Abstract: Techniques are described for extending a two-way active measurement protocol (TWAMP) to enable measurement of service key performance indicators (KPIs) in a software defined network (SDN) and network function virtualization (NFV) architecture. The TWAMP extensions enable control messaging to be handled by a TWAMP control client executed on a centralized controller, and data messaging to be handled by a TWAMP session initiator executed on a separate network device. Techniques are also described for extending TWAMP to enable measurement of any of a plurality of service KPIs for a given service supported at a TWAMP server. The service KPIs may include one or more of keepalive measurements, round trip time measurements, path delay measurements, service latency measurements, or service load measurements. The TWAMP extensions for the service KPIs may be used in both conventional network architectures and in SDN and NFV architectures.

Abstract: Techniques are disclosed for implementing scalable policies across a plurality of categories that support application workloads. In one example, a policy controller assigns to the plurality of categories tags specifying one or more of a plurality of dimensions. The policy controller distributes a plurality of policies to policy agents for the plurality of categories. Each policy includes one or more policy rules, and each policy rule includes one or more tags specifying one or more of the plurality of dimensions. For each policy rule, the policy agents allow or deny a traffic flow between objects that belong to categories of the plurality of categories described by the one or more dimensions of a respective tag of the policy rule.

Abstract: A first device may receive a packet that includes information identifying a path through a network. The first device may configure a header of the packet to include a first set of identifiers that identifies the path and the first device via which the packet was received. The first device may configure the header of the packet to include a second set of identifiers that identifies a set of devices associated with the path. The set of devices may be associated with providing the packet via a network. The first device may determine whether a counter associated with the first set of identifiers has been initialized. The first device may modify a value of the counter to record a metric. The first device may provide the packet to a second device. The first device may perform an action related to the packet or based on the value of the counter.

Abstract: An example user device may include a terrestrial mobile network radio; a satellite network radio; and one or more processors to establish, via the terrestrial mobile network radio, a first communication link with a terrestrial mobile network, establish, via the satellite network radio, a second communication link with a satellite network, monitor a characteristic of the first communication link and a characteristic of the second communication link, select the terrestrial mobile network or the satellite network for traffic communication based on the characteristic of the first communication link and the characteristic of the second communication link, and/or perform an action associated with the traffic communication based on selecting the terrestrial mobile network or the satellite network for traffic communication.

Abstract: A network device may determine a control plane session type associated with a control plane session. The control plane session may be associated with the network device. The network device may determine whether the control plane session type is associated with a forwarding information base (FIB) cache on the network device. The network device may obtain, based on determining that the control plane session type is associated with the FIB cache, forwarding information associated with the control plane session. The forwarding information may be stored in a FIB, associated with the FIB cache, on the network device. The network device may store the forwarding information in the FIB cache and process the control plane session using the forwarding information stored in the FIB cache.

Abstract: A network device may include a packet generator device implemented in hardware. The packet generator device may include a control component, a payload generation component, and an interface element to receive test packet generation information. The test packet generation information may include one or more control inputs, header data that is to be included in one or more test packets, and information regarding a data pattern that is to be included in payload data of the one or more test packets. The one or more control inputs, when provided to the control component, may cause the control component to control the payload generation component to generate the one or more test packets based on the header data and the information regarding the data pattern.

Abstract: A Software-defined Networking (SDN) controller of data center with application-aware firewall policy enforcement is disclosed. In one example, the SDN controller receives a request to initialize an instance of an application. in response to receiving the request, the SDN controller transmits, to a firewall component positioned between an SDN gateway device of the data center and a network external to the data center, a message. In some examples, the messing includes an application signature corresponding to the instance of the application and an application firewall policy corresponding to the application signature. The message instructs the firewall component to install the application firewall policy for application to network traffic for the instance of the application.

Abstract: A device may receive, from an ingress device, a packet for a protocol session associated with detecting faults in a path of a network that includes a link aggregation group (LAG). The packet may be encapsulated with a user datagram protocol (UDP) header that includes a dynamically assigned UDP source port identifier. The LAG may include a set of links. The device may select, using the dynamically assigned UDP source port identifier, a link in the LAG to use in the path. The device may provide, using the selected link, the packet to one or more downstream devices to permit a downstream device, of the one or more downstream devices, to determine whether packet timeout has occurred. The device may receive an instruction to maintain the protocol session or to close the protocol session and close the path. The device may provide the instruction to the ingress device.

Abstract: An example method includes determining, by a network controller, based on a high-level data model, vendor-agnostic device information for a first network device, translating the vendor-agnostic device information into vendor-specific device information, sending, to the first network device, first configuration information included in the vendor-specific device information to cause the first network device to switch into a maintenance mode and enable diversion of network traffic from the first network device to a second network device, responsive to verifying that the first network device has diverted the traffic, initiating maintenance procedures on the first network device while the first network device is in the maintenance mode, and sending, to the first network device, second configuration information included in the vendor-specific device information to cause the first network device to switch out of the maintenance mode and enable reversion of network traffic from the second device to the first network

Abstract: In general, techniques are described for conflict resolution in source packet routing in networking. For example, a first router receives a first advertisement originated in a first Interior Gateway Protocol (IGP) level. The first advertisement specifies a first prefix and a segment identifier (SID). The first router also receives a second advertisement originated in a second IGP level of the network. The second advertisement specifies a second prefix and the SID. Based on the first advertisement and the second advertisement specifying the same SID and based on the first IGP level having less visibility than the second IGP level, the first router selects the SID to be associated with a route to the first prefix.

