Abstract: A device receives information identifying a specific host threat to a network, where the information includes a list of network addresses associated with the specific host threat. The device identifies network elements, of the network, associated with the specific host threat to the network, and determines a network control system associated with the identified network elements. The device determines a policy enforcement group of network elements, of the identified network elements, that maps to the list of network addresses associated with the specific host threat, where the network control system is associated with the policy enforcement group of network elements. The device determines a threat policy action to enforce for the specific host threat, and causes, via the network control system, the threat policy action to be enforced by the policy enforcement group of network elements.

Abstract: A device receives network data associated with a network that includes network devices interconnected by links at an Internet protocol (IP) layer and an optical layer of the network. The device receives constraints associated with determining a network plan for the network, where the constraints include a constraint indicating a particular time period associated with determining potential network plans for the network. The device identifies variables and values of the variables for the network plan based on the network data, and determines, within the particular time period, the potential network plans for the network based on the constraints and the values of the variables. The device identifies a potential network plan, of the potential network plans, that minimizes costs associated with operating the network, and causes the identified potential network plan to be implemented in the network by the network devices.

Abstract: The use and processing of update messages (e.g., BGP UPDATEs) that bind (e.g., MPLS) labels to address prefixes is improved such that labels are used more efficiently, and/or such that such update messages can be processed more efficiently. A distance vector control signaling protocol (e.g., BGP) peer device receives a control plane message (e.g., BGP Update) from a downstream peer device, the control plane message including (1) a network address of the downstream device as a next hop value, (2) a prefix value, and (3) at least one label associated with the prefix value. Responsive to receiving the control plane message, the peer device generates a new control plane message including (1) a network address of the peer device as a next hop value, (2) the prefix value from the control plane message, and (3) a label stack including (i) the at least one label from the control plane message, and (ii) a local label associated with the peer device.

Abstract: A device may receive a plurality of traffic flows to be provided to a set of destination devices. The device may process the plurality of traffic flows to identify respective sets of attributes associated with the plurality of traffic flows. The device may assign one of a plurality of traffic forwarding techniques, to a first traffic flow, of the plurality of traffic flows, based on the respective sets of attributes associated with the plurality of traffic flows. The device may provide the plurality of traffic flows to the set of destination devices. The device may determine that a condition, of a set of conditions associated with the plurality of traffic flows, has been satisfied in association with providing the plurality of traffic flows to the set of destination devices. The device may perform a set of actions after determining that the condition has been satisfied.

Abstract: A controller device manages a plurality of network devices. The controller device includes one or more processing units configured to receive an upgrade request; determine an upgrade graph having nodes each representing one of the network devices or a network service provided by the network, and also having one or more edges each connecting two of the nodes and representing a network redundancy or service dependency; compute and assign, an edge weight to each edge by combining results of at least one objective function, each of the at least one objective functions having a minimum objective or maximum objective for the network; partition the upgrade graph into a plurality of sub-groups based on the edge weights; determine an upgrade schedule; and upgrade software of each of the plurality of network devices according to the upgrade schedule.

Abstract: A provider edge device, capable of accessing a first type of memory and a second type of memory, may determine a network address associated with a customer edge device. The provider edge device may determine whether the customer edge device is categorized as a leaf device in an Ethernet Tree service provided by the provider edge device. The provider edge device may selectively store the network address in the first type of memory or the second type of memory based on determining whether the customer edge device is categorized as a leaf device in the Ethernet Tree service.

Abstract: In general, techniques are described for provisioning Quality of Service (QoS) behavior on tunnel endpoints. For example, a network device operating as a source tunnel endpoint, e.g., a provider edge (PE) device, may encapsulate a QoS behavior that was derived by the PE device upon receiving the packet from a source network (e.g., a customer or tenant network) and send the encapsulated packet through the tunnel across one or more intermediate networks (such as data center networks) to the destination tunnel endpoint such that the destination tunnel endpoint may apply the same QoS behavior derived by the source tunnel endpoint when injecting the original packet into a destination network (e.g., a second network of the customer or tenant) without having to re-derive the QoS behavior from customer/tenant QoS policies for the destination network.

