Abstract: The disclosed computer-implemented method for verifying the functionality of network paths may include (1) constructing, at a source node within a network, a test packet that uniquely identifies a network path whose functionality is unverified, (2) sending the test packet to a target node within the network via the network path in an attempt to verify the functionality of the network path, (3) receiving, back from the target node, the test packet sent to the target node via the network path, and then (4) verifying, at the source node, the functionality of the network path based at least in part on the test packet received back from the target node. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: In general, techniques are described for load balancing, with a service node, packet flows using stateless load balancing that adapts to server failure to provide flow affinity to initially selected servers for the duration of respective flows. In one example, service node device applies stateless load balancing to packet flows to distribute the flows among a plurality of servers. The service node determines a failure of a failed server and then receives an initial packet of a packet flow from the packet flows and forwards the initial packet to an active server. The service node generates a mapping of the packet flow to the active server, determines a recovery of the failed server, receives a subsequent packet of the packet flow, and forwards the subsequent packet of the packet flow to the active server based at least on the mapping of the packet flow to the active server.

Abstract: A device may determine a session life cycle associated with a communication session. The session life cycle may indicate a time period associated with expiration of the communication session. The device may compare the session life cycle and a threshold value, and may determine that the session life cycle satisfies the threshold value based on comparing the session life cycle and the threshold value. The device may initialize multiple ager rings based on determining that the session life cycle satisfies the threshold value. The multiple ager rings may be used to monitor the expiration of the communication session. The device may monitor the expiration of the communication session using the multiple ager rings.

Abstract: A network device initiates a transmission control protocol (TCP) connection to establish a TCP session with a management device, and performs, via the TCP session, a secure protocol client/server role reversal for the management device. The network device receives, from the management device, initiation of a secure connection over the TCP session in accordance with a secure protocol, and provides, to the management device, a trusted certificate with an embedded host key that is dynamically generated using a cryptographic processor of the network device, based on the initiation of the secure connection. The network device also establishes the secure connection with the management device based on an authentication of the host key by the management device via the trusted certificate.

Abstract: In some embodiments, a switch fabric system includes multiple access switches configured to be operatively coupled to a switch fabric. The multiple access switches include multiple ports each to be operatively coupled to a peripheral processing device. A first set of ports from the multiple ports and a second set of ports from the multiple ports are managed by a first network control entity when the switch fabric system is in a first configuration. The first set of ports is managed by the first network control entity and the second set of ports is managed by a second network control entity when the switch fabric system is in a second configuration. The second network control entity is automatically initiated when the system is changed from the first configuration to the second configuration.

Abstract: Techniques are described to provide multicast service within a virtual network using a virtual network controller and endpoint replication without requiring multicast support in the underlying network. The virtual network controller is configured to create a multicast tree for endpoint devices of a multicast group in the virtual network at a centralized location instead of in a distributed fashion. The virtual network controller communicates the multicast tree to one or more of the endpoint devices of the multicast group to instruct the endpoint devices to replicate and forward multicast packets to other endpoint devices according to the multicast tree. The replication and forwarding of multicast packets is performed by virtual switches executed on the endpoint devices in the virtual network. No replication is performed within the underlying network. The techniques enable multicast service within a virtual network without requiring multicast support in the underlying network.

Abstract: Network (cloud) based customer premises equipment may receive, over a broadband access circuit, layer 2 traffic from an access device at a customer premises; provide dynamic host configuration protocol (DHCP) services for computing devices at the customer premises, the DHCP services providing Internet Protocol (IP) addresses to the computing devices at the customer premises; and provide network address translation (NAT) services for the computing devices at the customer premises.

Abstract: In some embodiments, an apparatus includes a core network node configured to be operatively coupled to a set of wired network nodes and a set of wireless network nodes. The core network node is configured to receive, at a first time, a first data packet to be sent to a wired device operatively coupled to a wired network node from the set of wired network nodes. The core network node is configured to also receive, at a second time, a second data packet to be sent to a wireless device operatively coupled to a wireless network node from the set of wireless network nodes. The core network node is configured to apply a common policy to the first data packet and the second data packet based on an identifier of a user associated with both the wireless device and the wired device.

Abstract: In general, techniques are described for a batch configuration mode for configuring network devices. A network device comprising a committed data source and a control unit may implement the techniques. The control unit may receive a plurality of separate commit commands instructing the network device to commit configuration changes to the committed data source. Each of the plurality of commit commands instructs the network device to commit an associated portion of the configuration changes to the committed data source. The control unit then groups two or more of the plurality of separate commit commands to form a batch of commit commands and executes the batch of commit commands to commit the portions of the configuration changes associated with the grouped commit commands to the committed data source as if the grouped portions of the configuration changes were associated with a single commit command.

Abstract: In one example, a stitching point routing device, which stitches a previous segment of an end-to-end label-switched path (LSP) to a next segment of the end-to-end LSP, includes network interfaces configured to receive packets via the previous segment and send packets via the next segment, and one or more processors configured to determine whether the next segment supports entropy labels, determine whether a packet received from the previous segment is encapsulated by a label stack including an entropy label, when the next segment does not support entropy labels and when the packet is encapsulated by the label stack including the entropy label, remove the entropy label from the label stack, when the next segment supports entropy labels and when the packet is not encapsulated by the label stack including the entropy label, add an entropy label to the label stack, and forward the packet along the next segment.