Abstract: A device may determine a link aggregation group (LAG) that aggregates links that includes a first group of links that connects the device to a first provider edge (PE) device and a second group of links that connects the device to the second PE device, where the first PE device and the second PE device are on an Ethernet virtual private network (EVPN) and are multi-homed PE devices for the device, and where the first PE device provides a local connection to a customer edge (CE) device for the device. The device may receive a message from the first PE device indicating that the first PE device lacks a connection with the EVPN, and may send, based on the message, traffic intended for the CE device via the first PE device and traffic intended for the EVPN via the second PE device and not the first PE device.

Abstract: A device may receive, from the packet processing component and through an internal interface, a packet that includes a virtual routing and forwarding (VRF) interface identifier associated with a VRF interface of a virtual device. The internal interface may be associated with multiple external interfaces. The device may modify a value identifying an incoming interface via which the packet is received after receiving the packet that includes the VRF interface identifier. The modified value may be associated with the virtual device, and the modified value may allow an upper communication layer to determine that the packet is associated with the virtual device. The device may provide the packet to the upper communication layer after modifying the value identifying the incoming interface via which the packet is received to permit the upper communication layer to forward the packet to a destination.

Abstract: Disclosed are structures as well as methods of manufacture and operation of integrated optoelectronic devices that facilitate directly heating the diode or waveguide structures to regulate a temperature of the device while allowing electrical contacts to be placed close to the device to reduce the electrical resistance. Embodiments include, in particular, heterogeneous electro-absorption modulators that include a compound-semiconductor diode structure placed above a waveguide formed in the device layer of an SOI substrate.

Abstract: Techniques are disclosed for extending scalable policy management to supporting network devices. A network device comprising a memory and a processor may perform various aspects of the techniques. The memory may be configured to store a policy. The processor may be configured to obtain the policy to be enforced by a supporting network device coupled to a server, and identify a port of the supporting network device to which the server is coupled via the switch fabric. The policy controller may also identify a workload executed by the server to which the policy is associated, and convert the policy into configuration data supported by the network device. The policy controller may further configure, based on the configuration data, the network device to enforce the policy with respect to network traffic received via the identified port.

Abstract: A device may receive, by a kernel of the device and from a loadable kernel module of the device, information that instructs the kernel to invoke a callback function associated with the loadable kernel module based on an execution of a hook of the kernel. The device may receive, by the kernel of the device and from an application of the device, a socket application programming interface (API) call. The socket API call may include control information. The device may execute, by the kernel of the device, the hook based on receiving the socket API call. The device may invoke, by the kernel of the device, the callback function associated with the loadable kernel module based on executing the hook to permit a functionality associated with the callback function to be provided. The kernel may provide the control information, associated with the socket API call, to the callback function as an argument.

Abstract: An example photonic integrated circuit includes a transmitter circuit with a optical communication path to an optical coupler configured to couple with an optical fiber. The optical communication path has a propagation direction away from the transmitter circuit and towards the optical coupler. A counter-propagating tap diverts light sent by a light source backward against the propagation direction of the optical communication path. A photodiode receives the diverted light and measures its power level. The photodiode generates a feedback signal for the optical coupler and provides the feedback signal to the optical coupler. The optical coupler receives the feedback signal and adjusts a coupling alignment of the optical communication path to the optical fiber based on the feedback signal, which indicates the measured power level of the diverted counter-propagating light.

Abstract: The disclosed method may include (1) monitoring, while a computing device receives power from an external power supply, (A) the amount of power consumed by the computing device and (B) the amount of power provided to the computing device by the external power supply, (2) detecting that the amount of power provided to the computing device exceeds the amount of power consumed by the computing device by at least a certain threshold, (3) determining, based on the amount of power provided to the computing device exceeding the amount of power consumed by the computing device by the certain threshold, that the computing device is experiencing a malfunction, and then (4) mitigating potential damage to the computing device due to the malfunction by at least partially reducing the amount of power provided to the computing device from the external power supply. Various other apparatuses, systems, and methods are disclosed.

Abstract: A device may generate versions of a first executable process that is associated with deterministically defined parameters. The device may run the versions of the first executable process, and may monitor device parameters of the device or the first executable process when running the versions of the first executable process. The device may determine, based on monitoring the device parameters of the device or the first executable process, a variance to a parameter of the deterministically defined parameters relative to an expected value for the parameter, and may provide information indicating a presence of malware in connection with the device based on determining the variance to the parameter.

Abstract: The disclosed method may include (1) identifying, within a virtual network, a primary virtual network device and a backup virtual network device that is to handle traffic directed to the primary virtual network device following a failure of the primary virtual network device, (2) installing, on the primary virtual network device, a first virtual controller that manages the primary virtual network device, (3) installing, on the backup virtual network device, a second virtual controller that manages the backup virtual network device, (4) directing, by the first virtual controller, the second virtual controller to replicate a state of the primary virtual network device, (5) detecting the failure of the primary virtual network device, and then in response to detecting the failure of the primary virtual network device, (6) directing, by the first virtual controller, the second virtual controller to facilitate handling the traffic directed to the primary virtual network device.

Abstract: An apparatus includes a first input port, a first switch, and a second switch. The first switch and the second input port are in optical communication with the first input port. The apparatus also includes a second input port, a third switch, and a fourth switch. The third switch and the fourth switch are in optical communication with the second input port. Each switch is switchable between a first state to pass optical signals and a second state to block optical signals. The apparatus also includes a first combiner in optical communication with the first input port via the first switch and the second input port via the third switch. The apparatus also includes a second combiner in optical communication with the first input port via the second switch and the second input port via the fourth switch.