Abstract: In some embodiments, an apparatus includes a network node operatively coupled within a network. The network node is configured to send a first authentication message upon boot up, and receive, in response to the first authentication message, a second authentication message configured to be used to authenticate the network node. The network node is configured to send a first discovery message, and receive, based on the first discovery message, a second discovery message configured to be used by the network node to identify an address of the network node and an address of a core network node within the network. The network node is configured to set up a control-plane tunnel to the core network node based on the address of the network node and the address for the core network node and receive configuration information from the core network node through the control-plane tunnel.

Abstract: In some embodiments, an apparatus includes a first network control entity configured to be implemented at a first edge device. The first network control entity is configured to receive a control packet from a peripheral processing device via a tunnel that is between the peripheral processing device and the first network control entity and that includes at least a portion within a second edge device. The first network control entity is configured to determine routing information associated with the peripheral processing device based on the control packet. The first network control entity is configured to send the routing information to a second network control entity such that the second network control entity routes a data unit addressed to the peripheral processing device to the second edge device without sending the data unit to the first edge device.

Abstract: An intermediate network device performs service aware path selection. For example, the intermediate network device comprises a network interface that receives network traffic and a control unit that couples to the network interface. The control unit comprises a storage medium that stores a first set of cost factors for a first path from the intermediate network device to another intermediate network device. The first set of cost factors includes at least one optimization cost factor corresponding to intermediate optimization capabilities available to the intermediate network device that offset other cost factors of the first set. The storage medium also stores a second set of cost factors for a second path between the devices. The control unit selects either the first path or the second path over which to forward the network traffic based on the first and second sets of cost factors.

Abstract: A network device is configured to receive network traffic associated with an application executing on a user device; identify, based on the network traffic, an application identifier associated with the application; determine whether the application identifier matches one of a set of application identifiers stored by the network device; identify a policy based on the application identifier when the application identifier matches one of the set of application identifiers; and apply the policy to the network traffic associated with the application. The policy may be obtained from another network device, in communication with the network device, when the application identifier does not match one of the set of application identifiers.

Abstract: In some embodiments, an apparatus comprises a processing module, disposed within a first switch fabric element, configured to detect a second switch fabric element having a routing module when the second switch fabric element is operatively coupled to the first switch fabric element. The processing module is configured to define a virtual processing module configured to be operatively coupled to the second switch fabric element. The virtual processing module is configured to receive a request from the second switch fabric element for forwarding information and the virtual processing module is configured to send the forwarding information to the routing module.

Abstract: In some embodiments, an apparatus comprises of a control module implemented in at least one of a memory or a processing device that is configured to receive, via a network and from a wireless access point or an access network node, a control packet defined based on a control protocol. The control packet is associated with at least one control function of the wireless access point or access network node. The control module is configured to determine a status of an access network node based on the control packet from the access network node. The control module is configured to send via the network, a response to the access network node based on the status of the access network node.

Abstract: A system may determine to perform an external malware detection operation to detect malware executing on a client device. The system may perform the external malware detection operation. The external malware detection operation may be performed by a particular device by communicating with another device. The system may perform a communication based on performing the external malware detection operation. The system may monitor a result of performing the communication for a particular behavior indicative of a malware infection. The system may detect that the particular behavior has occurred. The system may provide a notification that the client device is infected with malware based on detecting that the particular behavior has occurred. The notification may cause one or more network devices to block network traffic to or from the client device.

Abstract: A card ejector comprising a pair of tapered lever arms coupled at a proximal end of the card ejector and coupled at a distal end of the card ejector, a cam block coupling the pair of tapered lever arms at the proximal end of the card ejector, the cam block operable to be rotatably coupled to a card and to engage a card cage, the cam block operable to urge the card into or out of the card cage when a rotational force is applied to the card ejector, and a latching mechanism coupling the pair of tapered lever arms at the distal end of the card ejector, the latching mechanism operable to automatically and releasably secure the distal end of the card ejector in a position near a face portion of the card by engaging an opening in the face portion.

Abstract: A housing includes a mount projection defining a first notch, a second notch, and a recessed wall. At least a portion of the recessed wall defines a substantially conical cross-sectional shape between a maximum width and a length from a leading portion to a line associated with the maximum width. The mount projection is configured to complimentarily mate to a bracket defining a recessed wall with a maximum width, corresponding to the maximum width of the mount projection, and a length, corresponding to the length of the mount projection, from a leading portion to a line associated with the maximum width. The mount projection is releasably retained within an opening of the bracket when a first projection and a second projection of the bracket are disposed within the first notch and the second notch, respectively, of the mount projection.

Abstract: Techniques are described for providing an indication of an impending control plane disruption of a router using forwarding plane liveliness detection protocols. A forwarding plane of the router outputs liveliness detection messages that, when received by a peer router, provide an indication that the forwarding plane is operational and able to forward packets. When constructing the liveliness detection messages, the forwarding plane may embed additional information indicative of any impending disruption in the control plane of the network device. In this way, the forwarding plane of the transmitting router provides an indication to the peer router that, although currently operational, the control plane of the router may in the near term become non-operational. The peer router, in response to receiving an enhanced liveliness detection message indicating an impending control plane disruption, suppresses a recovery action otherwise triggered by a loss of communication with a control plane of the network device.