Abstract: Techniques for providing closed-loop control and predictive analytics in packet-optical networks are described. For example, an integrated centralized controller is described that provides tightly-integrated, closed-loop control over components of a routing/switching network (e.g., IP/MPLS) and also the underling optical transport system, including routing wavelength and spectrum assignment. The controller adaptively and proactively maps packet flows into network resources of a routing/switching network and control, based on the mapping, allocation and utilization of optical spectrum and wavelengths within the optical transport system underlying the routing and switching network.

Abstract: A device may identify a set of features associated with the unknown object. The device may determine, based on inputting the set of features into a threat prediction model associated with a set of security functions, a set of predicted threat scores. The device may determine, based on the set of predicted threat scores, a set of predicted utility values. The device may determine a set of costs corresponding to the set of security functions. The device may determine a set of predicted efficiencies, associated with the set of security functions, based on the set of predicted utility values and the set of costs. The device may identify, based on the set of predicted efficiencies, a particular security function, and may cause the particular security function to be executed on the unknown object. The device may determine whether another security function is to be executed on the unknown object.

Abstract: A device may store a credit value for each of multiple output components. The device may receive packets from a network device via an input component. The device may cause the input component to queue the packets. The device may selectively dequeue a packet from the input component, to be sent to an output component, based on whether the credit value for the output component satisfies a credit threshold. The device may send the packet to the output component based on a destination of the packet when the packet is dequeued from the input component. The device may determine a size of the packet after the packet is dequeued. The device may update the credit value for the output component based on the size of the packet. The device may output the packet to another network device via the output component.

Abstract: Techniques for providing closed-loop control and predictive analytics in packet-optical networks are described. For example, an integrated, centralized controller provides tightly-integrated, closed-loop control over switching and routing services and the underling optical transport system of a communication network. In one implementation, the controller includes an analytics engine that applies predictable analytics to real-time status information received from a monitoring subsystem distributed throughout the underlying optical transport system.

Abstract: In one embodiment, a processor-readable medium storing code representing instructions that when executed by a processor cause the processor to update, at a memory location, a first flow state value associated with a data flow to a second flow state value when at least one of a packet from the data flow is received or the memory location is selected after a time period has expired. At least a portion of the packet is analyzed when the second flow state value represents a flow rate of a network data flow anomaly.

Abstract: In some embodiments, an apparatus includes a spectral scanning controller configured to interrupt service at a wireless access point (WAP) such that the WAP performs spectral scanning during service interruption. The spectral scanning controller is configured to interrupt service at the WAP at a first scanning frequency when the spectral scanning controller is in a first configuration. The spectral scanning controller is configured to interrupt service at the WAP at a second scanning frequency different from the first scanning frequency when the spectral scanning controller is in a second configuration. The spectral scanning controller is configured to move from the first configuration to the second configuration in response to a change in at least one of a service demand, a service quality, a spectral scanning demand or a spectral scanning quality.

Abstract: Stacked (i.e., hierarchically arranged) rate wheels schedule traffic flows in a network. A first rate wheel operates to efficiently schedule traffic flows in which traffic shaping parameters may be applied to individual traffic flows. A second rate wheel schedules group of the traffic flows in which traffic shaping parameters may be applied at the group level. In the context of an ATM network, the first rate wheel may operate at the virtual circuit level and the second rate wheel may operate at the virtual path level.

Abstract: An apparatus may include a processor and a control plane that directs the processor to (1) detect that at least a portion of an initial branch path of a point-to-multipoint label-switched path has failed over to a failover route that rejoins the initial branch path at a merge-point device and (2) establish an alternate branch path that merges with the initial branch path at the merge-point device. The apparatus may also include a network interface and a data plane that uses the network interface to transmit data via the alternate branch path while data is still being transmitted via the initial branch path, where after the data plane begins transmitting data via the alternate branch path, the control plane instructs the merge-point device to forward data from the alternate branch path rather than from the failover route. Various other apparatuses, systems, and methods are also disclosed.

Abstract: A method may include defining a filter for a network device, the filter including a rule and a particular number of prioritized fields, where at least one of the prioritized fields is formatted to accept input as a range of values. The method may also include receiving a rule modification for the filter, the rule modification including at least one input as a range of values, and performing a check for conflicts of the rule modification with the rule in the filter. The method may further include expanding the input range of values to form multiple rules equivalent to the rule modification with the input range of values, establishing backtracking links to integrate the multiple rules with the existing rule, and adding the multiple rules to the filter.

Abstract: A system for writing data includes a memory, at least one memory controller and control logic. The memory stores data units. The memory controller receives a write request associated with a data unit and stores the data unit in the memory. The memory controller also transmits a reply that includes an address where the data unit is stored. The control logic receives the reply and determines whether the address in the reply differs from an address included in replies associated with other memory controllers by a threshold amount. When this occurs, the control logic performs a corrective action to bring an address associated with the memory controller back within a defined range.