Abstract: In some examples, a computing device comprises a first service function instance to apply a service function and a service function forwarder to: receive a first layer 3 routing protocol route advertisement that includes service function instance data for a second service function instance, the service function instance data indicating a service function type and a service identifier for the service function instance; receive a second layer 3 routing protocol route advertisement that includes service function chain data for a service function chain, the service function chain data indicating a service path identifier and one or more service function items; and send, to the second service function instance and based at least on determining a service function item of the one or more service function items indicates the second service function instance, a packet classified to the service function chain.

Abstract: Techniques are disclosed for service-based tunnel selection for forwarding network traffic. In one example, a network device obtains, based on service parameters associated with a network service, a tunnel selection scheme. The tunnel selection scheme identifies a primary mapping mode including a primary service color for mapping the network service to a primary service color transport tunnel and at least one fallback service color for mapping the network service to at least one fallback service color transport tunnel. The tunnel selection scheme also identifies at least one fallback mapping mode for mapping the network service to fallback transport tunnels. The primary mapping mode is categorized according to a first type comprising tunnel colorization, while the at least one fallback mapping mode is categorized according to a type other than tunnel colorization.

Abstract: In one embodiment, edge devices can be configured to be coupled to a multi-stage switch fabric and peripheral processing devices. The edge devices and the multi-stage switch fabric can collectively define a single logical entity. A first edge device from the edge devices can be configured to be coupled to a first peripheral processing device from the peripheral processing devices. The second edge device from the edge devices can be configured to be coupled to a second peripheral processing device from the peripheral processing devices. The first edge device can be configured such that virtual resources including a first virtual resource can be defined at the first peripheral processing device. A network management module coupled to the edge devices and configured to provision the virtual resources such that the first virtual resource can be migrated from the first peripheral processing device to the second peripheral processing device.

Abstract: Failure impact analysis (or “impact analysis”) is a process that involves identifying effects of a network event that are may or will results from the network event. In one example, this disclosure describes a method that includes generating, by a control system managing a resource group, a resource graph that models resource and event dependencies between a plurality of resources within the resource group; detecting, by the control system, a first event affecting a first resource of the plurality of resources, wherein the first event is a network event; and identifying, by the control system and based on the dependencies modeled by the resource graph, a second resource that is expected to be affected by the first event.

Abstract: A method includes applying, to a modulated digital signal, a forward error correction (FEC) including a low-density parity-check (LDPC) to produce a coded digital signal. Nyquist shaping is applied to the coded digital signal to generate a filtered digital signal. A representation of the filtered digital signal is transmitted in an optical communication channel via a dense wavelength division multiplexing (DWDM) scheme.

Abstract: In general, techniques are described for communicating state information in distribute operating system. A network device comprises a first hardware node and a second hardware node. The first hardware node may execute a first instance of a distributed operating system, and maintain a first data structure that stores a plurality of objects defining a portion of state information. The second hardware node may execute a second instance of the distributed operating system, and maintain a second data structure that stores synchronized versions of the plurality of objects. The first hardware node may further receive updated state information, update the first data structure to include the updated state information, and synchronize the updated first data structure with the second data structure. The second hardware node may synchronize the second data structure with the updated first data structure.

Abstract: A controller device manages a plurality of network devices. The controller device includes a memory configured to store a dependency model representing dependencies between resources provided by the network devices and a programmed merge strategy, and one or more processors implemented in circuitry and configured to: determine the resources provided by the network devices; determine relationships between the resources according to the programmed merge strategy; construct the dependency model using the determined relationships; determine that at least one of the resources has experienced a failure; and perform a root cause analysis using the dependency mathematical model to determine a root cause of the failure of the at least one of the resources.

Abstract: An Access Gateway Function (AGF) node can receive requests to join a multicast stream from a computing device. If the request is the first request to join the multicast stream, the AGF can forward the request to the UPF node. The multicast stream is then received via a tunnel between the AGF node and UPF node that is associated with the computing device. The tunnel associated with the first computing device to request joining the multicast stream can be a primary tunnel for the multicast stream. Subsequent requests to join the same multicast stream can cause the AGF node add tunnels associated with the requesting computing devices as secondary tunnels. The multicast stream is received via the primary tunnel and replicated to computing devices associated with the secondary tunnels. A secondary tunnel may be promoted to a primary tunnel in response to a failure or disconnection of the primary tunnel.

Abstract: A network device may decrypt a record received from a source device and associated with an encrypted session. The network device may process the decrypted record. The network device may encrypt the record to generate an encrypted payload. The network device may store an entry in a retransmission mapping that includes a decryption key used to decrypt the record and an encryption key used to encrypt the record. The network device may transmit the encrypted payload in a first TCP packet toward the destination device. The network device may receive retransmitted data and may determine, based on the record entry, that the retransmitted data is associated with the record. The network device may decrypt, using the decryption key, the retransmitted data and may re-encrypt, using the encryption key, the decrypted record. The network device may transmit, toward the destination device, the encrypted payload in a second TCP packet.

Abstract: A system for configuring a data center includes a fabric management server coupled to a management switch. A provisional Software Defined Networking (SDN) controller executing on the fabric management server can discover physical servers coupled to the management switch, receive network interface configuration information from the physical servers, and use the discovered network interface configuration information to determine a configuration for switches and servers coupled to an IP fabric. The configuration can be migrated to a full functionality SDN controller.

