Abstract: A computer-implemented method for detecting rogue client devices connected to wireless hotspots may include maintaining at least one illegitimate authentication identifier that appears to rogue client devices to facilitate authentication with an external network via a wireless hotspot. The method may also include providing the illegitimate authentication identifier to one or more client devices connected to the wireless hotspot. The method may further include receiving an authentication request to authenticate the client device with at least one external network via the wireless hotspot. The method may additionally include determining that the authentication request includes the illegitimate authentication identifier. Finally, the method may include determining that the client device is a rogue device based at least in part on the illegitimate authentication identifier being included in the authentication request. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: In one example, a method includes predicting, by a network access control (NAC) device based on a device identifier in a request from a client device and a device usage history of the client device, a user associated with the client device, prior to completing a user authentication process, requesting, by the NAC device and from a directory server, session attributes for the predicted user, receiving, by the NAC device and from an authentication server, an indication of whether a user associated with the client device was successfully authenticated. The method includes determining, based on an identifier of the user, whether the predicted user is the user associated with the client device, and responsive to determining that the predicted user is the user associated with the client device, establishing, by the NAC and using the session attributes for the predicted user, a session between the client device and the network.

Abstract: In some embodiments, an equipment unit has a set of visual indicators, a power switch, and a set of compute components. The power switch receives a signal representing a status such that when the status is in a first mode, the power switch provides power to the set of visual indicators and when the status is in a second mode the power switch does not provide power to the set of visual indicators. The compute components are configured to receive power when the power switch does not provide power to the set of visual indicators.

Abstract: In some embodiments, an apparatus includes a rate module implemented in at least one of a memory or a processing device that can be operatively coupled to a set of rate counters. Each rate counter is associated with a different network device associated with a level within the hierarchy of a network. The rate module can receive from a schedule module a signal to begin execution of a first page of a first rate program and can send during a first time period transmission credits to a first subset of rate counters. The rate module can send during a second time period transmission credits to a second subset of rate counters based on the execution of a page of a second rate program where the priority of the second rate program is no lower than a priority of the first rate program.

Abstract: A network device is described that receives information from separate database systems including a physical network inventory system that stores first topology data specifying resources and links within a network and a traffic engineering system that stores second topology data specifying the resources and links that are deployed within the network and data specifying traffic engineered paths configured to forward network traffic through the network. The network device aggregates the received information into a topology resource management system that stores third topology data specifying at least a current role of each of the resources and links. The network device determines a modification to at least one of the traffic engineered paths based on the third topology data, including an adjustment to the current role of at least one of the resources to change the forwarding of the network traffic. The network device outputs provisioning information based on the modification.

Abstract: Techniques are described for selectively triggering fast reroute of traffic by enhancing a protocol used for monitoring operational status of a forwarding plane of a router. The forwarding plane of the router outputs periodic messages that, when received by a peer router, provide an indication that the forwarding plane is operational and able to forward packets. In addition, when constructing the periodic messages, the forwarding plane embeds an indication of a status of internal communication between the forwarding plane and a control plane of the router. In this way, the forwarding plane of the transmitting router provides an indication to the peer router that, although operational, the forwarding plane may be operating according to stale forwarding information.

Abstract: An extensible software defined network (SDN) controller is described that provides an application-aware framework that enable a variety of different user applications to communicate with the controller and that allows the controller to automatically configure devices in a network based on the needs of the applications. For example, the controller includes a plurality of different northbound interfaces that enable a variety of different user applications to communicate with the controller. The controller also includes multiple southbound protocols for configuring and enabling functionality in network devices based on the communications with the user applications.

Abstract: An apparatus includes a first port and a second port operably coupled to a format conversion module each of which is at least partially disposed within a housing. The first port is operably coupled to a cable configured to transfer a first data unit having a first format associated with a first communication medium to the first port. The format conversion module receives the first data unit from the first port and converts the first data unit from the first format to a second format associated with a second communication medium to produce a second data unit. The second port is operably coupled to a wireless access point that is physically distinct from the housing. The second port is configured to receive the second data unit and send the second data unit to the wireless access point.

Abstract: In some embodiments, an apparatus includes a gateway device that can be operatively coupled to a switch via a set of links. The gateway device can operatively couple a network node during a communication session with the switch, and can store an association between the communication session of the network node and a link such that data sent via the communication session of the network node is sent via the link. In such embodiments, the gateway device can receive, from a virtual port associated with the network node, a login request. The gateway device can send the login request to the switch to initiate a communication session between the virtual port and the switch. The gateway device can also associate the communication session of the virtual port with the link based on the communication session of the network node being associated with the link.

