Abstract: A method performed by a network device may include assembling a multiprotocol label switching (MPLS) echo request, the echo request including an instruction for a transit node to forward the echo request via a bypass path associated with the transit node, and an instruction for an egress node to send an echo reply indicating that the echo request was received on the bypass path. The method may also include sending the MPLS echo request over a functioning label switched path (LSP).

Abstract: A method and apparatus for performing a lookup in a switching device of a packet switched network where the lookup includes a plurality of distinct operations each of which returns a result that includes a pointer to a next operation in a sequence of operations for the lookup. The method includes determining a first lookup operation to be executed, executing the first lookup operation including returning a result and determining if the result includes a pointer to another lookup operation in the sequence of operations. If the result includes a pointer to another lookup operation, the lookup operation indicated by the result is executed. Else, the lookup is terminated.

Abstract: The disclosed system may include (1) a detection module, stored in memory, that detects that a user is attempting to operate a network peripheral device configured for connecting into a base network device, at least one of the network peripheral device and the base network device including a trusted platform module that further includes an endorsement key that identifies the trusted platform module, (2) an obtaining module, stored in memory, that obtains a digitally signed indication that the user is authorized by a vendor to operate the network peripheral device, (3) an enablement module, stored in memory, that enables the user to operate the network peripheral device based on obtaining the digitally signed indication that the user is authorized by the vendor to operate the network peripheral device, and (4) at least one physical processor configured to execute these modules. Various other systems and methods are also disclosed.

Abstract: A network device identifies an Open Shortest Path First (OSPF) link between the network device and a layer 2 network as one of a point-to-multipoint over broadcast interface or a point-to-multipoint over non-broadcast multi access (NBMA) interface, and performs database synchronization and neighbor discovery and maintenance using one of a broadcast model or a NBMA model. The network device also generates a link-state advertisement for the network device, where the link-state advertisement includes a separate link description for each point-to-point link within the layer 2 network; and sends the link-state advertisement to each fully adjacent neighbor in the layer 2 network.

Abstract: A device may identify a plurality of files for a multi-file malware analysis. The device may execute the plurality of files in a malware testing environment. The device may monitor the malware testing environment for behavior indicative of malware. The device may detect the behavior indicative of malware. The device may perform a first multi-file malware analysis or a second multi-file malware analysis based on detecting the behavior indicative of malware. The first multi-file malware analysis may include a partitioning technique that partitions the plurality of files into two or more segments of files to identify a file, included in the plurality of files, that includes malware. The second multi-file malware analysis may include a scoring technique that modifies a plurality of malware scores, corresponding to the plurality of files, to identify the file, included in the plurality of files, that includes malware.

Abstract: A device receives, from a client device, a request for a resource, where the request provides an identifier of the client device. The device selects a target device for the resource, connects with the selected target device, and provides a proxy of the request to the selected target device, where the proxy of the request hides the identifier of the client device. The device receives the resource from the selected target device, where the resource provides an identifier of the target device. The device provides a proxy of the resource to the client device, where the proxy of the resource hides the identifier of the target device.

Abstract: A first provider edge (PE) device is configured to: receive a Label Distribution Protocol (LDP) MAC Flush message from a PE device via an input port; flush a routing table in response to the LDP MAC Flush message; determine whether the LDP MAC Flush message comprises a PE identifier corresponding to the PE device; generate a Topology Change Notification (TCN) message based on the LDP MAC Flush message when the LDP MAC Flush message comprises the PE identifier corresponding to the PE device; and output the TCN message.

Abstract: A network device includes an internal policy engine that makes local policy decisions for packet flows and controls policies applied by service modules and forwarding components of the network device. The policy engine interacts with an external policy server to receive policies using software defined networking (SDN) protocol as if the data plane of the network device were directly exposed to the external policy server by the SDN protocol.

Abstract: In some embodiments, an apparatus includes a layer-2 device operably coupled to a source device and a destination device and disposed within a data path (1) between the source device and the destination device, and (2) includes at least one layer-3 device. The layer-2 device receives a first test data unit from the source device, and defines a quality datum associated with processing the first test data unit. The layer-2 device defines a second test data unit based on the first test data unit that includes the quality datum associated with processing the first test data unit. The layer-2 device sends the second test data unit to the layer-3 device. The layer-3 device defines a quality datum associated with processing the second test data unit at the layer-3 device and defines a third test data unit based on the second test data unit.

Abstract: In some embodiments, an apparatus comprises of a first Control And Provisioning of Wireless Access Points (CAPWAP) module implemented in at least one of a memory or a processing device that is configured to be designated as a backup control module for a wireless access point during a first time period. The first CAPWAP control module is configured to receive state information associated with the wireless access point during the first time period from a second CAPWAP control module. The second CAPWAP control module is designated as a primary control module for the wireless access point during the first time period. The first CAPWAP control module is configured to be automatically designated as the primary control module during a second time period after the first time period and in response to the second CAPWAP control module not operating according to at least one predefined criterion.

Abstract: In some examples, a controller comprises one or more processors; a control unit configured to obtain, from a router in a first network, a route that specifies a next hop to an address prefix reachable by the first network; and a service chain unit configured to generate a modified route that specifies a service node as the next hop for the address prefix, wherein the service node is external to the first network, and wherein the control unit is further configured to send the modified route to a second network, the modified route marked with an import route target configured for a provider edge router of the second network so that traffic from the first network and destined for the second network is forwarded to the service node.

