Abstract: In an example, a computer-readable medium may store executable instructions. The executable instructions may be to detect an inoperative network device in a communication network managed by a controller, determine a network switching function assigned to the inoperative network device, and provide the network switching function through the controller itself instead of the inoperative network device.

Abstract: Example implementations relate to reducing control plane overload of a network device. In an example, a non-transitory computer-readable storage medium may store instructions that, when executed by a processor of an SDN controller, cause the SDN controller to track packet-in messages received from a controlled switch and, if a rate of packet-in messages received from the controlled switch exceeds a threshold, send a flow rule to the controlled switch to divert a subset of unmatched flows to a non-SDN forwarding pipeline of the controlled switch.

Abstract: Example implementations relate to network policy distribution. For example, a system for network policy distribution can include a state engine to determine a change in a state of a network, a policy engine to determine a number of policy changes based on the change in the state of the network, an identification engine to identify a number of network endpoints that correspond to the number of policy changes, and a distribution engine to load instructions based on the number of policy changes to the number of endpoints that correspond to the number of policy changes.

Abstract: Example implementations relate to reducing control plane overload of a network device. In an example, a non-transitory computer-readable storage medium may store instructions that, when executed by a processor of an SDN controller, cause the SDN controller to track packet-in messages received from a controlled switch and, if a rate of packet-in messages received from the controlled switch exceeds a threshold, send a flow rule to the controlled switch to divert a subset of unmatched flows to a non-SDN forwarding pipeline of the controlled switch.

Abstract: Example embodiments disclosed herein relate to determining whether a device exhibits anomalous behavior based on a set of rules, address usage information, and address range information. Address usage information for a device communicating on a data plane of a network implemented using switches is received via a control plane. Address range information for the network is maintained. Whether the device exhibits anomalous behavior is determined based on the set of rules, address usage information, and address range information.

Abstract: Example implementations relate to generating a packet processing pipeline definition. According to an example, an SDN controller includes a flow class module to receive flow class registrations specifying flow classes. The flow classes specify characteristics of expected network flows. The controller also includes a pipeline generating module to generate a packet processing pipeline definition to accommodate the expected network flows, the packet processing pipeline definition including table definitions for the flow classes. The SDN controller further includes a communication interface to send the packet processing pipeline definition to a switch.

Abstract: Example embodiments disclosed herein relate to monitoring Dynamic Device Configuration Protocol offers via a control plane. In one example, an address range or multiple address ranges for sources of the Dynamic Device Configuration Protocol offers can be tracked. In this example, an anomaly can be determined based on one of the Dynamic Device Configuration Protocol offers and the address range(s).

Abstract: Example implementations relate to construction of a network service chain. For example, a system for construction of a network service chain can include a detection engine to detect a portion of a first network policy directing a subset of packets to a first service and a portion of a second network policy directing the subset of packets to a second service, and a construction engine to construct a network service chain of the first service and the second service in an order determined from a priority assigned to the first network policy and a priority assigned to the second network policy.

Abstract: Example implementations relate to network policy conflict detection and resolution. For example, a system for network policy conflict detection and resolution can include a policy compilation engine to compile a plurality of network policies based on an intent format, a conflict detection engine to detect a conflict between a first network policy among the plurality of network policies and a second network policy among the plurality of network policies, using the intent format, and a conflict resolution engine to resolve the detected conflict between the first network policy and the second network policy. Further, the system for network policy conflict detection and resolution can include a translation engine to translate the resolution of the detected conflict to a protocol-specific format.

Abstract: Example implementations relate to compiling network policies. In an example, a method includes dividing a plurality of network policies into an exclusive policy group and a non-exclusive policy group, compiling the policies in the exclusive policy group into a first plurality of orthogonal policies, compiling the policies in the non-exclusive policy group into at least a second plurality of orthogonal policies, where the compiling of each policy group occurs separately.

