Abstract: The disclosed apparatus may include (1) a faceplate that facilitates at least one connection between at least one communication cable and a line card that forwards traffic in connection with a network, (2) at least one heatsink that (A) is integrated into the faceplate and (B) absorbs heat dissipated by at least one electronic component included in the line card, and (3) at least one mount that (A) is integrated into the faceplate and (B) enables the electronic component to attach to the heatsink. Various other apparatuses and systems are also disclosed.

Abstract: The disclosed computer-implemented method for forwarding network traffic using minimal Forwarding Information Bases (FIBS) may include (1) identifying a Routing Information Base (RIB) that includes a set of routes that define paths to destinations both inside and outside a network and then (2) creating a FIB that includes a subset of active routes whose size is below a size threshold by (A) importing, from the set of routes within the RIB, (I) internal routes that define paths to destinations inside the network, (II) high-traffic external routes that define paths to destinations outside the network, and (III) a default route that defines a path to a default node that facilitates resolution of traffic that does not match any of the internal or high-traffic external routes and (B) excluding, from the FIB, low-traffic external routes that define paths to destinations outside the network. Various other methods, systems, and apparatuses are also disclosed.

Abstract: A network device may include one or more processors. The one or more processors may receive a call from a services processor to allocate network address translation resources for a data packet. The one or more processors may determine an identifier associated with the services processor. The one or more processors may allocate network address translation resources using a network address port translation manager based on the identifier. The network address translation port manager may be a two-level port bitmap management system that determines a translated source port for the data packet.

Abstract: Embodiments of the invention describe apparatuses, optical systems, and methods related to utilizing optical cladding layers. According to one embodiment, a hybrid optical device includes a silicon semiconductor layer and a III-V semiconductor layer having an overlapping region, wherein a majority of a field of an optical mode in the overlapping region is to be contained in the III-V semiconductor layer. A cladding region between the silicon semiconductor layer and the III-V semiconductor layer has a spatial property to substantially confine the optical mode to the III-V semiconductor layer and enable heat dissipation through the silicon semiconductor layer.

Abstract: A device may receive usage information, associated with a group of client networks, including particular usage information associated with a particular client network. The device may receive threat information, associated with the group of client networks, including particular threat information associated with the particular client network. The device may determine a baseline based on the usage information. The device may determine a normalization function, associated with the particular client network, based on the baseline and the particular usage information. The device may determine normalized threat information, associated with the particular client network, based on the normalization function and the particular threat information. The device may determine overall normalized threat information associated with the group of client networks. The device may compare the normalized threat information and the overall normalized threat information.

Abstract: In one example, a method includes configuring a first provider edge (PE) router of a Provider Backbone Bridging (PBB) Ethernet Virtual Private Network (EVPN) to join an Ethernet Segment in active-active mode with at least a second PE router that is operating as a designated forwarder for the Ethernet Segment; receiving, by the first PE router from a remote PE router and prior to the first PE router performing Media Access Control (MAC) learning of a customer-MAC (C-MAC) address that is reachable via a backbone-MAC (B-MAC) address associated with the Ethernet Segment, a network packet that includes the C-MAC address; and in response to determining that the C-MAC address has not been learned by the first PE router and the B-MAC address included in the network packet is associated with the Ethernet Segment, forwarding, by the first PE router, the network packet to a destination identified by the C-MAC address.

Abstract: A security device may receive a response associated with a request. The response may include original session information. The request may be associated with a user device. The security device may modify the original session information to create modified session information. The security device may store information associated with the modified session information. The security device may provide the response, including the modified session information, to the user device. The security device may receive another request. The other request may include the modified session information. The security device may determine that the modified session information is not current session information based on the information associated with the modified session information. The security device may provide the other request without including the original session information.

Abstract: A high-performance, scalable and drop-free data center switch fabric and infrastructure is described. The data center switch fabric may leverage low cost, off-the-shelf packet-based switching components (e.g., IP over Ethernet (IPoE)) and overlay forwarding technologies rather than proprietary switch fabric. In one example, host network accelerators (HNAs) are positioned between servers (e.g., virtual machines or dedicated servers) of the data center and an IPoE core network that provides point-to-point connectivity between the servers. The HNAs are hardware devices that embed virtual routers on one or more integrated circuits, where the virtual router are configured to extend the one or more virtual networks to the virtual machines and to seamlessly transport packets over the switch fabric using an overlay network. In other words, the HNAs provide hardware-based, seamless access interfaces to overlay technologies used for communicating packet flows through the core switching network of the data center.

Abstract: A device may receive a trigger to determine whether one or more client devices, of a set of client devices, are infected by a malicious file. The device may generate file identification information associated with the malicious file based on receiving the trigger to determine whether the one or more client devices are infected by the malicious file. The device may obtain remote access to the one or more client devices using a connection tool based on receiving the trigger to determine whether the one or more client devices are infected by the malicious file. The device may obtain information, associated with the one or more client devices, using the remote access. The device may provide information indicating whether the one or more client devices are infected by the malicious file based on the file identification information and the information associated with the one or more client devices.

Abstract: In one embodiment, an apparatus includes a network management module configured to execute at a network device operatively coupled to a switch fabric. The network management module is configured to receive a first set of configuration information associated with a subset of network resources from a set of network resources, the set of network resources being included in a virtual local area network from a plurality of virtual local area networks, the plurality of virtual local area networks being defined within the switch fabric. The first set of configuration information dynamically includes at least a second set of configuration information associated with the set of network resources.

