Mark Townsley

In one embodiment, a decapsulating network device receives a plurality of encapsulated packet fragments of an original packet, and decapsulates them into respective decapsulated packet fragments. The decapsulating network device caches an inner header of the original packet from one of the decapsulated packet fragments, and in response to caching the inner header, and for each particular decapsulated packet fragment as it is received and decapsulated: prepends the inner header and fragmentation… Show more

In one embodiment, a decapsulating network device receives a plurality of encapsulated packet fragments of an original packet, and decapsulates them into respective decapsulated packet fragments. The decapsulating network device caches an inner header of the original packet from one of the decapsulated packet fragments, and in response to caching the inner header, and for each particular decapsulated packet fragment as it is received and decapsulated: prepends the inner header and fragmentation information to the particular decapsulated packet fragment; and forwards the particular decapsulated packet fragment with the prepended inner header and fragmentation information from the decapsulating network device toward a destination of the original packet. Show less

According to one aspect, a method includes identifying a request for a piece of content, and obtaining a Moving Picture Expert Group (MPEG) Dynamic Adaptive Streaming over HTTP (DASH) manifest after identifying the request for the piece of content. The method also includes identifying at least one location at which the piece of content is located using the DASH manifest, wherein the at least one location at which the piece of content is located is a location from which the piece of content is… Show more

According to one aspect, a method includes identifying a request for a piece of content, and obtaining a Moving Picture Expert Group (MPEG) Dynamic Adaptive Streaming over HTTP (DASH) manifest after identifying the request for the piece of content. The method also includes identifying at least one location at which the piece of content is located using the DASH manifest, wherein the at least one location at which the piece of content is located is a location from which the piece of content is arranged to be fetched. Show less

A method is provided in one particular example and may include obtaining routing information for a natively supported Internet protocol of a first network that uses a first routing policy; identifying a route with a tunnel endpoint using the routing information, where the tunnel endpoint supports transitioning between a plurality of Internet protocols; generating tunnel information for the route; and sending the route and the tunnel information to a network element in a second network that uses… Show more

A method is provided in one particular example and may include obtaining routing information for a natively supported Internet protocol of a first network that uses a first routing policy; identifying a route with a tunnel endpoint using the routing information, where the tunnel endpoint supports transitioning between a plurality of Internet protocols; generating tunnel information for the route; and sending the route and the tunnel information to a network element in a second network that uses a second routing policy. Show less

A method and apparatus for providing information in a network by way of a Pseudowire switching TLV is presented. A second device in the network receives a first message having information relating to a first device in the network. The second device appends information relating to the second device (by way of a Pseudowire switching TLV) to the first message, resulting in a second message. The second message is then forwarded to a third device in the network.

Disclosed are, inter alia, methods, apparatus, computer-readable media, mechanisms, and means for load balancing manipulation of packet flows within a transport conduit (e.g., a tunnel, pseudo wire, etc.), typically using a load balancing value which is independent of standard routing-based parameters (e.g., source address, destination address, source port, destination port, protocol type, etc.). A load balancing value is included in encapsulated packets transported across a network using a… Show more

Disclosed are, inter alia, methods, apparatus, computer-readable media, mechanisms, and means for load balancing manipulation of packet flows within a transport conduit (e.g., a tunnel, pseudo wire, etc.), typically using a load balancing value which is independent of standard routing-based parameters (e.g., source address, destination address, source port, destination port, protocol type, etc.). A load balancing value is included in encapsulated packets transported across a network using a transport conduit. This load balancing value can be used to load balance the individual flows/microflows within the transport conduit. Show less

One embodiment includes, inter alia, methods, apparatus, computer-storage media, mechanisms, and/or means associated with automated transitioning between different communication protocols in a network. In one embodiment, automatic transition routers are automatically discovered along with the knowledge of what non-native protocols need to be transported across a network. Communication pathways are automatically established as needed to transport these non-native protocols. One embodiment is… Show more

One embodiment includes, inter alia, methods, apparatus, computer-storage media, mechanisms, and/or means associated with automated transitioning between different communication protocols in a network. In one embodiment, automatic transition routers are automatically discovered along with the knowledge of what non-native protocols need to be transported across a network. Communication pathways are automatically established as needed to transport these non-native protocols. One embodiment is particularly useful in transitioning a network from one protocol to another, such as from Internet Protocol version 4 to version 6. Show less

Techniques for distributing digital content include receiving provider content over a network connection at a customer premises node located on premises of a first customer. The provider content is offered by a network service provider different from the first customer. Provider data based on the provider content is stored in non-volatile storage on the customer premises node of the first customer. It is determined whether conditions are satisfied for sending the provider content to a second… Show more

