Abstract: A device may obtain information regarding firewall rules. The information, for a firewall rule of the firewall rules, may include one or more match condition values and a ranking value. The firewall rule may be applicable to packets that are associated with packet information that matches the match condition values. A match condition value may be associated with a match count that identifies a quantity of times that packets match the match condition value. The ranking value may identify a quantity of times that the firewall rule has been applied to the packets. The device may obtain a new firewall rule. The device may predict a ranking value of the new firewall rule based on match condition values of the new firewall rule and/or based on analyzing the information regarding the plurality of firewall rules. The device may perform an action based on the predicted ranking value.

Abstract: In general, techniques are described for atomically installing and withdrawing host routes along paths connecting network routers to attenuate packet loss for mobile nodes migrating among wireless LAN access networks and a mobile network. In some examples, whenever the mobile node moves from one attachment point to the next, it triggers the distribution of its host route from the new attachment point toward the service provider network hub provider edge (PE) router that anchors the mobile node on a service provider network. Routers participating in the Mobile VPN install the host route “atomically” from the attachment point to the mobile gateway so as to ensure convergence of the network forwarding plane with the host route toward the new attachment point prior to transitioning mobile node connectivity from a previous attachment point.

Abstract: The disclosure describes techniques that enable a network device to determine a confidence level for a network alarm and provide information indicative of the confidence level to other devices. For example, a network device may experience any number of conditions that cause the network device to output an alarm. In addition to or instead of simply sending out the alarm, the network device may perform operations to determine a confidence level associated with the alarm. For instance, the network device may determine whether the conditions that caused the alarm continue or whether the conditions can be validated. The network device may output information indicative of the confidence level.

Abstract: Techniques are described for automatic provisioning of virtual local area networks (VLANs) on server-facing ports of access switches included in a data center network. Conventionally, VLANs are pre-configured on all server-facing ports of access switches. The techniques described in this disclosure enable automatic provisioning of VLANs on server-facing ports of access switches triggered by traffic received on the ports. The techniques include a feature in a forwarding plane of an access switch that is configured to detect data packets received for an unknown VLAN on a port, and notify a control plane of the access switch of the unknown VLAN on the port. In response to the notification from the forwarding plane, the control plane may authorize and provision the VLAN on the port. The techniques described in this disclosure include hardware-assisted software provisioning of an unknown VLAN on a given port of an access switch.

Abstract: Techniques are described for establishing a second label switched path (LSP) instance of an LSP having a first LSP instance. In one example, for each downstream router designated for the second LSP instance of the LSP, the router determines whether the router is part of the first instance of the LSP and, if so, whether the first and second LSP instances for that downstream router share a common link to a nexthop router. If the first and second LSP instances share a common link to a nexthop router, the downstream router transmits a first message to the nexthop router, wherein the first message includes a suggested label. The downstream router receives, from the nexthop router, a second message, wherein the second message includes the suggested label. In another example, a label reuse indicator flag in a message from the ingress router causes routers on the second LSP instance to reuse the label of the first LSP instance when the same link is used to the upstream router for both LSP instances.

Abstract: In general, techniques are generally described for reducing or preventing transient black-holing of network traffic in an overlay network. A method includes executing, by a network device included in a link state domain, an Interior Gateway Protocol (IGP) to exchange link-state messages with at least one remote network device in the link-state domain; generating, by the network device, an IGP link-state message that includes link overload information to overload a link in the link-state domain that couples the network device to the remote network device; and sending, by the network device and to the at least one other network device, the IGP link-state message that includes the link overload information to direct the remote network device to stop sending network traffic to the network device using the overloaded link.

Abstract: In some examples, a control network for one or more network segments of a network comprises a plurality of controllers each including one or more processors. The plurality of controllers receive service requests that each comprises a definition for a service provided by the network to connect at least two endpoints over a path traversing at least one of the one or more network segments, wherein the control network operates according to a control model by which the plurality of controllers provision services in the one or more network segments to satisfy the service requests. The plurality of controllers dynamically adapt, based on network conditions including the service requests, the control model for the control network. The plurality of controllers provision, according to the adapted control model, services for the service requests.

Abstract: In general, techniques are described in which packet replicators of a network device cooperate to generate a distributed hierarchical forwarding structure that the packet replicators then use to replicate and forward multicast packets to multiple output interfaces. For example, packet forwarding engines (PFEs) of a router each receive a new list of interfaces for a multicast packet stream. The PFEs individually construct a hierarchical forwarding structure based on the interface list. The hierarchical forwarding structure specifies interrelationships among the PFEs, which occupy nodes within the hierarchy. Each child PFE determines from the hierarchical forwarding structure the identity of a parent PFE and issues a token, constituting forwarding state for the distributed hierarchical forwarding structure, to the parent PFE.

Abstract: A device receives capability information associated with a next hop device of a wireless local area network (WLAN). The device also determines, based on the capability information, whether the next hop device is capable of implementing security for traffic, where the security includes a media access control (MAC) security standard and a layer 2 link security standard. The device further creates, via the MAC security standard, a secure channel with the next hop device when the next hop device is capable of providing security for traffic.

