Abstract: In one embodiment, an offload platform is an compute platform, adjunct to a router or other packet switching device, that performs packet processing operations including determining an egress forwarding value corresponding to the next-hop node of the packet switching device to which to send an offload-platform processed packet. The offload platform downloads forwarding information from the router, and augments it, such as, but not limited to, representing interfaces of the router as identifiable virtual interface(s) on the offload platform, and including each of one or more next-hop nodes of the router represented as an identifiable virtual adjacency and identifiable tunnel (e.g., identified by the egress forwarding value). In one embodiment, the egress forwarding value is an Multiprotocol Label Switching (MPLS) label or Segment Routing Identifier. The router identifies packets of certain packet flows to send to the adjunct offload platform, rather than processing per its routing information base.

Abstract: Methods for establishing a stateless extranet in a secure communication network include transmitting a consumer NHOP to a provider CPE from a consumer CPE in a control plane. The consumer NHOP is associated with at least one attribute of an NHOP, including an encryption key available with the consumer CPE, to establish a secure communication tunnel in a data plane. The consumer CPE receives a service definition over the control plane associated with a service available with the provider CPE. A service anchor point is created based on an identifier of the service definition. A network address translation (NAT) IP request is transmitted to the provider CPE. The consumer CPE receives a NAT IP from the provider CPE in response to the NAT IP request. The NAT IP is associated with the service anchor point of the consumer CPE. A stateless service is thereby instantiated on the consumer CPE.

Abstract: The present disclosure is directed to BIER forwarding over varying BSL domains, the methods including the steps of receiving, at a border node, a packet comprising a BIER header having a BIER bit string with a first bit string length; reading an incoming label of the packet comprising instructions to split the BIER header into a plurality of smaller headers associated with a plurality of smaller bit strings; generating a set of split bit masks; performing a separate bitwise AND operation on each split bit mask and the BIER bit string to generate the plurality of smaller bit strings, each copied to a corresponding smaller header of the plurality of smaller headers; and performing a lookup for each of the plurality of smaller headers on a respective forwarding table to determine one or more egress routers to which to transmit the packet.

Abstract: A computer network efficiently provides a multicast network flow to a multicast recipient across a multihomed network element. The multihomed network element includes network devices that receive multicast data from a source of a multicast network flow. Each particular network device that received the multicast data publishes a notification indicating that the multicast network flow is available from the particular network device. The computer network receives a subscription to the multicast network flow from a multicast recipient, and determines whether to bridge the multicast data across the multihomed network element based on a multicast configuration of the computer network. The multihomed network element provides the multicast data to the multicast recipient from at least one of the particular network devices that received the multicast data from the source of the multicast network flow.

Abstract: In one embodiment, an offload platform is an compute platform, adjunct to a router or other packet switching device, that performs packet processing operations including determining an egress forwarding value corresponding to the next-hop node of the packet switching device to which to send an offload-platform processed packet. The offload platform downloads forwarding information from the router, and augments it, such as, but not limited to, representing interfaces of the router as identifiable virtual interface(s) on the offload platform, and including each of one or more next-hop nodes of the router represented as an identifiable virtual adjacency and identifiable tunnel (e.g., identified by the egress forwarding value). In one embodiment, the egress forwarding value is an Multiprotocol Label Switching (MPLS) label or Segment Routing Identifier. The router identifies packets of certain packet flows to send to the adjunct offload platform, rather than processing per its routing information base.

Abstract: A networking environment includes a first node and a second node configured as Ethernet Virtual Private Networking (EVPN) peers on an EVPN subnet that is coupled to a Layer 3 VPN over a core network. The first node receives a first multicast join request from a third node in the core network, the first multicast join request including a source address and multicast group address of a source of a multicast stream. The first node determines that the source address and the multicast group address for the source are behind the EVPN subnet at the second node. The first node sends to the second node, a control plane join request message that includes a receiver identifier that identifies the third node as a receiver of the multicast stream, the receiver identifier enabling the second node to forward the multicast stream directly into the core network to the third node.

