Abstract: In one embodiment, an apparatus includes one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors. The one or more computer-readable non-transitory storage media include instructions that, when executed by the one or more processors, cause the apparatus to perform operations including determining a path through a plurality of provider nodes within a provider network and determining that the path through the plurality of provider nodes within the provider network is secure. The operations also include receiving, from a customer node, a Resource Reservation Protocol (RSVP) path message comprising an attribute for a security request. The operations further include routing the RSVP path message along the path of the plurality of provider nodes.

Abstract: In one embodiment, a method includes determining a secure path through a first plurality of network nodes within a network and determining an alternate secure path through a second plurality of network nodes within the network. The method also includes routing network traffic through the first plurality of network nodes of the secure path and detecting a failure in the secure path using single-hop BFD authentication. The method further includes rerouting the network traffic through the second plurality of network nodes of the alternate secure path.

Abstract: In one embodiment, a method includes determining a secure path through a first plurality of network nodes within a network and determining an alternate secure path through a second plurality of network nodes within the network. The method also includes routing network traffic through the first plurality of network nodes of the secure path and detecting a failure in the secure path using single-hop BFD authentication. The method further includes rerouting the network traffic through the second plurality of network nodes of the alternate secure path.

Abstract: A method includes determining whether the first version is an alias with respect to the second version, the alias being defined as an equivalent version of the YANG module. Based at least in part on a determination that the first version is the alias with respect to the second version, a version alias extension is inserted into a revision label of the first and/or second version. Based on a determination that the second version is backwards compatible with respect to the first version, a version backwards compatible extension is inserted into the revision label of the second version. Based at least in part on a determination that the second version is not backwards compatible with respect to the first version, a version non-backwards compatible extension is inserted into the revision label of the second version.

Abstract: Techniques for improved routing based on network traffic are provided. Telemetry data relating to a first network node of a plurality of network nodes in a locator ID separation protocol (LISP) fabric is received. A first portion of the telemetry data that relates to a first destination of a plurality of destinations is identified. Further, a first routing weight associated with a first interface of the first network node is revised based on the first portion of the telemetry data, where the first interface is associated with the first destination. The revised first routing weight is published to a second plurality of network nodes in the LISP fabric, wherein the second plurality of network nodes route packets to the first network node based in part on the revised first routing weight.

Abstract: A method includes determining whether the first version is an alias with respect to the second version, the alias being defined as an equivalent version of the YANG module. Based at least in part on a determination that the first version is the alias with respect to the second version, a version alias extension is inserted into a revision label of the first and/or second version. Based on a determination that the second version is backwards compatible with respect to the first version, a version backwards compatible extension is inserted into the revision label of the second version. Based at least in part on a determination that the second version is not backwards compatible with respect to the first version, a version non-backwards compatible extension is inserted into the revision label of the second version.

Abstract: In one example, a responder obtains an Operations, Administration, and Management/Maintenance (OAM) probe packet from a network entity operating as an initiator in a network, provides, to the initiator, a first response to the OAM probe packet over a first network path in the network, and further provides, to the initiator, a second response to the OAM probe packet over a second network path in the network that is different from the first network path. In another example, an initiator provides an OAM probe packet to a network entity operating as responder in a network, obtains, from the responder, a first response to the OAM probe packet over a first network path in the network, and further obtains, from the responder, a second response to the OAM probe packet over a second network path in the network that is different from the first network path.

Abstract: Techniques and mechanisms to enable a Bidirectional Forwarding Detection (BFD) Echo function to be used for IP multi-hop paths using IP encapsulation. A source device may encapsulate one or more BFD Echo packets as payloads in IP packets. The resulting IP packets may then be sent from a source device to a destination device over a multi-hop path such that one or more intermediary devices forward the IP packets onto the destination device. Upon receiving the IP packets, the destination device may echo back the one or more BFD Echo packets in the forwarding plane to indicate connectivity of the forwarding path between the devices. However, if the BFD Echo packets are not echoed back to the source device, the source device may determine that the multi-hop path has experienced a fault, and that traffic is to be rerouted through other paths.

Abstract: In one example, a responder obtains an Operations, Administration, and Management/Maintenance (OAM) probe packet from a network entity operating as an initiator in a network, provides, to the initiator, a first response to the OAM probe packet over a first network path in the network, and further provides, to the initiator, a second response to the OAM probe packet over a second network path in the network that is different from the first network path. In another example, an initiator provides an OAM probe packet to a network entity operating as responder in a network, obtains, from the responder, a first response to the OAM probe packet over a first network path in the network, and further obtains, from the responder, a second response to the OAM probe packet over a second network path in the network that is different from the first network path.

Abstract: A method and a router device for managing memory for network overlay routes with fallback route support prioritization may be provided. A network overlay route as a candidate network overlay route may be obtained at a router for storage in a memory. The memory may store a plurality of network overlay routes for forwarding user plane traffic in a network. An assessment for storage of the candidate network overlay route based on a priority level indicator of the candidate network overlay route may be performed. The priority level indicator may be indicative of a fallback route support level of the candidate network overlay route in the router. Based on the assessment, at least one of the following may be performed: adding the candidate network overlay route to the memory and refraining from adding the candidate network overlay route to the memory.