Abstract: A system may determine to perform an internal and an external malware detection operation to detect a malware infection associated with a client device. The system may perform the internal operation by modifying an environment, executing on a particular device, to form a modified environment. The system may perform the external operation by performing a communication from the particular device. The system may monitor the modified environment for a first behavior indicative of the malware infection, and may monitor a result of performing the communication for a second behavior indicative of the malware infection. The system may detect that the first or second behavior has occurred. The system may provide a notification that the client device is infected with malware based on detecting that the first or second behavior has occurred. The notification may cause one or more network devices to block network traffic to or from the client device.

Abstract: In some examples, a router comprising a control unit comprising a processor, the control unit configured to receive configuration data defining a measurement endpoint for measuring performance of a layer 3 (L3) service and associating the measurement endpoint with a remote measurement endpoint of a remote router. The control unit is further configured to encapsulate, to generate a flow measurement packet, a layer 2 (L2) measurement packet in a layer 4 (L4) header and an L3 header that identify a measurement flow. The control unit is further configured to output the flow measurement packet to the remote router.

Abstract: In general, techniques are described by which a path through a network may be selected based on security information. For example, a network device may include one or more interfaces and a control unit. The interfaces may receive security information that describes a security service provided by a network security device. The network security device may couple to another network device. The control unit then determines, based on the security information, a path through the network that includes the other network device. The interfaces may forward at least a portion of the network traffic along the determined path to the other network device such that the network security device coupled to the other network device applies the security service to the portion of the network traffic forwarded via the path. As a result, the network device secures traffic by perform security path selection to forward traffic to network security devices.

Abstract: A computer-implemented method for improving clock synchronization between master and slave devices may include receiving at least one clock-synchronization packet transferred from a master device to a slave device via a network that supports an IP. The method may also include identifying at least one item of IP information added to the clock-synchronization packet during the transfer from the master device to the slave device. The method may further include determining that the clock-synchronization packet experienced a delay that exceeds a predetermined threshold during the transfer based at least in part on the item of IP information. Finally, the method may include discarding the clock-synchronization packet from a set of clock-synchronization packets capable of being used to synchronize the slave device with the master device in response to the determination. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques are described for determining, with a first optical node, a correction factor indicative of an amount of optical power loss that a Raman amplifier in a second optical node causes in an optical signal having a first wavelength that is transmitted by the first optical node and received by the second optical node, transmitting, with the first optical node to the second optical node, information, based on the determined correction factor, that is to be used for determining a gain of the Raman amplifier, and transmitting, with the first optical node to the second optical node, an optical signal having a second wavelength that is to be amplified by the Raman amplifier.

Abstract: A method includes a proxy device receiving from a source device a request to establish a flow to a destination device; generating, based on the request, a meta-packet that indicates that the flow to the destination device is to be proxied; determining whether a pre-established flow connecting the proxy device to another proxy device that leads toward the destination device exists; sending the meta-packet on the pre-established flow, when it is determined that the pre-established flow exists; receiving by the other proxy device, the meta-packet, and establishing the flow to the destination device based on the meta-packet, where the proxy devices assign one or more of a source address, a source port, a destination address, or a destination port, associated with the source device and the destination device, to the pre-established flow.

Abstract: In some embodiments, an apparatus includes a flow control module configured to receive a first data packet from an output queue of a stage of a multi-stage switch at a first rate when an available capacity of the output queue crosses a first threshold. The flow control module is configured to receive a second data packet from the output queue of the stage of the multi-stage switch at a second rate when the available capacity of the output queue crosses a second threshold. The flow control module configured to send a flow control signal to an edge device of the multi-stage switch from which the first data packet or the second data packet entered the multi-stage switch.

Abstract: Techniques are described for providing session-aware, stateful network services to subscriber packet flows. Devices within a service provider network direct subscriber packets along service chains. Each tunnel is established to direct traffic according a particular ordered set of network services for the corresponding service chain. An ingress device for the tunnels encapsulate the subscriber packets and embed opaque session cookies that each uniquely identifies a collection of packet flows of a subscriber session amongst other packet flows transported by a given service tunnel. Each service node need only identify the tunnel on which a tunnel packet was received and the session cookie embedded within the tunnel packet to uniquely associate the encapsulated subscriber packet with a subscriber session, without needing to further inspect the encapsulated subscriber packet, and to index or otherwise retrieve state and statistics required to enforce the network service the service nod is programmed to deliver.

Abstract: A routing device coupled to a remote routing device via a link on which a flood reduction technique is used, such as a demand circuit, is configured to store an indication of a link state of the remote routing device and a first sequence number associated with the link state, receive an indication that the remote routing device is performing a graceful restart, and then receive data indicative of a new link state of the remote routing device and a second sequence number. The routing device determines whether the new link state is different than the stored indication of the link state, and if not, avoids requesting the current link state from the remote routing device. In this manner, the routing device may reduce link-state protocol traffic within an autonomous system including the routing device and the remote routing device.

Abstract: An output circuit, included in a device, may determine counter information associated with a packet provided via an output queue managed by the output circuit. The output circuit may determine that a latency event, associated with the output queue, has occurred. The output circuit may provide the counter information and time of day information associated with the counter information. The output circuit may provide a latency event notification associated with the output queue. An input circuit, included in the device, may receive the latency event notification associated with the output queue. The input circuit may determine performance information associated with an input queue. The input queue may correspond to the output queue and may be managed by the input circuit. The input circuit may provide the performance information associated with the input queue and time of day information associated with the performance information.