Abstract: A device may receive information associated with a service chain to be implemented in association with a flow. The information associated with the service chain may include a source network address associated with the flow, a destination network address associated with the flow, a set of protocols associated with the flow, and a set of network services, of the service chain, to be implemented in association with the flow. The device may implement the service chain in association with the flow. The device may receive network traffic information associated with the flow based on implementing the service chain in association with the flow. The device may modify the service chain based on the network traffic information associated with the flow to permit a modified service chain to be implemented in association with the flow.

Abstract: An example network element includes one or more interfaces and a control unit, the control unit includes one or more processors configured to determine an egress network domain identifier (ID) and determine an abstracted interdomain network topology. The one or more processors are also configured to determine one or more interdomain paths from an abstracted ingress domain node to an abstracted egress domain node and determine whether an abstracted domain node is on the one or more interdomain paths. The one or more processors are configured to, based on the abstracted domain node being on the one or more interdomain paths, include one or more resources within a network domain in a filtered traffic engineering database (TED) and compute a path from an ingress node within the ingress network domain to an egress node within the egress network domain based on the filtered TED.

Abstract: A device may receive an instruction to classify software. The device may identify a group of one or more user interfaces associated with the software based on receiving the instruction to classify the software. The device may determine a group of one or more user interface signatures associated with the group of one or more user interfaces. A user interface signature may include information, associated with a user interface in the group of one or more user interfaces, that may be used to classify the software. The device may generate information that identifies a classification of the software based on the group of one or more user interface signatures and based on known signature information. The known signature information may include information that corresponds to a correct software classification. The device may output the information that identifies the classification of the software.

Abstract: A disclosed method may include (1) sampling traffic forwarded by a network device in accordance with certain prefixes, (2) determining, based at least in part on the sampling of traffic, a subset of the prefixes whose usages satisfy a certain threshold, (3) computing a plurality of hit probabilities that each represent a relative likelihood that one of the subset of prefixes is used by the network device to forward the traffic, (4) identifying a plurality of outgoing interfaces that carry the traffic in connection with the subset of prefixes, (5) identifying a plurality of prefix-specific loads of the outgoing interfaces, and then (6) predicting a plurality of future traffic loads of the outgoing interfaces based at least in part on (A) the hit probabilities of the subset of prefixes and (B) the prefix-specific loads of the outgoing interfaces. Various other systems and methods are also disclosed.

Abstract: High-channel-count optical transceivers can be implemented in photonic integrated circuits (PICs) with shared lasers, splitting the light of each laser between multiple lanes prior to modulation. To reduce waveguide crossings in such PICs, transmitter and self-test functionality may be distributed between separate device layers. Various beneficial transmitter circuitry layouts are disclosed.

Abstract: A device may receive a set of cryptographic parameters associated with an integer, wherein the set of cryptographic parameters includes a linked list of potential prime integers, in an order, used to generate the integer. The device may determine, iteratively and in the order, whether each potential prime integer included in the linked list of potential prime integers is a prime integer using a primality test or a lookup operation based on a set of proven prime integers. The device may determine whether the integer is a proven prime integer based on determining whether each potential prime integer included in the linked list of potential prime integers is a prime integer. The device may authorize, when the integer is a proven prime integer, the integer for use in a cryptographic protocol.

Abstract: Techniques are described for inter-domain segment routing using transport endpoint segments. A transport endpoint segment provisioned on a router within a domain represents any intra-domain tunnel originated at the router and having reachability to an indicated endpoint within the same domain. The provisioning router advertises a transport endpoint segment identifier (TESID) for the transport endpoint segment to other routers or a controller for use in segment routing. The TESID for the transport endpoint segment remains constant regardless of which intra-domain tunnel is bound to the transport endpoint segment. The provisioning router dynamically binds the transport endpoint segment to at least one intra-domain tunnel, and any changes to the bound intra-domain tunnel are updated locally at the provisioning router. In this way, an inter-domain segment routing tunnel may be constructed as a list TESIDs that are not affected by intra-domain tunnel changes.

Abstract: A network device may receive, from an application on a user device, a first network packet associated with a packet flow. The network device may identify an application identifier of the first network packet, wherein the application identifier identifies the application on the user device. The network device may select, based on the application identifier, a security protocol, wherein the security protocol is associated with at least one of an authentication header (AH) or an encryption algorithm. The network device may selectively apply, to a second network packet associated with the packet flow, at least one of the AH or the encryption algorithm, associated with the security protocol, to generate a protected network packet. The network device may transmit the protected network packet.

Abstract: A disclosed method may include (1) measuring a quality level of a first instance of a video flow received via a first link within a network, (2) measuring a quality level of a second instance of the video flow received via a second link within the network, (3) determining that the quality level of the second instance of the video flow is better than the quality level of the first instance of the video flow, and then in response to determining that the quality level of the second instance of the video flow is better, (4) performing a flow-level switchover from the first instance of the video flow to the second instance of the video flow by (A) activating the second instance of the video flow and (B) deactivating the first instance of the video flow. Various other apparatuses, systems, and methods are also disclosed.

Abstract: A network monitoring device may receive flow-tap information that identifies a traffic flow characteristic and a signed URL associated with a signed URL platform from a mediation device. The network device may map the traffic flow characteristic to the signed URL in an entry of a flow-tap filter that is maintained within a data structure of the network device. The network device may analyze, using the flow-tap filter, network traffic of the network to detect a traffic flow that is associated with the traffic flow characteristic. The network device may generate, based on detecting the traffic flow in the network traffic, a traffic flow copy that is associated with the traffic flow. The network device may provide, based on the signed URL, the traffic flow copy to the signed URL platform, wherein the traffic flow copy is to be accessible to an authorized user device via the signed URL.

