Abstract: In some embodiments, an apparatus comprises a core network node and a control module within an enterprise network architecture. The core network node is configured to be operatively coupled to a set of wired network nodes and a set of wireless network nodes. The core network node is configured to receive a first tunneled packet associated with a first session from a wired network node from the set of wired network nodes. The core network node is configured to also receive a second tunneled packet associated with a second session from a wireless network node from the set of wireless network nodes through intervening wired network nodes from the set of wired network nodes. The control module is operatively coupled to the core network node. The control module is configured to manage the first session and the second session.

Abstract: In general, techniques are described for delegating responsibility for performing a connectivity protocol from one or more endpoint devices to network infrastructure situated along a network forwarding path connecting the endpoint devices. In some examples, an intermediate network device includes a connectivity protocol module of control unit that operates a connectivity protocol session on behalf of a server, wherein the server exchanges application data with the client using an application-layer communication session with the client. The connectivity protocol module monitors connectivity for the application-layer communication session with the connectivity protocol session by exchanging connectivity protocol messages for the connectivity protocol session with the client to determine a connectivity status for the communication session.

Abstract: In general, techniques are described for enhancing operations of virtual networks. In some examples, a network system includes a server that executes a virtual router configured to receive, from a switch fabric, a tunnel packet for a virtual network of the virtual networks, wherein the tunnel packet comprises an outer header and an inner packet that defines a packet flow. The virtual router is also configured to determine, based at least on the outer header, that the packet is associated with a virtual network of the one or more virtual networks, determine a packet flow defined by the inner packet does not match any flow table entry of a flow table that identifies active flows only for virtual network and, in response, add a flow table entry for a reverse packet flow of the packet flow to the flow table.

Abstract: The disclosed computer-implemented method for facilitating dependency-ordered delivery of data sets to applications within distributed systems may include (1) receiving, at a queue of an application running within a distributed system, a data set from at least one other application running within the distributed system, (2) determining that the data set has a dependency on at least one other data set that has yet to arrive, (3) gating the data set at the queue due at least in part to the dependency, (4) receiving, at the queue, the other data set from the other application, (5) determining that the dependency has been satisfied, and then (6) delivering the data set and the other data set to the application to enable the application to process the data set and the other data set in accordance with the dependency. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: An apparatus may include a multi-throw switch having a common terminal connected to an antenna of a wireless communication system. The multi-throw switch may be configured to direct signals received from the antenna between (1) an amplification path that connects a receive terminal of the multi-throw switch to a receiver of the wireless communication system and (2) at least one bypass path that connects an additional receive terminal of the multi-throw switch to the receiver. The amplification path may include at least one amplifier that amplifies signals received from the antenna, and the bypass path may have a gain that is less than a gain of the amplification path. Various other systems and methods are also disclosed.

Abstract: An apparatus comprises a routing module configured to receive a data unit having a code indicator. The routing module is configured to identify a virtual destination address based on the code indicator. The routing module is also configured to replace a destination address of the data unit with the virtual destination address to define a modified data unit. The routing module is further configured to send the modified data unit.

Abstract: A computer-implemented method for detecting rogue client devices connected to wireless hotspots may include maintaining at least one illegitimate authentication identifier that appears to rogue client devices to facilitate authentication with an external network via a wireless hotspot. The method may also include providing the illegitimate authentication identifier to one or more client devices connected to the wireless hotspot. The method may further include receiving an authentication request to authenticate the client device with at least one external network via the wireless hotspot. The method may additionally include determining that the authentication request includes the illegitimate authentication identifier. Finally, the method may include determining that the client device is a rogue device based at least in part on the illegitimate authentication identifier being included in the authentication request. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: In some embodiments, an equipment unit has a set of visual indicators, a power switch, and a set of compute components. The power switch receives a signal representing a status such that when the status is in a first mode, the power switch provides power to the set of visual indicators and when the status is in a second mode the power switch does not provide power to the set of visual indicators. The compute components are configured to receive power when the power switch does not provide power to the set of visual indicators.

Abstract: A network device is described that receives information from separate database systems including a physical network inventory system that stores first topology data specifying resources and links within a network and a traffic engineering system that stores second topology data specifying the resources and links that are deployed within the network and data specifying traffic engineered paths configured to forward network traffic through the network. The network device aggregates the received information into a topology resource management system that stores third topology data specifying at least a current role of each of the resources and links. The network device determines a modification to at least one of the traffic engineered paths based on the third topology data, including an adjustment to the current role of at least one of the resources to change the forwarding of the network traffic. The network device outputs provisioning information based on the modification.

Abstract: In some embodiments, an apparatus includes a rate module implemented in at least one of a memory or a processing device that can be operatively coupled to a set of rate counters. Each rate counter is associated with a different network device associated with a level within the hierarchy of a network. The rate module can receive from a schedule module a signal to begin execution of a first page of a first rate program and can send during a first time period transmission credits to a first subset of rate counters. The rate module can send during a second time period transmission credits to a second subset of rate counters based on the execution of a page of a second rate program where the priority of the second rate program is no lower than a priority of the first rate program.

