Abstract: In general, techniques are described for forwarding L2 BUM traffic within an Ethernet Virtual Private Network (EVPN) by implementing a forwarding preference for local interfaces of a PE device for broadcast domains in the EVPN. For example, a method includes receiving, by a first provider edge (PE) device of a plurality of PE devices configured with an EVPN instance comprising one or more broadcast domains reachable by a plurality of Ethernet segments connecting the plurality of PE devices to a plurality of customer edge (CE) devices, first EVPN routes; and configuring, by the first PE device in response to determining the first EVPN routes indicate the first PE device has a local interface for each of the plurality of Ethernet segments, forwarding information of the first PE device to cause the first PE device to perform local-bias forwarding of layer 2 (L2) packets for the EVPN instance.

Abstract: A device may transmit a packet for communicating via a tunnel. The packet may be associated with a protocol. The device may determine that the packet has been dropped by a security device. The device may selectively encrypt, after determining that the packet has been dropped, the packet using a null encryption for transport layer security (TLS) or a combination of encryption associated with the protocol and TLS encryption to generate an encrypted packet. The device may transmit the encrypted packet for communicating via the tunnel.

Abstract: A network device may obtain information concerning a virtual chassis that indicates that the network device and an additional network device are to be included in the virtual chassis. The network device may determine, based on the information concerning the virtual chassis, that the network device is connected to the additional network device, wherein the network device is connected to the additional network device via a link between a network interface of the network device and a network interface of the additional network device. The network device may cause the network interface of the network device to be converted to a virtual chassis interface and the network interface of the additional network device to be converted to a virtual chassis interface to enable the network device and the additional network device to be included in the virtual chassis to allow bootstrapping of the virtual chassis as a single logical device.

Abstract: A network device may establish a media access control security (MACsec) key agreement (MKA) session with another network device via a MACsec communication link; establish a fast heartbeat session via the MACsec communication link, between a first packet processing engine of the network device and a second packet processing engine of the other network device, where the fast heartbeat session is to permit the first packet processing engine and the second packet processing engine to exchange fast heartbeat messages via the fast heartbeat session and the MACsec communication link; place an MKA protocol of the MKA session in a pause state until the first packet processing engine detects a rekey event; determine that a key for the MKA session is to be regenerated based on detection of the rekey event; and perform an action based on the rekey event for the MKA session.

Abstract: A network monitoring device may receive, from a mediation device, flow-tap geolocation information that identifies a geographical location (e.g., that is derived based on current and/or previous flow-tap investigation reports) and may obtain, from a geographical Internet protocol (GeoIP) database and based on the flow-tap geolocation information, a plurality of Internet protocol (IP) addresses that are associated with the geographical location. The network device may map the plurality of IP addresses to a flow-tap content destination address of a content destination device in a plurality of entries of a flow-tap geolocation filter. The network device may detect, based on the flow-tap geolocation filter, a traffic flow that is associated with the geographical location, may generate a traffic flow copy, and may provide the traffic flow copy to the flow-tap content destination address, wherein the traffic flow copy is to be accessible to the content destination to enable a context analysis of the traffic flow.

Abstract: A disclosed method may include (1) identifying a set of network objects associated with a network whose performance is tracked by a monitoring service, (2) grouping a first subset of the network objects based at least in part on a first attribute, (3) grouping a second subset of the network objects based at least in part on a second attribute, and then (4) providing, for presentation on a computing device in connection with the monitoring service, a graphical user interface that includes a plurality of graphical cards in a single view, wherein the plurality of graphical cards comprise at least (A) a first graphical card that is positioned in a first section and graphically represents the first subset and (B) a second graphical card that is positioned in a second section and graphically represents the second subset. Various other systems and methods are also disclosed.

Abstract: In general, techniques are described for providing user nomadicity in wireline broadband networks. A network device positioned in a wireline broadband network comprising a processor and an interface may be configured to perform the techniques. The processor may be configured to execute a first virtual customer premises equipment to provide, to a first subscriber, access to the wireline broadband network from a first subscription point in accordance with a first subscription. The processor may also be configured to provide, to a second subscriber, access to the wireline broadband network from the first subscription point in accordance with a second subscription. The interface may be configured to forward, in accordance with the first subscription, traffic received from the first subscription point and associated with the first subscriber, and forward, in accordance with the second subscription, traffic received from the first subscription point and associated with the second subscriber.

Abstract: According to various aspects of the present disclosure, an apparatus is provided. In an aspect, the apparatus includes an optical transceiver having a first port, a second port and an optical switch coupled to the first port and the second port. The optical switch is switchable between a unidirectional port operation mode and a bidirectional port operation mode. When the optical switch is in the unidirectional port operation mode, the first port is configured to send a first optical signal, and the second port configured to receive a second optical signal. When the optical switch is in the bidirectional port operation mode, the first port configured to send the first optical signal and receive the second optical signal, and the second port configured to receive a third optical signal and not send the first signal.

Abstract: A method may include (1) preparing, at a slave device, a request message that identifies an initial time-to-live value, (2) sending the request message to a plurality of candidate master devices, (3) receiving, at the slave device from one of the candidate master devices, a reply message that identifies a number of hops between the slave device and the one of the candidate master devices, (4) receiving, at the slave device from another one of the candidate master devices, another reply message that identifies another number of hops between the slave device and the another one of the candidate master devices, and then (5) synchronizing a clock of the slave device with a clock of the one of the candidate master devices due at least in part to the number of hops being less than the another number of hops. Various other apparatuses, systems, and methods are also disclosed.

