Abstract: Disclosed are methods and systems for determining combinations of system parameters that indicate a root cause of a system level experience deterioration (SLED). Some of the disclosed embodiments generate a decision tree from a first class of operational parameter datasets. Rules are derived from the decision tree. Filtered rule sets for feature parameters included in the system parameters are then determined. Pairs of features within a particular dataset that each satisfy their respective filtered rule sets are indicative of a root cause of the degradation, at least in some embodiments.

Abstract: A network device can automatically select an execution plan from a set of possible execution plans that cause a first set of traffic assignments in a network to be changed to a second set of traffic assignments. A traffic assignment indicates assignments of the traffic to one or more tunnels, internal routes and/or peer links to be utilized for routing traffic received at provider edge routers through a network to prefixes. A traffic assignment can have various parameters such as bandwidth, transmission costs etc. Each execution plan has one or more steps, and each step has one or more traffic assignment changes progressing from the first set of traffic assignments to the second set of traffic assignments. The network device can automatically select an execution plan based on an evaluation metric determined for each execution plan. The evaluation metric can be a cost based metric or a quality based metric.

Abstract: A network device may receive an instruction to update a data structure implemented by the network device and update the data structure based on receiving the instruction. The data structure may include a routing instruction to direct the network device to provide a data flow to a server device for processing. The network device may receive the data flow destined for a destination device; determine the routing instruction based on at least a portion of an internet protocol (IP) address associated with the data flow and based on the data structure; execute the routing instruction to provide the data flow to the server device and to cause the data flow to be processed by the server device to form a processed data flow; and receive the processed data flow and provide the processed data flow towards the destination device.

Abstract: In some implementations, a non-ingress node of one or more label-switched paths (LSPs) may identify a resource issue event. The non-ingress node may identify, based on identifying the resource issue event, one or more notification-requester stacks included in a data structure. The non-ingress node may generate one or more resource notification messages that each include a respective notification-requester stack of the one or more notification-requester stacks. The non-ingress node may send the one or more resource notification messages based on the one or more notification-requester stacks.

Abstract: In general, techniques are described for deploying virtualized cell site routers (vCSRs). In an example, a method comprises receiving, at a forwarding plane of a virtualized cell site router (vCSR) of a first Distributed Unit (DU) of a plurality of DU servers of a cell site for a 5G radio access network, the vCSR having a containerized routing protocol process and a forwarding plane configured to perform Layer 2 (L2) switching, L2 packets on a second interface for a second physical link connecting the first DU server to an L2 switch; and switching, by the forwarding plane of the vCSR of the first DU, the L2 packets on a first interface for a first physical link connecting the first DU server to a second DU server of the plurality of DU servers.

Abstract: Techniques are described for monitoring network performance and managing network faults in a computer network. A cloud-based network management system stores path data received from a plurality of network devices operating as network gateways for an enterprise network, the path data collected by each network device of the plurality of network devices for one or more logical paths of a physical interface from the network device over a wide area network (WAN). The network management system determines, based on the path data, one or more WAN link health assessments, wherein the one or more WAN link health assessments include a success or failure state associated with one or more of service provider reachability, physical interface operation, or logical path performance; and in response to determining the at least one failure state, outputs a notification including identification of a root cause of the at least one failure state.

Abstract: A customer edge device is connected, in a multi-homed configuration, to a device via a downlink of the device and to another device via another downlink of the other device. The device may determine that each of one or more uplinks of the device has an inactive interface status and may thereby cause the downlink of the device to be down. This may cause the customer edge device to communicate network traffic via the other downlink of the other device. The device may determine that at least one uplink, of the one or more uplinks, has an active interface status and may thereby cause the downlink to be up. This may cause the customer edge device to communicate network traffic via the downlink of the device.

Abstract: In some implementations, a security device may identify a resource profile based on a value of a resource utilization metric associated with the security device. The security device may identify a security services profile to be applied to traffic that is to be processed by the security device. The security device may determine a set of security services to be performed by the security device, the set of security services being identified based on the resource profile and the security services profile. The security device may perform the set of security services according to the security services profile.

Abstract: A network device may determine that network traffic for a communication session between a first peer device and a second peer device is to be protected using a security protocol suite. The network device may establish, using one or more tunnels, multiple security associations that are to be used to securely provide the network traffic of the communication session over an unsecured medium. The network device may determine a rekey scheduling time for each security association, of the multiple security associations, based on a combination of configuration information and dynamic network device information. The network device may perform, at each rekey scheduling time, a rekeying procedure to rekey each security association of the multiple security associations.

Abstract: A mixed pitch method of placing pads in a ball grid array (BGA) package having a BGA substrate and a plurality of connectors arranged in an array and connected via the pads to the BGA substrate. Selected pairs of the pads are placed on the BGA substrate at a distance defined by a first pitch P1. Ground pads are placed on the BGA substrate at a distance from the selected pairs of pads defined by a second pitch P2, wherein P2=M*P1 and M is greater than one. The selected pairs of the pads on the BGA substrate are also placed at a distance from other selected pairs of the pads defined by the second pitch P2.