Abstract: Techniques are described for determining pre-compensation parameters to compensate for signal integrity degradation along a signal path. A processor generates a first digital signal and receives a second digital signal. The second digital signal is generated from an optical-to-electrical conversion of a feedback optical signal that is generated from an electrical-to-optical conversion of an electrical signal by an optical module. The processor determines the pre-compensation parameters based on the first and second digital signals.

Abstract: Techniques for providing closed-loop control and predictive analytics in packet-optical networks are described. For example, an integrated, centralized controller provides tightly-integrated, closed-loop control over switching and routing services and the underling optical transport system of a communication network. In one implementation, the controller includes an analytics engine that applies predictable analytics to real-time status information received from a monitoring subsystem distributed throughout the underlying optical transport system.

Abstract: An apparatus may include a bus that electrically couples an electrical load to redundant power feeds. The apparatus may also include at least one capacitive component electrically coupled between first and second rails of the bus via both a conductive path and a resistive path that has substantially greater resistance than the conductive path. In addition, the apparatus may include a switching mechanism electrically coupled between the first and second rails of the bus that causes the capacitive component to charge through the conductive path until a threshold voltage on the first rail of the bus is reached. When the threshold voltage on the first rail of the bus is reached, the switching mechanism may close the conductive path and force the capacitive component to charge through the resistive path. Various other systems and methods are also disclosed.

Abstract: In some examples, a network device of a network comprises a first component configured to store a plurality of next hop instructions corresponding to respective logical or physical network structures of the network. The network device also comprises a second component configured to send, to the first component, a message that identifies an association of the plurality of next hop instructions, wherein the first component is further configured to modify, in response to receiving the message, each of the plurality of next hop instructions.

Abstract: The disclosed system may include (1) a cache module, stored in memory, that stores a neighbor cache entry that specifies whether a neighbor of a network node is reachable according to a detection mechanism, (2) a timeout module, stored in memory, that specifies a timing interval in which to select a reachable time threshold, (3) a reception module, stored in memory, that receives event information about whether the neighbor is active, (4) a biasing module, stored in memory, that biases, based on the received event information about whether the neighbor is active, a selection of the reachable time threshold within the timing interval, and (5) a determination module, stored in memory, that determines whether the neighbor is reachable based at least in part on a determination of whether the selected reachable time threshold has been satisfied. Various other systems and methods are also disclosed.

Abstract: An example method includes receiving, by a first hop router (FHR) and from a source device, multicast stream data associated with a multicast stream, sending, from the FHR and to a rendezvous point (RP) using a Protocol Independent Multicast (PIM) protocol, one or more null register messages that are each associated with the multicast stream. Each of the one or more null register messages includes a source address and a group address that are collectively associated with the multicast stream, and each of the one or more null register messages further includes an indication to request that the RP refrain from sending any register-stop messages associated with the multicast stream to the FHR. The example method further includes, after sending the one or more null register messages that are each associated with the multicast stream, sending, to the RP, the multicast stream data in a non-encapsulated format.

Abstract: Techniques are described for implementing one or more logical routers within a single physical routing device. These logical routers, as referred to herein, are logically isolated in the sense that they achieve operational and organizational isolation within the routing device without requiring the use of additional or redundant hardware, e.g., additional hardware-based routing controllers. The routing device may, for example, include a computing platform, and a plurality of software process executing within the computing platform, wherein the software processes operate as logical routers. The routing device may include a forwarding component shared by the logical routers to forward network packets received from a network in accordance with the forwarding tables.

Abstract: An apparatus for reducing electromagnetic interference in redundant power systems may include an inductor capable of being electrically coupled between first and second power sources and an electrical load. The apparatus may also include a first return-current path that electrically couples a return terminal of the electrical load to a return terminal of the first power source. The first return-current path may include a winding wound around a core of the inductor. The apparatus may further include a second return-current path that electrically couples the return terminal of the electrical load to a return terminal of the second power source. The second return-current path may include a winding wound around the core of the inductor. Various other apparatuses, systems, and methods are also disclosed.

Abstract: In some embodiments, an apparatus includes a network device configured to receive an anomaly database of a first image that stores a set of differences between the first image and a base image. The network device is configured to compare the anomaly database of the first image with an anomaly database of a second image storing a set of differences between the second image and the base image to determine if the first and second images include at least one incompatible critical feature or incompatible non-critical feature. The network device is configured to send a signal associated with a first action if the first and second images include the at least one incompatible critical feature. The network device is configured to send a signal associated with a second action different from the first action if the first and second images include the at least one incompatible non-critical feature.

Abstract: Graceful restart in routers having redundant routing facilities may be accomplished by replicating network (state/topology) information.

Abstract: In one embodiment, a method includes receive a translation vector, selecting a translation entry from a plurality of translation entries, and determining whether the translation entry is associated with a first identifier class or a second identifier class. The translation vector includes a first identifier, a second identifier, and a virtual memory identifier. The first identifier is associated with a first identifier class, and the second identifier is associated with a second identifier class. The translation vector is received from a translation module including a memory configured to store the plurality of translation entries. Each translation entry from the plurality of translation entries including a virtual memory identifier. The translation entry is selected from the plurality of translation entries of the translation module based on the virtual memory identifier of the translation vector.