Abstract: In one embodiment, an apparatus can include a filter module operatively coupled to a switching module. The filter module can be configured to define a filter to be applied to a Fiber Channel over Ethernet (FCoE) frame received from any port from multiple ports instantiated at a network device. The filter can be defined based at least in part on a first logical address associated with a first port from the multiple ports. The first logical address can be based at least in part on (1) a first identifier associated with a switch fabric to which the apparatus is operatively coupled and (2) a second identifier associated with a first port from the multiple ports. The filter module can be configured to define the filter such that a switching module sends the FCoE frame to a Fiber Channel device when a second logical address included in the FCoE frame matches the first logical address and the filter module is operatively coupled to the switching module.

Abstract: Techniques described in this disclosure relate to configuration updates, such as performing an in-service software upgrade on a device, using virtual machines. In a routing device, a routing engine utilizes a virtual machine executing on a hypervisor to provide control plane functions. In one example, an in-service software upgrade may be performed between a first virtual machine and a second virtual machine without a managing virtual machine. More specifically, a first virtual machine in the control plane of the router may control the upgrade process, including requesting initialization of the second virtual machine, installing a new software system on the second virtual machine, and replicating state data from the first virtual machine to the second virtual machine. In this example, the first virtual machine may operate as a master virtual machine and the second virtual machine may operate as a slave virtual machine that synchronizes with the master virtual machine.

Abstract: A network device associates a first node prefix with first network devices provided in a first network, associates a second node prefix with second network devices provided in a second network, and associates a third node prefix with third network devices provided in a third network. The network device advertises the first node prefix to the second and third networks, advertises the second node prefix to the first and third networks, and advertises the third node prefix to the first and second networks.

Abstract: In general, techniques are described for scheduling traffic for delivery over an aggregated bundle of links. The techniques may be implemented by a network device comprising a control unit. The control unit configures a primary logical interface such that the primary logical interface is associated with a primary link of the aggregated bundle of links. The primary logical interface is associated with a primary scheduling module that schedules the traffic for delivery via the primary link. The control unit further, prior to detecting a failure associated with the primary scheduling module, configures a backup logical interface such that the backup logical interface is associated with a backup link of the aggregated bundle links. The backup logical interface is associated with a backup scheduling module that schedules, in response to detecting the failure associated with the primary scheduling module, the traffic for delivery downstream via the backup link.

Abstract: A number of wireless networks are established by a network device, each wireless network having an identifier. Requests are received from client devices to establish wireless network sessions via the wireless networks using the identifiers. Network privileges of the client devices are segmented into discrete security interfaces based on the identifier used to establish each wireless network session.

Abstract: A network device may receive a packet from a user device; allocate a first port range to the user device; measure a period of time after allocating the first port range; and allocate a second port range to the user device when the measured period of time is equal to a particular period of time. The first port range may be associated with a first Internet Protocol (IP) address.

Abstract: In general, this disclosure describes techniques of selecting routes for network packets through a computer network based, at least in part, on electrical power procurement arrangements of devices in the computer network. A computing system includes a hardware processor and a database storing power procurement profiles. Each of the power procurement profiles stores data indicating an arrangement between an operator of one or more of routing devices to procure electrical power from a utility company for facilities in which the routing devices are located. The power procurement profiles are mapped to ranges of network addresses associated with the facilities for retrieval of the power procurement profiles for the routers based on the network addresses assigned to the routers.

Abstract: An apparatus includes a destination edge device configured to receive a first validation packet according to a switch fabric validation protocol. The destination edge device is configured to validate multiple data paths through a distributed switch fabric from a source edge device to the destination edge device based on the first validation packet. The destination edge device is configured to send, in response to receiving the first validation packet, a second validation packet to a peripheral processing device. The destination edge device is also configured to send the second validation packet according to a validation protocol different from the first validation protocol.

Abstract: In some embodiments, a system includes multiple access switches, a switch fabric having multiple switch fabric portions, and a control plane processor. Each switch fabric portion is coupled to at least one access switch by a cable from a first set of cables. Each switch fabric portion is configured to receive data from the at least one access switch via the cable from the first set of cables. The control plane processor is coupled to each switch fabric portion by a cable from a second set of cables. The control plane processor is configured to send control information to each access switch via a cable from the second set of cables, a switch fabric portion, and a cable from the first set of cables. The control plane processor is configured to determine control plane connections associated with each access switch and is configured to determine data plane connections associated with each access switch as a result of the control plane connections.

Abstract: Systems and methods of various embodiments provide mechanisms to support synchronous and asynchronous transactions. Distinct encodings allow an instruction to choose whether to perform any operation synchronously or asynchronously. Separate synchronous and asynchronous result registers hold the data returned in the most recent replies received for synchronous and asynchronous transaction requests, respectively. A status bit indicates whether an asynchronous transaction request is currently outstanding.