Abstract: In one embodiment, in-band operations data (e.g., In-situ Operations, Administration, Maintenance and/or other operations data) is added to Seamless Bidirectional Forwarding (S-BFD) packets. In one embodiment, a S-BFD packet received by a node includes a BFD discriminator and operations data. Reactive processing is identified based on the BFD discriminator. The S-BFD packet and the operations data (e.g., in an operations data field in a header of the received S-BFD packet, in an IOAM Type-Length-Value (TLV), etc.) is processed according to the identified reactive function. Examples of these reactive actions include, but are not limited to, determining a result based on processing of said particular operations data by the local node or a remote analytics server, and sending a response packet including unprocessed and/or a result of the processed operations data (e.g., performance, loss, jitter, an indication of compliance with a service level agreement, and/or another data measurement or result).

Abstract: Techniques and mechanisms to enable a Bidirectional Forwarding Detection (BFD) Echo function to be used for IP multi-hop paths using IP encapsulation. A source device may encapsulate one or more BFD Echo packets as payloads in IP packets. The resulting IP packets may then be sent from a source device to a destination device over a multi-hop path such that one or more intermediary devices forward the IP packets onto the destination device. Upon receiving the IP packets, the destination device may echo back the one or more BFD Echo packets in the forwarding plane to indicate connectivity of the forwarding path between the devices. However, if the BFD Echo packets are not echoed back to the source device, the source device may determine that the multi-hop path has experienced a fault, and that traffic is to be rerouted through other paths.

Abstract: A first map request message is sent from a source network device to a mapping network device to determine a destination network device associated with a destination endpoint device and a security association between the source network device and the destination network device. A first response message is received at the source network device that includes data indicating a mapping between the destination network device and the destination endpoint device and data indicating a security association between the source network device and the destination network device. The data is stored at the source network device. A second map request message is sent from the source network device to the mapping network device to update the data indicative of the mapping or the security association. A second response message is received at the source network device from the mapping network device.

Abstract: In one embodiment, in-band operations data (e.g., In-situ Operations, Administration, Maintenance and/or other operations data) is added to Seamless Bidirectional Forwarding (S-BFD) packets. In one embodiment, a S-BFD packet received by a node includes a BFD discriminator and operations data. Reactive processing is identified based on the BFD discriminator. The S-BFD packet and the operations data (e.g., in an operations data field in a header of the received S-BFD packet, in an IOAM Type-Length-Value (TLV), etc.) is processed according to the identified reactive function. Examples of these reactive actions include, but are not limited to, determining a result based on processing of said particular operations data by the local node or a remote analytics server, and sending a response packet including unprocessed and/or a result of the processed operations data (e.g., performance, loss, jitter, an indication of compliance with a service level agreement, and/or another data measurement or result).

Abstract: In one embodiment, an apparatus includes one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors. The one or more computer-readable non-transitory storage media include instructions that, when executed by the one or more processors, cause the apparatus to perform operations including determining a path through a plurality of provider nodes within a provider network and determining that the path through the plurality of provider nodes within the provider network is secure. The operations also include receiving, from a customer node, a Resource Reservation Protocol (RSVP) path message comprising an attribute for a security request. The operations further include routing the RSVP path message along the path of the plurality of provider nodes.

Abstract: In one embodiment, a method includes determining a secure path through a first plurality of network nodes within a network and determining an alternate secure path through a second plurality of network nodes within the network. The method also includes routing network traffic through the first plurality of network nodes of the secure path and detecting a failure in the secure path using single-hop BFD authentication. The method further includes rerouting the network traffic through the second plurality of network nodes of the alternate secure path.

Abstract: Techniques for improved routing based on network traffic are provided. Telemetry data relating to a first network node of a plurality of network nodes in a locator ID separation protocol (LISP) fabric is received. A first portion of the telemetry data that relates to a first destination of a plurality of destinations is identified. Further, a first routing weight associated with a first interface of the first network node is revised based on the first portion of the telemetry data, where the first interface is associated with the first destination. The revised first routing weight is published to a second plurality of network nodes in the LISP fabric, wherein the second plurality of network nodes route packets to the first network node based in part on the revised first routing weight.

Abstract: A reactive mechanism for in-situ operation, administration, and maintenance (IOAM) traffic is provided. In one embodiment, a method is provided that includes assigning a plurality of discriminator identifiers associated with a plurality of discriminators. Each discriminator is mapped to a specified action. The method includes receiving a data packet that includes an IOAM header comprising telemetry data associated with the data packet and a bidirectional forwarding detection (BFD) field that includes a specified discriminator identifier.

Abstract: A first map request message is sent from a source network device to a mapping network device to determine a destination network device associated with a destination endpoint device and a security association between the source network device and the destination network device. A first response message is received at the source network device that includes data indicating a mapping between the destination network device and the destination endpoint device and data indicating a security association between the source network device and the destination network device. The data is stored at the source network device. A second map request message is sent from the source network device to the mapping network device to update the data indicative of the mapping or the security association. A second response message is received at the source network device from the mapping network device.

Abstract: A method and a router device for managing memory for network overlay routes with fallback route support prioritization may be provided. A network overlay route as a candidate network overlay route may be obtained at a router for storage in a memory. The memory may store a plurality of network overlay routes for forwarding user plane traffic in a network. An assessment for storage of the candidate network overlay route based on a priority level indicator of the candidate network overlay route may be performed. The priority level indicator may be indicative of a fallback route support level of the candidate network overlay route in the router. Based on the assessment, at least one of the following may be performed: adding the candidate network overlay route to the memory and refraining from adding the candidate network overlay route to the memory.