Abstract: A method for transmitting network traffic across a wide area network (WAN) from a first site to a second site is provided. The method is executed by a first edge network device at the first site that further includes a second edge network device, and the method includes: receiving the network traffic from a client device at the first site; determining, using ipath characteristics and a classification of the network traffic, that the network traffic should be transmitted by the second edge network device to the second site; forwarding in response to the determination, the network traffic to the second edge network device using a local tunnel over a local area network (LAN) of the first site such that the network traffic is transmitted to the second site by the second edge network device.

Abstract: Embodiments of the present disclosure include techniques for interlocking border gateway protocol and multi-chassis link aggregation group processes for network devices. A first process for configuring a link aggregation group with a second network device is performed. Whether an option to use a media access control (MAC) address shared with the second network device is active is determined. Upon determining that the option to use the MAC address shared with the second network device is active, a second process for configuring the first network device to transmit inter-subnet connectivity information using the shared MAC address is performed.

Abstract: A network device includes a forwarding information base (FIB). The FIB includes a first number of entries and a default entry. The network device includes a routing information base that includes a second number of entries. The network device includes a FIB entry optimizer that ranks a first portion of the second number of entries based on access information of the first number of entries; ranks a second portion of the second number of entries based on access information of the default entry; and updates at least one entry of the FIB based on the ranks of the first portion of the second number of entries and the ranks of the second portion of the second number of entries. The first number of entries is less than the second number of entries.

Abstract: A network address translation (NAT) device may receive a network packet having a network address for translation. The NAT device may determine whether a translation for the network address exists on the NAT device. The NAT device may forward the network packet to a peer NAT device based on a criterion.

Abstract: A routing policy includes policy directives and policy functions. Execution of the routing policy includes invoking a policy function at a point of application in a policy directive. Execution of the invoked policy function can include making any number of nested function calls. When an EXIT statement is encountered in a nested policy function, execution of the policy function terminates and execution of the routing policy continues immediately with the policy directive following the point of application, irrespective of how deeply nested in the invocation hierarchy the policy function is.

Abstract: First and second network devices may be configured to multihome a host. The first network device may advertise a first MAC and IP advertisement route indicative of a first link between the first network device and the host. The second network device may advertise a backup MAC and IP advertisement route indicative of a second link between the second network device and the host. Based on the backup MAC and IP advertisement route, the first network device may store a backup path for reaching the host via the second network device. After failure of the first link, the first network device may forward traffic destined for the host based on the stored backup path.

Abstract: In general, embodiments relate to a method, for managing a network, that includes determining an occurrence of an operational issue on a network device of the network, based on the determining, executing an encoding phase and a causal feature identification phase on a feature database, wherein the feature database is associated with the operational issue, identifying a plurality of potential root causes using the encoding phase and the causal feature identification phase, and performing an action based on the plurality of potential root causes.

Abstract: A method for managing a network by a network monitoring system, wherein the network comprises a plurality of network devices, the method comprising receiving, by the network monitoring system, in-band network telemetry (INT) data from a network device of the plurality of network devices, updating a latency model of the network using the INT data to obtain an updated latency model, identifying a congestion point in the network using the updated latency model and at least a portion of the INT data, validating the congestion point; and initiating a remediation action based on the validation.

Abstract: Embodiments of the present disclosure include systems and methods for providing a flexible network management system for configuring network devices. A studio definition specifying a set of configuration parameters for configuring network devices in a plurality of network devices is received. A workspace definition associated with the studio definition, the workspace definition specifying values for a subset of the set of configuration parameters is received. A set of build operations on the studio definition and the workspace definition are performed to generate a set of configuration commands for a subset of the plurality of network devices. The subset of the plurality of network devices are configured based on the set of configuration commands.

Abstract: Packet processing in a EVPN L2 MPLS deployment includes performing tag editing operations in the egress pipeline. More particularly, tag manipulation is based on the egress port. Packet processing further includes performing ESI label selection in the egress pipeline, and includes selecting the ESI label based on the ingress port where the ingress port can be a physical port or a subinterface configured on a physical port.

Abstract: A method, device, and computer readable medium for managing overheat behavior in a network device. The method includes determining that a first temperature exceeds a threshold by at least one temperature sensor disposed in a network device. The method includes logging a temperature sensor name of the at least one temperature sensor, the first temperature, and actions taken prior to determining that the first temperature exceeds the threshold. The method further includes disabling network device capabilities and enabling a subset of network device capabilities after powering cycling the network device.

