Patent application number | Description | Published |
20100316050 | APPLYING ADAPTIVE THRESHOLDS TO MULTCAST STREAMS WITHIN COMPUTER NETWORKS - In general, techniques are described for applying adaptive thresholds to multicast streams within computer networks. For example, an access node may implement the techniques to facilitate efficient delivery of multicast streams. The access node comprises an interface that couples to a subscriber network having a subscriber device. The access node also includes a control unit that determines a multicast stream count reflecting current delivery of multicast streams to the subscriber network and a threshold value based on historical multicast stream counts delivered to the subscriber. The interface receives a message requesting to join a multicast group in accordance with a multicast management protocol. In response to this message, the control unit determines a projected stream count based on the above current multicast count. The control unit then compares the projected stream count to the threshold value, and admits the subscriber device to the multicast group based on the comparison. | 12-16-2010 |
20110029645 | SECURE DHCP PROCESSING FOR LAYER TWO ACCESS NETWORKS - In general, this disclosure describes network security techniques that may accommodate legitimate movement of a subscriber device while preventing MAC collisions that may result from configuration errors or MAC spoofing attempts. MAC spoofing may result in packets directed to one subscriber device being sent instead to another subscriber device. By modifying an access node or a Dynamic Host Configuration Protocol (DHCP) server to allow only authorized subscriber devices on the access network, layer two collisions (“MAC collisions”) may be prevented. | 02-03-2011 |
20110030032 | SECURE DHCP PROCESSING FOR LAYER TWO ACCESS NETWORKS - In general, this disclosure describes network security techniques that may accommodate legitimate movement of a subscriber device while preventing MAC collisions that may result from configuration errors or MAC spoofing attempts. MAC spoofing may result in packets directed to one subscriber device being sent instead to another subscriber device. By modifying an access node or a Dynamic Host Configuration Protocol (DHCP) server to allow only authorized subscriber devices on the access network, layer two collisions (“MAC collisions”) may be prevented. | 02-03-2011 |
20110080915 | AUTOMATED VLAN ASSIGNMENT TO DOMAIN IN RING NETWORK - In general, the disclosure describes network techniques that may automatically assign virtual local area networks (VLANs) to domains in a ring network. In one example, a method includes receiving, by a control node in a ring network, a plurality of data units transmitted by a plurality of transport nodes on the ring network, each data unit comprising profile information, and automatically assigning a VLAN to one of a plurality of domains established on the ring network based on the profile information. | 04-07-2011 |
20110167268 | NETWORK DEVICE AUTHENTICATION - In general, this disclosure relates to maintaining security between an optical network terminal (ONT) and an optical network aggregation device in an Active Ethernet network. An optical network aggregation device includes one or more optical Ethernet switches that can be adaptively configured to support authentication of one or more ONTs. For example, the optical network aggregation device may include a controller with an authentication unit for managing ONT authentication and an optical Ethernet interface for transmitting and receiving data over the optical network. The authentication unit may exchange authentication request messages via the optical Ethernet interface with an ONT and grant the ONT access to the provider network based on the exchange, thereby preventing rogue devices from gaining access to the provider network. | 07-07-2011 |
20110167269 | NETWORK DEVICE AUTHENTICATION - In general, this disclosure relates to maintaining security between an optical network terminal (ONT) and an optical network aggregation device in an Active Ethernet network. An optical network aggregation device includes one or more optical Ethernet switches that can be adaptively configured to support authentication of one or more ONTs. For example, the optical network aggregation device may include a controller with an authentication unit for managing ONT authentication and an optical Ethernet interface for transmitting and receiving data over the optical network. The authentication unit may exchange authentication request messages via the optical Ethernet interface with an ONT and grant the ONT access to the provider network based on the exchange, thereby preventing rogue devices from gaining access to the provider network. | 07-07-2011 |
20120093508 | PROVISIONING NETWORK DEVICES IN ETHERNET-BASED ACCESS NETWORKS - In general, techniques are described for provisioning network devices in an Ethernet-based access network. For example, an access node located in an Ethernet-based access network positioned intermediate to a back office network and a customer network may implement the techniques. The access node comprises a control unit that discovers a demarcation point device that terminates the access network of the service provider network at the customer network. The control unit of the access node implements an Ethernet protocol to provide layer two network connectivity between the service provider network and the customer network, authenticates the demarcation point device based on a unique identifier assigned to the demarcation point device and, after successfully authenticating the demarcation point device, provisions the demarcation point device. | 04-19-2012 |
