Abstract: A network device may receive one or more configuration scripts as part of provisioning information in a secure device provisioning operation. When executing a particular configuration script, the network device may maintain a timeout value indicative of an allocated time for completion of the execution of the configuration script. The network device may update the timeout value based on an indication in the configuration script.

Abstract: A switching system manager programmed to obtain a base lookup data structure comprising nodes that enumerate all prefixes of a first traffic management policy of a first type and all prefixes of a second traffic management policy of a second type, modify the base lookup data structure based on a first set of inheritance rules associated with the first traffic management policy to generate an updated lookup data structure comprising first traffic management policy label allocations, modify the updated lookup data structure based on a second set of inheritance rules associated with the second traffic management policy to generate a combined lookup data structure comprising the first traffic management policy label allocations and second traffic management policy label allocations, program packet classification hardware of the switching system to adapt the switching system to process packets based on the combined lookup data structure.

Abstract: A method and system for centralized network multicast state publication. Specifically, in overcoming the limitation(s) of existing monitoring and/or reporting approaches to ascertaining network multicast state, embodiments disclosed herein deliver a solution for centralized network multicast state publication. To that end, embodiments disclosed herein employ a centralized network controller configured to obtain aggregated network state, including network multicast state, through embedded logical agents interspersed across a network (e.g., on each network device). Thereafter, the network multicast state may be published through one or many notification channel(s) to any number of subscribing consumers interested in the network multicast state. Furthermore, the notification channel(s) may be implemented using an open-source, distributed, in-memory database that also features a message queuing (or messaging) system.

Abstract: A method for analyzing a pair of domain name system (DNS) packets, the method comprising: extracting a portion of a request DNS packet to obtain extracted request DNS information, wherein the extracted request DNS information comprises a first timestamp generated by the edge network device, obtaining a response DNS packet, extracting at least a portion of the response DNS packet to obtain extracted response DNS information, wherein the extracted response DNS information comprises a second timestamp generated by the edge network device, after the obtaining, processing the extracted request DNS information and extracted response DNS information to obtain processed information, wherein the processed information comprises a roundtrip time derived from the first timestamp and the second timestamp, and transmitting the processed information to a monitoring system, wherein the pair of DNS packets are not transmitted to the monitoring system.

Abstract: Systems and methods for the dynamic mapping of network element data between data models in network devices are disclosed. In particular, a marked-up native data model can be processed to create a mapping schema file based on the markup included in the native data model. This mapping schema file may define mappings between elements of the native data model and corresponding elements of an external data model. The mapping schema file can then be used to dynamically map network element data from the native data model to the external data model, such as when responding to requests for network element data associated with the mapped elements.

Abstract: Methods and apparatus for enabling detection of configuration changes in a network device. One method uses a configuration counter in a system database of the network device. In response to an atomic submission of CLI commands to a configuration agent and the storing of the corresponding configuration in a system database, the configuration counter is incremented. An OpenConfig module maintains an expected value of the configuration counter and, upon completion of its own command submissions, compares the expected value to the value in the configuration counter. If the two values do not match, it indicates that the configuration counter in the system database has been incremented as a result of a configuration change from a source other than the OpenConfig module. A configuration client can then be notified of the configuration change so that it can revert the configuration to a desired configuration.

Abstract: Techniques for operating a network device for sharing resources in a hardware forwarding table. In some embodiments, the network device may generate groups of routes having a common set of next hops; for each group of routes of the generated groups: collect resilient adjacencies associated with routes in the group; assemble pairs of the collected resilient adjacencies; and determine a number of differences between resilient adjacencies in each of the assembled pairs. The network device may further order the assembled pairs based on the number of differences, identify a pair of resilient adjacencies associated with a lowest number of differences; select a resilient adjacency of the identified pair of resilient adjacencies; program one or more routes associated with the selected resilient adjacency, to refer to the other resilient adjacency of the identified pair of resilient adjacencies; and remove an entry associated with the selected resilient adjacency from a forwarding table.

Abstract: Techniques disclosed herein provide a method and systems for installing routes by a route reflect (RR) device when the tunnel RIB of the RR device does not include any tunnel labels definitions. The unicast routing information base (RIB) of route reflector (RR) device is configured to include a next hop associated with a first network device. When the RR device receives a route from the first network device that comprises a tunnel label for reaching the second network device, the RR device resolves the next hop of the received route using the unicast RIB of the RR device. In response to the resolving, the RR device forwards the route to a third network device (e.g., identified by an export route target of the RR device).

Abstract: A switching system includes a content-addressable memory (CAM) and several processing nodes. The CAM can be selectively connected to any one or more of the processing nodes during operation of the switching system, without having to power down or otherwise reboot the switching system. The CAM is selectively connected to a processing node in that electrical paths between the CAM and the processing nodes can be established, torn down, and re-established during operation of the switching system. The switching system can include a connection matrix to selectively establish electrical paths between the CAM and the processing nodes.

Abstract: A method for servicing network traffic in a wide area network (WAN) comprising a plurality of network devices is provided. The method is executed by a network device among the plurality of network devices and comprises: receiving a request to transmit the network traffic to a destination network device where the request specifies that the network traffic is to be serviced by a network service; determining, based on the request and using a service-aware virtual topology (SAVT) routing table, a path through the WAN for reaching the network service and a service instance identifier (ID) of the network service; configuring the network traffic to include a service bit indicating whether service is to be performed and instructions specifying the path for reaching the network service; and transmitting, after configuring the network traffic, the network traffic toward the destination device through the at least one network service.