Abstract: Systems and methods that allow configuration of a path at a network device using a representative user visible interface for that path are disclosed. A feature of this path may thus be configured using this representative user visible interface through a configuration interface of the network device. When a feature for the path is configured by reference to its corresponding representative user visible interface, the interfaces of that path that correspond to that feature can be determined and the configuration for that feature can be applied to interfaces of the path, even where those interfaces reside in different subdomains.

Abstract: In general, embodiments relate to a method for managing a network device. The method includes detecting a change of at least one physical port on the network device; and in response to detecting the change, disabling the at least one physical port, wherein disabling the at least one physical port prevents the at least one physical port from being allocated to any logical port on a network processor in the network device.

Abstract: An EVPN network device may advertise an EVPN IMET (type-3) route in a corresponding message to one or more peer EVPN network devices. The EVPN IMET route advertisement message may include an E-tree extended community indicating a leaf or root designation of a locally attached site at the advertising EVPN network device. The inclusion of the E-tree extended community in the EVPN IMET route advertisement message may provide desired traffic handling for implementing an EVPN E-tree service such as handling of BUM traffic.

Abstract: A method for generating an application-aware virtual topology (AAVT) routing table for a network device among network devices connected via a wide area network is provided. The method is executed by a network controller connected to the network and includes: receiving, from the network devices, path information of the network devices; generating, using the path information, an underlay graph specifying a path topology of the network device; generating, based on the path topology specified in the underlay graph, the AAVT routing table for the network device where the AAVT routing table includes a set of paths; and transmitting, in response to generating the AAVT routing table, the AAVT routing table to the network device to cause the network device to program the set of paths.

Abstract: A network device includes multiple interconnected network chips where the packet processing functionality is distributed between ingress and egress pipelines. TCP MSS clamping can be implemented in the egress pipeline. Processing in the egress pipeline can identify the presence of a TCP MSS value in the packet. The egress pipeline can compare the packet TCP MSS value with a user configured TCP MSS value. The egress pipeline can replace the packet TCP MSS value with the user configured TCP MSS value if the former is greater than the latter, and recompute a checksum. The packet with the replaced TCP MSS value and replaced checksum is then forwarded from the switch toward its eventual destination.

Abstract: Systems, methods and products for providing a centralized view of media production devices connected to a network. An example method includes identifying a set of media production devices connected to a network and compiling a list of the identified devices. Network position information is then collected for the identified devices using resources including IS-04 device registries, LLDP tables, FDB tables and ARP tables. For each of the identified devices, a corresponding connection to the network is identified and corresponding network statistics are collected for each of the identified connections of the devices to the network, where the network statistics are correlated to the identified devices. A list of the identified devices is then stored in a searchable format with the corresponding network statistics, and particular ones of the devices may be highlighted to denote conditions indicated by the corresponding network statistics.

Abstract: A method for distributing information includes: receiving, at a replicator, a single data stream originating from a data source where the single data stream includes a first plurality of data units from the data source; replicating, by the replicator, the single data stream to obtain a first replicated data stream and a second replicated data stream; adding a delay between the first plurality of data units in the single data stream before replicating the single data stream; transmitting the first replicated data stream to a first data recipient using a first communication channel; and transmitting the second replicated data stream to a second data recipient using a second communication channel. The replication of the single data stream is performed by a lower layer device to obtain the first replicated data stream and the second replicated data stream substantially synchronously.

Abstract: A method for authenticating an origin of a network device. The method includes reading one or more encrypted parameters from a memory of the network device, decoding the one or more encrypted parameters, and determining whether one or more of the decoded parameters match parameters obtained from a trusted platform module (TPM) installed in the network device and/or a read only memory (ROM) of the network device. In response to a mismatch between the decoded parameters and the parameters obtained from the TPM or the ROM, at least one of suspending operation of the device or transmitting a report of an authentication failure across a network on which the device is operating.

Abstract: A method and system for centralized network multicast state publication. Specifically, in overcoming the limitation(s) of existing monitoring and/or reporting approaches to ascertaining network multicast state, embodiments disclosed herein deliver a solution for centralized network multicast state publication. To that end, embodiments disclosed herein employ a centralized network controller configured to obtain aggregated network state, including network multicast state, through embedded logical agents interspersed across a network (e.g., on each network device). Thereafter, the network multicast state may be published through one or many notification channel(s) to any number of subscribing consumers interested in the network multicast state. Furthermore, the notification channel(s) may be implemented using an open-source, distributed, in-memory database that also features a message queuing (or messaging) system.