Abstract: In general, techniques are described for performing network segmentation for container orchestration platforms. A network controller comprising a memory and processing circuitry may be configured to perform the techniques. The memory may be configured to store a request, conforming to a container orchestration platform, to configure a new pod of a plurality of pods with a primary interface to communicate on a virtual network to segment a network formed by the plurality of pods. The processing circuitry may be configured to configure, responsive to the request, the new pod with the primary interface to enable communications via the virtual network.

Abstract: In general, techniques are described for a computing device including a virtual router, a pod comprising a container, and a network plugin. The virtual router includes a virtual router agent. The network plugin includes processing circuitry configured to receive, from the virtual router agent, an indication of an interface type for a virtual network for the pod and to configure, for the pod, a virtual network interface having the interface type, the virtual network interface for communicating on the virtual network.

Abstract: A network device may define a container LSP that includes multiple member LSPs. Each of the multiple member LSPs defines a path from the network device through a network of a plurality of network devices. The network device may receive traffic that includes multiple packet flows. The network device may identify a first set of packet flows that are intolerant to packet reordering. The network device may identify a second set of packet flows that are tolerant to packet reordering. The network device may distribute each of the first set of packet flows to a corresponding one of the multiple member LSPs. The network device may process the second set of packet flows to determine a distribution sequence for the second set of packet flows. The network device may distribute the second set of packet flows among the multiple member LSPs based on the distribution sequence.

Abstract: In an example, systems and methods enable automatic implementation of intent-based security policies in a network system, such as a software-defined wide area network system, in which network segment prefixes for network segments at one or more sites are dynamically learned. A service orchestrator controller translates an intent-based security policy input by a user to a security policy for a first site. The security policy for the first site specifies a segment-specific queryable resource associated with a second site. To implement the security policy, a device associated with the first site queries the segment-specific queryable resource associated with the second site, and updates one or more forwarding tables of the device with the network segment prefixes associated with one or more network segments at the second site received in response to the query. The first site forwards network traffic to the second site based on the updated forwarding tables.

Abstract: A network device may receive a first configuration object associated with an application and may parse the first configuration object to identify first configuration data. The network device may calculate a first hash value based on the first configuration data and may generate a first operational object based on the first configuration data and the first hash value. The network device may receive a second configuration object associated with the application of the network device and may parse the second configuration object to identify second configuration data. The network device may calculate a second hash value based on the second configuration data and may determine whether the first hash value matches the second hash value. The network device may prevent, based on the first hash value matching the second hash value, generation of a second operational object based on the second configuration data and the second hash value.

Abstract: Some organizations have a deployed and functional “controllerless” EVPN VxLAN Fabric in their data centers. Eventually, however, the organization may deploy a controller within the network. In one example, this disclosure describes a method that includes configuring a controller to communicate with each of a plurality of elements in a network; determining, by the controller, an initial operational state of the network; translating, by the controller, the initial operational state of the network to an intent-based configuration; pushing, by the controller, the intent-based configuration to the network to reconfigure each of the plurality of elements in the network in a manner consistent with the intent-based configuration; determining, by the controller and after pushing the intent-based configuration, an updated operational state of the network; and comparing, by the controller, the initial operational state of the network with the updated operational state of the network.

Abstract: An electrostatic discharge bag may include a bottom portion, and a front portion integrally connected to the bottom portion and including a first inside-out creased edge. The electrostatic bag may include a first side portion integrally connected to the bottom portion and the front portion and including a second inside-out creased edge and a first pair of outside-in creased edges, and a second side portion integrally connected to the bottom portion and the front portion and including a third inside-out creased edge and a second pair of outside-in creased edges. The first and second pairs of outside-in creased edges may enable the electrostatic discharge bag to collapse inward and downward toward the bottom portion. The electrostatic discharge bag may include a rear portion integrally connected to the bottom portion, the first side portion, and the second side portion and including a fourth inside-out creased edge.

Abstract: A network management system may detect congestion and other network problems, identify the root cause of the issue and invoke remedial actions. The network management system may collect a time series of network data from various devices in the network. The network management system may use the collected network data to determine metrics indicating whether the network is experiencing congestion and/or anomalies, and if so, what is the root cause. Once the root cause is identified an automated and/or manual corrective action may take place.

Abstract: In some implementations, a network device may determine throughput rate metrics for a plurality of processing units of the network device that are processing network traffic of a network. The network device may maintain the throughput rate metrics in a status table associated with the plurality of processing units. The network device may receive tunnel traffic associated with a particular tunnel of the network. The network device may determine, based on a characteristic of the tunnel traffic, a potential throughput rate associated with processing the tunnel traffic. The network device may direct the tunnel traffic to a particular processing unit, of the plurality of processing units, based on the potential throughput rate and the throughput rate metrics indicated in the status table.

Abstract: A device may utilize a point-to-point protocol over Ethernet (PPPoE) and a point-to-point protocol (PPP) to register the device with a core network, and may establish a first packet data unit (PDU) session with the core network based on the PPPoE and the PPP. The device may configure the first PDU session, based on the PPPoE and the PPP, to provide a first service, and may generate first keep alive messages to maintain the first PDU session. The device may establish a second PDU session with the core network based on the PPPoE and the PPP, and may configure the second PDU session based on the PPPoE and the PPP, where the second PDU session is configured to provide a second service that is different than the first service. The device may generate second keep alive messages to maintain the second PDU session.