Techniques for distributing digital content include receiving provider content over a network connection at a customer premises node located on premises of a first customer. The provider content is offered by a network service provider different from the first customer. Provider data based on the provider content is stored in non-volatile storage on the customer premises node of the first customer. It is determined whether conditions are satisfied for sending the provider content to a second customer different from the first customer. If it is determined that such conditions are satisfied, then the provider data is retrieved from the non-volatile storage, and data based on the provider data is sent over the network connection for receipt by the second customer. Thereby a customer premises node serves as a cache of provider content for other customer premises nodes on the same last mile segment or access network. Show less

In one embodiment, for each port of an access node in an access-based computer network, one access server of a plurality of access servers is configured as a preferred access server for that port. Upon receiving a session initiation message at a particular port, the access node forwards the session initiation message to one or more of the access servers based on the configured preferred access server for the particular port.

In one embodiment, for each port of an access node in an access-based computer network, one access server of a plurality of access servers is configured as a preferred access server for that port. Upon receiving a session initiation message at a particular port, the access node forwards the session initiation message to one or more of the access servers based on the configured preferred access server for the particular port.

Methods, apparatus, computer-storage media, mechanisms, and means associated therewith are used to limit network device resources based on the identification of the Internet Protocol version 6 (IPv6) originating entity (e.g., subscriber of a network carrier). As an IPv6 originating entity will typically be assigned 264 or more valid IPv6 addresses, the originating entity may send packets with a source address of any of these valid IPv6 addresses and still be compliant with Internet standards… Show more

Methods, apparatus, computer-storage media, mechanisms, and means associated therewith are used to limit network device resources based on the identification of the Internet Protocol version 6 (IPv6) originating entity (e.g., subscriber of a network carrier). As an IPv6 originating entity will typically be assigned 264 or more valid IPv6 addresses, the originating entity may send packets with a source address of any of these valid IPv6 addresses and still be compliant with Internet standards and/or other specifications (e.g., RFCs). By determining the originating entity and controlling the allocation of network device resources based on the originating entity (in contrast to on a per valid IPv6 address basis), a network service provider can manage its network device resources, such as in a manner to prevent a depletion of resources caused by an originating entity using a plethora valid IPv6 addresses, or a malicious denial-of-service attack. Show less

A method is provided in one example embodiment and includes providing a time protocol assistant associated with a time-synchronized domain (TSD). The TSD includes a set of nodes that are synchronized to a same time source. The TSD has defined egress and ingress edge points where bidirectional measurements can be made and the egress and ingress edge points are coupled to the time protocol assistant. The method also includes synchronizing one or more packets flowing through a network that… Show more

A method is provided in one example embodiment and includes providing a time protocol assistant associated with a time-synchronized domain (TSD). The TSD includes a set of nodes that are synchronized to a same time source. The TSD has defined egress and ingress edge points where bidirectional measurements can be made and the egress and ingress edge points are coupled to the time protocol assistant. The method also includes synchronizing one or more packets flowing through a network that includes the TSD through the same time source. In more specific embodiments, the nodes are synchronized to the same time source via the network and the same time source is a grandmaster clock that synchronizes one or more transparent clocks. In yet other embodiments, the transparent clocks manipulate precision time protocol (PTP) packets sent by the grandmaster clock. Show less

A system includes an access node having an associated identifier. The access node is configured to insert the identifier into a network connection request. The system includes an IP edge service node connected to the access node and configured to receive the network connection request. The IP edge service node is further configured to store the inserted identifier and to insert the identifier into an Internet protocol version 6 (IPv6) address request transmitted according to dynamic host… Show more

A system includes an access node having an associated identifier. The access node is configured to insert the identifier into a network connection request. The system includes an IP edge service node connected to the access node and configured to receive the network connection request. The IP edge service node is further configured to store the inserted identifier and to insert the identifier into an Internet protocol version 6 (IPv6) address request transmitted according to dynamic host configuration protocol version 6 (DHCPv6) through an established network connection based on the network connection request. The system further includes a server configured to receive the IPv6 address request and assign an IPv6 address based on the IPv6 address request. Show less

Techniques for negotiating Point-to-Point Protocol (PPP) sessions over an Ethernet network include receiving configuration data that indicates a first node is connected to a second node thorough an Ethernet network that supports Ethernet frame payload sizes larger than 1500 octets. Request data is received at the first node from the second node. The request data indicates a request for PPP communications between the first node and the second node using a requested PPP payload size greater than… Show more

