Abstract: A plurality of switches may be arranged according to a spine and leaf topology in which each spine switch is connected to all leaf switches. A leaf switch includes a memory configured to store a plurality of policies, each of the plurality of policies being associated with a respective source identifier value and a respective destination address; a network interface communicatively coupled to one of the spine switches; and a processor implemented in circuitry and configured to: receive a packet from the spine switch via the network interface, the packet being encapsulated with a Virtual Extensible Local Area Network (VXLAN) header; extract a source identifier value from the VXLAN header; determine a destination address for the packet; determine a policy of the plurality of policies to apply to the packet according to the source identifier value and the destination address; and apply the policy to the packet.

Abstract: A first provider edge device may receive device information from a second provider edge device included in an Ethernet virtual private network (EVPN). The device information may identify a media access control (MAC) address and may indicate that the device is connected to the second provider edge device. The first provider edge device may receive data transmitted by the device and may determine, based on information included in the data, that the device has moved from the second provider edge device to the first provider edge device. The first provider edge device may generate a data packet including mobility information indicating that the device has moved to the first provider edge device. The first provider edge device may transmit, via a data plane of the EVPN, the data packet to the second provider edge device to permit the second provider edge device to update routing information for the device.

Abstract: In one example, a method includes obtaining, by a policy controller for a virtualization infrastructure, a first profile for a first group of one or more elements, the first profile comprising a first ruleset having one or more alarms; obtaining, by the policy controller, a second profile for a second group of one or more elements, the second profile comprising a second ruleset having one or more alarms; receiving, by the policy controller, configuration data configuring an element of the virtualization infrastructure as a member of the first group of one or more elements and as a member of the second group of one or more elements; generating, by the policy controller based on the configuration data, a profile for the element comprising the first ruleset and the second ruleset; and outputting, by the policy controller to a computing device, the profile for the element.

Abstract: A method includes receiving, by a network management system, network data from a plurality of network devices configured to provide a network at a site; receiving, by the processing circuitry, user impact data from a plurality of client devices that access the network at the site; determining, based on the network data, a pattern of one or more network events occurring over time; correlating in time the pattern of the one or more network events to an adverse user impact event indicated by the user impact data received from the plurality of client devices; and determining, in response to the correlating, an instance of overwhelming network traffic having an adverse user impact. In some examples, the network data includes network traffic impact data, such as a number of packets dropped at a switch port due to congestion.

Abstract: A router on a multicast tree, may: (a) receive a control plane message (including a label and a tree identifier identifying the multicast tree) from a downstream router on the multicast tree; (b) construct an SRv6 SID in a LOC:FUNCT:ARG form, wherein the LOC part is a locator of the downstream router and the FUNCT part is the label included in the control plane message received; and (c) create an entry in its forwarding table so that the router replicates received traffic of this multicast tree to the downstream node using the SRv6 SID. A router on a multicast tree may construct an SRv6 SID in a LOC:FUNCT:ARG form for the multicast tree, wherein the LOC is a locator of the router and the FUNCT is to be signaled to an upstream router as a label.

Abstract: Embodiments provide for guided alignment of the orientation of two wireless devices. A first wireless device is at a known position and a known orientation. A signal from a second wireless device is received via a plurality of receive elements of the first wireless device. The first wireless device measures phase differences of the signal at the plurality of receive elements, and determines locations of each of the second wireless device's transmit elements based on the differences. Based on the transmit element locations, and a known antenna layout of the second wireless device, an orientation of the second wireless device is determined. Based on differences between the determined orientation and the known orientation of the first wireless device, instructions for aligning the devices are generated. Once the devices are aligned, location estimates of a third wireless device are made by both the first wireless device and the second wireless device.

Abstract: A performance monitoring system includes a metric collector configured to receive, via metric exporters, telemetry data comprising metrics related to a network of computing devices. A metric time series database stores related metrics. An alert rule evaluator service is configured to evaluate rules using stored metrics. The performance monitoring system may include a machine learning module and is configured to determine optimized metric collection sampling intervals and rule evaluation intervals, and to automatically determine recommended alert rules.

Abstract: Techniques are described for providing fast reroute for traffic in EVPN-VXLAN. For example, a backup PE device of an Ethernet segment is configured with an additional tunnel endpoint address (“reroute tunnel endpoint address”) for a backup path associated with a second split-horizon group that is different than a tunnel endpoint address and first split-horizon group for another path used for normal traffic forwarding. The backup PE device sends the reroute tunnel endpoint address to a primary PE device of the Ethernet segment, which uses the reroute tunnel endpoint address to configure a backup path to the backup PE device over the core network. For example, the primary PE device may install the reroute tunnel endpoint address within its forwarding plane and one or more operations to cause the primary PE device to encapsulate a VXLAN header including the reroute tunnel endpoint address when rerouting the packet along the backup path.

Abstract: Methods and apparatus for automatically identifying and correcting faults relating to poor communications service in a wireless system, e.g., in real time, are described. The methods are well suited for use in a system with a variety of access points, e.g., wireless and/or wired access points, which can be used to obtain access to the Internet or another network. Access points (APs), which have been configured to monitor in accordance with received monitoring configuration information, e.g. on a per access point interface basis, captures messages, store captured messages, and in collaboration with network monitoring apparatus which can be in an AP or external thereto, use message sequences to determine a remedial action to be automatically taken when poor service is likely as may be predicted based on the detected message sequence between a UE and one or more APs.