Abstract: Systems and methods for selectively generating a telemetry report to calculate a flow or bit rate are disclosed. The methods include calculating a hash value of a packet, using it as a key to query a bloom filter, and obtaining a packet count. If the packet count reaches a trigger value, a telemetry report is generated and sent, along with the ingress timestamp, hash value, and the packet count, to the collector for calculating the flow rate (or bit rate). The collector compares the packet count and ingress timestamp of the packet of the first telemetry report with a second telemetry report, both reports being generated at various trigger values, and calculates the flow rate. If a hash collision is detected, the calculations are voided and an update to the hash function is suggested.

Abstract: Devices, methods, and systems for implementing an 802.11ax communication protocol. A first wireless connection is established between a first device and a network device in association with a first service set identifier. A second wireless connection is established between a second device and a network device in association with a second service set identifier. The network device communicates with the first device over the first wireless connection according to an 802.11ax communication protocol. Full allocation of remaining resource units to the second wireless connection according to the 802.11ax communication protocol is denied based on a priority status of the second service set identifier.

Abstract: Embodiments of the present disclosure include techniques for detecting duplicate network device identifiers for routing protocols. A network device may receive a link state packet comprising a first network device identifier for use in a routing protocol. The network device may, upon determining that the link state packet satisfies a set of conditions, start a timer. The network device may, while the timer has not elapsed, maintain a count value of link state packets received that satisfy the set of conditions. The network device may, when the timer has elapsed, determine, based on the count value and a defined threshold value, that a second network device in the network is configured with a second network device identifier for use in the routing protocol that is the same as the first network device identifier.

Abstract: Systems, methods, and computer-readable media are disclosed for annotating configuration language function evaluation. One or more configuration language expressions may be received by a configuration language development environment. The one or more configuration language expressions may be parsed into one or more atomic configuration language expressions. Based on a particular route at the specified point of execution in an application, the one or more configuration language expressions may be evaluated. The annotations may be rendered to provide an explanation of an underlying control flow.

Abstract: A method and apparatus of a network element that processes a packet in the network element is described. In an exemplary embodiment, the network element receives a data packet that includes a destination address. The network element receives a packet, with a packet switch unit, wherein the packet was received by the network element on an ingress interface. The network element further determines if the packet is to be stored in an external queue. In addition, the network element identifies the external queue for the packet based on one or more characteristics of the packet. The network element additionally forwards the packet to a packet storage unit, wherein the packet storage unit includes storage for the external queue. Furthermore, the network element receives the packet from the packet storage unit and forwards the packet to an egress interface corresponding to the external queue.

Abstract: A method of operating a network device is provided. In response to an unplanned reboot, the network device can determine whether an unplanned reboot expedited recovery feature has been enabled on the network device. After determining that the unplanned reboot expedited recovery feature is enabled, the network device can identify a cause of the unplanned reboot. If the cause of the unplanned reboot is from a first set of events, a first bootup sequence can be performed. If the cause of the unplanned reboot is from a second set of events, a second bootup sequence that is expedited relative to the first bootup sequence can be performed.

Abstract: A network element and method for programming a network element that includes detecting an update to a first route in a routing information base (RIB) is disclosed. The method includes locating a first route network prefix associated with the first route within a network prefix trie (NPT); determining that, prior to the update, a first parent network prefix and the first route network prefix were reachable using a pair of different next hops connected to the network element; and determining that, after the update, the first parent network prefix and the first route network prefix are reachable using a first common next hop connected to the network element. The method also includes removing an existing forwarding information base (FIB) entry in the FIB associated with the first route network prefix.

Abstract: Protocol-Independent Multicast (PIM) uses PIM hello messages to maintain neighborship information. PIM may be implemented in an Ethernet VPN (EVPN) providing Optimized Inter-Subnet Multicast (OISM). Techniques are disclosed for improving PIM neighborship efficiency and speed in an EVPN. An Inclusive Multicast Ethernet Tag (IMET) may be used to set PIM neighborship instead of using PIM hello messages and TCP may be used to determine if the neighbor is disconnected instead of tracking PIM timers.

Abstract: A method for optimizing network device resources that includes receiving, by an optimizer, first resource utilization data, making a first determination, based on the first resource utilization data, that resource utilization exceeds an upper threshold, starting, based on the first determination, an optimization process, that includes identifying a resource optimization entry of a resource class optimization queue, and initiating optimization of a resource fragment specified by the resource optimization entry. After initiating optimization of the region of the memory, the method additionally includes receiving second resource utilization data, making a second determination, based on the second resource utilization data, that the resource utilization is below a lower threshold, and halting, based on the second determination, the optimization process.

Abstract: The present disclosure describes a network switch design that includes a vertical switch circuit board that is mounted parallel to the front panel of the network switch. The vertical circuit board supports switch chip(s) to process and forward packets and optical module connectors to receive pluggable optics modules that provide connections to other network switches. The arrangement of the circuit board, switch chip(s) and optical module connectors achieves reduced lengths for the electrical signal traces that connect the switch chip(s) to the optical module connectors. In addition, the design improves cooling by providing separate airflow regions between the switch chip heatsink(s) and the optics modules. The vertical switch card assembly and its components can be made removable from the front panel for ease of servicing.