Techniques for negotiating Point-to-Point Protocol (PPP) sessions over an Ethernet network include receiving configuration data that indicates a first node is connected to a second node thorough an Ethernet network that supports Ethernet frame payload sizes larger than 1500 octets. Request data is received at the first node from the second node. The request data indicates a request for PPP communications between the first node and the second node using a requested PPP payload size greater than 1492 octets. A particular PPP payload size greater than 1492 octets is determined. Response data is sent from the first node to the second node. The response data indicates that the particular PPP payload size greater than 1492 octets is to be used for PPP communications between the first node and the second node. These techniques allow better utilization of Ethernet Jumbo, Giant and Baby Giant frames. Show less

A computer network includes first and second Ethernet access domain networks, each of Ethernet access domain networks including a user-facing provider edge (u-PE) device, and a stack group of network-facing provider edge (n-PE) devices coupled with the u-PE device, the n-PE devices running a bidding protocol to select one of the n-PE devices as a primary n-PE device for a single pseudowire connection path between the first and second Ethernet access domain networks. It is emphasized that this… Show more

A computer network includes first and second Ethernet access domain networks, each of Ethernet access domain networks including a user-facing provider edge (u-PE) device, and a stack group of network-facing provider edge (n-PE) devices coupled with the u-PE device, the n-PE devices running a bidding protocol to select one of the n-PE devices as a primary n-PE device for a single pseudowire connection path between the first and second Ethernet access domain networks. It is emphasized that this abstract is provided to comply with the rules requiring an abstract that will allow a searcher or other reader to quickly ascertain the subject matter of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or meaning of the claims. Show less

A computer network includes first and second Ethernet access domain networks, each of Ethernet access domain networks including a user-facing provider edge (u-PE) device, and a stack group of network-facing provider edge (n-PE) devices coupled with the u-PE device, the n-PE devices running a bidding protocol to select one of the n-PE devices as a primary n-PE device for a single pseudowire connection path between the first and second Ethernet access domain networks. It is emphasized that this… Show more

A computer network includes first and second Ethernet access domain networks, each of Ethernet access domain networks including a user-facing provider edge (u-PE) device, and a stack group of network-facing provider edge (n-PE) devices coupled with the u-PE device, the n-PE devices running a bidding protocol to select one of the n-PE devices as a primary n-PE device for a single pseudowire connection path between the first and second Ethernet access domain networks. It is emphasized that this abstract is provided to comply with the rules requiring an abstract that will allow a searcher or other reader to quickly ascertain the subject matter of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or meaning of the claims. 37 CFR 1.72(b). Show less

A pseudowire verification framework gathers and maintains status of individual pseudowires by aggregating the state of the individual node hops defining the pseudowire. The framework provides complete assessment of a network by gathering status feedback from network nodes (forwarding entities) that are inaccessible directly from a requesting node by employing an intermediate forwarding entity as a proxy for inquiring on behalf of the requesting node. Therefore, status regarding inaccessible… Show more

A pseudowire verification framework gathers and maintains status of individual pseudowires by aggregating the state of the individual node hops defining the pseudowire. The framework provides complete assessment of a network by gathering status feedback from network nodes (forwarding entities) that are inaccessible directly from a requesting node by employing an intermediate forwarding entity as a proxy for inquiring on behalf of the requesting node. Therefore, status regarding inaccessible pseudowires is obtainable indirectly from nodes able to “see” the particular pseudowire. Configurations further assess multihop pseudowires including a plurality of network segments; in which each segment defines a pseudowire hop including forwarding entities along the pseudowire path. In this manner, pseudowire health and status is gathered and interrogated for nodes (forwarding) entities unable to directly query the subject pseudowire via intermediate forwarding entities. Show less

Techniques for managing a persistent session associated with a particular Media Access Control (MAC) include determining at a broadband remote access server whether an elapsed time since a data packet is received with the particular MAC address exceeds a threshold time. If so, then point-to-point protocol (PPP) control data is sent in a data link protocol payload that is encapsulated in a data packet with an Ethernet destination field that indicates the particular MAC address. The PPP control… Show more

Techniques for managing a persistent session associated with a particular Media Access Control (MAC) include determining at a broadband remote access server whether an elapsed time since a data packet is received with the particular MAC address exceeds a threshold time. If so, then point-to-point protocol (PPP) control data is sent in a data link protocol payload that is encapsulated in a data packet with an Ethernet destination field that indicates the particular MAC address. The PPP control data indicates a request for an echo. It is determined whether a data packet with the particular MAC address in an Ethernet source field is received within a particular time interval. If not, then a session associated with the particular MAC address is terminated. These techniques allow PPP control plane functionality while utilizing IP over Ethernet for the data plane. Show less

