Abstract: In general, techniques are described for dynamically controlling host-bound traffic by dynamically adding and updating, within the forwarding plane of a network device, network packet policers that each constrains, for one or more packet flows, an amount of host-bound traffic of the packet flows permitted to reach the control plane in accordance with available resources. In one example, a control plane of the network device detects internal congestion in the communication path from the forwarding plane to control plane (the “host-bound path”), identifies packet flows utilizing an excessive amount of host-bound path resources, computes limits for the identified packet flows, and adds “penalty-box policers” configured with the computed limits for the identified packet flows to the forwarding plane. The forwarding plane subsequently applies the policers to the identified packet flows to constrain the amount of traffic of the packet flows allowed to reach the control plane to the computed limits.

Abstract: This application describes techniques for replicating data at a primary routing engine of a network device before processing the data at a transport layer of the primary routing engine, wherein the data is to be sent to a routing peer via a routing communication session, and sending the replicated data to a secondary routing engine of the network device to be processed at a transport layer of the secondary routing engine. The secondary routing engine, in response to detecting that a socket buffer for buffering the replicated data has reached a predefined high occupancy threshold, outputs a notification to the primary routing engine. In response to receiving the notification, an application-layer routing process of the primary routing engine refrains from sending at least some of a plurality of routing updates to the routing peer, and continues to send keepalive messages for the routing communication session to the routing peer.

Abstract: In general, techniques are described for dynamically controlling host-bound traffic by dynamically adding and updating, within the forwarding plane of a network device, network packet policers that each constrains, for one or more packet flows, an amount of host-bound traffic of the packet flows permitted to reach the control plane in accordance with available resources. In one example, a control plane of the network device detects internal congestion in the communication path from the forwarding plane to control plane (the “host-bound path”), identifies packet flows utilizing an excessive amount of host-bound path resources, computes limits for the identified packet flows, and adds “penalty-box policers” configured with the computed limits for the identified packet flows to the forwarding plane. The forwarding plane subsequently applies the policers to the identified packet flows to constrain the amount of traffic of the packet flows allowed to reach the control plane to the computed limits.

Abstract: In general, techniques are described for selectively invoking graceful restart procedures when a route reflector member of a redundant route cluster fails. In one example, a method is provided that includes determining, by a provider edge router that supports graceful restart procedures, that a first router forms a redundant group with at least a second router. The method also includes detecting a failure of the first router and determining that at least the second router in the redundant group is operating approximately while the first router is failed. The method further includes overriding graceful restart procedures with respect to the failed first router when at least the second router is operating. The method also includes forwarding one or more data packets according to route information provided via the second router.

Abstract: In general, techniques are described for selectively invoking graceful restart procedures when a route reflector member of a redundant route cluster fails. In one example, a method is provided that includes determining, by a provider edge router that supports graceful restart procedures, that a first router forms a redundant group with at least a second router. The method also includes detecting a failure of the first router and determining that at least the second router in the redundant group is operating approximately while the first router is failed. The method further includes overriding graceful restart procedures with respect to the failed first router when at least the second router is operating. The method also includes forwarding one or more data packets according to route information provided via the second router.

Abstract: In one embodiment, a router generates a notification message that indicates the router is to be gracefully removed from service. The router sends the notification message to peers of the router in a network. The router then continues to forward packets for a grace period after sending the notification message, to permit backup paths to be propagated to peers, and to be put into service, prior to withdrawal from service of paths through the router. Thereafter, the router is removed from service at the expiration of the grace period.

Abstract: Advertised routes are associated with a particular tag in a routing database in a second router. A first router subsequently sends one or more messages associated with a route withdraw operation that specifies the particular tag, such that second router can identify, based on the particular tag, a set including multiple routes, and remove those multiple routes from its routing database. For example, the tag may be a Border Gateway Protocol attribute, a Border Gateway Protocol communities attribute, or some other indication, numeric quantity, or opaque value.

Abstract: This disclosure describes techniques for protecting an endpoint of a label switched path. In one embodiment, a system includes an ingress router, a primary egress router, backup router, and a point of local repair (PLR) router. The ingress router, the PLR router, and the first egress router form a first label switched path. The backup router provides protection for the primary egress router such that the backup router provides routing services for the first egress router when the first egress router is not available. The primary egress router and the backup router share an anycast IP address. The backup router advertises a route to reach the primary egress router, but upon receiving a packet intended for the primary egress router, the backup router identifies the destination of the packet and forwards the packet to the destination instead of the primary egress router along a different route.

Abstract: In general, techniques are described to dynamically redefine a preference value used during route resolution. A network device, such as a router, may implement the techniques to improve a usability aspect of the router. The router may comprise an interface card that receives messages describing one or more of a plurality of routes. The router may also include a control unit that stores data defining a policy. The policy may comprise rules by which the router determines the preference value for one of the plurality of routes. The policy dynamically redefines the preference value as two or more bit fields rather than viewing the preference value as an integer value. The control unit further sets each of the two or more bit fields of the local preference value in accordance with the policy and associates the at least one of the routes with the determined local preference value.

Abstract: In one embodiment, an edge device in a first routing domain is configured to communicate with a second routing domain via a data link. The edge device receives a data packet containing a destination address that is reachable via the second routing domain and an indication that the data packet is a protected packet that was previously rerouted from another edge device in the first routing domain via a Multi-Protocol Label Switching (MPLS) Fast Reroute (FRR) backup path. The edge device determines if communication with the second routing domain is still available via the data link, and if so, removes the indication that the data packet is a protected packet and forwards the data packet to the second routing domain, and, if not, drops the data packet to prevent the data packet from being rerouted a second time in the first routing domain on another MPLS FRR backup path.