Abstract: In one example, a method includes predicting, by a network access control (NAC) device based on a device identifier in a request from a client device and a device usage history of the client device, a user associated with the client device, prior to completing a user authentication process, requesting, by the NAC device and from a directory server, session attributes for the predicted user, receiving, by the NAC device and from an authentication server, an indication of whether a user associated with the client device was successfully authenticated. The method includes determining, based on an identifier of the user, whether the predicted user is the user associated with the client device, and responsive to determining that the predicted user is the user associated with the client device, establishing, by the NAC and using the session attributes for the predicted user, a session between the client device and the network.

Abstract: Techniques are described for selectively triggering fast reroute of traffic by enhancing a protocol used for monitoring operational status of a forwarding plane of a router. The forwarding plane of the router outputs periodic messages that, when received by a peer router, provide an indication that the forwarding plane is operational and able to forward packets. In addition, when constructing the periodic messages, the forwarding plane embeds an indication of a status of internal communication between the forwarding plane and a control plane of the router. In this way, the forwarding plane of the transmitting router provides an indication to the peer router that, although operational, the forwarding plane may be operating according to stale forwarding information.

Abstract: An apparatus includes a first port and a second port operably coupled to a format conversion module each of which is at least partially disposed within a housing. The first port is operably coupled to a cable configured to transfer a first data unit having a first format associated with a first communication medium to the first port. The format conversion module receives the first data unit from the first port and converts the first data unit from the first format to a second format associated with a second communication medium to produce a second data unit. The second port is operably coupled to a wireless access point that is physically distinct from the housing. The second port is configured to receive the second data unit and send the second data unit to the wireless access point.

Abstract: A computer-implemented method for preventing split-brain scenarios in high-availability clusters may include (1) detecting, at a first node of a high-availability cluster, a partitioning event that isolates the first node from a second node of the high-availability cluster, (2) broadcasting, from a health-status server and after the partitioning event has occurred, a cluster-health message to the first node that includes at least a health status of the second node that is based on whether the health-status server received a node-health message from the second node, and (3) reacting, at the first node and based at least in part on whether the first node received the cluster-health message, to the partitioning event such that the partitioning event does not result in a split-brain scenario within the high-availability cluster. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: An extensible software defined network (SDN) controller is described that provides an application-aware framework that enable a variety of different user applications to communicate with the controller and that allows the controller to automatically configure devices in a network based on the needs of the applications. For example, the controller includes a plurality of different northbound interfaces that enable a variety of different user applications to communicate with the controller. The controller also includes multiple southbound protocols for configuring and enabling functionality in network devices based on the communications with the user applications.

Abstract: In some embodiments, an apparatus includes a gateway device that can be operatively coupled to a switch via a set of links. The gateway device can operatively couple a network node during a communication session with the switch, and can store an association between the communication session of the network node and a link such that data sent via the communication session of the network node is sent via the link. In such embodiments, the gateway device can receive, from a virtual port associated with the network node, a login request. The gateway device can send the login request to the switch to initiate a communication session between the virtual port and the switch. The gateway device can also associate the communication session of the virtual port with the link based on the communication session of the network node being associated with the link.

Abstract: A computer-implemented method for interfacing software-defined networks with non-software-defined networks may include (1) receiving at least one packet via software-defined network at a switching device, (2) searching a set of flow entries that collectively direct network traffic within the software-defined network for a flow entry that corresponds to the packet, (3) determining that the packet is destined for a non-software-defined network based at least in part on the search, and (4) forwarding the packet to the non-software-defined network via a logical tunnel that interfaces the software-defined network with the non-software-defined network by connecting a virtual port within the software-defined network to a virtual port within the non-software-defined network. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A disaster response system receives location data and status data from participating devices in an area affected by a disaster. The disaster response system provides data to client devices outside the affected area. The data indicate statuses of people within the affected area. Disaster response system also instructs routers to perform actions to adjust bandwidth available for a particular use during and after the disaster.

Abstract: A multi-router system is described in which hardware and software components of one or more standalone routers can be partitioned into multiple logical routers. The multiple logical routers are isolated from each other in terms of routing and forwarding functions yet allow network interfaces to be shared between the logical routers. Moreover, different logical routers can share network interfaces without impacting the ability of any of the logical routers to be independently scaled to meet the bandwidth demands of the customers serviced by the logical router.

Abstract: Techniques are described for utilizing two-part metrics with link state routing protocols of computer networks. For example, link state advertisements communicated by a router convey outbound cost metrics representative of outbound costs for the router to send network traffic to a network, and inbound cost metrics representative of inbound costs to receive network traffic from the network. The techniques may be particularly useful with respect to shared access networks, including broadcast or non-broadcast multi-access networks.