Abstract: A computing system includes a computing device configured to execute a plurality of virtual machines, each virtual machine of the plurality of virtual machines configured to provide control plane functionality for at least a different respective subset of forwarding units of a network device, the computing device distinct from the network devices. The computing system also includes a policy agent configured to execute on the computing device. The agent is configured to determine that a particular virtual machine of the plurality of virtual machines provides control plane functionality for one or more forwarding units of the network device; determine control plane usage metrics for resources of the particular virtual machine; and output, to a policy controller, data associated with the control plane usage metrics and data associating the particular virtual machine with the one or more forwarding units for which the particular virtual machine provides control plane functionality.

Abstract: A network device may obtain information concerning a virtual chassis that indicates that the network device and an additional network device are to be included in the virtual chassis. The network device may determine, based on the information concerning the virtual chassis, that the network device is connected to the additional network device, wherein the network device is connected to the additional network device via a link between a network interface of the network device and a network interface of the additional network device. The network device may cause the network interface of the network device to be converted to a virtual chassis interface and the network interface of the additional network device to be converted to a virtual chassis interface to enable the network device and the additional network device to be included in the virtual chassis to allow bootstrapping of the virtual chassis as a single logical device.

Abstract: Techniques are described for creating isolated pools of external, failover, and/or floating IP addresses. In one example, this disclosure describes a method including creating a plurality of virtual networks, creating a plurality of pools of external IP addresses, detecting a request to instantiate an object that identifies a specific pool from the plurality of pools of external IP addresses; and instantiating the object and configuring the object with an external IP address drawn from the specific pool. The pools of external IP addresses may be created and isolated on a per-namespace, per-service, or per-ingress basis.

Abstract: Methods of deriving location information of a wireless device include deriving, in the continuous domain, a location of a wireless device and at least one time and location varying path loss function parameter. The coordinates and parameter are derived based on signal strength measurements made at the wireless device, with the measured signals originating from a plurality of wireless transmitters, such as access points. The derived path loss function parameter can include one or more of a path loss exponent parameter, an intercept parameter, a receiver antenna gain parameter, transmitter antenna gain parameter, or a transmit power parameter.

Abstract: A network device may receive a request to install a rule set, and may add, based on the request, information identifying the rule set to a list of rule sets associated with the network device. The network device may receive a packet destined for an endpoint device, may generate a copy of the packet, and may cause the packet to be forwarded to the endpoint device. The network device may perform deep packet inspection of the copy of the packet to identify a packet rule set associated with the copy of the packet, and may determine whether the packet rule set, associated with the copy of the packet, corresponds to the rule set. The network device may cause the copy of the packet to be forwarded to a content destination device when the packet rule set, associated with the copy of the packet, corresponds to the rule set.

Abstract: An example system includes network devices at a site; and a network management system (NMS) that is configured to: identify a first network device of the plurality of network devices with which a network connection has been lost; identify, based on a network topology graph generated from the network data, one or more neighbor network devices of the plurality of network devices that are connected to the first network device; perform root cause analysis of the lost connection with the first network device based on the network data to identify a root cause of the lost connection; and send, to a neighbor network device selected from the one or more neighbor network devices and based on the identified root cause, instructions for the first network device to perform an action to remediate the lost connection, wherein the neighbor network device communicates the instructions to the first network device.

Abstract: A network device may receive an input identifying one or more conditions associated with traversal of packets through a network and one or more actions to be performed if the one or more conditions are satisfied. The network device may transmit, to a path computation element, a request for a label set that satisfies the one or more conditions. The network device may receive the label set from the path computation element. The network device may configure a firewall policy indicating that the one or more actions are to be performed for a packet associated with a label stack that includes the label set.

Abstract: A first device may establish a connection with a second device, and may provide a connection check RPC message to the second device. The first device may receive a verification RPC message from the second device, and may provide, to the second device, a sync domains RPC request that includes a first list of active domains with associated address pools. The first device may receive, from the second device, a sync domains RPC response that includes threshold values for the active domains included in the first list of active domains, and may provide, to the second device, a sync pools RPC request that includes a first list of address pools associated with the active domains. The first device may receive, from the second device, a sync pools RPC response that includes confirmation of the first list of address pools, and may allocate addresses of an address pool to a CPE.

Abstract: Techniques are disclosed for promulgating service information and topology information in a network in a high availability manner. An example device is configured to create a first service and topology exchange protocol (STEP) document. The first STEP document includes service information and topology information. The example device is configured to send the first STEP document to a first STEP repository for forwarding to at least one subscribing network device. The example device is also configured to send the first STEP document to a second STEP repository for forwarding to the at least one subscribing network device.

Abstract: In general, techniques are described for enhancing packet processing in a computing device of a network. The computing device is configured to in response to receiving ingress data of a flow from the first network device via the first network interface, execute, based on a hook point in kernel space of the device, a kernel program to transfer, via a first socket of a user module, the ingress data for packet processing; configure an code point for the second network interface, wherein the user module is configured to couple a second socket with the code point; and in response to determining the second network device as a next hop for the flow, transfer, based on the code point, egress data of the flow via the second socket to the second network interface, wherein the second network interface is operative to output the egress data to the second network device.

Abstract: This disclosure describes techniques that include selecting a member port of an aggregation bundle by evaluating utilization of paths, within a router, to member ports of an aggregation bundle. In one example, this disclosure describes a method that includes receiving network data to be output through an aggregation bundle having a plurality of member ports; identifying local member ports; identifying non-local member ports, each of the non-local member ports being reachable from the receiving line card over a path through the switch fabric to a different one of the plurality of line cards; identifying available non-local member ports by determining, for each non-local member port, whether the path through the switch fabric has low utilization; and selecting a member port by applying a hashing algorithm to a group that includes each of the identified available non-local member ports.