Abstract: In one embodiment, an apparatus includes one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors. The one or more computer-readable non-transitory storage media include instructions that, when executed by the one or more processors, cause the apparatus to perform operations including receiving a user credential from a remote access client within a network and communicating the user credential to an authentication, authorization and accounting (AAA) server within the network. The operations also include receiving a user attribute from the AAA server and generating a contextual label based on the user attribute. The contextual label includes routing instructions associated with traffic behavior within the network. The operations further include advertising a control message, which includes the contextual label, to the remote access client.

Abstract: A computer network efficiently provides a multicast network flow to a multicast recipient across a multihomed network element. The multihomed network element includes network devices that receive multicast data from a source of a multicast network flow. Each particular network device that received the multicast data publishes a notification indicating that the multicast network flow is available from the particular network device. The computer network receives a subscription to the multicast network flow from a multicast recipient, and determines whether to bridge the multicast data across the multihomed network element based on a multicast configuration of the computer network. The multihomed network element provides the multicast data to the multicast recipient from at least one of the particular network devices that received the multicast data from the source of the multicast network flow.

Abstract: In one embodiment, an offload platform is an compute platform, adjunct to a router or other packet switching device, that performs packet processing operations including determining an egress forwarding value corresponding to the next-hop node of the packet switching device to which to send an offload-platform processed packet. The offload platform downloads forwarding information from the router, and augments it, such as, but not limited to, representing interfaces of the router as identifiable virtual interface(s) on the offload platform, and including each of one or more next-hop nodes of the router represented as an identifiable virtual adjacency and identifiable tunnel (e.g., identified by the egress forwarding value). In one embodiment, the egress forwarding value is an Multiprotocol Label Switching (MPLS) label or Segment Routing Identifier. The router identifies packets of certain packet flows to send to the adjunct offload platform, rather than processing per its routing information base.

Abstract: The present disclosure is directed to BIER forwarding over varying BSL domains, the methods including the steps of receiving, at a border node, a packet comprising a BIER header having a BIER bit string with a first bit string length; reading an incoming label of the packet comprising instructions to split the BIER header into a plurality of smaller headers associated with a plurality of smaller bit strings; generating a set of split bit masks; performing a separate bitwise AND operation on each split bit mask and the BIER bit string to generate the plurality of smaller bit strings, each copied to a corresponding smaller header of the plurality of smaller headers; and performing a lookup for each of the plurality of smaller headers on a respective forwarding table to determine one or more egress routers to which to transmit the packet.

Abstract: Embodiments of a method of communicating a packet by a network address translation (NAT) enabled router, are described. In an embodiment, the method includes receiving a return packet to be communicated to a destination. The destination is associated with a first source address in the context of a forward packet. The method further includes determining a return path to transmit the return packet to the destination based on security association data. The security association data is pre-recorded in a routing table of the NAT enabled router when the forward packet is received, prior to receiving the return packet, over a forward path established between the NAT enabled router and an enterprise node. The security association data uniquely identifies the forward path as the return path.

Abstract: In one embodiment, an apparatus includes one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors. The one or more computer-readable non-transitory storage media include instructions that, when executed by the one or more processors, cause the apparatus to perform operations including receiving a user credential from a remote access client within a network and communicating the user credential to an authentication, authorization and accounting (AAA) server within the network. The operations also include receiving a user attribute from the AAA server and generating a contextual label based on the user attribute. The contextual label includes routing instructions associated with traffic behavior within the network. The operations further include advertising a control message, which includes the contextual label, to the remote access client.

Abstract: A method comprises, at a first router configured to perform Bit Index Explicit Replication (BIER) for forwarding of multicast packets in a network, storing configuration information that indicates that the first router belongs to multiple subdomains of a BIER domain, and is able to forward the multicast packets for a virtual private network on the multiple subdomains. The method further comprises, during an auto-discovery procedure, generating an auto-discovery message to include an auto-discovery route and route attributes that indicate the multiple subdomains, and sending the auto-discovery message to a second router of the virtual private network the network.

