Abstract: A customer edge device is connected, in a multi-homed configuration, to a device via a downlink of the device and to another device via another downlink of the other device. The device may determine that each of one or more uplinks of the device has an inactive interface status and may thereby cause the downlink of the device to be down. This may cause the customer edge device to communicate network traffic via the other downlink of the other device. The device may determine that at least one uplink, of the one or more uplinks, has an active interface status and may thereby cause the downlink to be up. This may cause the customer edge device to communicate network traffic via the downlink of the device.

Abstract: Techniques are disclosed for overlaying logical switch fabrics upon a physical switch fabric comprising multiple physical switch devices. In one example, a network device determines an overlay network associated with a received packet. The network device determines a logical identifier that is associated with the overlay network. In some examples, the logical identifier corresponds to a color. The network device selects a logical switch fabric that is associated with the logical identifier from a plurality of other logical switch fabrics that are overlaid upon a physical switch fabric comprising a plurality of network switch devices. The network device forwards the received packet to the selected logical switch fabric for transport across the physical switch fabric.

Abstract: In general, techniques are described for deploying and managing a virtual router having Data Plane Development Kit (DPDK) functionality to a computing device. In an example, a method includes creating, by a container orchestration platform executing on a computing device, a virtual router custom resource instance of a virtual router custom resource definition, the virtual router custom resource instance for a virtual router to execute on the computing device; based on configuration data for the virtual router custom resource instance, by the container orchestration platform, modifying the virtual router custom resource instance with the configuration data and deploying a first virtual computing instance comprising a virtual router configured according to the modified virtual router custom resource instance; and executing, by the computing device, the virtual router to process a packet.

Abstract: A network device may determine that network traffic for a communication session between a first peer device and a second peer device is to be protected using a security protocol suite. The network device may establish, using one or more tunnels, multiple security associations that are to be used to securely provide the network traffic of the communication session over an unsecured medium. The network device may determine a rekey scheduling time for each security association, of the multiple security associations, based on a combination of configuration information and dynamic network device information. The network device may perform, at each rekey scheduling time, a rekeying procedure to rekey each security association of the multiple security associations.

Abstract: A first network device may receive an advertisement that includes a prefix for a second network device, wherein the advertisement is destined for a third network device. The first network device may determine, based on a network topology, whether a next hop is one hop away or multiple hops away. The first network device may selectively modify the advertisement to include a first segment identifier, based on the next hop being one hop away and to generate a first modified advertisement, or may modify the advertisement to include a second segment identifier, based on the next hop being multiple hops away and to generate a second modified advertisement. The first network device may forward the first modified advertisement or the second modified advertisement toward the third network device.

Abstract: A disaggregated broadband network gateway (DBNG) control plane system may receive an association setup request message from a DBNG user plane device, wherein the association setup request message is received via a state control interface between the DBNG control plane system and the DBNG user plane device. The DBNG control plane system may determine, based on the association setup request message, one or more capabilities of the DBNG user plane device and may thereby cause one or more additional state control interfaces to be established between the DBNG control plane system and the DBNG user plane device. The DBNG control plane system and the DBNG control plane system may communicate messages associated with a first message type via the state control interface and may communicate messages associated with a second message type via at least one of the one or more additional state control interfaces.

Abstract: An example method comprises determining, by an edge services controller, based on a respective predicted resource utilization value for each of a plurality of servers, a corresponding server weight for each of the plurality of servers; the plurality of servers comprising respective network interface cards (NICs), wherein each NIC of the plurality of NICs comprises an embedded switch and a processing unit coupled to the embedded switch; determining, by the edge services controller, based on a respective predicted resource utilization value for each of a plurality of services, a corresponding application weight for each of the plurality of services; and scheduling, by the edge services controller, based on the respective server weight for a server of the plurality of servers and the respective application weight for the service, a service of the plurality of services on the server.

Abstract: A controller device receives, from a plurality of assisted replication network devices, respective utilization information associated with the plurality of assisted replication network devices. The controller device generates, based on the respective utilization information associated with the plurality of assisted replication network devices, load balancing information for a network device associated with two or more assisted replication network devices of the plurality of assisted replication network devices, and sends, to the network device, the load balancing information. The network selects, based on the load balancing information, a particular assisted replication network device of the two or more assisted replication network devices.

Abstract: A network device may poll data for counters of the network device, and may store, for a first time interval, the data polled for the counters in a data structure. The network device may maintain the data polled for the counters in the data structure for a second time interval that is longer than the first time interval, and may receive, from a network management system (NMS), a request for data polled for the counters with the second time interval. The network device may determine, based on the request, whether the NMS is authorized to receive the data polled for the counter, and may provide, to the NMS, the data polled for the counters, with the second time interval, when on the NMS is authorized to receive the data polled for the counters.

Abstract: Techniques are described by which a network management system (NMS) is configured determine a specific wireless channel assigned to a first AP device. The NMS is further configured to determine one or more neighboring AP devices that are within a certain proximity of the first AP device and generate a packetized scan command for each of the one or more neighboring AP devices. The NMS is further configured to send the packetized scan command to each of the one or more neighboring AP devices and receive, from the first AP device and each of the one or more neighboring AP devices, signal samples of a client device connected to the first AP device on the specific wireless channel assigned to the first AP device. The NMS is further configured to, based on the received signal samples, determine a location within the site of the client device.