Abstract: A mesh network of wired and/or wireless nodes is described in which a centralized controller provides seamless end-to-end service from the edge of the mesh network to mesh nodes located proximate to subscriber devices. The controller operates to provide a central configuration point for configuring forwarding planes of the mesh nodes of the mesh network, so as to set up transport data channels to transport traffic from the edge nodes via the mesh nodes to the subscriber devices.

Abstract: Techniques are described for supporting designated forwarder election for a multi-homed Ethernet virtual private network (EVPN) data center interconnect (DCI) between multiple data centers by leveraging and utilizing adjacency state information learned from a multicast routing protocol that controls multicast distribution within an underlying transport network of a local data center. For example, a set or routers operating to provide a multi-homed EVPN DCI may utilize adjacency state information learned from a Protocol Independent Multicast (PIM) executing within the underlying transport network of a multi-homed data center to facilitate selection of a designated forwarder for the EVPN between the data centers. By leveraging adjacency state information, an enhanced DF election may be automatically performed for the EVPN to facilitate selection of a designated forwarder in a manner that may avoid loss of traffic in situations where a topology event in the underlying transport network of the data center.

Abstract: In general, techniques are described for using virtual local area networks (VLANs) to facilitate packet forwarding between wireless endpoint devices attached to a wireless local area network (WLAN) access network and one or more mobile gateways providing access to packet data network services. For example, a wireless access gateway includes an upstream interface for a mobility tunnel to a mobile gateway of a mobile service provider network and a downstream interface for a WLAN access network. The wireless access gateway receives a packet from the mobile gateway by the upstream interface. The wireless access gateway determines, based at least on the mobility tunnel, a VLAN of the WLAN access network that is uniquely associated in the wireless access gateway with a combination of the APN associated with the mobility tunnel and the mobile gateway. The wireless access gateway then forwards, to a wireless endpoint device, the packet on the VLAN.

Abstract: An apparatus and method are described for compensating for frequency and phase variations of electronic components by processing packet delay values. In one embodiment, a packet delay determination module determines packet delay values based on time values associated with a first and a second electronic component. A packet delay selection module selects a subset of the packet delay values based on the maximum frequency drift of the first electronic component. A statistical parameter determination module evaluates a first and a second parameter based on portions of the subset of packet delay values. A validation module validates the parameters when each portion the subset of packet delay values includes a minimum of at least two packet delay values. An adjustment module compensates for at least one of a frequency variation and a phase variation of the first electronic component based on the parameters if the parameters are both validated.

Abstract: Using the ALTO Service, networking applications can request through the ALTO protocol information about the underlying network topology from the ISP or Content Provider. The ALTO Service provides information such as preferences of network resources with the goal of modifying network resource consumption patterns while maintaining or improving application performance. This document describes, in one example, an ALTO server that implements enhancements to the ALTO service to enable initiating incremental updates of network and cost maps to ALTO clients upon receiving status information from a content delivery network (CDN) node.

Abstract: A computer-implemented method for prognostic network management may include (1) monitoring a health indicator of a physical component of a device in a network, (2) using the health indicator to estimate a remaining useful life of the physical component, (3) detecting that the remaining useful life of the physical component has reached a predetermined threshold, and (4) reconfiguring the network in response to detecting that the remaining useful life of the physical component has reached the predetermined threshold so that failure of the physical component does not cause the network to become unavailable to any user of the network. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: In one embodiment, a method includes receive a translation vector, selecting a translation entry from a plurality of translation entries, and determining whether the translation entry is associated with a first identifier class or a second identifier class. The translation vector includes a first identifier, a second identifier, and a virtual memory identifier. The first identifier is associated with a first identifier class, and the second identifier is associated with a second identifier class. The translation vector is received from a translation module including a memory configured to store the plurality of translation entries. Each translation entry from the plurality of translation entries including a virtual memory identifier. The translation entry is selected from the plurality of translation entries of the translation module based on the virtual memory identifier of the translation vector.

Abstract: A computer-implemented method for automatically correcting classification signatures may include (1) identifying at least one classification signature used to classify network traffic, (2) detecting at least one unknown flow of network traffic, (3) determining that the unknown flow of network traffic and the classification signature exceed a threshold level of similarity by comparing the unknown flow with the classification signature, and then in response to determining that the unknown flow and the classification signature exceed the threshold level of similarity, (4) identifying at least one attribute of the unknown flow that differs from the classification signature, and (5) modifying the classification signature based at least in part on the attribute of the unknown flow. Various other systems, methods, and computer-readable media are also disclosed.

Abstract: An egress network device of a point-to-point (P2P) tunnel can receive an LSP Ping message via the P2P tunnel from an ingress network device of the P2P LSP, wherein the LSP Ping message specifies a label that the egress network device associates with a service provided to the egress network device via the P2P tunnel. In response to receiving the LSP Ping message, the egress network device can store an association between the label and the P2P tunnel. The egress network device also uses a fault detection network protocol session over the P2P tunnel to monitor a state of the P2P tunnel. In response to detecting based on the fault detection network protocol session that the state of the P2P tunnel is down, the egress network device determines the service is unavailable from the ingress network device via the P2P tunnel, and selects a new source to provide the service.