20120131097 | ISOLATION VLAN FOR LAYER TWO ACCESS NETWORKS - In general, techniques are described for providing an isolation virtual local area network (VLAN) for layer two access networks. A server comprising an interface and a control unit may implement the techniques. The interface receives a message that initiates a request for a layer three (L3) network address for use by a client device via an isolation virtual local area network (VLAN) that supports transmitting data from a network device to the server, where the network device is intermediately positioned between the client device and the server. The message includes a layer two (L2) address associated with the client device. The control unit determines whether to allow the client device to access the network and assigns the L3 network address to the client device based on the determination. | 05-24-2012 |
20120207019 | SYSTEMS AND METHODS FOR MULTICAST ADMISSION CONTROL - Systems and methods for multicast admission control are provided. In one embodiment, a node comprises: a first interface configured to receive a multicast channel access request, from a subscriber interface, including an address for a channel; a memory including a subscriber profile and VLAN configuration data for the network; a processor that identifies a first VLAN corresponding to the address from the VLAN configuration data and determines whether the subscriber is authorized to receive the channel via the first VLAN based on access policy designated by the subscriber profile; wherein the processor further determines whether granting access to the channel violates admission control policy based on predefined bandwidth requirements and/or a stream count limit for the first VLAN; wherein when the subscriber interface is authorized to receive the channel and when granting access to the channel does not violate admission control policy, the processor routes the channel to the subscriber. | 08-16-2012 |
20130329579 | SYSTEMS AND METHODS FOR MEASURING FRAME LOSS IN MULTIPOINT NETWORKS - Systems and methods for measuring frame loss in multipoint networks are provided. In one embodiment, a method for calculating frame loss in a multipoint network is provided. The method comprises: synchronizing local PM frame count bin boundaries across a multipoint network; collecting a first sample of frame count data at a network manager from a first local PM frame count bin for each VLAN Endpoint on the multipoint network; and calculating a frame loss for the multipoint network by accounting for frame ingress and frame egress from the multipoint network based on the first sample of frame count data; wherein the first sample of frame count data is associated with a first period of time defined by the local PM frame count bin boundaries. | 12-12-2013 |
20130329580 | SYSTEMS AND METHODS FOR MEASURING FRAME LOSS IN MULTIPOINT NETWORKS - Systems and methods for measuring frame loss in multipoint networks are provided. In one embodiment, a method for calculating frame loss comprises: performing a first continuity check message exchange between a first and a plurality of other devices, the first exchange comprises the first device collecting a first set of frame count data from each of the first and other devices, the first set of frame count data associated with a first instance of time by a first sequence identifier; performing a second continuity check message exchange between the first and plurality of other devices, the second exchange comprises the first device collecting a second set of frame count data from the first other devices, the second set of frame count data associated with a second instance of time by a second sequence identifier; and calculating a frame loss measurement by accounting for frame Ingress and frame Egress. | 12-12-2013 |
20150063107 | SYSTEM AND METHOD FOR AUTOMATED QUALITY OF SERVICE CONFIGURATION THROUGH THE ACCESS NETWORK - A system comprises a plurality of access nodes configured to provide one or more services to customer equipment; and a plurality of transport elements coupled together to form a network. Each transport element is configured to receive data packets committed to the network by one or more of the other transport elements and to commit data packets to the network, each data packet assigned to one of a plurality of traffic classes. Each respective transport element is further configured to shape a first set of traffic comprising data packets received from another transport element based on the respective traffic class of each data packet and to shape a second set of traffic comprising data packets to be committed to the network by the respective transport element based on the respective traffic class of each data packet, the first set of traffic shaped separately from the second set of traffic. Each respective transport element is further configured to shape the shaped first set of traffic together with the shaped second set of traffic based on respective weights associated with the first set of traffic and the second set of traffic. | 03-05-2015 |
20150067117 | SYSTEM AND METHOD FOR ADVERTISEMENT OF SLA ATTRIBUTES OF A SERVICE AND THE TEST CAPABILITY OF THE ENDPOINT DEVICE - A system comprises a first endpoint device; and a second endpoint device coupled to the first endpoint device over a service provider network. The first endpoint device is configured to insert a Service Level Agreement (SLA) Type Length Value (TLV) element into a Protocol Data unit (PDU) to form an enhanced PDU, the first endpoint device further configured to transmit the enhanced PDU to the second endpoint device. The SLA TLV element includes fields for at least one of service configuration information and test capability information of the first endpoint device. | 03-05-2015 |
20150083795 | SYSTEM AND METHOD FOR SERVICING A DEVICE HAVING A MATRIX BARCODE - A method of servicing a target device having a matrix barcode comprises analyzing data from a scan of the matrix barcode on the target device to obtain device identification information encoded in the matrix barcode; obtaining secondary information related to the target device; associating the device identification information with the secondary information; and transmitting the device identification information and secondary information over a network to a back office system. | 03-26-2015 |