Abstract: Disclosed is the generation of a bit-indexed forwarding table (BIFT) that can include a plurality of entries, each such entry corresponding to a bit position of a plurality of bit positions, where each such bit position represents an egress network node of a plurality of egress network nodes, and the generating configures the BIFT to be used in forwarding a packet to one or more of the plurality of egress network nodes, based at least in part on a bit string in the packet. The generating includes selecting a bit position of the plurality of bit positions as a selected bit position, creating an entry of the plurality of entries (where the entry corresponds to the selected bit position), identifying a neighbor node associated with the selected bit position, and updating one or more fields of the entry with neighbor information regarding the neighbor node.

Abstract: A disclosed method is performed at a first boundary node bordering a BIER domain. The method includes receiving a message associated with a source and group for multicast from outside the BIER domain. The method further includes generating an encapsulated message based on the message, a metric, and a first proxy address of the first boundary node. The method also includes forwarding the encapsulated message through the BIER domain to at least one second boundary node bordering the BIER domain and connectable to the first boundary node. The first boundary node additionally triggers the at least one second boundary node to decapsulate the encapsulated message for forwarding out of the first domain and store a record including the source, the group, the metric representing the cost of the first boundary node to the source, and the first proxy address on the at least one second boundary node.

Abstract: In one embodiment, an offload platform is an compute platform, adjunct to a router or other packet switching device, that performs packet processing operations including determining an egress forwarding value corresponding to the next-hop node of the packet switching device to which to send an offload-platform processed packet. The offload platform downloads forwarding information from the router, and augments it, such as, but not limited to, representing interfaces of the router as identifiable virtual interface(s) on the offload platform, and including each of one or more next-hop nodes of the router represented as an identifiable virtual adjacency and identifiable tunnel (e.g., identified by the egress forwarding value). In one embodiment, the egress forwarding value is an Multiprotocol Label Switching (MPLS) label or Segment Routing Identifier. The router identifies packets of certain packet flows to send to the adjunct offload platform, rather than processing per its routing information base.

Abstract: A method comprises, at a first router configured to perform Bit Index Explicit Replication (BIER) for forwarding of multicast packets in a network, storing configuration information that indicates that the first router belongs to multiple subdomains of a BIER domain, and is able to forward the multicast packets for a virtual private network on the multiple subdomains. The method further comprises, during an auto-discovery procedure, generating an auto-discovery message to include an auto-discovery route and route attributes that indicate the multiple subdomains, and sending the auto-discovery message to a second router of the virtual private network the network.

Abstract: Various systems and methods for performing fast fail-over. One method involves receiving a packet at a primary forwarder node of a core network, determining whether the packet was received from a secondary forwarder node of the core network, via a tunnel, and, in response to a determination that the packet was received via the tunnel, forwarding the packet to another node in the core network. The tunnel communicatively couples the primary forwarder node and the secondary forwarder node. The primary forwarder node and the secondary forwarder node communicatively couple a local network and the core network. The packet was transmitted from the local network.

Abstract: Functionality for creating a bit routing table for use in a bit-indexed explicit replication (“BIER”) environment in disclosed herein. In one embodiment, this functionality includes receiving information from a host, and determining whether the information comprises a MAC address that is a bit-indexed explicit replication (“BIER”) MAC address. In response to determining that the information comprises a BIER MAC address, this functionality creates an entry corresponding to the MAC address in a bit routing table. This functionality also analyzes the information to determine a bit position that is associated with the host, and also determines a port via which the host is reachable. The functionality updates the bit routing table by storing information identifying the bit position and the port in the entry, such that the bit position and the port both correspond to the MAC address. This functionality can be used to route packets in a BIER environment.

Abstract: Methods, network devices and computer readable media are disclosed relating to a communication network. In one embodiment, a method includes receiving a message comprising a message bit array. The message bit array identifies egress nodes for the message within a bit indexed explicit replication (BIER) domain of a communications network. A first bit position in the message bit array represents a first one or more of the egress nodes, and a bit value at the first bit position indicates that the message is to be forwarded to one of the first one or more of the egress nodes. The method further includes accessing a first forwarding table entry corresponding to the first bit position, determining whether the first bit position is an anycast bit position having multiple corresponding forwarding table entries, and forwarding the message to one of the first one or more of the egress nodes.