Abstract: A device may receive a request to access a resource. The resource may be associated with resource information. The device may obtain rating information based on receiving the request. The rating information may identify a rating associated with the resource. The device may apply an access rule based on the rating information. The access rule may identify an access indicator to generate based on the rating information. The access indicator may indicate an action to perform related to the resource. The device may generate the access indicator based on applying the access rule to the rating information. The device may store, locally in one or more memories, information that indicates an association between the access indicator and the resource information.

Abstract: In some examples, a computing device includes one or more processors configured to execute a plurality of virtual machines; and a network interface card (NIC) coupled to the one or more processors and configured to receive configuration data defining a plurality of receipt queues of the NIC and associated with respective virtual machines of the plurality of virtual machines. The NIC is further configured to assign, based on respective virtual machine identifiers of packets received by the NIC, the packets to the plurality of receipt queues associated with the respective virtual machines.

Abstract: Techniques are described for utilizing Protocol Independent Multicast Sparse Mode (PIM-SM) to transport BUM (broadcast, unknown unicast, and multicast) traffic in a Virtual Extensible LAN (VXLAN) underlay of a data center, where the BUM traffic is received on active-active, multi-homed Ethernet virtual private network (EVPN) interconnects between multiple physical data centers. For example, the techniques may readily be applied to support usage of PIM-SM where provider edge (PE) routers of the EVPN operate as gateways between the EVPN and the VXLAN spanning the data center interconnect.

Abstract: An electronic device includes an instrument panel that includes a display opening, where the instrument panel is located in a first plane; a circuit board located inside the electronic device, where the circuit board includes a display device that includes a display area, and where the display area is located in a second plane that is different from the first plane; and a waveguide that couples the display area to the display opening and guides light, and/or an image displayed in the display area, from the display area to the display opening.

Abstract: A circuit may receive an interrupt associated with a device. The interrupt may be sent by the device via an interrupt line associated with the device. The circuit may send the interrupt associated with the device. The interrupt may be sent via an interrupt line associated with the circuit. The circuit may start a missing interrupt timer, associated with the interrupt, based on sending the interrupt. The missing interrupt timer may be associated with a threshold amount of time by which the interrupt is to be serviced. The circuit may identify, based on the missing interrupt timer, the interrupt as a missing interrupt. The circuit may resend the missing interrupt via the interrupt line associated with the circuit. The missing interrupt may be resent to cause the missing interrupt to be serviced.

Abstract: In general, techniques are described for enhancing operations of virtual networks. In some examples, a network system includes a plurality of servers interconnected by a switch fabric comprising a plurality of switches interconnected to form a physical network. Each of the servers comprises an operating environment executing one or more virtual machines in communication via one or more virtual networks. The servers comprise a set of virtual routers configured to extend the virtual networks to the operating environments of the virtual machines. A virtual router of the set of virtual routers is configured to aggregate a plurality of inbound tunnel packets according to a same virtual network identifier in order to generate an aggregate tunnel packet. The virtual router is further configured to route the aggregate tunnel packet to a host associated with a virtual network identified by the same virtual network identifier.

Abstract: In some embodiments, an apparatus comprises a processing module, disposed within a first switch fabric element, configured to detect a second switch fabric element having a routing module when the second switch fabric element is operatively coupled to the first switch fabric element. The processing module is configured to define a virtual processing module configured to be operatively coupled to the second switch fabric element. The virtual processing module is configured to receive a request from the second switch fabric element for forwarding information and the virtual processing module is configured to send the forwarding information to the routing module.

Abstract: A device may receive an indication to perform a reboot associated with a network service being provided using a first virtual machine (VM) running on the device. The device may launch, based on receiving the indication, a second VM on the device. The device may shut down, based on launching the second VM, the first VM. The device may configure the second VM for forwarding control plane traffic associated with the network service. The device may configure, based on configuring the second VM for forwarding the control plane traffic, the second VM for forwarding data plane traffic associated with the network service. The device may provide, based on configuring the second VM for forwarding the data plane traffic, the network service using the second VM.

Abstract: Techniques are described for supporting Fiber Channel over Ethernet (FCoE) link aggregation groups (LAGs) between a server and a data center switch in a data center. The techniques enable an access switch in the data center switch to assign class identifiers to each member link in an FCoE LAG between an FCoE node (Enode) of the server and the access switch. In this way, the access switch is able to redirect FCoE traffic from a Fiber Channel forwarder (FCF) of a storage area network (SAN) toward the Enode on the correct member link of the FCoE LAG. The techniques also enable scaling of FCoE initialization protocol (FIP) and FCoE sessions by installing FIP snooping filters that use on a source media access control (MAC) address hit determination in ingress filter processors (IFPs) of the access switch to avoid session limitations of virtual local area network (VLAN) filter processors (VFPs).

Abstract: In some embodiments, a switch module is configured to receive from a first edge device a multicast data unit having a VLAN identifier. The switch module is configured to select a set of port modules based on the VLAN identifier. The switch module is configured to define an unmodified instance of the multicast data unit for each port module from the set of port modules. The switch module is configured to send the unmodified instance of the multicast data unit to each port module from the set of port modules, such that each port module applies a filter to the received instance of the multicast data unit to restrict that received instance of the multicast data unit from being sent to a second edge device via that port module if the second edge device is associated with a VLAN domain different than a VLAN domain of the first edge device.

Abstract: A device may include one or more processors. The one or more processors may receive a request for one or more parameters associated with the device. The one or more processors may determine, as a response, the one or more parameters associated with the device. The one or more processors may generate a set of logical units associated with encapsulating the one or more parameters. The set of logical units may be associated with a particular communications protocol. The one or more processors may fragment the set of logical units into a set of segments based on a maximum transmission unit (MTU) size for a network path. The set of logical units may be fragmented without fragmenting any logical units of the set of logical units. The one or more processors may transmit the set of segments to a destination network device.

