Abstract: A method and an apparatus for detecting botnet domains is described. In one embodiment, the method includes monitoring network traffic associated with a plurality of clients in a network. Based on the monitoring, information related to a plurality of domains that are queried is stored. The method includes identifying one or more suspect clients in the network based on the stored information and determining a subset of suspect domains based on the stored information related to the domains queried by the suspect clients. The method can include determining client activity information and using the client activity information to determine a polytope region for a client. The method includes comparing each suspect domain to the polytope region and associating a domain with a group of blocked domains if the domain falls within the polytope region.

Abstract: A management server includes a configuration and management module processing server configuration information, including a VPN peer list and VLAN/subnet settings. The management server automatically calculates the VPN configuration information, including the VPN peer subnet route information identifying which of the subnets participating in the VPN are behind which of the routers and keys to establish VPN tunnels between those routers participating in the VPN. Each of the routers participating in the VPN includes a VPN tunnel with the other routers participating in the VPN, a set of data structures storing data identifying contact information for each of the subnets participating in the VPN, a combination of an IP address and port to reach one of routers that that subnet is behind, and a forwarding module to forward traffic between the subnets.

Abstract: An example method for facilitating conflict avoidant traffic routing in a network environment is provided and includes detecting, at a network element, an intent conflict at a peer network element in a network, and changing a forwarding decision at the network element to steer traffic around the conflicted peer network element. The intent conflict refers to an incompatibility between an asserted intent associated with the traffic and an implemented intent associated with the traffic. In specific embodiments, the detecting includes mounting rules from the peer network element into the network element, and analyzing the mounted rules to determine intent conflict. In some embodiments, a central controller in the network deploys one or more intentlets on a plurality of network elements in the network according to corresponding intent deployment parameters.

Abstract: One embodiment is a method and includes receiving at a termination element of a first network a bandwidth report (“BWR”), in which the BWR includes information regarding a data transmission opportunity over a second network for at least one endpoint data; scheduling a first network transmission opportunity for the at least one endpoint data using information derived from the received BWR; and receiving from a first network forwarding device the at least one endpoint data in accordance with the scheduled first network transmission opportunity.

Abstract: Embodiments of the disclosure pertain to activating in-band OAM based on a triggering event. Aspects of the embodiments are directed to receiving a first notification indicating a problem in a network; triggering a data-collection feature on one or more nodes in the network for subsequent packets that traverse the one or more nodes; evaluating a subsequent packet that includes data augmented by the data collection feature; and determining the problem in the network based on the data augmented to the subsequent packet.

Abstract: An endpoint device includes a microphone array and spaced-apart loudspeakers including an active loudspeaker among the loudspeakers that is closest to the microphone array. The endpoint device forms at the microphone array an audio receive beam having a main lobe pointed in a direction from which audio is to be received, and determines which of the loudspeakers are not in the main lobe. The endpoint device identifies at least one additional loudspeaker among the loudspeakers determined not to be in the main lobe and that is farther away from the microphone array than the active loudspeaker. The endpoint device spreads audio energy of input audio associated with, and intended for, the active loudspeaker across the active loudspeaker and the at least one additional loudspeaker, and no other ones of the loudspeakers, using a precedence effect.

Abstract: In one embodiment, segment routing (SR) network processing of packets is performed on packets having a segment identifier structure providing processing and/or memory efficiencies. Responsive to an identified particular segment routing policy, the particular router retrieves from memory a dynamic segment routing identifier portion of the particular SR policy that includes a SR node value and a SR function value. The SR function value identifies segment routing processing to be performed by a router in the network identified based on the SR node value. A segment routing discriminator is independently identified, possibly being a fixed value for all segment identifiers in the network. Before sending into the network, a complete segment identifier is added to the particular packet by combining the segment routing discriminator with the dynamic segment routing identifier portion. The particular packet including the complete segment identifier is sent into the network.