Abstract: A first network device may communicate, in association with a tunnel establishment network protocol, with a second network device to cause a network tunnel between the first network device and the second network device to be established. The first network device may determine, based on communicating with the second network device to cause the network tunnel to be established, that the network tunnel is to support network micro-tunnel functionality within the network tunnel. The first network device may communicate, based on determining that the network tunnel is to support network micro-tunnel functionality, with the second network device to identify a traffic class, of one or more traffic classes, to which network micro-tunnel functionality within the network tunnel is to be applied. The first network device may cause a network micro-tunnel to be established within the network tunnel for traffic associated with the traffic class.

Abstract: In some implementations, an integrated broadband network gateway (BNG) device may communicate management information with a particular distributed BNG user plane device. The integrated BNG device may communicate control packets with the particular distributed BNG user plane device. The integrated BNG device may communicate session control and state information with the particular distributed BNG user plane device. The management information, the control packets, and the session control and state information may be communicated via respective interfaces between the integrated BNG device and the particular distributed BNG user plane device. Accordingly, the integrated BNG device may provide a BNG control plane for the particular distributed BNG user plane device.

Abstract: A network management system (NMS) is configured to control roaming in a wireless network using a variable mobility threshold. For a first wireless device associated with a current location, the NMS obtains at least one performance metric of a first wireless signal received by the first wireless device at the current location from a first AP of a plurality of APs, compares the at least one parameter of the first wireless signal to at least one performance metric of a second wireless signal received by at least one other wireless device at the current location from a second AP of the plurality of APs, and triggers a roaming operation of the first wireless device from the first AP to the second AP if the comparison satisfies a mobility threshold that varies based on the at least one performance metric of the first wireless signal.

Abstract: Embodiments are generally directed to managing power consumption of powered devices. In some embodiments, the powered devices draw power from a common source of power, which is limited. Under certain circumstances, exceeding the power limits can cause interruption of power to one or more of the devices, thus introducing a source of communication failures. To ensure reliable communications, an attempt to increase a power consumption of a first powered device in a power group is first reviewed to determine if the increase will cause a supplied power of the group to exceed a maximum power of the group. If the increase will cause the maximum power to be exceeded, the increase is modified, in some circumstances, to fit within the maximum power level. Alternatively, power consumption of a lower priority device is reduced to accommodate the requested power consumption increase.

Abstract: The disclosed embodiments provide for management of a Wi-Fi network in the presence of a high priority receiver. When a high priory receiver is identified, a portion of the Wi-Fi network that could potentially interfere with the high priority receiver is identified and steps are taken to reduce the probability of such interference. For example, some wireless transmitters may be switched to alternate channels to reduce the probability of interference. By sharing information relating to high priority receivers across a plurality of wireless transmitters, the disclosed embodiments provide for more efficient operation in the presence of high priority receivers when compared to methods that independently detect a high priority receiver at each wireless transmitter.

Abstract: Compute nodes can execute virtual routers to implement a forwarding plane for one or more virtual networks having virtual network destinations hosted by the compute nodes. In one example, a method includes generating, by a software-defined networking (SDN) controller that manages a plurality of compute nodes, based on a unique identifier of a virtual network, a route target value for the virtual network, wherein the virtual network comprises virtual network endpoints executing on the compute nodes; and outputting, by the SDN controller and to a routing protocol peer device, a virtual private network (VPN) route that includes the route target value for the virtual network and a virtual network prefix associated with the virtual network, the VPN route for routing to the plurality of compute nodes executing the virtual network endpoints of the virtual network.

Abstract: This disclosure describes techniques that include assessing trust in a computer network. In one example, this disclosure describes a method that includes determining a level of trust that a first network entity has for a second network entity; determining a level of trust that the second network entity has for a third network entity; determining that the first network entity is separated from the third network entity by the second network entity; determining, based on the level of trust that the first network entity has for the second network entity and further based on the level of trust that the second network entity has for the third network entity, a level of trust that the first network entity has for the third network entity; and enabling, based on the level of trust that the first network entity has for the third network entity, the first network entity to perform an operation with the third network entity.

Abstract: A computing device is configured to: obtain information of tracking areas including a first and second tracking area, the first tracking area comprising first cells and the second tracking area comprising second cells; generate a user interface with a visualization of the tracking areas, the user interface comprising first cell user interface elements visually representing the first cells and second cell user interface elements visually representing the second cells; output the user interface for display at a display device; receive user input indicative of filtering criteria; generate a modified user interface by modifying at least one of the first cell user interface elements or the second user interface elements to visually indicate the first tracking area satisfies the filtering criteria and the second tracking area does not satisfy the filtering criteria; and output the modified user interface for display at the display device.

Abstract: A fan tray, for a fan module of a network device chassis, may include an inner assembly that includes an inner cassette, one or more fans connected to the inner cassette, a first latch connected to the inner cassette and configured to removably connect to an outer assembly of the fan tray, and a fan controller connected to the inner cassette and configured to control operation of the one or more fans. The outer assembly may be configured to receive and retain the inner assembly, and may include an outer cassette with one or more openings configured to communicate with the one or more fans, a second latch connected to the outer cassette and configured to removably connect to a rear portion of the network device chassis, and an adaptor connected to the outer cassette and configured to connect and provide power to the fan controller.