Abstract: A method includes receiving multicast traffic intended for host devices; identifying a flow associated with the multicast traffic; retrieving information associated with a group of multicast trees, where the group of multicast trees includes information associated with a group of I/O units, associated with a network node; identifying a particular tree that corresponds to the identified flow, where the particular tree includes information associated with a set of I/O units; and transferring the multicast traffic to an I/O unit, of the set of I/O units, based on the identification of the particular tree, where the transferring enables the I/O unit to send a copy of the multicast traffic to other I/O units of the set of I/O units, and the set of I/O units to process the multicast traffic in a manner that utilizes bandwidth or processing resources in a controlled manner and to send a copy of the multicast traffic to each of the host devices.

Abstract: An access network includes an access device having an optical interface module that outputs a plurality of pairs of optical communication signals, each of the pairs of optical communication signals comprising a modulated optical transmit signal and an unmodulated optical receive signal, each of the pairs of optical communication signals having a different wavelength. A customer premise equipment (CPE) comprises an optical interface module to receive the modulated optical transmit signal and the unmodulated optical receive signal for any of the plurality of pairs of optical communication signals. The optical interface module includes a receive module to demodulate the modulated optical transmit signal into inbound symbols and a transmit module having an optical modulator and reflective optics to modulate the unmodulated optical receive signal in accordance with a data signal and reflect a modulated optical receive signal to communicate outbound data symbols to the access device.

Abstract: Methods and apparatus for transferring packets in a packet switched communication system. A system is provided that includes an L2 device including a controller determining for each packet received whether the received packet is to be inspected, an inspection device operable to inspect and filter packets identified by the controller including using a zone specific policy and an L2 controller for transferring inspected packets in accordance with L2 header information using L2 protocols.

Abstract: An access network is described in which a centralized controller provides seamless end-to-end service from a core-facing edge of a service provider network through aggregation and access infrastructure out to access nodes located proximate the subscriber devices. The controller operates to provide a central configuration point for configuring aggregation nodes (AGs) of a network of the service provider so as to provide transport services to transport traffic between access nodes (AXs) and edge routers on opposite borders of the network.

Abstract: Using the ALTO Service, networking applications can request through the ALTO protocol information about the underlying network topology from the ISP or Content Provider. The ALTO Service provides information such as preferences of network resources with the goal of modifying network resource consumption patterns while maintaining or improving application performance. This document describes, in one example, an ALTO server that intersects network and cost maps for a first network with network and cost maps for a second network to generate a master cost map that includes one or more master cost entries that each represent a cost to traverse a network from an endpoint in the first network to an endpoint in the second network. Using the master cost map, a redirector may select a preferred node in the first network with which to service a content request received from a host in the second network.

Abstract: Methods and apparatus, including computer program products, implementing and using techniques for processing a data packet. An input port receives a data packet, a switching board classifies the data packet, determines whether the data packet should be accepted, and switches the data packet to a management board if the data packet is a first data packet in a session, and to a processing board if the data packet is not a first data packet in a session. A management board receives a data packet from the switching board, examines the data packet and forwards the data packet to one of the processing boards. One or more processing boards receives non-first data packets from the switching board and data packets from the management board and processes the data packets. A firewall and a secure gateway with firewall and virtual private network functionality for processing a data packet are also described.

Abstract: In one embodiment, a method includes receiving a configuration request and a first key from a network device, granting a first class of access to the network device, sending a configuration instruction to the network device, receiving an association request from the network device, and granting a second class of access to the network device. The configuration request and the first key are received at a first time. The network device is outside a secure network segment at a first time. The first class of access is granted based on the first key. The configuration instruction is send in response to granting the first class of access. The association request includes a second key. The granting the second class of access is based on the second key.

Abstract: Techniques are described for forwarding packets in a VPLS using multi-homing PE routers configured in an “active-active” link topology. A router includes a control unit that forms a customer-facing multi-chassis link aggregation group (LAG) to include a plurality of active access links that couple the router and a second router to a multi-homed customer site associated with the VPLS domain. The control unit also forms a core-facing multi-chassis LAG within the VPLS domain to include a plurality of pseudowires that connect the router and other member routers of the core-facing LAG to a common remote router of the VPLS domain. The router receives layer two (L2) packets from the multi-homed customer site on one or more of the active access links and forwards the L2 packets to the remote router over one or more of the pseudowires using the core-facing multi-chassis LAG.

Abstract: In some embodiments, a system includes a first switch fabric device, a second switch fabric device, a first access switch operatively coupled to the first switch fabric device by a first cable, and a second access switch operatively coupled to the second switch fabric device by a second cable. The second access switch is operatively coupled to the first access switch by a third cable. The first access switch is configured to send data to the first switch fabric device via the first cable. The first access switch is configured to send data to the second switch fabric device via the third cable, the second access switch, and the second cable.

Abstract: In general, techniques are described for flexible packet processing. A network device for processing a data packet comprise a packet processing engine and a special handling unit external from the packet processing engine. The packet processing engine includes one or more of a plurality of pipelined packet processing units that, when processing the data packet, generate one or more events and determine whether to associate a trap and/or a sampling class with the data packet based on the generated events. The pipelined packet processing units then set bits of a vector that is passed between the pipelined packet processing units to associate the packet with the determined trap and/or sampling class, and processes the packet based on the set one or more bits of the vector.