Abstract: A device may receive a request to access a resource. The resource may be associated with resource information. The device may obtain rating information based on receiving the request. The rating information may identify a rating associated with the resource. The device may apply an access rule based on the rating information. The access rule may identify an access indicator to generate based on the rating information. The access indicator may indicate an action to perform related to the resource. The device may generate the access indicator based on applying the access rule to the rating information. The device may store, locally in one or more memories, information that indicates an association between the access indicator and the resource information.

Abstract: Techniques are described for utilizing Protocol Independent Multicast Sparse Mode (PIM-SM) to transport BUM (broadcast, unknown unicast, and multicast) traffic in a Virtual Extensible LAN (VXLAN) underlay of a data center, where the BUM traffic is received on active-active, multi-homed Ethernet virtual private network (EVPN) interconnects between multiple physical data centers. For example, the techniques may readily be applied to support usage of PIM-SM where provider edge (PE) routers of the EVPN operate as gateways between the EVPN and the VXLAN spanning the data center interconnect.

Abstract: In some examples, a computing device includes one or more processors configured to execute a plurality of virtual machines; and a network interface card (NIC) coupled to the one or more processors and configured to receive configuration data defining a plurality of receipt queues of the NIC and associated with respective virtual machines of the plurality of virtual machines. The NIC is further configured to assign, based on respective virtual machine identifiers of packets received by the NIC, the packets to the plurality of receipt queues associated with the respective virtual machines.

Abstract: In some embodiments, an apparatus comprises a processing module, disposed within a first switch fabric element, configured to detect a second switch fabric element having a routing module when the second switch fabric element is operatively coupled to the first switch fabric element. The processing module is configured to define a virtual processing module configured to be operatively coupled to the second switch fabric element. The virtual processing module is configured to receive a request from the second switch fabric element for forwarding information and the virtual processing module is configured to send the forwarding information to the routing module.

Abstract: An electronic device includes an instrument panel that includes a display opening, where the instrument panel is located in a first plane; a circuit board located inside the electronic device, where the circuit board includes a display device that includes a display area, and where the display area is located in a second plane that is different from the first plane; and a waveguide that couples the display area to the display opening and guides light, and/or an image displayed in the display area, from the display area to the display opening.

Abstract: A circuit may receive an interrupt associated with a device. The interrupt may be sent by the device via an interrupt line associated with the device. The circuit may send the interrupt associated with the device. The interrupt may be sent via an interrupt line associated with the circuit. The circuit may start a missing interrupt timer, associated with the interrupt, based on sending the interrupt. The missing interrupt timer may be associated with a threshold amount of time by which the interrupt is to be serviced. The circuit may identify, based on the missing interrupt timer, the interrupt as a missing interrupt. The circuit may resend the missing interrupt via the interrupt line associated with the circuit. The missing interrupt may be resent to cause the missing interrupt to be serviced.

Abstract: In general, techniques are described for enhancing operations of virtual networks. In some examples, a network system includes a plurality of servers interconnected by a switch fabric comprising a plurality of switches interconnected to form a physical network. Each of the servers comprises an operating environment executing one or more virtual machines in communication via one or more virtual networks. The servers comprise a set of virtual routers configured to extend the virtual networks to the operating environments of the virtual machines. A virtual router of the set of virtual routers is configured to aggregate a plurality of inbound tunnel packets according to a same virtual network identifier in order to generate an aggregate tunnel packet. The virtual router is further configured to route the aggregate tunnel packet to a host associated with a virtual network identified by the same virtual network identifier.

Abstract: Techniques are described for supporting Fiber Channel over Ethernet (FCoE) link aggregation groups (LAGs) between a server and a data center switch in a data center. The techniques enable an access switch in the data center switch to assign class identifiers to each member link in an FCoE LAG between an FCoE node (Enode) of the server and the access switch. In this way, the access switch is able to redirect FCoE traffic from a Fiber Channel forwarder (FCF) of a storage area network (SAN) toward the Enode on the correct member link of the FCoE LAG. The techniques also enable scaling of FCoE initialization protocol (FIP) and FCoE sessions by installing FIP snooping filters that use on a source media access control (MAC) address hit determination in ingress filter processors (IFPs) of the access switch to avoid session limitations of virtual local area network (VLAN) filter processors (VFPs).

Abstract: A device may receive an indication to perform a reboot associated with a network service being provided using a first virtual machine (VM) running on the device. The device may launch, based on receiving the indication, a second VM on the device. The device may shut down, based on launching the second VM, the first VM. The device may configure the second VM for forwarding control plane traffic associated with the network service. The device may configure, based on configuring the second VM for forwarding the control plane traffic, the second VM for forwarding data plane traffic associated with the network service. The device may provide, based on configuring the second VM for forwarding the data plane traffic, the network service using the second VM.

Abstract: In one example, a method includes performing L2 learning of a C-MAC address included in a first L2 data message by a first provider edge (PE) router included in an Ethernet Segment of a Provider-Backbone Bridging Ethernet Virtual Private Network (PBB-EVPN); sending to a second PE router within the Ethernet Segment an L2 control message comprising the C-MAC address and a B-MAC address corresponding to the Ethernet Segment of the PBB-EVPN, wherein the L2 control message informs the second PE router of the reachability of the C-MAC address through the first PE router; receiving, by the first PE router and from the second PE router, a second L2 data message as unicast traffic destined for the C-MAC address; and forwarding the second L2 data message to the first CE router.