Abstract: A system may identify a security intent policy model associated with an initial time. The system may generate one or more delta snapshots that respectively indicate one or more incremental changes to the security intent policy model at times subsequent to the initial time. The system may determine that the system is to deploy an updated version of the security intent policy model to a device and may thereby determine a previous deployment time at which the system deployed a previous version of the security intent policy model to the device. The system may generate, based on the one or more delta snapshots and the previous deployment time, a cumulative delta snapshot, and may thereby update a low-level security intent policy model associated with the device. The system may generate, based on the low-level security intent policy model, device-level security configuration information for the device.

Abstract: Techniques are disclosed for a network management system (NMS) that performs quality of service (QoS) monitoring and troubleshooting of user experience issues occurring outside of a network managed by the NMS using data obtained from third-party sources. For example, an NMS obtains third-party data of a third-party application server or third-party service provider server from a third-party monitoring vendor. The NMS identifies a user experience issue indicated by the third-party data and stitches the third-party data to network data received from network devices. The NMS determines a root cause or a remedial action of the user experience issue based at least on the network data received from the one or more network devices. The NMS generates a notification for presentation to an administrator device which identifies the root cause or the remedial action of the user experience issue.

Abstract: A device may receive network traffic data that includes network traffic packet sizes, and may transform the network traffic data into transformed data. The device may process the transformed data, with a machine learning model, to generate an embedding, and may obtain a similarity metric for the embedding. The device may create a graph with nodes and edges based on the embedding and the similarity metric, and may process the graph, with a community detection model, to identify network traffic categories for the network traffic data. The device may perform one or more actions based on the network traffic categories.

Abstract: A method is described for measuring a communication latency between a first device with a first local clock and a second device with a second local clock, the devices interconnected for digital communication to a network, comprising sending an upstream communication and a downstream communication between the devices, and measuring using said local clocks an upstream send time (?1), an upstream receive time (?2), a downstream send time (?3) and a downstream receive time (?4); calculating a first measured delay (y1) as ?2-?1 and calculating a second measured delay (y2) as ?4-?3; providing said measured delays (y1, y2) to a recursive filter function arranged to estimate a first latency (d1) and a second latency (d2) based on said measured delays (y1, y2) and on values for the first and second latencies (d1, d2) previously estimated by said recursive filter function, and iterating. The invention also relates to a system and computer software product.

Abstract: A network device may receive a redundant identifier certificate associated with a redundant routing module, and may provide, to a bootstrap device, a primary identifier certificate associated with a primary routing module associated with the network device. The network device may establish a secure connection with the bootstrap device based on the bootstrap device verifying an authenticity of the primary routing module via the primary identifier certificate. The network device may provide, to the bootstrap device via the secure connection, a redundant routing module identifier associated with the redundant routing module and may receive, from the bootstrap device via the secure connection, a signed certificate chain associated with the redundant routing module. The network device may verify the signed certificate chain and may verify the redundant identifier certificate, associated with the redundant routing module, based on verifying the signed certificate chain.

Abstract: A network device may identify a link aggregation group (LAG) of a plurality of links between the network device and another network device. The network device may identify link aggregation control protocol (LACP) parameters that were communicated by the network device and the other network device in association with the LAG. The network device may determine, based on the LACP parameters, a priority order of the plurality of links in the LAG. The network device may communicate with the other network device, and based on the priority order of the plurality of links of the LAG, one or more precision time protocol (PTP) messages via the LAG. For example, the network device may determine that a first link and a second link in the priority order are not available, and therefore may communicate the one or more PTP messages via a third link in the priority order.

Abstract: In some implementations, a broadband network gateway (BNG) may receive, from a customer premises equipment, a dynamic host configuration protocol (DHCP) discover request, wherein the BNG is connected to the customer premises equipment and a fixed mobile interworking function (FMIF). The BNG may communicate with, based on the DHCP discover request, the FMIF. The BNG may provide to the customer premises equipment, and based on communicating with the FMIF, a DHCP offer that offers utilization of the BNG as a DHCP server. The BNG may receive from the customer premises equipment, and based on providing the DHCP offer, a DHCP request to request utilization of the BNG as the DHCP server. The BNG may provide to the customer premises equipment, and based on the DHCP request, a DHCP acknowledgment that acknowledges utilization of the BNG as the DHCP server.

Abstract: Techniques are disclosed for maintaining processing unit core affinity for fragmented packets. In one example, a service physical interface card (PIC) implementing a service plane of a network device receives fragmented and/or non-fragmented packet data for a traffic flow. The service PIC comprises at least one processing unit comprising multiple cores. A routing engine operating in a control plane of the network device defines one or more core groups comprising a subset of the cores. The routing engine assigns the traffic flow to a core group and a forwarding engine operating in a forwarding plane of the network device forwards the packet data for the traffic flow to the assigned core group. A core of the assigned core group applies a network service to the fragmented and/or non-fragmented packet data for the traffic flow, and the forwarding engine forwards the packet data for the traffic flow toward a destination.

Abstract: A device may cause a Media Access Control Security (MACsec) session to be established on a first link of a link aggregation group (LAG) that includes a plurality of links with a different device. The device may cause a data structure to be updated to identify the first link as a MACsec enabled LAG link and may send traffic via the first link. The device may cause a MACsec session to be established on at least one additional link of the LAG and may cause the data structure to be updated to identify the at least one additional link as a MACsec enabled LAG link. The device may send, after causing the data structure to be updated to identify the at least one additional link as a MACsec enabled LAG link, additional traffic via the first link and the at least one additional link.