Abstract: In one embodiment, a Segment Routing network node provides efficiencies in processing and communicating Internet Protocol packets in a network. An Internet Protocol (IP) packet, possibly a Segment Routing packet, is received by a node in a network, which updates the packet according to a corresponding Segment Routing Policy, that includes an ordered list of Segment Identifiers comprising, in first-to-last order, a first Segment Identifier followed by one or more subsequent Segment Identifiers. The updating of the packet includes setting the Destination Address to the first Segment Identifier, and adding said one or more subsequent Segment Identifiers, but not the first Segment Identifier, in a first Segment Routing Header. The updated packet is sent into the network without the first Segment Identifier being added to a Segment Routing Header in response to the Segment Routing Policy.

Abstract: In one embodiment, improved operations processing of multiple-protocol packets is performed by a node connected to a network. Received is a multiple-protocol (MP) packet that has multiple protocol headers, each having an operations data field. The operations data field of a first protocol header includes first protocol ordered operations data. Operations data is cohered from the operations data field of each of multiple protocol headers into the operations data field of a second protocol header resulting in the operations data field of the second protocol header including ordered MP operations data evidencing operations data of each of the multiple network nodes in a node traversal order taken by the MP packet among multiple network nodes. The ordered MP operations data includes said first protocol ordered operations data cohered from the operations data field of the first protocol header.

Abstract: Power supply for a networking device may be provided. The networking device may comprise a first plurality of switch bars each comprising a first switch type arranged parallel to one another and a second plurality of switch bars each comprising a second switch type arranged parallel to one another. The first plurality of switch bars and the second plurality of switch bars may be arranged orthogonally. A first plurality of power supplies may be fed by a first source. A second plurality of power supplies may be fed by a second source. Respective ones of a first portion of the first plurality of power supplies feed first respective pairs of the first plurality of switch bars and respective ones of a first portion of the second plurality of power supplies feed second respective pairs of the first plurality of switch bars. The first respective pairs of the first plurality of switch bars may be different from the second respective pairs of the first plurality of switch bars.

Abstract: In one embodiment, network nodes coordinate recording of In-Situ Operations, Administration, and Maintenance (IOAM) data in packets traversing the network nodes, including a node adding IOAM data of another node to packets on behalf of the another node. After receiving a particular packet, a network node adds first IOAM data and second IOAM data to the particular packet, with the first IOAM data related to the first network node and the second IOAM data related to a second network node. The packet is then sent from the first network node. The coordinated offloading of the adding of IOAM data to packets allows a node to free up resources currently used for IOAM operations to be used for other packet processing operations, while still having IOAM data related to the node recorded in packets. The coordinated offloading may include control plane communication (e.g., via a routing or other protocol).

Abstract: In one embodiment, a service function forwarder (SFF) analyzes pre-service state and post-service state of an original packet to determine whether to initiate and perform service offload or service bypass. A service function forwarder (SFF) receives a particular packet having a service function chain (SFC) encapsulation of the original packet, the SFC encapsulation identifying a particular service function path (SFP) designating a particular service function (SF). The SFF extracts pre-service state of the original packet, typically adding it to the particular packet in an In-Situ Operations, Administration, and Maintenance (IOAM) data field (or alternatively storing locally) before sending the particular packet to the particular SF. The SFF receives the particular packet after the SF applies the particular network service.

Abstract: Networking device serviceability may be provided. A networking device may be disposed in a rack between uprights. The networking device may comprise a first plurality of switch bars each comprising a first switch type arranged parallel to one another, a second plurality of switch bars each comprising a second switch type arranged parallel to one another, and a third plurality of switch bars each comprising a third switch type arranged parallel to one another. The first plurality of switch bars, the second plurality of switch bars, and the third plurality of switch bars may be arranged orthogonally. A hinge device associated with the networking device may be configured to allow the networking device to rotate at least a predetermined angle value from a first position between the uprights to a second position where both the first plurality of switch bars and the second plurality of switch bars are clear from the uprights.

Abstract: A cooling system for a networking device may be provided. The networking device may comprise a first plurality of switch bars each comprising a first switch type arranged parallel to one another, a second plurality of switch bars each comprising a second switch type arranged parallel to one another, and a third plurality of switch bars each comprising a third switch type arranged parallel to one another. The first plurality of switch bars, the second plurality of switch bars, and the third plurality of switch bars may be arranged orthogonally. A plurality of cooling passages may be configured to supply a coolant to the apparatus and to exhaust the coolant from the apparatus. The coolant may pass through the first plurality of switch bars, the second plurality of switch bars, and the third plurality of switch bars.

