Abstract: Packets are encapsulated and sent from a service node to one or more application nodes for applying one or more Layer-4 to Layer-7 services to the packets. Before which for a packet, the service node performs a lookup operation based on a destination address of the packet in a routing data structure derived from a exterior network protocol, such as, but not limited to Border Gateway Protocol (BGP). This lookup operation results in the identification of a next hop packet switching device to which the packet would be sent from the service node. The service node includes this identification of the next hop address in the request packet sent to the application node(s). After the service(s) are applied to the packet, an application node will send the services-applied packet to this next hop address. In this manner, application nodes do not need to run an exterior network protocol. Although, they typically will run an Interior Gateway Protocol for identifying how to forward packets to the next hop address.

Abstract: Packets are encapsulated and sent from a service node (e.g., packet switching device) using one or more services applied to a packet by an application node (e.g., a packet switching device and/or computing platform such as a Cisco ASR 1000) to generate a result, which is used by the service node to process packets of a flow of packets to which the packet belonged. An example of a service applied to a packet is a classification service, such as, but not limited to, using deep packet inspection on the packet to identify a classification result. The service node can, for example, use this classification result to process other packets in a same packet flow, such that all packets of a flow do not need to be, nor typically are, sent to an application node for processing.

Abstract: Data path processing information is included in the pseudowire layer of pseudowire packets in order to provide information for use in the data path processing of data (e.g., a packet), typically, but not always, included in the payload of the pseudowire packet itself. The pseudowire packet typically includes in corresponding fields: a pseudowire label for identifying a pseudowire type; a pseudowire control word; and payload data. The pseudowire type identifies the structure of the pseudowire control word field and the payload field, including the location of data path meta data, such as in the pseudowire control word field or payload field. This data path meta data identifies one or more attributes for use in processing the payload data.

Abstract: A technique is provided for dynamically discovering shared risk node group (SRNG) memberships of a plurality of interconnected edge devices in a computer network. According to the technique, each edge device “learns” the identities of its directly-attached peer devices situated in neighboring routing domains, e.g., by establishing an interior or exterior gateway routing protocol session with each peer. Thereafter, each edge device advertises the identities of its learned peers to the other interconnected edge devices. Preferably, the peer identities are distributed in novel “peer-router” extended community attributes transported in Border Gateway Protocol (BGP) messages. After an edge device has learned the identity of its own peers and received the identities of the other edge devices' peers, the device can automatically detect SRNG memberships in the computer network. Specifically, edge devices that advertise the same peer are determined to participate in the same SRNG.

Abstract: In one embodiment, a network device determines identities of each peer device in a second routing domain attached to edge devices in a first routing domain. The network device associates each address prefix reachable in the second routing domain with an identity of each peer device in the second routing domain that advertised the address prefix and with an identity of one or more edge devices in the first routing domain to which that peer device is attached. The network device determines an address prefix is associated with a same identity of a peer device in the second routing domain but with different edge devices in the first routing domain. The network device assigns the different edge devices in the first routing domain associated with the determined address prefix to a shared risk node group (SRNG).

Abstract: The protection of multi-segment pseudowires by utilizing backup paths is disclosed herein. Disclosed embodiments include methods that establish at least one backup path for multi-segment pseudowires, the establishing being performed prior to detection of failure in the primary path. Upon detecting a path failure, the detected failure is signaled to the head-end, a backup path is chosen, and reachability information associated with the chosen backup path is signaled across the backup path before reverse traffic is switched to the backup path. In other disclosed embodiments, apparatus are configured to establish, prior to detection of failure in the primary path, at least one backup path for the multi-segment pseudowire.

Abstract: Data path processing information is included in the pseudowire layer of pseudowire packets in order to provide information for use in the data path processing of data (e.g., a packet), typically, but not always, included in the payload of the pseudowire packet itself. The pseudowire packet typically includes in corresponding fields: a pseudowire label for identifying a pseudowire type; a pseudowire control word; and payload data. The pseudowire type identifies the structure of the pseudowire control word field and the payload field, including the location of data path meta data, such as in the pseudowire control word field or payload field. This data path meta data identifies one or more attributes for use in processing the payload data.

Abstract: An application node advertises service(s), using a label distribution protocol, that it offers to other network nodes and a corresponding label to use to identify these services(s). For example, a Targeted Label Distribution Protocol (tLDP) session may be established between a packet switching device and the application node providing these services to communicate the advertisement. Packets are encapsulated and sent from a service node (e.g., packet switching device) with the corresponding label to have one or more advertised services applied to the packet by an application node (e.g., a packet switching device and/or computing platform such as a Cisco ASR 1000).

Abstract: An application node advertises service(s), using a routing protocol, that it offers to other network nodes. For example, the routing protocol used to advertise service(s) in a Service Provider Network is typically an link-state, Interior Gateway Protocol (IGP), such as, but not limited to, Intermediate System to Intermediate System (IS-IS) or Open Shortest Path First (OSPF). Packets are encapsulated and sent from a service node (e.g., packet switching device) using one or more advertised services applied to a packet by an application node (e.g., a packet switching device and/or computing platform such as a Cisco ASR 1000).

Abstract: Packets are encapsulated and sent from a service node to one or more application nodes for applying one or more Layer-4 to Layer-7 services to the packets. Before which for a packet, the service node performs a lookup operation based on a destination address of the packet in a routing data structure derived from a exterior network protocol, such as, but not limited to Border Gateway Protocol (BGP). This lookup operation results in the identification of a next hop packet switching device to which the packet would be sent from the service node. The service node includes this identification of the next hop address in the request packet sent to the application node(s). After the service(s) are applied to the packet, an application node will send the services-applied packet to this next hop address. In this manner, application nodes do not need to run an exterior network protocol. Although, they typically will run an Interior Gateway Protocol for identifying how to forward packets to the next hop address.

