Mauricio Sanchez

Network devices and methods are provided for packet processing. One method includes using logic embedded in an application specific integrated circuit on a network device to dynamically adjust an access control list. According to the method, the access control list is adjusted in response to information received from a checking functionality related to packets received by the network device from a particular port. The method also includes handling packets later received from the particular port… Show more

Network devices and methods are provided for packet processing. One method includes using logic embedded in an application specific integrated circuit on a network device to dynamically adjust an access control list. According to the method, the access control list is adjusted in response to information received from a checking functionality related to packets received by the network device from a particular port. The method also includes handling packets later received from the particular port according to the adjusted access control list. Show less

Network devices, systems, and methods are provided for packet processing. One network device includes a network chip having logic and a number of network ports for the device for receiving and transmitting packets therefrom. The logic is encoded with application specific integrated circuit (ASIC) primitives to check header fields and payload content in the packets.

Network devices and methods are provided for packet processing. One method includes using logic embedded in an application specific integrated circuit on a network device to dynamically adjust an access control list. According to the method, the access control list is adjusted in response to information received from a checking functionality related to packets received by the network device from a particular port. The method also includes handling packets later received from the particular port… Show more

Network devices and methods are provided for packet processing. One method includes using logic embedded in an application specific integrated circuit on a network device to dynamically adjust an access control list. According to the method, the access control list is adjusted in response to information received from a checking functionality related to packets received by the network device from a particular port. The method also includes handling packets later received from the particular port according to the adjusted access control list. Show less

One embodiment disclosed relates to a network device that includes at least one port to connect to a network and at least one throttle that limits a rate of connections made from the device. An auto-adaptive thresholding mechanism determines a threshold for the throttle. The mechanism may be tunable to various aggressiveness levels. Another embodiment disclosed relates to a network apparatus including multiple ports capable of making connections and multiple throttle instantiations. Each… Show more

One embodiment disclosed relates to a network device that includes at least one port to connect to a network and at least one throttle that limits a rate of connections made from the device. An auto-adaptive thresholding mechanism determines a threshold for the throttle. The mechanism may be tunable to various aggressiveness levels. Another embodiment disclosed relates to a network apparatus including multiple ports capable of making connections and multiple throttle instantiations. Each throttle instantiation is associated with a port or group of ports. Threshold levels for each throttle instantiation are independently set. The ports may be physical ports or may be logical ports. Show less

Network devices, systems, and methods are provided for packet processing. One network device includes a network chip having a number of network ports for the device. The network chip includes logic to select original data packets, based on a set of criteria, received from or destined to a particular port on the device and to tunnel the selected data packets to a second network device having a different destination address to that of the selected data packets.

Network devices, systems, and methods are provided for packet processing. One method includes receiving a checking functionality rule set as an input to a distribution algorithm. The method includes bifurcating and providing configuration instructions, as an output from the distribution algorithm, to a first logic plane associated with a first logical entity and a second logic plane associated with a second logical entity. A collaboration algorithm is used to provide processing coordination… Show more

Network devices, systems, and methods are provided for packet processing. One method includes receiving a checking functionality rule set as an input to a distribution algorithm. The method includes bifurcating and providing configuration instructions, as an output from the distribution algorithm, to a first logic plane associated with a first logical entity and a second logic plane associated with a second logical entity. A collaboration algorithm is used to provide processing coordination between the first logical entity and the second logical entity. Show less

Embodiments of the invention may include network devices, systems, and methods, including executable instructions and/or logic, for remote client remediation. One method includes identifying a client needing remediation, tunnel-encapsulating packets originating from the client during remediation, and forwarding the tunnel-encapsulated packets to a remote remediation functionality different from an original destination address of the packets and having membership in a remediation VLAN different… Show more

Embodiments of the invention may include network devices, systems, and methods, including executable instructions and/or logic, for remote client remediation. One method includes identifying a client needing remediation, tunnel-encapsulating packets originating from the client during remediation, and forwarding the tunnel-encapsulated packets to a remote remediation functionality different from an original destination address of the packets and having membership in a remediation VLAN different from the original VLAN. Show less

Systems, methods, and device are provided for network and network device management. One method embodiment includes receiving information associated with a network device. The method further includes analyzing the network information using a Kalman filter.

A method for controlling data connections of host devices in a network includes creating a record of the number of attempted data connections from a host device through a connection device and the time of the most recent data connection attempt from the host device through the connection device. The difference between the current time that data from the host device is received by the connection device and the recorded time of the most recent data connection attempt by the host device is… Show more

A method for controlling data connections of host devices in a network includes creating a record of the number of attempted data connections from a host device through a connection device and the time of the most recent data connection attempt from the host device through the connection device. The difference between the current time that data from the host device is received by the connection device and the recorded time of the most recent data connection attempt by the host device is determined. Data is forwarded to its destination address if the difference between the current time and the recorded time is greater than a predetermined threshold time. Show less

A method of responding to a request for a key of a first length is provided. According to the method, the request for the key of the first length is received. Moreover, it is determined whether any one of a plurality of cached keys satisfies the request. If any one of the plurality of cached keys satisfies the request, a cached key of the first length is selected. Also, the selected cached key is removed from the plurality of cached keys. Thus, in response to the request, the selected cached… Show more

A method of responding to a request for a key of a first length is provided. According to the method, the request for the key of the first length is received. Moreover, it is determined whether any one of a plurality of cached keys satisfies the request. If any one of the plurality of cached keys satisfies the request, a cached key of the first length is selected. Also, the selected cached key is removed from the plurality of cached keys. Thus, in response to the request, the selected cached key of the first length is provided. Show less