Abstract: A network management system (NMS) generates a hierarchical attribution graph representing different scopes at different hierarchical levels of a wide area network (WAN); obtains logical path down data indicative of operational behavior including failure events associated with logical paths of network devices over the WAN; obtains total path data indicative of a historical number of active logical paths between the network devices; and determines a scope of a logical path down issue by, for a time period of the logical path down issue, determining a score for each scope of the different scopes based on the logical path down data aggregated across the respective scope and the total path data, and determining the scope of the logical path down issue as a particular scope of the different scopes having a highest score. The NMS may identify the particular scope as a root cause of the logical path down issue.

Abstract: In general, techniques are described for deploying and managing a virtual router having Data Plane Development Kit (DPDK) functionality to a computing device. In an example, a method includes creating, by a container orchestration platform executing on a computing device, a virtual router custom resource instance of a virtual router custom resource definition, the virtual router custom resource instance for a virtual router to execute on the computing device; based on configuration data for the virtual router custom resource instance, by the container orchestration platform, modifying the virtual router custom resource instance with the configuration data and deploying a first virtual computing instance comprising a virtual router configured according to the modified virtual router custom resource instance; and executing, by the computing device, the virtual router to process a packet.

Abstract: Techniques are disclosed for the detection of different states of a session comprising a bidirectional flow of network traffic between client devices so as to enable a network device to apply different network policies to different states of the session. In one example, a computing device identifies multiple states of a session and defines a plurality of network policies. Each network policy defines performance requirements for network traffic during each state of the session. A network device receives the plurality of network policies and determines a state of the session. The network device selects a path based on the performance requirements of the network policy associated with the determined state of the session. The network device forwards traffic associated with the session along the selected path while the session is in the determined state.

Abstract: An edge services controller may use a service scheduling algorithm to deploy services on Network Interface Cards (NICs) of a NIC fabric while incrementally scheduling services. The edge services controller may assign services to specific nodes depending on their available resources on these nodes. Available resources may include CPU compute, DPU compute, node bandwidth, etc. The edge services controller may also consider the distance between the services that communicate with each other (i.e., hop count between nodes if two communicating services are placed on separate nodes) and the weight of communication between the services. Two services that communicate heavily with each other may consume more bandwidth, and putting them further apart is more detrimental than keeping them closer to each other, i.e., reducing the hop count between each other depending on the bandwidth consumption due to their inter-service communications.

Abstract: An example method comprises determining, by an edge services controller, based on a respective predicted resource utilization value for each of a plurality of servers, a corresponding server weight for each of the plurality of servers; the plurality of servers comprising respective network interface cards (NICs), wherein each NIC of the plurality of NICs comprises an embedded switch and a processing unit coupled to the embedded switch; determining, by the edge services controller, based on a respective predicted resource utilization value for each of a plurality of services, a corresponding application weight for each of the plurality of services; and scheduling, by the edge services controller, based on the respective server weight for a server of the plurality of servers and the respective application weight for the service, a service of the plurality of services on the server.

Abstract: A network device may be configured to receive a file stream associated with an file. The network device may be configured to identify, based on receiving the file stream, an initial portion of the file. The network device may be configured to process the initial portion of the file to determine one or more features of the file. The network device may be configured to generate, based on the one or more features of the file, a determination as to whether the file is malicious. The network device may be configured to block or allow, based on the determination, the file stream.

Abstract: In some examples, a computing device comprises a first service function instance to apply a service function and a service function forwarder to: receive a first layer 3 routing protocol route advertisement that includes service function instance data for a second service function instance, the service function instance data indicating a service function type and a service identifier for the service function instance; receive a second layer 3 routing protocol route advertisement that includes service function chain data for a service function chain, the service function chain data indicating a service path identifier and one or more service function items; and send, to the second service function instance and based at least on determining a service function item of the one or more service function items indicates the second service function instance, a packet classified to the service function chain.

Abstract: This disclosure describes techniques are described for proactively computing configuration information for policy-driven on-demand tunnel creation and deletion between sites in a software-defined networking in wide area network (SD-WAN) environment. In some examples, a controller device is configured to precompute configuration data for an overlay tunnel through the wide area network to connect a first site and a second site of a plurality of sites in the SD-WAN environment. The controller device is further configured to obtain, after precomputing the configuration data, an indication to configure the overlay tunnel. The controller device is also configured to send, in response to receiving the indication to configure the overlay tunnel, at least some of the configuration data to the first site to configure the first site with the overlay tunnel.

Abstract: A network monitoring device may receive, from a mediation device, flow-tap content data (generated by the mediation device based on current and/or previous investigation reports associated with flow tapping) that needs to be monitored. The network monitoring device may map the content data to a flow-tap content destination address of a content destination device in an entry of a flow-tap content filter. The network monitoring device may analyze, using the flow-tap content filter, network traffic of the network to detect a traffic flow that includes the content data. The network monitoring device may generate, based on successfully detecting a traffic flow that includes the content data, a traffic flow copy and may provide the traffic flow copy to the flow-tap content destination address, wherein the traffic flow copy is to be accessible to the content destination device to enable a context analysis of the content data.

Abstract: In some examples, a method includes receiving, by an egress network device for a network, messages from each of a plurality of ingress network devices for the network, wherein each of the messages specifies a multicast source, a multicast group, and an upstream multicast hop weight value for multicast traffic for the multicast source and the multicast group; selecting, by the egress network device and based on the upstream multicast hop weight values specified by the received messages, one of the plurality of ingress network devices to which to send a multicast join message of a plurality of multicast join messages for the multicast source and multicast group; and sending, by the egress network device, the multicast join message to the selected one of the plurality of ingress network devices.