Abstract: In an example, a computer-readable medium may store executable instructions. The executable instructions may be to detect an inoperative network device in a communication network managed by a controller, determine a network switching function assigned to the inoperative network device, and provide the network switching function through the controller itself instead of the inoperative network device.

Abstract: Systems, methods, and storage mediums for determining a network cloud containing an uncontrolled network device based on link data of controlled network devices. The link data of controlled network devices can indicate which controlled network devices are linked together, whether the links between controlled network devices are mufti-hop inks, and whether the links between controlled network devices are bi-directional.

Abstract: Examples of injecting a probe transmission to determine a network address conflict are disclosed. In one example implementation according to aspects of the present disclosure, a computer implemented method may include identifying a conflict in network address information transmitted by an end host within a network by monitoring network address requests within the network. The computer implemented method may then inject a probe transmission to the end host via a controlled network device responsive to identifying the conflict in the network address information transmitted by the end host. Once the probe transmission is injected, the computer implemented method may determine the nature of the conflict in the network address information based on a result of the probe transmission.

Abstract: A controller detects that an agent of a first node managed by the controller is unavailable, the agent providing a service accessible by a tenant of a cloud infrastructure that includes the controller and a plurality of nodes managed by the controller. In response to the detecting, the controller reschedules the service on a second node managed by the controller to continue to provide availability of the service to the tenant. As part of the rescheduling, cooperate, by the controller, with the first node to avoid duplication of the service on multiple nodes including the first and second nodes.

Abstract: A controller, which manages nodes that provide virtual entities, receives information from a first of the nodes, where the received information relates to a characteristic of a virtual entity provided by the first node. The controller determines that the received information is inconsistent with information, maintained by the controller, relating to the characteristic of the virtual entity provided by the first node. In response to the determining, the controller reconciles an inconsistency between the received information and the information maintained by the controller.

Abstract: In an example implementation according to aspects of the present disclosure, a method may include identifying, by a computing system, an infrastructure device and an end-host device within a network. The method may further include disseminating, by the computing system, network traffic rules to the infrastructure device, the network traffic rules to route network traffic between end-host devices through the infrastructure device. Further, the network traffic transmitted from a first end-host device to a second end-host device is passed through the infrastructure device to the second end-host device in accordance with the network traffic rules, and network traffic transmitted from the first end-host device to the infrastructure device is blocked by the infrastructure device in accordance with the network traffic rules.

Abstract: Embodiments of the invention provide a network device for implementing configuration synchronization, including a port configured to a receive a configuration file, a memory, and a processing engine configured such that if a configuration file is received on the port, the processing engine determines a neighbor device of the network device and forwards the configuration file to the neighbor device, and wherein if a configuration file is received on the port and the network device is a member of a predetermined peer group, the configuration file is loaded into the memory.

Abstract: An example method of adjusting network device architecture can include sending a network decision from a controller to at least one network device that communicates units of data through a network infrastructure, the network decision based on information received from a number of network devices on the network infrastructure. The method can include adjusting the network device architecture for the at least one network device based on the network decision sent by the controller.

Abstract: A method of configuring a network managed device in a network is described herein. A fallback configuration is determined. The fallback configuration is identified as a configuration that enables the network managed device to be manageable. A working configuration is determined. The working configuration is described by a working set of configuration data that has been updated based on a management command. A commit command is received. The working configuration is saved as a running configuration and verification of the running configuration is initiated. It is determined whether the verification of the running configuration is successful. Where it is not successful, the running configuration is saved as a failed configuration and the running configuration is replaced with the fallback configuration.

Abstract: A network device includes a security binding table. The network device is configured to couple to a network and configured to receive security information from a source device. A processor is included to compare the lookup portion of the received security information from the source device to the lookup portion of each entry of the security binding table and to compare the match portion of the received security information from the source device to the match portion of each entry of the security binding table to determine if there is a match, and to update the security binding table by adding an entry comprising the lookup portion and the match portion of the received security information from the source device when neither the lookup portion nor the match portion of the received security information from the source device matches any entry of the security binding table.