A method is provided in one example embodiment and includes providing a time protocol assistant associated with a time-synchronized domain (TSD). The TSD includes a set of nodes that are synchronized to a same time source. The TSD has defined egress and ingress edge points where bidirectional measurements can be made and the egress and ingress edge points are coupled to the time protocol assistant. The method also includes synchronizing one or more packets flowing through a network that… Show more

A method is provided in one example embodiment and includes providing a time protocol assistant associated with a time-synchronized domain (TSD). The TSD includes a set of nodes that are synchronized to a same time source. The TSD has defined egress and ingress edge points where bidirectional measurements can be made and the egress and ingress edge points are coupled to the time protocol assistant. The method also includes synchronizing one or more packets flowing through a network that includes the TSD through the same time source. In more specific embodiments, the nodes are synchronized to the same time source via the network and the same time source is a grandmaster clock that synchronizes one or more transparent clocks. In yet other embodiments, the transparent clocks manipulate precision time protocol (PTP) packets sent by the grandmaster clock. Show less

Techniques for operating a network interface include automatically determining whether communications are terminated over a particular attachment circuit on a network interface on an intermediate network node at an edge of a provider network, whereby a sign of death (SOD) on the particular attachment circuit is indicated. The attachment circuit is switched with a particular virtual private network that is a link layer virtual private network (VPN) encapsulated in a higher layer protocol. The… Show more

Techniques for operating a network interface include automatically determining whether communications are terminated over a particular attachment circuit on a network interface on an intermediate network node at an edge of a provider network, whereby a sign of death (SOD) on the particular attachment circuit is indicated. The attachment circuit is switched with a particular virtual private network that is a link layer virtual private network (VPN) encapsulated in a higher layer protocol. The provider network is a packet-switched network. The network interface is for a direct communication link to a customer network node outside the provider network. If it is determined that there is an indication of the SOD, then a new network action is initiated in response to the SOD on the particular attachment circuit. These techniques allow for automatic logging of usage, billing, and fault detection, as well as for over-subscription of network resources for multiple VPNs. Show less

In one embodiment, a method includes establishing a control channel across a wide area network (WAN) from a first gateway that has a first public internetwork layer (L3) address to a second gateway that has a second public L3 address. Each gateway connects a local area network (LAN) to the WAN. Negotiations over the control channel establish a first set of private L3 addresses for the first LAN and a non-overlapping second set for the second LAN. A different address from the first set is… Show more

In one embodiment, a method includes establishing a control channel across a wide area network (WAN) from a first gateway that has a first public internetwork layer (L3) address to a second gateway that has a second public L3 address. Each gateway connects a local area network (LAN) to the WAN. Negotiations over the control channel establish a first set of private L3 addresses for the first LAN and a non-overlapping second set for the second LAN. A different address from the first set is provided for each different node in the first LAN. A discovery packet is received from the first LAN. The discovery packet is encapsulated in a tunnel packet directed to the second public L3 address. The tunnel packet is sent over the WAN to the second gateway which extracts the discovery packet. The second gateway sends the discovery packet over the second LAN. Show less

A method, apparatus and computer program product for routing data within a packet-switched network using a PW wherein the PW is terminated directly on the layer-3 routing device such that certain services and applications can be utilized is presented. The method, apparatus and computer program product receives an encapsulated layer-2 Protocol Data Unit (PDU) from a pseudowire emulating a service. The encapsulation is removed from the encapsulated layer-2 PDU and a layer-2 circuit associated… Show more

A method, apparatus and computer program product for routing data within a packet-switched network using a PW wherein the PW is terminated directly on the layer-3 routing device such that certain services and applications can be utilized is presented. The method, apparatus and computer program product receives an encapsulated layer-2 Protocol Data Unit (PDU) from a pseudowire emulating a service. The encapsulation is removed from the encapsulated layer-2 PDU and a layer-2 circuit associated with the pseudowire is terminated. The circuit is treated as an interface and the PDU is forwarded based on upper layer protocol information within the PDU. Show less

Techniques for distributing digital content include receiving provider content over a network connection at a customer premises node located on premises of a first customer. The provider content is offered by a network service provider different from the first customer. Provider data based on the provider content is stored in non-volatile storage on the customer premises node of the first customer. It is determined whether conditions are satisfied for sending the provider content to a second… Show more

Techniques for distributing digital content include receiving provider content over a network connection at a customer premises node located on premises of a first customer. The provider content is offered by a network service provider different from the first customer. Provider data based on the provider content is stored in non-volatile storage on the customer premises node of the first customer. It is determined whether conditions are satisfied for sending the provider content to a second customer different from the first customer. If it is determined that such conditions are satisfied, then the provider data is retrieved from the non-volatile storage, and data based on the provider data is sent over the network connection for receipt by the second customer. Thereby a customer premises node serves as a cache of provider content for other customer premises nodes on the same last mile segment or access network. Show less