Abstract: This disclosure describes techniques for sharing routes between nodes in a distributed network system. An example method includes receiving, by a control node of a software-defined network (SDN) controller, a route from a compute node of a plurality of compute nodes in a network; publishing, by the control node and in response to receiving the route, a route update to an in-memory database service of the SDN controller; and sending, by the in-memory database service in response to receiving the published route update, the published route update to any of the plurality of compute nodes that have subscribed to receive route updates for an in-memory database instance associated with the control node.

Abstract: Techniques are described for in-service configuration data migration for distributed micro service-based applications. In one example, a network device comprises a plurality of legacy data repositories comprising configuration data in key-value pair format that specifies a plurality of parameters and corresponding values for operation of the network device, and a hierarchical configuration data model having a plurality of nodes arranged in a hierarchical organization having a root node and a plurality of leaf nodes. Each of the nodes of the configuration data model is configured to store a set of configuration data parameters for the network device. One or more of the nodes includes a plurality of external references to respective parameters of the plurality of parameters stored within the plurality of legacy data repositories. Process circuitry is configured to perform a migration of the configuration data from the legacy data repositories to the hierarchical data model.

Abstract: In some embodiments a method includes receiving, at a first network device, a data unit to be sent to second network device via a tunnel, the data unit associated with an application. The method includes appending, to the data unit, an encapsulation header that includes a first portion configured such that the second network device is configured to forward the data unit based on the second portion of the encapsulation header that is configured to identify the application. The method includes sending, from the first network device to the second network device via a first portion of the tunnel, the data unit such that the second network device appends the encapsulation header to the data unit prior to forwarding the data unit via a second portion of the tunnel.

Abstract: A device may receive an input associated with deploying a virtual firewall on a computing device. The device may determine a first set of characteristics associated with the virtual firewall and a second set of characteristics associated with a hypervisor associated with the computing device. The device may automatically tune the virtual firewall based on the first set of characteristics and the second set of characteristics. The device may deploy the virtual firewall after tuning the virtual firewall.

Abstract: An improved traceroute mechanism for use in a label-switched path (LSP) is provided by (a) receiving, by a device in the LSP, an echo request message, wherein the echo request includes a label stack having a least one label, and wherein each of the at least one label has an associated time-to-live (TTL) value; (b) responsive to receiving the echo request, determining by the device, whether or not the device is a penultimate hop popping (PHP) device for the outermost label of the label stack; and (c) responsive to determining that the device is the PHP device for the outermost label of the label stack, (1) generating an echo reply message corresponding to the echo request message, wherein the echo reply message is encoded to indicate that the device is the PHP device for the outermost label of the label stack, and (2) sending the echo reply message back towards a source of the echo request message.

Abstract: Embodiments are generally directed to managing power consumption of powered devices. In some embodiments, the powered devices draw power from a common source of power, which is limited. Under certain circumstances, exceeding the power limits can cause interruption of power to one or more of the devices, thus introducing a source of communication failures. To ensure reliable communications, an attempt to increase a power consumption of a first powered device in a power group is first reviewed to determine if the increase will cause a supplied power of the group to exceed a maximum power of the group. If the increase will cause the maximum power to be exceeded, the increase is modified, in some circumstances, to fit within the maximum power level. Alternatively, power consumption of a lower priority device is reduced to accommodate the requested power consumption increase.

Abstract: A method includes applying, to a modulated digital signal, a forward error correction (FEC) including a low-density parity-check (LDPC) to produce a coded digital signal. Nyquist shaping is applied to the coded digital signal to generate a filtered digital signal. A representation of the filtered digital signal is transmitted in an optical communication channel via a dense wavelength division multiplexing (DWDM) scheme.

Abstract: A first network device may receive first traffic of a session that involves a service. The first network device may identify that the service is configured for distributed node processing. The first network device may identify a second network device that is configured for distributed node processing. The first network device may identify a state machine that is associated with the service. The first network device may determine, based on the state machine, a first function and a second function, wherein the first function is identified by a first label and the second function is identified by a second label. The first network device may process the first traffic based on the first function. The first network device may provide, to the second network device, the first traffic and the second label to permit the second network device to process second traffic in association with the second function.

Abstract: In an example, a method includes computing, by a computing device, for a segment routing policy that specifies a bandwidth constraint for the segment routing policy, first shortest paths through a network of network nodes, wherein each shortest path of the first shortest paths represents a different sequence of links connecting pairs of the network nodes from a source to a destination; in response to determining, by the computing device based on the bandwidth constraint for the segment routing policy, a link of one of the first shortest paths has insufficient bandwidth to meet a required bandwidth for the link, increasing a metric of the link; computing, by the computing device, for the segment routing policy that specifies the bandwidth constraint, based on the increased metric of the link, second shortest paths through the network of network nodes; and provisioning the second shortest paths in the network of nodes.

Abstract: In some examples, a method includes receiving, by an egress network device for a network, messages from each of a plurality of ingress network devices for the network, wherein each of the messages specifies a multicast source, a multicast group, and an upstream multicast hop weight value for multicast traffic for the multicast source and the multicast group; selecting, by the egress network device and based on the upstream multicast hop weight values specified by the received messages, one of the plurality of ingress network devices to which to send a multicast join message of a plurality of multicast join messages for the multicast source and multicast group; and sending, by the egress network device, the multicast join message to the selected one of the plurality of ingress network devices.

Abstract: A method includes determining, by a controller device that manages a plurality of network devices, device characteristic information for a network device of the plurality of network devices and selecting, by the controller device, one or more sensors from a plurality of sensors based on the device characteristic information for the network device. The method further includes outputting, by the controller device, an instruction to cause the network device to generate the one or more selected sensors at the network device and receiving, by the controller device, sensor information from the one or more selected sensors generated at the network device.