Abstract: A system may determine to perform an internal malware detection operation to detect malware executing on a client device. The system may perform the internal malware detection operation. The internal malware detection operation may be performed locally on a particular device without requiring communication with another device. The system may modify an environment executing on the particular device, to form a modified environment, based on performing the internal malware detection operation. The system may monitor the modified environment for a particular behavior indicative of a malware infection. The system may detect that the particular behavior has occurred. The system may provide a notification that the client device is infected with malware based on detecting that the particular behavior has occurred. The notification may cause one or more network devices to block network traffic to or from the client device.

Abstract: In some embodiments, a non-transitory processor-readable medium includes code to cause a processor to receive, at a network management module, a request for data plane information associated with a set of access switches of a distributed switch. The non-transitory processor-readable medium includes code to cause the processor to send, in response to the request, an instruction to each access switch from the set of access switches such that a proxy module at each access switch accesses data plane information at at least one line card at that access switch. The non-transitory processor-readable medium includes code to cause the processor to receive, from each access switch from the set of access switches, the data plane information associated with that access switch, and then send a signal to output, on a single interface, the data plane information associated with each access switch from the set of access switches.

Abstract: A method may include receiving a request to establish a quality of service (QoS) policy that identifies a desired QoS associated with traffic being transported by a network; generating a QoS model based on the identified desired QoS, where the QoS model includes a class of service (CoS) and corresponding forwarding priorities associated with the traffic; retrieving a service level agreement (SLA), associated with a client device that is interconnected to a network node associated with the network, where the SLA includes a particular CoS and corresponding other forwarding priorities for packets associated with the client device; creating a QoS provisioning policy based on the QoS model and the SLA, where the creating includes mapping the CoS to the particular CoS or mapping the forwarding priorities to the other forwarding priorities; and transmitting, to the network node, the QoS provisioning policy that permits the network node to process the packets in a manner that complies with the QoS model or the SLA.

Abstract: A network filter is implemented so that filter terms that include intra-term OR conditions and converted to sub-terms that include only logical AND conditions. In one implementation, a device may include logic to receive a filter definition including one or more terms, at least some of the terms including logical OR conditions, that define how network traffic through the device is to be filtered, the logic expanding the one or more terms in the filter such that terms that contain logical OR conditions are expanded into a plurality of sub-terms that each contains only logical AND conditions. The device may further include a ternary content-addressable memory (TCAM) programmed to include a separate entry corresponding to each of the sub-terms.

Abstract: A device is configured to store information indicating a threshold bandwidth with which a multi-lane link is permitted to operate. The device may establish the multi-lane link with a peer device. The multi-lane link may include multiple lanes used to communicate data with the peer device. The device may determine fault states for the lanes included in the multi-lane link. A fault state, for a particular lane, may indicate that the particular lane is faulty. The device may determine an available bandwidth for the multi-lane link based on the fault states for the lanes. The device may selectively terminate the multi-lane link or operate the multi-lane link at the available bandwidth based on whether the available bandwidth satisfies the threshold bandwidth.

Abstract: An example device includes a processor that provides an execution environment for a management agent, and a data repository configured to store configuration information. The management agent is operable to retrieve configuration information that specifies one or more trap conditions and one or more filter criteria from the data repository, detect that at least one of the one or more trap conditions is met, generate a message that includes a set of variable identifiers and associated variable values based on the one or more met trap conditions, determine whether at least one of the variable identifiers and associated value pairs included in the generated messages meet at least one of the filter criteria by at least comparing a variable value of a respective filter criteria to the variable value of the generated message, and selectively send the generated message to a device management system based on the comparison.

Abstract: Techniques are described for specifying and constructing multi-protocol label switching (MPLS) rings. Routers may signal membership within MPLS rings and automatically establish ring-based label switch paths (LSPs) as components of the MPLS rings for packet transport within ring networks. In one example, a router includes a processor configured to establish an MPLS ring having a plurality of ring LSPs. Each of the ring LSPs is configured to transport MPLS packets around the ring network to a different one of the routers operating as an egress router for the respective ring LSP. Moreover, each of the ring LSPs comprises a bidirectional, multipoint-to-point (MP2P) LSP for which any of the routers can operate as an ingress to source packet traffic into the ring LSP for transport to the respective egress router for the ring LSP. Separate protection paths, bypass LSPs, detours or loop-free alternatives need not be signaled.

Abstract: In general, techniques are described for improving network path computation for requested paths that include a chain of service points that provide network services to traffic flows traversing the requested path through a network along the service chain. In some examples, a controller network device receives a request for network connectivity between a service entry point and a service exit point for a service chain for application to packet flows associated to the service chain. The device, for each pair of the service points in the particular order and using the active topology information, computes at least one end-to-end sub-path through the sub-network connecting the pair of the service points according to a constraint and computes, using the at least one end-to-end sub-path for each pair of the service points, a service path between the service entry point and the service exit point for the service chain.

Abstract: A method and apparatus for switching a data packet between a source and destination in a network. The data packet includes a header portion and a data portion. The header portion includes routing information for the data packet. The method includes defining a data path in the router comprising a path through the router along which the data portion of the data packet travels and defining a control path comprising a path through the router along which routing information from the header portion travels. The method includes separating the data path and control path in the router such that the routing information can be separated from the data portion allowing for the separate processing of each in the router. The data portion can be stored in a global memory while routing decisions are made on the routing information in the control path.