Abstract: In one embodiment, an offload platform is an compute platform, adjunct to a router or other packet switching device, that performs packet processing operations including determining an egress forwarding value corresponding to the next-hop node of the packet switching device to which to send an offload-platform processed packet. The offload platform downloads forwarding information from the router, and augments it, such as, but not limited to, representing interfaces of the router as identifiable virtual interface(s) on the offload platform, and including each of one or more next-hop nodes of the router represented as an identifiable virtual adjacency and identifiable tunnel (e.g., identified by the egress forwarding value). In one embodiment, the egress forwarding value is an Multiprotocol Label Switching (MPLS) label or Segment Routing Identifier. The router identifies packets of certain packet flows to send to the adjunct offload platform, rather than processing per its routing information base.

Abstract: In one embodiment, network operations are improved by performing updating operations data in an operations data field associated with the header of a particular protocol during the processing of a different protocol. A particular multiple-protocol (MP) packet is received by a particular network node in a network. The particular MP packet includes multiple protocol headers, including a first protocol header associated with a first protocol and a second protocol header associated with a second protocol. Further, the second protocol header associated with a second operations data field. During protocol processing of the first protocol on the particular MP packet, the second operations data field updated with particular operations data. The particular MP packet is sent from the particular network node, with said sent particular MP packet including said updated second operations data field with particular operations data.

Abstract: In one embodiment, nodes use in-band operations data (e.g., carried in iOAM data field(s)) to signal departures in the processing of a packet in a network. A “departure” refers to a divergence or deviation, as from an established rule, plan, or procedure. Departures include, but are not limited to, sending a packet over a backup path (thus, a departure/deviation from sending over a primary path); offload processing of a packet (thus, a departure/deviation from processing of a packet by an application processing apparatus); and exception or punting/slow/software path processing of a packet (thus, a departure/deviation from normal or fast/hardware path processing of a packet). In one embodiment, a proof of transit validation apparatus uses departure information to select among multiple possible verification secrets, with the selected verification secret used in validation processing with a cumulative secret value obtained from the packet.

Abstract: A networking device with orthogonal switch bars may be provided. The networking device may comprise a first plurality of switch bars comprising leaf switches arranged parallel to one another. In addition, the networking device may comprise a second plurality of switch bars comprising top of pod switches arranged parallel to one another. Furthermore, the networking device may comprise a third plurality of switch bars comprising top of fabric switches arranged parallel to one another. The first plurality of switch bars, the second plurality of switch bars, and the third plurality of switch bars may be arranged mutually orthogonally. The first plurality of switch bars may be adjacent to and connected to the second plurality of switch bars and the second plurality of switch bars may be adjacent to and connected to the third plurality of switch bars.

Abstract: Connectors for a networking device may be provided. A networking device may comprise a first plurality of switch bars each comprising a first switch type arranged parallel to one another, a second plurality of switch bars each comprising a second switch type arranged parallel to one another, and a third plurality of switch bars each comprising a third switch type arranged parallel to one another. The first plurality of switch bars, the second plurality of switch bars, and the third plurality of switch bars may be arranged orthogonally. A first one of the first plurality of switch bars may be connected to a first one of the second plurality of switch bars via a retractable mechanical connector mechanism.

Abstract: In one aspect, a system for performing graph searches in an SQL style query for monitored data includes a processor; a memory; and one or more modules stored in the memory and executable by a processor to perform operations including: receive, by a controller in communication with agents installed at machines connected over a network, monitored data regarding applications running over the machines; identify performance issues from the received monitored data; provide an interactive user interface to enable creation of a query for the monitored data and the identified performance issues; receive input associated with a new query including a SELECT clause, a FROM clause, and a WHEREIN clause; create the new query based on the received input; convert at least a portion of the new query to contain a graph traversal path entirely within the FROM clause; execute the new query; and return a result.