Bakul G Khanna

7881197, Feb 1, 2011

Dec 22, 2005

11/315894

Bakul Khanna - Lexington MA, US
Leigh McLellan - Framingham MA, US
Robert Lee - Lexington MA, US
Dale Nash - Sudbury MA, US

Avaya Inc. - Basking Ridge NJ

G01R 31/08
G06F 11/00
G08C 15/00
H04J 1/16
H04J 3/14
H04J 1/00
H04L 12/26
H04L 12/28
H04L 12/56

370235, 370414

Efficient interface scheduling that maintains fairness among the scheduled interfaces and remains efficient even when scheduling large numbers of interfaces and even when implemented in software. Systems for scheduling interfaces through a physical port are provided that utilize a bit-mask. Each bit-mask has a bit-mask-level- having a plurality of bits, each bit in the bit-mask-level- represents a unit of bandwidth with the total number of bits in the bit-mask-level- representing the port's line speed, each bit in a bit-mask-level- is associated with an interface, and the number of bits associated with each interface determines the bandwidth for that interface. Methods of scheduling interfaces are provided that utilize one or more bit-masks to determine an order in which interfaces are scheduled. The present invention can efficiently implement versions of the dual-token-bucket algorithm.

7907595, Mar 15, 2011

Sep 29, 2006

11/540104

Bakul Khanna - Lexington MA, US
John Chao - Belmont MA, US
Ramasamy Jesuraj - Westford MA, US
Robert Lee - Lexington MA, US

Avaya, Inc. - Basking Ridge NJ

H04L 12/28
H04L 12/56

370351, 370892

Customer Edge (CE) network elements can automatically learn IPSec tunnel endpoints for other CEs connected to sites in a Virtual Private Network (VPN) so that manual configuration of IPSec tunnel endpoints is not required and so that a centralized database of IPSec tunnel endpoints is not required to be separately maintained. According to an embodiment of the invention, a BGP export route policy is set on all CEs, so that when they announce their VPN routes in the standard format, the application of this export route policy changes the announcement to replace the BGP peering point address that would ordinarily be advertised with the IPSec tunnel endpoint address. When any given site receives a VPN route update formatted in this manner, it processes the VPN route update and learns from the update the IPSec tunnel endpoint as well as the associated VPN routes.

8104081, Jan 24, 2012

Nov 15, 2005

11/273945

Bakul Khanna - Lexington MA, US
Ron Pon - Kanata, CA
Ramin Taraz - Lexington MA, US

Avaya Inc. - Basking Ridge NJ

G06F 9/00
G06F 15/16
G06F 17/00

726 15, 370331, 370401, 709217

Described are a method and system for seamless roaming of a mobile node during a VPN session. A VPN session between the mobile node and a current VPN server in a network is established and synchronized with at least one fail-over VPN server in the network. An address change message is sent to the current VPN server and the fail-over VPN servers upon roaming of the mobile node. A fail-over VPN server responds with a reply message and is registered as a current VPN server for continuation of the VPN session. To load balance, a load query message is sent to the current VPN server and the fail-over VPN servers. Reply messages include server performance characteristics of the VPN servers. The VPN session can be transferred from the current VPN server to a fail-over VPN server in response to the server performance characteristics.

8149695, Apr 3, 2012

Dec 22, 2005

11/315893

Bakul Khanna - Lexington MA, US
Leigh McLellan - Framingham MA, US
Robert Lee - Lexington MA, US
Dale Nash - Sudbury MA, US

Avaya Holdings Limited - Basking Ridge NJ

G01R 31/08
G06F 11/00
G08C 15/00
H04J 1/16
H04J 3/14
H04L 12/26
H04L 12/28

370230, 3703954

A Point to Point Protocol (“PPP”) link running PPP Multilink Protocol with multi-class extensions (“Multilink-Extension”) having both peers on the PPP link support a number of egress priority queues negotiated during the Multilink-Extension negotiation. Each peer also establishes a number of classes equal to the negotiated number of egress priority queues. Thus, communication devices that have a different default number, or different maximum number, of egress priority queues can interoperate in a manner that ensures packets have the same per-hop behavior (“PHB”). The present invention is both memory efficient and processing time efficient because only the minimum number of egress priority queues necessary are instantiated.

8191133, May 29, 2012

Dec 17, 2007

12/002729

Bakul Khanna - Lexington MA, US
Jozef Babiarz - Kanata, CA

Avaya Inc. - Basking Ridge NJ

H04L 29/06

726 12

An embodiment of the present invention includes a technique to provide anti-replay protection with QoS queues. A single global anti-replay window is maintained to have global lowest and highest sequence numbers for an Internet protocol security (IPSec) security association (SA). The single global anti-replay window is associated with individual differentiated services code point (DSCP) or DSCP group, the individual DSCP or DSCP group corresponding to individual per-DSCP anti-replay windows. A received packet having a sequence number is pre-processed before packet processing using the single global anti-replay window. The received packet is post-processed after packet processing using the individual per-DSCP anti-replay windows.

8369220, Feb 5, 2013

Dec 31, 2007

12/006128

Bakul Khanna - Lexington MA, US
Jozef Babiarz - Kanata, CA
Ali Labed - Ottawa, CA
Delfin Montuno - Kanata, CA

Avaya Inc. - Basking Ridge NJ

H04L 12/26

370235, 370352

To route a flow of elastic traffic, plural candidate paths are identified for the flow of elastic traffic. A particular path from among the plural candidate paths is selected to route the flow of elastic traffic according to criteria including numbers of flows on respective candidate paths and measured performances of the respective candidate paths.

20070041326, Feb 22, 2007

Sep 11, 2006

11/530579

Jozef Babiarz - Kanata, CA
Bakul Khanna - Lexington MA, US

H04L 12/26
H04J 3/14

370237000, 370248000

A flow based routing method and apparatus selects a path from a plurality of different paths for assignment to a flow. The path is selected based on a traffic performance measurements which identify relative congestion and performance of the different paths, so that traffic flows can be diverted away from network congestion points, thereby allowing network resources to be load balanced at a flow granularity. The present invention may be configured on physical or virtual links on an NE to enhance the forwarding of packets using the primary link and one or more alternate links to any given destination.

20080092229, Apr 17, 2008

Sep 29, 2006

11/540198

Bakul Khanna - Lexington MA, US
Ramasamy Jesuraj - Westford MA, US

Nortel Networks Limited - St. Laurent

G06F 15/16

726 15

Customer Traffic may be segregated using customer provisioned IPSec VPNs implemented using group security association for IPSec tunnels, by causing the CE network element to implement multiple VRFs for the several VPNs, each of which may be used for a different segment of the customer's traffic. The CE network element may implement a single MPBGP peering session with the GCKS/RR for all VPNs, and may establish secure data channels for each of the VPNs based on the group security associations for each of the VPNs. Although a common MPBGP peering session may be used, routing information for the several VRFs may be separated by applying per-VRF import policies at the CE, so that each VPN only has access to routes intended to be advertised to that VPN