Abstract: A network device may include first logic configured to count data units passing through the network device and to produce a counter value. The network device may include second logic configured to receive the counter value when an indicator is present, and to store the counter value. The network device may include third logic configured to sample the second logic, to receive the counter value, and to operate on the counter value to produce a result.

Abstract: A security device may receive a request, from a client device and intended for a server device, to provide a resource. The resource may be associated with information stored by the server device. The security device may identify the request as being associated with a malicious script. The malicious script may execute on the client device and may include a script that performs one or more undesirable tasks directed to the server device. The security device may receive, from the server device, a response to the request. The response may include information associated with the requested resource. The security device may modify the response to form a modified response. The response may be modified in an attempt to cause the malicious script to experience an error. The security device may provide the modified response to the client device.

Abstract: In general, techniques are described for using routing information obtained by operation of network routing protocols to dynamically generate network and cost maps for an application-layer traffic optimization (ALTO) service. For example, an ALTO server of an autonomous system (AS) receives routing information from routers of the AS by listening for routing protocol updates outputted by the routers and uses the received topology information to dynamically generate a network map of PIDs that reflects a current topology of the AS and/or of the broader network that includes the AS. Additionally, the ALTO server dynamically calculates inter-PID costs using received routing information that reflects current link metrics. The ALTO server then assembles the inter-PID costs into a cost map that the ALTO server may provide, along with the network map, to clients of the ALTO service.

Abstract: A security device may receive actual behavior information associated with an object. The actual behavior information may identify a first set of behaviors associated with executing the object in a live environment. The security device may determine test behavior information associated with the object. The test behavior information may identify a second set of behaviors associated with testing the object in a test environment. The security device may compare the first set of behaviors and the second set of behaviors to determine a difference between the first set of behaviors and the second set of behaviors. The security device may identify whether the object is an evasive malicious object based on the difference between the first set of behaviors and the second set of behaviors. The security device may provide an indication of whether the object is an evasive malicious object.

Abstract: A device receives requests for content, determines requests for a same identifier from the requests for the content, and stores information associated with the determined requests in an object. The object includes a number of the determined requests, and a current time and a start time associated with the determined requests. The device also determines whether the number of the determined requests satisfies a first threshold, and determines whether a difference between the current time and the start time satisfies a second threshold. The device identifies a loop associated with another device when the number of the determined requests satisfies the first threshold and the difference satisfies the second threshold, and provides information associated with the identified loop.

Abstract: Methods and apparatus for transferring packets in a packet switched communication system. A system is provided that includes an L2 device including a controller determining for each packet received whether the received packet is to be inspected, an inspection device operable to inspect and filter packets identified by the controller including using a zone specific policy and an L2 controller for transferring inspected packets in accordance with L2 header information using L2 protocols.

Abstract: A housing includes a mount projection defining a first notch, a second notch, and a recessed wall. At least a portion of the recessed wall defines a substantially conical cross-sectional shape between a maximum width and a length from a leading portion to a line associated with the maximum width. The mount projection is configured to complimentarily mate to a bracket defining a recessed wall with a maximum width, corresponding to the maximum width of the mount projection, and a length, corresponding to the length of the mount projection, from a leading portion to a line associated with the maximum width. The mount projection is releasably retained within an opening of the bracket when a first projection and a second projection of the bracket are disposed within the first notch and the second notch, respectively, of the mount projection.

Abstract: Selection of proper virtual routing and forwarding (VRF) tables is based on a logical interface that is not associated with a physical interface. The selected VRF table is used to perform an output interface lookup for outgoing packets. In one example, a router includes a plurality of network interfaces, and a processing unit configured to select a logical interface not associated with any of the plurality of network interfaces based on an association with a received packet of a virtual private network, select one of a plurality of VRF tables in which to perform an output interface lookup for the packet that corresponds to the selected logical interface, and determine one of the plurality of network interfaces from the one of the plurality of VRF tables based on a destination of the packet, wherein the determined one of the plurality of network interfaces is configured to forward the packet.

Abstract: In one embodiment, an apparatus includes a memory, a communications interface and a processor. The processor is operatively coupled to the memory and the communications interface. The processor is configured to receive, at a first time, a label identifier associated with an aggregated link within the communications network via the communications interface. The aggregated link including a plurality of redundant links. The processor is configured to receive, at a second time after the first time, a data packet including the label identifier via the communications interface. The processor is configured to send at least a portion of the data packet via a first link separate from the aggregated link based on the label identifier. The processor is configured to not send the data packet via a link from the plurality of redundant links of the aggregated link based on the label identifier.

Abstract: A secondary protection device may receive a voltage surge. The voltage surge may be received based on a failure associated with a primary protection device. The secondary protection device may protect a piece of protected equipment from the voltage surge based on receiving the voltage surge. The secondary protection device may generate a failure notification based on protecting the piece of protected equipment from the voltage surge. The failure notification may indicate the failure associated with the primary protection device. The secondary protection device may provide the failure notification.

Abstract: A system may comprise a first device and a second device associated with a Clos architecture. The first device may include a first crossbar that comprises a first component, a second component, and a third component. The second device may include a second crossbar that comprises a fourth component, a fifth component, and a sixth component. The first component may connect to the second component and the fifth component. The second component may connect to the first component, the third component, the fourth component, and the sixth component. The third component may connect to the second component and the fifth component. The fourth component may connect to the second component and the fifth component. The fifth component may connect to the first component, the third component, the fourth component, and the sixth component. The sixth component may connect to the second component and the fifth component.