Methods, systems and devices for network congestion control exploit the inherent burstiness of network traffic, using a wave-based characterization of network traffic and corresponding multiplexing methods and approaches.

Methods, systems and devices for network congestion control exploit the inherent burstiness of network traffic, using a wave-based characterization of network traffic and corresponding multiplexing methods and approaches.

A digital data communications network that supports efficient, scalable routing of data and use of network resources by combining a recursive division of the network into hierarchical sub-networks with repeating parameterized general purpose link communication protocols and an addressing methodology that reflects the physical structure of the underlying network hardware. The sub-division of the network enhances security by reducing the amount of the network visible to an attack and by insulating the network hardware itself from attack. The fixed bandwidth range at each sub-network level allows quality of service to be assured and controlled. The routing of data is aided by a topological addressing scheme that allows data packets to be forwarded towards their destination based on only local knowledge of the network structure, with automatic support for mobility and multicasting. The repeating structures in the network greatly simplify network management and reduce the effort to engineer new network capabilities.

A digital data communications network that supports efficient, scalable routing of data and use of network resources by combining a recursive division of the network into hierarchical sub-networks with repeating parameterized general purpose link communication protocols and an addressing methodology that reflects the physical structure of the underlying network hardware. The sub-division of the network enhances security by reducing the amount of the network visible to an attack and by insulating the network hardware itself from attack. The fixed bandwidth range at each sub-network level allows quality of service to be assured and controlled. The routing of data is aided by a topological addressing scheme that allows data packets to be forwarded towards their destination based on only local knowledge of the network structure, with automatic support for mobility and multicasting. The repeating structures in the network greatly simplify network management and reduce the effort to engineer new network capabilities.

In general, techniques are described for network connectivity for non-colocated customers of a cloud exchange. A programmable network platform for the cloud exchange comprises processing circuitry configured to: configure a virtual network device in the data center to run a network service for a customer; receive, from the customer, a request for a remote port and network information for a network service provider connectivity service for the customer; assign, in response to receiving the request for the remote port, a remote port of the cloud exchange to the customer; and configure, in response to receiving the request for the remote port using the network information, the cloud exchange to connect the network service provider connectivity service to the virtual network device via the remote port of the cloud exchange.

The present disclosure related to routing methods. One example method includes configuring a first path and a second path in charge of load sharing for a data flow, and configuring a third path in charge of reroute protection. A first group entry is generated for instructing the forwarding device to use the first path and the second path as load-sharing paths and use the third path to perform reroute protection on the first path and the second path. A flow entry for instructing to perform an operation of going to the first group entry is generated.

The present disclosure related to routing methods. One example method includes configuring a first path and a second path in charge of load sharing for a data flow, and configuring a third path in charge of reroute protection. A first group entry is generated for instructing the forwarding device to use the first path and the second path as load-sharing paths and use the third path to perform reroute protection on the first path and the second path. A flow entry for instructing to perform an operation of going to the first group entry is generated.

Disclosed is an apparatus for distributed processing of an identical packet in high-speed network security equipment, including: a plurality of analysis modules for each determining whether vulnerability analysis is required by analyzing a received packet; a circular queue for receiving the packet from an analysis module initially determining that the vulnerability analysis is required and storing the received packet as a bucket structure; and a plurality of analysis engines for each performing different vulnerability analyses for the packet acquired from the circular queue based on a packet address of the bucket structure, in which the bucket structure includes a packet data storage unit and packet use information storage units which are as many as the plurality of analysis engines, and the packet use information storage units store packet use information of the plurality of respective analysis engines, respectively.

Disclosed is an apparatus for distributed processing of an identical packet in high-speed network security equipment, including: a plurality of analysis modules for each determining whether vulnerability analysis is required by analyzing a received packet; a circular queue for receiving the packet from an analysis module initially determining that the vulnerability analysis is required and storing the received packet as a bucket structure; and a plurality of analysis engines for each performing different vulnerability analyses for the packet acquired from the circular queue based on a packet address of the bucket structure, in which the bucket structure includes a packet data storage unit and packet use information storage units which are as many as the plurality of analysis engines, and the packet use information storage units store packet use information of the plurality of respective analysis engines, respectively.

An improved autonegotiation approach includes determining that a negotiated rate between a first network device and a second network device exceeds data transfer capacity over a network path downstream of the second network device. In response, a configuration message is generated and transmitted to the first network device. When received by the first network device, the configuration message causes the first network device to limit data transfer between the first network device and the second network device to no more than the downstream data transfer capacity.