Abstract: Techniques are disclosed for configuring multiple network devices implementing different protocols or techniques. For example, these techniques allow network devices configured with different protocols to co-exist within the same network, or for the network to seamlessly evolve from one protocol to the other. Techniques described herein provide for an SDN controller that may bridge a network system implementing different protocols, e.g., Open vSwitch Database (OVSDB) and Ethernet Virtual Private Network (EVPN), by translating high-level configuration data (e.g., desired state of the network at a high level of abstraction) that are protocol agnostic to low-level configuration data (e.g., desired state of the network at a low level of abstraction) that are protocol specific. That is, SDN controller may provide management, control, and analytics functions of a virtualized network configured to operate specifically within an OVSDB environment and/or an EVPN environment.

Abstract: A network device may receive an IPv6 packet that includes an IPv6 source address and an IPv6 destination address. The network device may determine, based on the IPv6 packet including an extension header that includes an address prefix option, whether to translate the IPv6 packet into an IPv4 packet. Additionally, based on a determination to translate the IPv6 packet into the IPv4 packet, the network device generates an IPv4 packet that includes an IPv4 source address and an IPv4 destination address. Because the PLAT unit may make the determination whether to translate the IPv6 packet into an IPv4 packet based on the IPv6 packet including the address prefix option instead of based on the IPv6 source address including a customer-translation (CLAT) source prefix, it may be unnecessary to distribute the CLAT source prefix to the network device.

Abstract: Access points which can be mounted in a variety of locations or orientations and can support multiple communications protocols are described. The access point includes a main housing, e.g., main body, and a front housing connected together by a hinge. A Wi-Fi antenna is included in the front housing in some embodiments. The access point can be used in an open or closed position. When mounted in a vertical position the front housing can be lowered into a horizontal position facilitating preferred antenna orientation. A first set of cooling fins serves to keep the internal components of the access point off a wall when the access point is wall mounted facilitating air flow. Additional fins act as a spacer between the main housing and the front housing when the access point is used in a closed position facilitating air flow around both sides of the main housing.

Abstract: Techniques are described to limit heat transfer from a first electronic component to a second electronic such as by having an aperture in a lid over the second electronic component to form a gap in the conductance of heat from the first electronic component to the second electronic component. A semiconductor electronic package includes a substrate, a first electronic component that is of a first type and that is mounted along a surface of the substrate, a second electronic component that is of a second type different than the first type and that is mounted along the surface of the substrate, and a metallic component that is positioned over the first electronic component and that has an aperture through which the second electronic component is exposed.

Abstract: This disclosure describes techniques for monitoring, scheduling, and performance management for virtualization infrastructures within networks. In one example, a computing system includes a plurality of different cloud-based compute clusters (e.g., different cloud projects), each comprising a set of compute nodes. Policy agents execute on the compute nodes to monitor performance and usage metrics relating to resources of the compute nodes. Policy controllers within each cluster deploy policies to the policy agents and evaluate performance and usage metrics from the policy agents by application of one or more rulesets for infrastructure elements of the compute cluster. Each of the policy controllers outputs data to a multi-cluster dashboard software system indicative of a current health status for the infrastructure elements based on the evaluation of the performance and usage metrics for the cluster.

Abstract: In one embodiment, an apparatus includes a network management module configured to execute at a network device operatively coupled to a switch fabric. The network management module is configured to receive a first set of configuration information associated with a subset of network resources from a set of network resources, the set of network resources being included in a virtual local area network from a plurality of virtual local area networks, the plurality of virtual local area networks being defined within the switch fabric. The first set of configuration information dynamically includes at least a second set of configuration information associated with the set of network resources.

Abstract: According to various aspects of the present disclosure, an apparatus is provided. In an aspect, the apparatus includes an optical transceiver having a first port, a second port and an optical switch coupled to the first port and the second port. The optical switch is switchable between a unidirectional port operation mode and a bidirectional port operation mode. When the optical switch is in the unidirectional port operation mode, the first port is configured to send a first optical signal, and the second port configured to receive a second optical signal. When the optical switch is in the bidirectional port operation mode, the first port configured to send the first optical signal and receive the second optical signal, and the second port configured to receive a third optical signal and not send the first signal.

Abstract: Methods and apparatus for automatically obtaining status from an isolated AP that cannot connect to the cloud. The obtained status information is then used to automatically mitigate the issue and accelerate connecting the isolated AP back to the cloud. The methods are well suited for use in a system with a variety of access points, e.g., wireless and/or wired access points, which can be used to obtain access to the Internet or another network such as “the cloud”. Network management system has been configured to monitor the network and use preconfigured data to determine a remedial action to be automatically taken when an AP loses connectivity with the cloud.