Techniques for providing remote access to a service provider network include exchanging multiple Dynamic Host Configuration Protocol (DHCP) formatted messages instead of any Point to Point Protocol (PPP) message to provide all PPP functions for accessing a service provider network from a customer node. The service provider network is on provider premises and the customer node is on customer premises different from the provider premises. The DHCP format is used to exchange authentication… Show more

Techniques for providing remote access to a service provider network include exchanging multiple Dynamic Host Configuration Protocol (DHCP) formatted messages instead of any Point to Point Protocol (PPP) message to provide all PPP functions for accessing a service provider network from a customer node. The service provider network is on provider premises and the customer node is on customer premises different from the provider premises. The DHCP format is used to exchange authentication messages, user profile data on Authentication, Authorization and Accounting (AAA) servers, or session keep-alive echo messages, alone or in some combination. When all are message types are combined, these techniques provide a remote access server (RAS) with the capability to perform all functions presently provided by PPP processes. In some combinations, these techniques allow a modified DHCP server to replace a legacy AAA server. Show less

Techniques for configuring a particular network interface on a particular node at an edge of a provider network to support a particular virtual private network include receiving customer input data. The provider network is a packet-switched network and the particular virtual private network is a link layer virtual private network. The customer input data indicates a topology for customer equipment devices outside the provider network on the particular virtual private network, and may include… Show more

Techniques for configuring a particular network interface on a particular node at an edge of a provider network to support a particular virtual private network include receiving customer input data. The provider network is a packet-switched network and the particular virtual private network is a link layer virtual private network. The customer input data indicates a topology for customer equipment devices outside the provider network on the particular virtual private network, and may include properties for corresponding interfaces that connect the customer equipment devices to the edge nodes. Based on the customer input data, configuration data is determined for configuring the particular interface at the particular node. The particular node is caused to configure the particular interface based on the configuration data without human intervention. Among other effects, these techniques support zero-touch provisioning of virtual private networks. Show less

Conventional network packet traffic loss/drop monitoring mechanisms, such as that employed for pseudowire, IP flow and tunnel traffic monitoring, do not process or diagnose the aggregate counts from both endpoints of a particular pseudowire. A packet loss and detection mechanism periodically exchanges traffic packet counts to maintain an accurate diagnosis of the pseudowire health from either endpoint. Further, the raw packet counts are analyzed to identify misrouted and lost packets, as both… Show more

Conventional network packet traffic loss/drop monitoring mechanisms, such as that employed for pseudowire, IP flow and tunnel traffic monitoring, do not process or diagnose the aggregate counts from both endpoints of a particular pseudowire. A packet loss and detection mechanism periodically exchanges traffic packet counts to maintain an accurate diagnosis of the pseudowire health from either endpoint. Further, the raw packet counts are analyzed to identify misrouted and lost packets, as both should be considered to assess network health and congestion. The pseudowire statistics are maintained for each pseudowire emanating from a particular edge router, providing a complete view of pseudowire traffic affecting a particular edge router. Such statistics are beneficial for problem detection, diagnosis, and for verification of throughput criteria such as those expressed in Quality of Service (QOS) terms and/or SLAs (service level agreements). Show less

Techniques for configuring a particular network interface on a particular node at an edge of a provider network to support a particular virtual private network include receiving customer input data. The provider network is a packet-switched network and the particular virtual private network is a link layer virtual private network. The customer input data indicates a topology for customer equipment devices outside the provider network on the particular virtual private network, and may include… Show more

Techniques for configuring a particular network interface on a particular node at an edge of a provider network to support a particular virtual private network include receiving customer input data. The provider network is a packet-switched network and the particular virtual private network is a link layer virtual private network. The customer input data indicates a topology for customer equipment devices outside the provider network on the particular virtual private network, and may include properties for corresponding interfaces that connect the customer equipment devices to the edge nodes. Based on the customer input data, configuration data is determined for configuring the particular interface at the particular node. The particular node is caused to configure the particular interface based on the configuration data without human intervention. Among other effects, these techniques support zero-touch provisioning of virtual private networks. Show less

Link fragmentation and interleaving at an access device located between a point to point link and a tunneled connection is provided. A method of access device-based link fragmentation and interleaving is also provided. The method includes receiving frames through a tunnel from a network server, fragmenting at least some of the frames from the network server, and sending fragmented and unfragmented frames over a data link to an endpoint device. The frames may be multilink point to point protocol… Show more

