This disclosure describes techniques for collecting network parameter data for network switches and/or physical servers and provisioning virtual resources of a service on physical servers based on network resource availability. The network parameter data may include network resource availability data, diagnostic constraint data, traffic flow data, etc. The techniques include determining network switches that have an availability of network resources to support a virtual resource on a connected physical server. A scheduler may deploy virtual machines to particular servers based on the network parameter data in lieu of, or in addition to, the server utilization data of the physical servers (e.g., CPU usage, memory usage, etc.). In this way, a virtual resource may be deployed to a physical server that has an availability of the server resources, but also is connected to a network switch with the availability of network resources to support the virtual resource.

Methods and devices for processing packets with reduced data stalls are provided. The method comprises: (a) receiving a packet comprising a header portion and a payload portion, wherein the header portion is used to generate a packet header vector; (b) producing a table result by performing packet match operations, wherein the table result is generated based at least in part on the packet header vector and data stored in a match table; (c) receiving, at a match processing unit, the table result and an address of a set of instructions associated with the match table; and (d) performing, by the match processing unit, one or more actions in response to the set of instructions until completion of the instructions, wherein the one or more actions comprise modifying the header portion, updating memory based data structure or initiating an event.

A networking router process, by a hardware data plane, a first incoming packet by matching the packet with a routing table of the hardware data plane. A software data plane processes a second incoming packet by matching the packet with a routing table of the software data plane. In response to the processing of the first incoming packet by the hardware data plane failing, subsequently processing, by the software data plane, the first incoming packet by matching the packet with the routing table of the software data plane. The method comprises delivering, from the software and hardware data plane, network traffic flow information to a flow analyzer. The flow analyzer analyzes the network traffic flow information and updates at least one of the routing tables based at least on the analyzed network traffic flow information.

A traffic policy includes policy rules that specify branch actions in their action fields. A branch action specifies another policy rule in the traffic policy. Packet filters generated from the traffic policy represent the traffic policy rules and execution order semantics of the branch rules. The packet filters include resolved actions that are generated by resolving the original actions in the policy rules.

An algorithmic TCAM based ternary lookup method is provided. The method stores entries for ternary lookup into several sub-tables. All entries in each sub-table have a sub-table key that includes the same common portion of the entry. No two sub-tables are associated with the same sub-table key. The method stores the keys in a sub-table keys table in TCAM. Each key has a different priority. The method stores the entries for each sub-table in random access memory. Each entry in a sub-table has a different priority. The method receives a search request to perform a ternary lookup for an input data item. A ternary lookup into the ternary sub-table key table stored in TCAM is performed to retrieve a sub-table index. The method performs a ternary lookup across the entries of the sub-table associated with the retrieved index to identify the highest priority matched entry for the input data item.

Preemptive caching within content/name/information centric networking environment is contemplated. The preemptively caching may be performed within content/name/information centric networking environments of the type having a branching structure or other architecture sufficient to facilitate routing data, content, etc. such that one or more nodes other than a node soliciting a content object also receive the content object.

An information processing apparatus includes a first memory, a second memory, and a control circuit. The first memory stores a first table where entries, which indicate forwarding methods for packets, are stored at positions corresponding to hash values calculated from header information of the packets. The second memory stores a second table that is larger than the first table. The control circuit detects, when the first table is updated, a conflict state where there is conflict between storage positions of different entries in the first table. The control circuit moves entries stored in the first table to the second table in response to the detecting of the conflict state. The control circuit detects resolution of the conflict state when the second table is updated. In response to the detecting of the resolution, the control circuit moves the entries stored in the second table to the first table.

A method for processing network communications, the method including receiving a network packet at a network device and performing at least one lookup for the packet in one or more first lookup tables in which the one or more first lookup tables are programmed to include at least one of an exact match or longest prefix match (LPM) table entry. The method includes obtaining a security source segment and a security destination segment based upon the result of the at least one lookup for the packet in the one or more first lookup tables. The method further includes performing a lookup in a second lookup table based upon the security source segment and security destination segment in which the second lookup table is programmed in a content addressable memory. Based upon the result of the lookup in the second lookup table, processing a forwarding decision for the packet according to the security source segment and security destination segment.

There is described a Precision Time Protocol (“PTP”) transparent clock for inter-VLAN forwarding comprising a Layer 2 switch and a PTP module. The switch includes a first port associated with a first VLAN and a second port associated with a second VLAN. The switch detects a PTP frame at the first port and the PTP module receives the PTP frame. The switch forwards the PTP frame to the second port in response to the PTP module determining that the PTP frame is a forwardable frame. For another embodiment, the switch includes a ternary content-addressable memory (“TCAM”), and the PTP module configures the TCAM to include forwarding rules. The Layer 2 switch forwards the PTP frame to the second port in response to identifying a particular forwarding rule associated with forwarding the PTP frame.

In one embodiment, content-addressable memory lookup result integrity checking and correcting operations are performed, such as, but not limited to protecting the accuracy of packet processing operations. A lookup operation is performed in the content-addressable memory entries based on a lookup word resulting in one or more match vectors. One or multiple result match vectors are produced, depending on whether each of the content-addressable memory entries and the lookup word have been partitioned into multiple portions. An error accuracy code (e.g., error detection, error correction) is acquired for each portion of the one or multiple portions based on a corresponding portion of the lookup word. An accurate result is generated by processing each of the result match vector(s) with their corresponding error accuracy code. When using multiple portions, the (possibly corrected) result match vectors are combined into a single accurate result match vector.