Abstract: Advertised routes are associated with a particular tag in a routing database in a second router. A first router subsequently sends one or more messages associated with a route withdraw operation that specifies the particular tag, such that second router can identify, based on the particular tag, a set including multiple routes, and remove those multiple routes from its routing database. For example, the tag may be a Border Gateway Protocol attribute, a Border Gateway Protocol communities attribute, or some other indication, numeric quantity, or opaque value.

Abstract: In one embodiment, an edge device communicates with a neighboring routing domain. A failure that prevents communication between the edge device and the neighboring routing is detected. When the edge device thereafter receives a data packet that is directed to the neighboring routing domain, it determines if the received data packet was rerouted to the edge device from another edge device coupled to the neighboring routing domain. If the received data packet was not rerouted to the edge device from another edge device coupled to the neighboring routing domain, the edge device reroutes the received data packet to another edge device for forwarding to the neighboring routing domain. However, if the received data packet was rerouted to the edge device from another edge device coupled to the neighboring routing domain, the edge device prevents the received data packet from being rerouted a second time to prevent loops.

Abstract: A method of constructing a backup path in an autonomous system (AS) for failure of an inter-AS link is described. The method comprises identifying an alternate inter-AS path and constructing a tunnel to an end point on the alternate path.

Abstract: Disclosed are, inter alia, methods, apparatus, data structures, computer-readable medium, mechanisms, and means for withdrawing routes based on a tag. One implementation receives one or more messages identifying multiple routes and a tag associated with the multiple routes. A routing database is updated to include the routes. A particular message associated with a route withdraw operation is received, with the particular message including an indication of the tag. The multiple routes are removed from the routing database in response to receiving the tag. For example, the tag may be a Border Gateway Protocol attribute, a Border Gateway Protocol communities attribute, or some other indication. When some devices do not support this feature, before other nodes will typically send to a particular device a message to withdraw multiple routes based on a tag, the particular device must first advertise that it has this capability and/or it will withdraw multiple routes based on a tag.

Abstract: A method of managing forwarding of data in a first autonomous system (AS) is described. The first AS includes a plurality of border routers having inter-domain links to one or more remote AS's and an associated exterior communications protocol. The border routers use an interior communications protocol with other border routers in the first AS using primary tunnels. The method comprises the steps, performed at a first border router having a primary route via an inter-domain link to a remote AS, of constructing an alternate route to the remote AS via second border router in the first AS, instigating a backup tunnel to the second border router upon failure of the primary route and sending a failure message to the other border routers.

Abstract: A method of implementing a backup path in an autonomous system (AS) for failure of an inter-AS link is described. The method comprises forwarding data elements destined for the failed link via a backup path and including a loop prevention attribute in the packet.

Abstract: In general, techniques are described to dynamically redefine a preference value used during route resolution. A network device, such as a router, may implement the techniques to improve a usability aspect of the router. The router may comprise an interface card that receives messages describing one or more of a plurality of routes. The router may also include a control unit that stores data defining a policy. The policy may comprise rules by which the router determines the preference value for one of the plurality of routes. The policy dynamically redefines the preference value as two or more bit fields rather than viewing the preference value as an integer value. The control unit further sets each of the two or more bit fields of the local preference value in accordance with the policy and associates the at least one of the routes with the determined local preference value.

Abstract: A technique is provided for graceful restart of a Border Gateway Protocol (BGP) router that uses a local store on the restarting router that stores prefixes on all routes or the “group best path” information on all BGP peers having a common Autonomous System (AS) number. This local store is used to run best path computations on the restarting router, rather than first awaiting receipt of route information from peers to speed the restart process. Updates are then transmitted to peers using the best path data and an end-of-Routing Information Base (RIB) message it transmitted by the restarting router to indicate that all information has now been sent by the restarting router. Thereafter the restarting router processes incoming updates from peers as received (or these peers routes are timed-out), remaining stale paths are deleted and any changed best paths, based upon the newly received updates, are then transmitted to peers.

Abstract: A method and system for protecting valuable resources within an autonomous system network. Address prefixes within the system are designated as valuable and a flag bit is associated with the address within routing tables of routers of the network. Interfaces to border routers are identified and when packets are received at those interfaces, the packets are flagged with a flag or tag bit. The destination address of the received packet is compared to the flag bit associated with the valuable resource prefix, and if the packet is directed to that resource the packet is dropped and/or logged, but the packet is not forwarded to that resource. In specific cases an interface from an external source may be configured to not create the flag or tag bit, wherein that packet will be delivered to the destination prefix of the packet.

Abstract: A soft notification technique isolates address family application based errors or events occurring within a routing protocol, such as the Border Gateway Protocol (BGP), used to exchange routing information between a router and its peer router over a BGP session operating on a reliable transport. The technique apportions the session into a plurality of logical subsets, each of which is associated with an address family application (AFI/SAFI) module of a BGP protocol executing on the routers. BGP soft notification messaging is employed to allow the router to notify its peer of an isolated error condition or event associated with an AFI/SAFI module. Isolation of the error/event enables restart (“soft reset”) of only the associated AFI/SAFI module, thereby obviating the need to reset or terminate the entire BGP session and reliable transport between the router and peer. Notably, soft reset of the module occurs without disrupting services provided by other AFI/SAFI modules of the BGP protocol.