Abstract: An example network element includes one or more interfaces and a control unit, the control unit includes one or more processors configured to determine an egress network domain identifier (ID) and determine an abstracted interdomain network topology. The one or more processors are also configured to determine one or more interdomain paths from an abstracted ingress domain node to an abstracted egress domain node and determine whether an abstracted domain node is on the one or more interdomain paths. The one or more processors are configured to, based on the abstracted domain node being on the one or more interdomain paths, include one or more resources within a network domain in a filtered traffic engineering database (TED) and compute a path from an ingress node within the ingress network domain to an egress node within the egress network domain based on the filtered TED.

Abstract: A device receives network data associated with a network that includes network devices interconnected by links, and receives parameters associated with determining a network plan for the network. The device generates candidate links for each potential network plan of multiple potential network plans for the network, based on the parameters and based on a criterion associated with generating the candidate links. The device generates candidate paths for each potential network plan based on the parameters, and selects a portion of the candidate links and a portion of the candidate paths. The device generates each potential network plan based on the portion of the candidate links and the portion of the candidate paths, and identifies a potential network plan, of the multiple potential network plans, that reduces resource usage associated with operating the network. The device causes the potential network plan to be implemented in the network.

Abstract: A device may receive an instruction to classify software. The device may identify a group of one or more user interfaces associated with the software based on receiving the instruction to classify the software. The device may determine a group of one or more user interface signatures associated with the group of one or more user interfaces. A user interface signature may include information, associated with a user interface in the group of one or more user interfaces, that may be used to classify the software. The device may generate information that identifies a classification of the software based on the group of one or more user interface signatures and based on known signature information. The known signature information may include information that corresponds to a correct software classification. The device may output the information that identifies the classification of the software.

Abstract: A device may receive information associated with a service chain to be implemented in association with a flow. The information associated with the service chain may include a source network address associated with the flow, a destination network address associated with the flow, a set of protocols associated with the flow, and a set of network services, of the service chain, to be implemented in association with the flow. The device may implement the service chain in association with the flow. The device may receive network traffic information associated with the flow based on implementing the service chain in association with the flow. The device may modify the service chain based on the network traffic information associated with the flow to permit a modified service chain to be implemented in association with the flow.

Abstract: A device may receive a request for a network service configuration (NSC) that is to be used to configure network devices. The device may select a graphical data model that has been trained via machine learning to analyze a dataset that includes information relating to a set of network configuration services, where aspects of a subset of the set of network configuration services have been created over time. The device may determine, by using the graphical data model, a path through a set of states of the graphical data model, where the path corresponds to a particular NSC. The device may select the particular NSC based on the path determined. The device may perform a first group of actions to provide data identifying the particular NSC for display, and/or a second group of actions to implement the particular NSC on the network devices.

Abstract: A network device may receive, from an endpoint device, a first message that includes first endpoint identification information. The network device may be connected to the endpoint device via a plurality of links. The network device may receive, from another network device, a second message that includes second endpoint identification information. The network device may determine whether the first endpoint identification information corresponds to the second endpoint identification information. The network device may cause, based on determining whether the first endpoint identification information corresponds to the second endpoint identification information, a state of the plurality of links to be maintained or changed.

Abstract: In one example, a method comprises generating, by a forwarding manager for an internal forwarding path executed by a plurality of packet processors of a forwarding unit of a network device, a dependencies structure that specifies one or more dependencies for a plurality of nodes, wherein the plurality of nodes represent different types of forwarding path elements of the forwarding path, wherein the plurality of nodes is binded to a first set of one or more packet processors of the plurality of packet processors; and rebinding, by the forwarding manager, a second set of one or more packet processors of the plurality of packet processors to the plurality of nodes, wherein rebinding the second set of one or more packet processors to the plurality of nodes is performed in a reverse direction of the dependencies structure.

Abstract: A device may receive a set of cryptographic parameters associated with an integer, wherein the set of cryptographic parameters includes a linked list of potential prime integers, in an order, used to generate the integer. The device may determine, iteratively and in the order, whether each potential prime integer included in the linked list of potential prime integers is a prime integer using a primality test or a lookup operation based on a set of proven prime integers. The device may determine whether the integer is a proven prime integer based on determining whether each potential prime integer included in the linked list of potential prime integers is a prime integer. The device may authorize, when the integer is a proven prime integer, the integer for use in a cryptographic protocol.

Abstract: A disclosed method may include (1) sampling traffic forwarded by a network device in accordance with certain prefixes, (2) determining, based at least in part on the sampling of traffic, a subset of the prefixes whose usages satisfy a certain threshold, (3) computing a plurality of hit probabilities that each represent a relative likelihood that one of the subset of prefixes is used by the network device to forward the traffic, (4) identifying a plurality of outgoing interfaces that carry the traffic in connection with the subset of prefixes, (5) identifying a plurality of prefix-specific loads of the outgoing interfaces, and then (6) predicting a plurality of future traffic loads of the outgoing interfaces based at least in part on (A) the hit probabilities of the subset of prefixes and (B) the prefix-specific loads of the outgoing interfaces. Various other systems and methods are also disclosed.

Abstract: A disclosed method may include (1) identifying a memory buffer that is allocated to a packet on a computing device, (2) identifying one or more characteristics of the memory buffer allocated to the packet on the computing device, (3) determining, based at least in part on the characteristics of the memory buffer, that the memory buffer allocated to the packet has leaked, and then in response to determining that the memory buffer has leaked, (4) performing at least one action to remedy the leak of the memory buffer. Various other apparatuses, systems, and methods are also disclosed.