Abstract: Techniques for operating a network device for sharing resources in a hardware forwarding table. In some embodiments, the network device may generate groups of routes having a common set of next hops; for each group of routes of the generated groups: collect resilient adjacencies associated with routes in the group; assemble pairs of the collected resilient adjacencies; and determine a number of differences between resilient adjacencies in each of the assembled pairs. The network device may further order the assembled pairs based on the number of differences, identify a pair of resilient adjacencies associated with a lowest number of differences; select a resilient adjacency of the identified pair of resilient adjacencies; program one or more routes associated with the selected resilient adjacency, to refer to the other resilient adjacency of the identified pair of resilient adjacencies; and remove an entry associated with the selected resilient adjacency from a forwarding table.

Abstract: In one embodiment, a method includes receiving, at a network management system (NMS) from a client, a message having an object reference embedding a query, the query requesting an operation to be performed on data stored in a data tree maintained by the NMS. The method provides for generating, by the NMS, a result of the query by performing the operation on the data. In this embodiment, the method further provides for sending, by the NMS to the client, the result of the query. In some embodiments, the object reference may include a pathname.

Abstract: A network device includes a routing information base including a first plurality of entries, a forwarding information base including a second plurality of entries; a forwarding information base entry optimizer that programs the second plurality of entries of the forwarding information base using, at least in part, the first plurality of entries; and a network processor that forwards packets based on the second plurality of entries of the forwarding information base. The second plurality of entries is less than the first plurality of entries.

Abstract: Embodiments of the present disclosure include optical transmitters and transceivers with improved reliability. In some embodiments, the optical transmitters are used in network devices, such as in conjunction with a network switch. In one embodiment, lasers are operated at low power to improve reliability and power consumption. The output of the laser may be modulated by a non-direct modulator and received by integrated optical components, such as a modulator and/or multiplexer. The output of the optical components may be amplified by a semiconductor optical amplifier (SOA). Various advantageous configurations of lasers, optical components, and SOAs are disclosed. In some embodiments, SOAs are configured as part of a pluggable optical communication module, for example.

Abstract: A system and method for provisionally authenticating a host moving from one router to another router in a network using border gateway protocol (BGP) is disclosed. A host is initially authenticated at a first BGP router, this discovery is advertised to a second BGP router pursuant to BGP with a new extended community indicating successful authentication (or pre-authentication) of the host at the first BGP router. An indication for re-authentication of the host at the second BGP router is then received, which blocks network traffic from the host to the second BGP router. Due to the notification of a previous authentication of the host, the second BGP router begins a provisional authentication session. In response to a successful completion of the provisional authentication session, the host is authorized to transmit network traffic on the second BGP router and subsequently blocked from doing the same at the first BGP router.

Abstract: A system that provides communication services may include two switches for redundancy. The switches may indicate that they are independent devices to upstream devices and indicate that they are the same device to a predetermined device set. If one of the switches enters an undesired state, then the switch in a standby state may modify the upstream devices to preferentially forward packets directed toward the predetermined device set to the standby switch rather than an active switch, and after transitioning the active switch to the standby state, transition the standby switch to the active state.

Abstract: A method and apparatus of a network element that processes changes to forwarding information is described. In an exemplary embodiment, the network element receives an indication of a change to a network topology of the network. The network element forwarding information includes a first plurality of prefixes and a plurality of adjacencies and each of the first plurality of prefixes references one of the plurality of adjacencies. In addition, in response to receiving the indication of the change to the network topology, the network element identifies a change to the plurality of adjacencies. Furthermore, the network element updates, in-place, the plurality of adjacencies in-place with the change to the plurality adjacencies.

Abstract: Systems and methods are provided herein for allocating the same ESI label on multihomed peers for a given ES. In some embodiments, each network device that provides multihoming to a host using an ES, advertises EVPN AD per ES routes to each other, wherein the EVPN AD per ES routes comprise an ESI label associated with the ES. Because the network devices advertise the same ESI label for the ES, a first network device generates a bitmap. The first network device uses the bitmap to include the advertised ESI label in replicated packets that the first network device forwards to the other network devices that provide multihoming to the host via the ES. The network devices that consider themselves non-DF devices will drop the packet. The network devices that consider themselves the DF device will not forward the packet to the host via the ES because of the ESI label.

Abstract: Systems and methods are provided herein for supporting Spanning Tree Protocol (STP) in networks that use Ethernet Virtual Private Network (EVPN) All-Active (A-A) multihoming. This may be accomplished by a network administrator defining a super root group comprising a plurality of network devices, wherein each network device provides A-A multihoming to a multihomed device. All network devices in the super root group use a common bridge ID when generating BPDU messages for STP. All network devices in the super root group will send BPDU messages comprising the common bridge ID to the multihomed device. Because the BPDU messages comprise a common bridge ID, the multihomed device treats the network devices in the super root group as a single local bridge, thus STP is enabled without causing STP flapping.

Abstract: In general, embodiments described herein relate to methods and systems for automating the configuration of network devices. More specifically, embodiments of the invention relate to using configuration commands that specify protocol-specified relationships in order to generate granular (or specific) filtering rules (also referred to as rules). The rules are subsequently programmed into the network device.