Link fragmentation and interleaving at an access device located between a point to point link and a tunneled connection is provided. A method of access device-based link fragmentation and interleaving is also provided. The method includes receiving frames through a tunnel from a network server, fragmenting at least some of the frames from the network server, and sending fragmented and unfragmented frames over a data link to an endpoint device. The frames may be multilink point to point protocol (MLPPP) frames and the frames may be received through a layer two tunneling protocol (L2TP) tunnel. The method can include scanning a frame for PPP options and removing options related to MLPPP negotiation and then forwarding the frame to a network server. Show less

In one embodiment, a method includes receiving a data link layer packet, such as an Ethernet packet, at a local provider edge node in a provider network from a first customer edge node of multiple customer edge nodes connected directly to the local provider edge node. A tunnel data packet for a particular tunneling protocol is generated. The tunnel data packet includes tunnel data that indicates tunnel termination at a different provider edge in the provider network. The tunnel data packet also… Show more

In one embodiment, a method includes receiving a data link layer packet, such as an Ethernet packet, at a local provider edge node in a provider network from a first customer edge node of multiple customer edge nodes connected directly to the local provider edge node. A tunnel data packet for a particular tunneling protocol is generated. The tunnel data packet includes tunnel data that indicates tunnel termination at a different provider edge in the provider network. The tunnel data packet also includes customer identifier data and the data link layer packet. The customer identifier data uniquely indicates a customer associated with the first customer edge node. The tunnel data packet is sent over the provider network. Show less

A method is provided in one example and includes receiving signaling data associated with a request for a multicast channel, the request includes an Internet protocol version 6 (IPv6) source and an IPv6 group address. The method may also include identifying an Internet protocol version 4 (IPv4) source and an IPv4 group address to be mapped to the IPv6 source and the IPv6 group address. The signaling data can be converted from a first protocol to a second protocol. The converted signaling data… Show more

A method is provided in one example and includes receiving signaling data associated with a request for a multicast channel, the request includes an Internet protocol version 6 (IPv6) source and an IPv6 group address. The method may also include identifying an Internet protocol version 4 (IPv4) source and an IPv4 group address to be mapped to the IPv6 source and the IPv6 group address. The signaling data can be converted from a first protocol to a second protocol. The converted signaling data can be communicated to a network element. In more particular embodiments, the network element is an IP edge router configured to join the multicast channel and stream data in response to receiving the converted signaling data. The IP edge router can be configured to perform an encapsulation operation to transport IPv6 multicast packets within an IPv4 multicast channel. Show less

Implementation of a VPN service such as a VPLS (Virtual Private Local area network Service) is performed utilizing a two-stage process. A first stage of the two-stage process involves providing notification of whether a PE (Provider Edge) router in a label-switching network has VPLS capability. Notification can include broadcasting a message from a PE router to remote PE routers in the label-switching network to indicate whether the broadcasting PE router is VPLS enabled. A second stage of the… Show more

Implementation of a VPN service such as a VPLS (Virtual Private Local area network Service) is performed utilizing a two-stage process. A first stage of the two-stage process involves providing notification of whether a PE (Provider Edge) router in a label-switching network has VPLS capability. Notification can include broadcasting a message from a PE router to remote PE routers in the label-switching network to indicate whether the broadcasting PE router is VPLS enabled. A second stage of the two-stage process involves, based on receiving a notification that a PE router is VPLS enabled, generating a query message to discover a set of VPLS instances to which the broadcasting PE router belongs. In this way, a given PE router generating the query message can identify other PE routers in the label-switching network associated with the same VPLS for purposes of setting up the VPLS in the label-switching network. Show less

Techniques for authenticating a user for access to an IP network include receiving from the user's host a DHCP request which includes user identifier data. A random challenge value is determined and sent to the user's host in a DHCP message format. A response message that includes a response value is received from the user's host in DHCP format. A verification value is determined based on a password value associated with the user identifier value in an AAA server and the current challenge value… Show more

Techniques for authenticating a user for access to an IP network include receiving from the user's host a DHCP request which includes user identifier data. A random challenge value is determined and sent to the user's host in a DHCP message format. A response message that includes a response value is received from the user's host in DHCP format. A verification value is determined based on a password value associated with the user identifier value in an AAA server and the current challenge value using a secure process that renders impractical an attempt to derive the password. If it is determined that the response value does not match the verification value, then a DHCP offer is prevented from being sent to the user's host in response to the DHCP request. Thus, a user is authenticated using DHCP instead of PPP. Show less