Abstract: A computer-implemented method for interfacing software-defined networks with non-software-defined networks may include (1) receiving at least one packet via software-defined network at a switching device, (2) searching a set of flow entries that collectively direct network traffic within the software-defined network for a flow entry that corresponds to the packet, (3) determining that the packet is destined for a non-software-defined network based at least in part on the search, and (4) forwarding the packet to the non-software-defined network via a logical tunnel that interfaces the software-defined network with the non-software-defined network by connecting a virtual port within the software-defined network to a virtual port within the non-software-defined network. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for preventing split-brain scenarios in high-availability clusters may include (1) detecting, at a first node of a high-availability cluster, a partitioning event that isolates the first node from a second node of the high-availability cluster, (2) broadcasting, from a health-status server and after the partitioning event has occurred, a cluster-health message to the first node that includes at least a health status of the second node that is based on whether the health-status server received a node-health message from the second node, and (3) reacting, at the first node and based at least in part on whether the first node received the cluster-health message, to the partitioning event such that the partitioning event does not result in a split-brain scenario within the high-availability cluster. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A multi-router system is described in which hardware and software components of one or more standalone routers can be partitioned into multiple logical routers. The multiple logical routers are isolated from each other in terms of routing and forwarding functions yet allow network interfaces to be shared between the logical routers. Moreover, different logical routers can share network interfaces without impacting the ability of any of the logical routers to be independently scaled to meet the bandwidth demands of the customers serviced by the logical router.

Abstract: A disaster response system receives location data and status data from participating devices in an area affected by a disaster. The disaster response system provides data to client devices outside the affected area. The data indicate statuses of people within the affected area. Disaster response system also instructs routers to perform actions to adjust bandwidth available for a particular use during and after the disaster.

Abstract: Techniques are described for utilizing two-part metrics with link state routing protocols of computer networks. For example, link state advertisements communicated by a router convey outbound cost metrics representative of outbound costs for the router to send network traffic to a network, and inbound cost metrics representative of inbound costs to receive network traffic from the network. The techniques may be particularly useful with respect to shared access networks, including broadcast or non-broadcast multi-access networks.

Abstract: In general, techniques are described for dynamically scheduling and establishing paths in a multi-layer, multi-topology network to provide dynamic network resource allocation and support packet flow steering along paths prescribed at any layer or combination of layers of the network. In one example, a multi-topology path computation element (PCE) accepts requests from client applications for dedicated paths. The PCE receives topology information from network devices and attempts to identify paths through a layer or combination of layers of the network that can be established at the requested time in view of the specifications requested for the dedicated paths and the anticipated bandwidth/capacity available in the network. The PCE schedules the identified paths through the one or more layers of the network to carry traffic for the requested paths. At the scheduled times, the PCE programs path forwarding information into network nodes to establish the scheduled paths.

Abstract: In some embodiments, an apparatus includes an optical transmitter module that can be electrically coupled to an electrical serializer/deserializer and a controller. The optical transmitter module can include an electrical detector that can receive an in-band signal. The electrical detector can send to the controller a first power error signal and a second power error signal based on the in-band signal. The controller can send a correction control signal to the electrical serializer/deserializer based on the first power error signal and the second power error signal such that the electrical serializer/deserializer sends a pre-emphasized signal to the optical transmitter module based on the correction control signal. In such embodiments, the first power error signal, the second power signal and the correction control signal are out-of-band signals.

Abstract: In some embodiments, an apparatus includes a core network node configured to associate with a native multicast group a first client device that is associated with a first virtual local area network (VLAN) and operatively coupled to the core network node via a first access network node and an aggregation network node. The core network node can associate with the native multicast group a second client device that is associated with a second VLAN and operatively coupled to the core network node via a second access network node and the aggregation network node. The core network node can define a multicast VLAN including the first VLAN and the second VLAN based on the native multicast group. The core network node can receive a multicast data unit associated with the native multicast group and can also define a single instance of the multicast data unit for the multicast VLAN.

Abstract: Techniques are described for specifying and constructing multi-protocol label switching (MPLS) rings. Routers may signal membership within MPLS rings and automatically establish ring-based label switch paths (LSPs) as components of the MPLS rings for packet transport within ring networks. In one example, a router includes a processor configured to establish an MPLS ring having a plurality of ring LSPs. Each of the ring LSPs is configured to transport MPLS packets around the ring network to a different one of the routers operating as an egress router for the respective ring LSP. Moreover, each of the ring LSPs comprises a bidirectional, multipoint-to-point (MP2P) LSP for which any of the routers can operate as an ingress to source packet traffic into the ring LSP for transport to the respective egress router for the ring LSP. Separate protection paths, bypass LSPs, detours or loop-free alternatives need not be signaled.

Abstract: An apparatus includes a destination edge device configured to receive a first validation packet according to a switch fabric validation protocol. The destination edge device is configured to validate multiple data paths through a distributed switch fabric from a source edge device to the destination edge device based on the first validation packet. The destination edge device is configured to send, in response to receiving the first validation packet, a second validation packet to a peripheral processing device. The destination edge device is also configured to send the second validation packet according to a validation protocol different from the first validation protocol.

Abstract: This disclosure is directed to techniques for providing supply power to components of an electronics system, such as components of a networking device. According to these techniques, a power supply system charges a bulk capacitance of a power supply unit when the power supply unit is selectively disabled (e.g., disconnected). In this manner, when the power supply unit is again enabled, the power supply unit may provide supply power to components of the networking device faster in comparison to other techniques. In addition the power supply does not use any input power and therefore does not produce any heat loss while it is disconnected, thus saving otherwise wasted energy.