Abstract: Systems and methods for automatically configuring network elements for in-band telemetry are disclosed. A controller of a configuration engine, which includes a flow analyzer and an INT configuration module, receives sampled packets and flow updates from network elements that are not yet configured for INT telemetry. The controller forwards the packets to the flow analyzer that extracts flow properties from the received packets, generates a flow summary along various metrics, and records it in a multi-dimensional matrix. A few metrics from top flows are selected and forwarded to the INT configuration module to identify network elements from whom packets containing the selected metrics were received. The identified network elements are automatically configured with the selected INT configuration such that INT telemetry data can be collected from them. Changes to the flow are dynamically accommodated by reconfiguring the network elements based on the telemetry data received after they have been configured.

Abstract: A method and apparatus of a network element that processes network data using a transformed packet classification list in a network element is described. A network element receives a packet classification list and transforms a first set of the plurality of range sets corresponding to a first one of the two or more types of packet characteristics into a first set of range labels. In addition, the network element transforms a second set of the plurality of range sets corresponding to a second one of the two or more types of packet characteristics into a second set of range labels. The network element may create a set of combination labels. The network element further processes network data by performing a first lookup to derive a first combination packet label, performing a second lookup of at least the first combination packet label, and applying a rule resulting from the second lookup to the network data.

Abstract: In general, embodiments of the invention relate to routing packets between hosts or virtual machines in different layer 2 domains. More specifically, embodiments of the invention relate to using overlay routing mechanisms in an Internet Protocol (IP) fabric to enable communication between hosts or virtual machines in different layer 2 domains to communication. The overlay routing mechanisms may include direct routing, indirect routing, naked routing, or a combination thereof (e.g., hybrid routing).

Abstract: Routes in an address group are generally resolved according to a next hop resolution profile that applies across the address group. Individual next hop resolution profiles can be defined and associated with specific routes within the address group. Those specific routes are resolved according to their respective associated next hop resolution profiles, thereby bypassing the next hop resolution profile of the address group to provide control over the resolution behavior at the granularity of individual routes within the address group.

Abstract: Embodiments of the present disclosure automatically set a maximum burst size in a policer to optimize the flow of traffic in a network. In one embodiment, a method includes receiving a policer rate set by a first policy, a maximum rate corresponding to one or more communications channels, and maximum burst time for performing at data burst. A maximum burst size is determined automatically based on the received policer rate, maximum rate, and maximum burst time. A policer in a network device is configured to limit traffic received at the one or more communications channels based on the maximum burst size.

Abstract: Systems and methods for power distribution by an ethernet controller are disclosed. A first input port receives a first power carried by a first ethernet cable and sourced by a first source PoE device. A second input port receives a second power carried by a second ethernet cable and sourced by a second source PoE device. The first input port is at a first voltage lower than a minimum voltage of a specified input voltage range and the second input port is at a second voltage lower than the minimum voltage of the specified input voltage range. A controller, coupled to the first and second input ports, substantially equalizes current flowing across a first output port and a second output port, coupled to the downstream PoE devices, such that a load, caused by the downstream PoE devices, between the first output port and the second output port is shared.

Abstract: A network device includes a switching system for directing packets between ingress ports and egress ports of the network device. The network device also includes a switching system manager that makes an identification of a state change of a virtual output queue of the switching system; and performs an action set, based on the state change, to modify a latency of the virtual output queue to meet a predetermined latency in response to the identification.

Abstract: A method for optimizing network device resources that includes receiving, by an optimizer, first resource utilization data, making a first determination, based on the first resource utilization data, that resource utilization exceeds an upper threshold, starting, based on the first determination, an optimization process, that includes identifying a resource optimization entry of a resource class optimization queue, and initiating optimization of a resource fragment specified by the resource optimization entry. After initiating optimization of the region of the memory, the method additionally includes receiving second resource utilization data, making a second determination, based on the second resource utilization data, that the resource utilization is below a lower threshold, and halting, based on the second determination, the optimization process.

Abstract: Peer devices in a peer group of provider edge devices to which a customer edge device is multi-homed, advertise Selective Multicast Ethernet Tag (SMET) routes to other peer devices on a core to receive traffic addressed to a multicast group. The peer devices in the peer group advertise the SMET routes irrespective of whether they are the designated forwarder or not. A peer device receiving traffic for the multicast group will drop the packet if it is not the designated forwarder and will forward the packet if it is the designated forwarder.

Abstract: Systems and methods are provided herein for an improved method of Zero-Touch Provisioning (ZTP) where a first switch receives a virtual local area network (VLAN) identifier from a second switch, allowing the first switch to reach a dynamic host configuration protocol (DHCP) server. This may be accomplished by a first switch receiving a VLAN identifier from a second switch. The first switch then transmits a DHCP discover message using the VLAN identifier. The first switch then receives reachability information for a ZTP server from the DHCP server. The first switch uses the reachability information to establish a provisioning session between the first switch and the ZTP server.