Abstract: Packets are encapsulated and sent from a service node (e.g., packet switching device) using one or more services applied to a packet by an application node (e.g., a packet switching device and/or computing platform such as a Cisco ASR 1000) to generate a result, which is used by the service node to process packets of a flow of packets to which the packet belonged. An example of a service applied to a packet is a classification service, such as, but not limited to, using deep packet inspection on the packet to identify a classification result. The service node can, for example, use this classification result to process other packets in a same packet flow, such that all packets of a flow do not need to be, nor typically are, sent to an application node for processing.

Abstract: According to one aspect of the present invention, a method includes obtaining a first advertisement at a first provider edge (PE) device from a first customer edge (CE) device that is associated with a virtual private network, and sending a second advertisement on a control plane path associated with a border gateway protocol after obtaining the first advertisement. The first PE device has a routing and forwarding table. The first advertisement identifies a plurality of local routes associated with the first VPN, and includes a first indication that information relating to the plurality of local routes is not to be stored in the routing and forwarding table. The second advertisement identifies the local routes, an address of the first CE device, and the first CE device as a next hop.

Abstract: Packets are encapsulated and sent from a service node to an application node for applying one or more Layer-4 to Layer-7 services to the packets, with service-applied packets being returned to the service node. An identification of a virtual private network (VPN) may be carried within a request packet, encapsulating a particular packet, sent by a service node to an application node for applying a service to the particular packet; with the corresponding response packet sent to the service node including an identification of the VPN for use by the service node node in forwarding the services-applied packet. Additionally, parameters may be included in a request packet to identify a particular service of a general service to be applied to a particular packet encapsulated in the request packet.

Abstract: The protection of multi-segment pseudowires by utilizing pre-computed backup paths is disclosed herein. Disclosed embodiments include methods that establish at least one backup path for multi-segment pseudowires, the establishing being performed prior to detection of failure in the primary path. Upon detecting a path failure, the detected failure is signaled to the head-end, a pre-computed backup path is chosen, and the chosen backup path is signaled to the tail-end. In other disclosed embodiments, apparatus are configured to establish, prior to detection of failure in the primary path, at least one backup path for the multi-segment pseudowire. Networks can be configured to signal a detected failure to the head-end; choose a pre-computed backup path; and signal the backup path to the tail-end.

Abstract: In one embodiment, a communications distribution process maintains at least two pseudowires through a network such that the pseudowires share a burden of delivering data through the network. The communications distribution process receives feedback data concerning operation of each pseudowire. The communications distribution process utilizes the feedback data to distribute communications to the common destination across each of the pseudowires. Additionally, the communications distribution process utilizes the feedback to establish at least one new pseudowire, in addition to the first pseudowire and the second pseudowire, for transmission of data traffic.

Abstract: In one embodiment, an edge device in a first routing domain is configured to communicate with a second routing domain via a data link. The edge device receives a data packet containing a destination address that is reachable via the second routing domain and an indication that the data packet is a protected packet that was previously rerouted from another edge device in the first routing domain via a Multi-Protocol Label Switching (MPLS) Fast Reroute (FRR) backup path. The edge device determines if communication with the second routing domain is still available via the data link, and if so, removes the indication that the data packet is a protected packet and forwards the data packet to the second routing domain, and, if not, drops the data packet to prevent the data packet from being rerouted a second time in the first routing domain on another MPLS FRR backup path.

Abstract: In one embodiment, a method includes receiving from a label distribution peer, a prefix/FEC to label mapping at a network device and processing the prefix/FEC to label mapping at the network device, wherein processing includes determining if a next hop interface of the prefix/FEC is in a same area as a link between the network device and the label distribution peer. The method further includes retaining the prefix/FEC to label mapping if the label distribution peer is a next hop for the prefix/FEC and if the next hop interface of the prefix/FEC is in the same area as the link between the network device and the label distribution peer, otherwise discarding the prefix/FEC to label mapping. An apparatus is also disclosed.

Abstract: In one embodiment, a loss of communication is detected between a first edge device of a computer network and a neighboring routing domain. A data packet is received at the first edge device, where the received data packet contains a destination address that is reachable via the neighboring routing domain. A determination is made whether a service label is located in a Multi-Protocol Label Switching (MPLS) label stack included in the received data packet. A service label in the MPLS label stack indicates that the received data packet was previously rerouted in accordance with fast reroute (FRR) operations. In response to a determination that the received data packet does not include a service label in the MPLS label stack, the received data packet is rerouted to a second edge device of the computer network for forwarding to the neighboring routing domain.

Abstract: In one embodiment, one or more tunnel mesh groups may be established in at least a portion of a computer network, where each tunnel mesh group corresponds to a differentiated routing profile. Traffic may then be received at the portion of the computer network, the traffic indicating a particular differentiated routing profile (e.g., based on a received label corresponding to the differentiated routing profile as advertised by the portion of the computer network). Accordingly, the traffic may be routed through the portion of the computer network along a tunnel of a particular tunnel mesh group corresponding to the particular differentiated routing profile traffic.

Abstract: Routes advertised in a network may include an Internet Protocol (IP) address and one or more values to distinguish the route from other route(s) including the same IP address. Routes in a same context (e.g., within a same Virtual Private Network or for an entire network) with a same IP address are considered to refer to a same destination. When these routes are associated with different paths through a network, these different paths can be used to forward traffic for packets associated with routes including a same IP address (in a same context), particularly in response to a network problem.