Abstract: A non-transitory processor-readable medium storing code representing instructions to be executed by a processor can cause the processor to receive an indication to load balance a group of sessions associated with a network node and a switch across a group of links between a gateway device and the switch at a first time. The code causes the processor to calculate at a second time, a load based on the group of sessions and associated with a first set of links in an active configuration before the first time. The code causes the processor to send a signal to cause a set of sessions from the group of sessions to re-establish themselves at a third time based on a threshold value calculated based on the load such that the set of sessions are load balanced across a second set of links in the active configuration at the third time.

Abstract: A device may determine, based on one or more first objects of a first version of a firewall filter, a set of first firewall rules and may determine, based on one or more second objects of a second version of the firewall filter, a set of second firewall rules. The device may determine, based on the set of first firewall rules and the set of second firewall rules, modification information related to the firewall filter, wherein the modification information indicates at least one difference between the set of first firewall rules and the set of second firewall rules. The device may identify, based on the modification information, at least one object, of the one or more first objects or the one or more second objects, is a modification or has been added or deleted and may send the at least one object to an additional device.

Abstract: A network device may detect, from an application associated with a user space of the network device, a request to configure a firewall provided by a kernel of the network device with a rule. The network device may intercept the request to configure the firewall before the firewall is configured with the rule. The network device, based on intercepting the request to configure the firewall, may analyze the rule to determine whether the rule modifies a critical functionality of the firewall. The network device may reject the request to configure the firewall based on determining that the rule modifies the critical functionality of the firewall.

Abstract: In some implementations, a network device may determine throughput rate metrics for a plurality of processing units of the network device that are processing network traffic of a network. The network device may maintain the throughput rate metrics in a status table associated with the plurality of processing units. The network device may receive tunnel traffic associated with a particular tunnel of the network. The network device may determine, based on a characteristic of the tunnel traffic, a potential throughput rate associated with processing the tunnel traffic. The network device may direct the tunnel traffic to a particular processing unit, of the plurality of processing units, based on the potential throughput rate and the throughput rate metrics indicated in the status table.

Abstract: Described are various configurations for performing efficient optical and electrical testing of an opto-electrical device using a compact opto-electrical probe. The compact opto-electrical probe can include electrical contacts arranged for a given electrical contact layout of the opto-electrical device, and optical interface with a window in a probe core that transmits light from the opto-electrical device. An adjustable optical coupler of the probe can be mechanically positioned to receive light from the device's emitter to perform simultaneous optical and electrical analysis of the device.

Abstract: A first network device may configure a first bridge connecting a passive optical network (PON) controller and first optical line terminals (OLTs) of the first network device. The first network device may be associated with a PON and each of the first OLTs may be connected to a first plurality of optical network units (ONUs). The first network device may establish a connection between the first bridge and a second bridge of a second network device. The second network device is associated with the PON, the second bridge may connect with second OLTs of the second network device, and each of the second OLTs may connect to a second plurality of ONUs. The PON controller of first network device may receive traffic from a PON domain manager and may provide the traffic to the first OLTs and the first plurality of ONUs via the first bridge.

Abstract: An example photonic integrated circuit includes a transmitter circuit with a optical communication path to an optical coupler configured to couple with an optical fiber. The optical communication path has a propagation direction away from the transmitter circuit and towards the optical coupler. A counter-propagating tap diverts light sent by a light source backward against the propagation direction of the optical communication path. A photodiode receives the diverted light and measures its power level. The photodiode generates a feedback signal for the optical coupler and provides the feedback signal to the optical coupler. The optical coupler receives the feedback signal and adjusts a coupling alignment of the optical communication path to the optical fiber based on the feedback signal, which indicates the measured power level of the diverted counter-propagating light.

Abstract: An optical-electrical device can implement a feedback-based control loop for temperature of the device during component calibration. The optical-electrical device can implement compressed air to vary the device temperature during calibration. Additionally, non-active components of the device can be provided current to vary the temperature of the device in concert with the provided compressed air. Additional calibration temperatures can be implemented by activating and deactivating additional non-active components in the device, such as light sources, optical amplifiers, and modulators.

Abstract: A device receives network information associated with a network and server information associated with one or more server devices, wherein the network is associated with a network device and the one or more server devices. The device generates, based on the network information and the server information, an encapsulation profile for a tunnel encapsulation path and a route profile for the tunnel encapsulation path. The device provides, to the network device, the encapsulation profile for the tunnel encapsulation path and the route profile for the tunnel encapsulation path, and provides, to the one or more server devices, the encapsulation profile for the tunnel encapsulation path. The tunnel encapsulation path is provided between the network device and the one or more server devices, via the network, based on the encapsulation profile for the tunnel encapsulation path and the route profile for the tunnel encapsulation path.

Abstract: A first network device may configure a high-availability cluster associated with a network that includes the first network device and a second network device. The first network device may identify a plurality of devices communicatively coupled to the network and determine a set of tasks for the plurality of devices. The first network device may queue the set of tasks in a task queue that is accessible to the second network device. The second network device may perform a first task and the first network device may perform a second task of the set of tasks. The first network device may receive first result information that is associated with a performance of the first task. The first network device may determine a result associated with performing the second task. The first network device may synchronize the first result information and the second result information with the second network device.