A traceroute mechanism enables responses to the traceroute to reach the originating router (originator) along a multihop pseudowire (PW). A traceroute message includes an accumulator operable to count hops along a MH-PW, implemented as a time-to-live (TTL) field, as is known in the art. An originator router employs multiple TTL values, and decrements one of the TTL "accumulators" for each hop. At the ultimate (terminal) router defining the end of the multihop PW, a TTL in the return message is… Show more

A traceroute mechanism enables responses to the traceroute to reach the originating router (originator) along a multihop pseudowire (PW). A traceroute message includes an accumulator operable to count hops along a MH-PW, implemented as a time-to-live (TTL) field, as is known in the art. An originator router employs multiple TTL values, and decrements one of the TTL "accumulators" for each hop. At the ultimate (terminal) router defining the end of the multihop PW, a TTL in the return message is set to the number of hops traveled by the traceroute. The difference between the accumulator and the initial TTL value determines the number of hops traveled by the traceroute message, and hence the number of hops back to the originating node. The traceroute return message, now having a TTL set to the number of hops of the counterpart traceroute, reaches the originator when the TTL value is decremented to zero. Show less

A method and apparatus for performing Layer 2 (L2) interworking is presented. A L2 Protocol Data Unit (PDU) is received at an L2 Switching Entity (SE). The L2 PDU is converted to a normalized Pseudowire (PW) PDU. The normalized PW PDU is then forwarded to a Layer 3 (L3) Routing Entity (RE). The normalized PDU may be in the form of a predetermined L2 protocol or a L2 agnostic protocol.

Techniques for supporting subscriber sessions for access to an IP network include receiving from a first node at a different second node, a Dynamic Host Configuration Protocol (DHCP) formatted echo-request message. The echo-request message includes a DHCP option field that holds data that indicates an echo-request type. In response to receiving the echo-request message, the second node sends to the first node a DHCP formatted echo-reply message that corresponds to the echo-request message. The… Show more

Techniques for supporting subscriber sessions for access to an IP network include receiving from a first node at a different second node, a Dynamic Host Configuration Protocol (DHCP) formatted echo-request message. The echo-request message includes a DHCP option field that holds data that indicates an echo-request type. In response to receiving the echo-request message, the second node sends to the first node a DHCP formatted echo-reply message that corresponds to the echo-request message. The echo-reply message includes a DHCP option field that holds data that indicates an echo-reply type. When received by the first node, the echo-response message causes the first node to determine a connected state with the second node. Point to Point Protocol (PPP) keep-alive messages between a customer premises node and a remote access server gateway to an IP network may be replaced by these DHCP echo-request and echo-reply messages. Show less

Methods, apparatus, computer-storage media, mechanisms, and means associated therewith are used to limit network device resources based on the identification of the Internet Protocol version 6 (IPv6) originating entity (e.g., subscriber of a network carrier). As an IPv6 originating entity will typically be assigned 2.sup.64 or more valid IPv6 addresses, the originating entity may send packets with a source address of any of these valid IPv6 addresses and still be compliant with Internet… Show more

Methods, apparatus, computer-storage media, mechanisms, and means associated therewith are used to limit network device resources based on the identification of the Internet Protocol version 6 (IPv6) originating entity (e.g., subscriber of a network carrier). As an IPv6 originating entity will typically be assigned 2.sup.64 or more valid IPv6 addresses, the originating entity may send packets with a source address of any of these valid IPv6 addresses and still be compliant with Internet standards and/or other specifications (e.g., RFCs). By determining the originating entity and controlling the allocation of network device resources based on the originating entity (in contrast to on a per valid IPv6 address basis), a network service provider can manage its network device resources, such as in a manner to prevent a depletion of resources caused by an originating entity using a plethora valid IPv6 addresses, or a malicious denial-of-service attack. Show less

A method and apparatus for configuring a network interface to support a virtual private network includes storing configuration data at a server on a host computer on the provider network. It is determined whether conditions are satisfied for sending the configuration data to a particular node at an edge of the provider network. If it is determined that conditions are satisfied, then the configuration data is sent to the particular node to cause the particular node to configure a particular… Show more

A method and apparatus for configuring a network interface to support a virtual private network includes storing configuration data at a server on a host computer on the provider network. It is determined whether conditions are satisfied for sending the configuration data to a particular node at an edge of the provider network. If it is determined that conditions are satisfied, then the configuration data is sent to the particular node to cause the particular node to configure a particular interface for supporting a virtual private network over the provider network based on the configuration data without human intervention. The provider network is a packet-switched network and the particular virtual private network is a link layer virtual private network. The particular node is different from the host. The particular interface is for a direct communication link to a customer network node outside the provider network. Show less