Abstract: A device may determine that a route is inactive. Information identifying the route may be stored in a forwarding plane portion of a forwarding table and a control plane portion of the forwarding table. The route may be associated with directing network traffic toward an endpoint network device. The device may remove the information identifying the route from the forwarding plane portion of the forwarding table without removing the information identifying the route from the control plane portion of the forwarding table based on determining that the route is inactive. The device may route network traffic based on the forwarding table after removing the information identifying the route from the forwarding plane portion of the forwarding table without removing the information identifying the route from the control plane portion of the forwarding table.

Abstract: A server device receives, from a member device, a registration request for a group virtual private network (VPN) and provides an initial firewall security policy for the group VPN. The server device receives instructions for a policy configuration change and sends, to the member device, a push message that includes dynamic policies to implement the policy configuration change. The dynamic policies are implemented as a subset of a template policy. The member device receives the push message with the dynamic policies, associates the dynamic policies with the template policy, and applies the initial security policy data and the dynamic policies to incoming traffic without the need for a reboot of the member device.

Abstract: In one example, a method includes performing L2 learning of a C-MAC address included in a first L2 data message by a first provider edge (PE) router included in an Ethernet Segment of a Provider-Backbone Bridging Ethernet Virtual Private Network (PBB-EVPN); sending to a second PE router within the Ethernet Segment an L2 control message comprising the C-MAC address and a B-MAC address corresponding to the Ethernet Segment of the PBB-EVPN, wherein the L2 control message informs the second PE router of the reachability of the C-MAC address through the first PE router; receiving, by the first PE router and from the second PE router, a second L2 data message as unicast traffic destined for the C-MAC address; and forwarding the second L2 data message to the first CE router.

Abstract: A device may receive a packet associated with a flow and may identify a capacity indicator associated with a flow table. The capacity indicator may indicate an available storage capacity associated with the flow table. The flow table may be stored by another device and may include entries for one or more flows and one or more corresponding actions to be taken in association with the one or more flows. The device may determine a service indicator that indicates a priority associated with the flow and may compare the capacity indicator and the service indicator. The device may selectively provide a message to the other device based on comparing the capacity indicator and the service indicator. The message may include an instruction for the other device to store an entry, associated with the flow, in the flow table.

Abstract: In one embodiment, an apparatus includes a switch core that has a multi-stage switch fabric. A first set of peripheral processing devices coupled to the multi-stage switch fabric by a set of connections that have a protocol. Each peripheral processing device from the first set of peripheral processing devices is a storage node that has virtualized resources. The virtualized resources of the first set of peripheral processing devices collectively define a virtual storage resource interconnected by the switch core. A second set of peripheral processing devices coupled to the multi-stage switch fabric by a set of connections that have the protocol. Each peripheral processing device from the first set of peripheral processing devices is a compute node that has virtualized resources. The virtualized resources of the second set of peripheral processing devices collectively define a virtual compute resource interconnected by the switch core.

Abstract: In some embodiments, a non-transitory processor-readable medium includes code to cause a processor to receive at a tunnel server, a data unit addressed to a communication device, and define, a first instance of the data unit and a second instance of the data unit. The first instance of the data unit is sent to the communication device via a first tunnel defined between at least the tunnel server and a first base station associated with a first network. The second instance of the data unit is sent to the communication device via a second tunnel defined between at least the tunnel server and a second base station associated with a second network. The second instance of the data unit is dropped by the communication device when the first instance of the data unit is received before the second instance of the data unit.

Abstract: In general, techniques are described for transmitting context information defining contexts for packet labels in a network. More specifically, a network device, e.g., a router, implements the context transmission techniques to facilitate debugging or troubleshooting of the network. The network device may comprise an interface card that receives a Multi-Protocol Label Switching (MPLS) data unit from another network device in accordance with a label switching protocol. The data unit may include a label stack affixed to a payload. The label stack may include one or more MPLS labels and context information associated with at least one of these labels, The interface card may, when forwarding the data unit, parse the data unit to determine the context information and then forward the data unit in accordance with these MPLS labels. A control unit included within the network device may record the forwarding of the data unit and the determined context information.

Abstract: Techniques are described for providing traffic-aware sampling rate adjustment within network devices. As inbound packets are received at an interface, a sampling unit of a forwarding circuit of the network device samples the inbound packets at a current sampling rate and directs a subset of the inbound packets to a service card of the network device. A flow controller within the service card of the network device processes the subset of the inbound packets to generate flow records. When changes in the rate at which the inbound packets are received exceed a defined threshold, the flow controller adjusts the current sampling rate at which the forwarding circuit samples the inbound packets received at the interface. Moreover, the flow controller adaptively adjusts the sampling rate such that the flow sampling resources the device are being utilized in accordance with the utilization thresholds.

Abstract: In general, techniques are provided for described herein that extend existing Ethernet Virtual Private Network (EVPN) protocol signaling mechanisms so that local, multi-homing PEs couple to an Ethernet segment can definitively convey their primary/backup designated forwarder (DF) status to any remote PE of the EVPN. In one example, this is accomplished by utilizing a new extended community attribute to each Ethernet A-D per EVI route advertised by each of the multi-homing PEs to specifically carry the advertising PE's primary or backup status. As such, any receiving remote PE need not rely on the arrival of individual MAC routes from a new primary PE and withdrawal of MAC routes from a former primary PE to update its forwarding information.