies positions of unmasked packet-header bits to be matched by the rules in the subset, to store in a RAM a grouping of the RPs into Extended RPs (ERPs), each ERP defining a superset of the unmasked bits in the RPs associated therewith, to receive packets and match each packet to one or more of the rules by accessing the ERPs in the RAM, to determine counter values, each counter value corresponding to a respective RP and is indicative of a number of the received packets that match the RP, and to adaptively modify grouping of the RPs into the ERPs depending on the counter values.

A method for processing network communications, the method including receiving a network packet at a network device and performing at least one lookup for the packet in one or more first lookup tables in which the one or more first lookup tables are programmed to include at least one of an exact match or longest prefix match (LPM) table entry. The method includes obtaining a security source segment and a security destination segment based upon the result of the at least one lookup for the packet in the one or more first lookup tables. The method further includes performing a lookup in a second lookup table based upon the security source segment and security destination segment in which the second lookup table is programmed in a content addressable memory. Based upon the result of the lookup in the second lookup table, processing a forwarding decision for the packet according to the security source segment and security destination segment.

A communication protocol system is provided for reliable transport of packets. A content addressable memory hardware architecture including a reorder engine and a retransmission engine may be utilized for the reliable transport of the packets. The content addressable memory module includes a primary CAM that may be logically partitioned into a plurality of physical sub-CAMs. One or more processors are in communication with the content addressable memory module. The one or more processors receive a set of data packets. A lookup operation is performed by the one or more processors to access data entries stored in each of the sub-content addressable memories. An update operation is performed by the one or more processors at a selected sub-content addressable memory from the plurality of the sub-content addressable memories.

In a malware detection device, first characters in a network traffic flow are compared with a plurality of entries within a ternary content addressable memory (TCAM), the plurality of entries including a first entry that constitutes a first segment of a malware signature. In response to an output from the first TCAM indicating that the first characters match the first entry, a variable-character expression engine determines whether second characters in the network traffic flow match a first variable-length regular expression, the variable-length regular expression corresponding to a second segment of the malware signature. A comparand value is generated that includes third characters in the network traffic flow and an expression-match value that indicates whether the second characters match the first variable-length regular expression. The TCAM compares the first comparand value with the plurality of entries therein as part of a determination whether the network traffic flow contains the malware signature.

A smart process control switch can implement a lockdown routine to lockdown its communication ports exclusively for use by devices having known physical addresses, enabling the smart process control switch to prevent new, potentially hostile, devices from communicating with other devices to which the smart process control switch is connected. Further, the smart process control switch can implement an address mapping routine to identify “known pairs” of physical and network addresses for each device communicating via a port of the smart process control switch. Thus, even if a new hostile device is able to spoof a known physical address in an attempt to bypass locked ports, the smart process control switch can detect the hostile device by checking the network address of the hostile device against the expected network address for the “known pair.”