A method and apparatus for configuring a network interface to support a virtual private network includes storing configuration data at a server on a host computer on the provider network. It is determined whether conditions are satisfied for sending the configuration data to a particular node at an edge of the provider network. If it is determined that conditions are satisfied, then the configuration data is sent to the particular node to cause the particular node to configure a particular… Show more

A method and apparatus for configuring a network interface to support a virtual private network includes storing configuration data at a server on a host computer on the provider network. It is determined whether conditions are satisfied for sending the configuration data to a particular node at an edge of the provider network. If it is determined that conditions are satisfied, then the configuration data is sent to the particular node to cause the particular node to configure a particular interface for supporting a virtual private network over the provider network based on the configuration data without human intervention. The provider network is a packet-switched network and the particular virtual private network is a link layer virtual private network. The particular node is different from the host. The particular interface is for a direct communication link to a customer network node outside the provider network. Show less

Techniques for negotiating Point-to-Point Protocol (PPP) sessions over an Ethernet network include receiving configuration data that indicates a first node is connected to a second node thorough an Ethernet network that supports Ethernet frame payload sizes larger than 1500 octets. Request data is received at the first node from the second node. The request data indicates a request for PPP communications between the first node and the second node using a requested PPP payload size greater than… Show more

Techniques for negotiating Point-to-Point Protocol (PPP) sessions over an Ethernet network include receiving configuration data that indicates a first node is connected to a second node thorough an Ethernet network that supports Ethernet frame payload sizes larger than 1500 octets. Request data is received at the first node from the second node. The request data indicates a request for PPP communications between the first node and the second node using a requested PPP payload size greater than 1492 octets. A particular PPP payload size greater than 1492 octets is determined. Response data is sent from the first node to the second node. The response data indicates that the particular PPP payload size greater than 1492 octets is to be used for PPP communications between the first node and the second node. These techniques allow better utilization of Ethernet Jumbo, Giant and Baby Giant frames. Show less

A system includes an access node having an associated identifier. The access node is configured to insert the identifier into a network connection request. The system includes an IP edge service node connected to the access node and configured to receive the network connection request. The IP edge service node is further configured to store the inserted identifier and to insert the identifier into an Internet protocol version 6 (IPv6) address request transmitted according to dynamic host… Show more

A system includes an access node having an associated identifier. The access node is configured to insert the identifier into a network connection request. The system includes an IP edge service node connected to the access node and configured to receive the network connection request. The IP edge service node is further configured to store the inserted identifier and to insert the identifier into an Internet protocol version 6 (IPv6) address request transmitted according to dynamic host configuration protocol version 6 (DHCPv6) through an established network connection based on the network connection request. The system further includes a server configured to receive the IPv6 address request and assign an IPv6 address based on the IPv6 address request. Show less

Techniques for exchanging point to point protocol (PPP) information among network nodes using an arbitrary network protocol include determining whether a PPP payload includes PPP control data. If so, then an outbound protocol frame is generated with the PPP control data in a payload and with an outbound protocol type field that indicates PPP control data. The outbound protocol frame is sent to a server which uses the PPP control data. The outbound protocol is different from PPP and from PPP… Show more

Techniques for exchanging point to point protocol (PPP) information among network nodes using an arbitrary network protocol include determining whether a PPP payload includes PPP control data. If so, then an outbound protocol frame is generated with the PPP control data in a payload and with an outbound protocol type field that indicates PPP control data. The outbound protocol frame is sent to a server which uses the PPP control data. The outbound protocol is different from PPP and from PPP over Ethernet (PPPoE) and from PPP over Asynchronous Transfer Mode (ATM) protocol (PPPoA). The outbound protocol may be Ethernet or ATM Adaptation Layer (AAL) or some other protocol. These techniques allow PPP control plane functionality while utilizing IP over Ethernet for the data plane. Show less

A method and apparatus for configuring a network interface to support a virtual private network includes storing configuration data at a server on a host computer on the provider network. It is determined without human intervention whether conditions are satisfied for sending the configuration data to a particular node at an edge of the provider network without receiving a request message from the particular node. If it is determined that conditions are satisfied, then the configuration data is… Show more

A method and apparatus for configuring a network interface to support a virtual private network includes storing configuration data at a server on a host computer on the provider network. It is determined without human intervention whether conditions are satisfied for sending the configuration data to a particular node at an edge of the provider network without receiving a request message from the particular node. If it is determined that conditions are satisfied, then the configuration data is sent to the particular node to cause the particular node to configure a particular interface for supporting a virtual private network over the provider network based on the configuration data. The particular node is different from the host. These techniques allow changes in configuration data to be pushed to provider edge nodes without human intervention. Show less