Abstract: In general, techniques provide a mapping of host devices to different virtual router identifiers used to identify the source MAC address used for forwarding packets to the participating host devices. For example, a method may include receiving an Address Resolution Protocol (ARP) request for a first Internet protocol (IP) address from a host device, the first IP address comprising a virtual IP address of the virtual router. The method may also include determining a virtual router redundancy protocol (VRRP) virtual router identifier (VRID) associated with the first IP address. The method may further include generating a mapping between the host device and the determined VRID. The method may also include determining a virtual source MAC address of the virtual router based on the mapping and forwarding a second packet to the host device that specifies a virtual source MAC address for the second packet.

Abstract: In some examples, a method includes receiving, by a first ingress network device of a network, a source tree join route message from an egress network device of the network, the source tree join route message specifying a multicast source and a multicast group, and in response to receiving, by the first ingress network device, a source active auto-discovery route message from a second ingress network device of the network indicating that the second ingress network device has switched from using a shared multicast tree to using a shortest path tree to deliver multicast traffic from the multicast source, electing one of the first ingress network device or the second ingress network device as a single active forwarder for forwarding the multicast traffic received from the multicast source for the multicast group.

Abstract: A device may include one or more memories, and one or more processors to receive a plurality of packets over a network. Packets, of the plurality of packets, may relate to a subscriber. The subscriber may be a source subscriber from which the packets are initiated or a destination subscriber to which the packets are destined. The device may determine whether a rate of receipt of the packets satisfies a first threshold, detect whether a level of processor usage satisfies a second threshold, and perform one or more actions to cause filtering of additional packets relating to the subscriber based on whether the rate of receipt of the packets satisfies the first threshold and based on whether the level of processor usage satisfies the second threshold. The device may monitor filtering of the additional packets to determine whether to filter further packets relating to the subscriber.

Abstract: Techniques are described for establishing lower priority LSPs on paths determined to be less likely to include bandwidth constrained links. In one example, a router includes a plurality of physical interfaces each having at least one link interconnecting the router as one of a plurality of routers in a network and a processor. The processor is configured to determine whether a link of one of the plurality of physical interfaces is congested based at least in part on an amount of available bandwidth on the link, and, responsive to determining that the link is congested, set a bandwidth subscription for the link, wherein the bandwidth subscription specifies that the amount of available bandwidth on the link for label switched paths having a lower priority is less than the amount of available bandwidth on the link for label switched paths having a higher priority.

Abstract: A provider edge device may receive a first MAC/IP route advertisement that identifies a MAC route, or a MAC and IP route, relating to an endpoint device. The provider edge device may generate and provide a MAC/IP route proxy advertisement based on the MAC route or the MAC and IP route, detect a potential decrease in reliability of the MAC route or the MAC and IP route, broadcast a request to verify the reliability of the MAC and IP route, determine whether the reliability of the MAC route, or the MAC and IP route, has decreased, and perform an action to cause withdrawal of the MAC/IP route proxy advertisement, or to cause a second MAC/IP route advertisement that identifies the MAC route, or the MAC and IP route, to be provided, based on determining whether the reliability of the MAC route, or the MAC and IP route, has decreased.

Abstract: In general, techniques are described for generating reversible mappings for management systems. The management system may include an interface and a processor. The interface may communicatively couple the management system to network devices. The processor may generate a data structure that represents each expression of a forward mapping as a separate node of the data structure. The processor may also translate one or more of the expressions represented as the separate nodes in the data structure to corresponding one or more negated expressions so as to form a reverse mapping. Further, the processor may apply the reverse mapping to the low-level configuration of the first network device to obtain the high-level configuration.

Abstract: A device may include one or more processors to receive a file that may be analyzed for malware; open the received file in a secure environment; determine that a secondary file in the secure environment may have been accessed based on the received file being opened; analyze the secondary file in the secure environment to identify malware; and/or perform an action associated with the received file based on the secondary file being analyzed.

Abstract: Techniques are described for optimizing the placement of automatically generated rules within security policies. An administrator may, for example, interact with the graphical representation of rules rendered by the threat control module and, responsive to the interaction, the system may determine an optimal placement for the created rule in the list of rules for the identified security device based on either the existence of anomalies or threat IP data and/or advanced security parameters. In this way, the system allows administrators to configure rules with the most optimal sequence to detect threats.

Abstract: Techniques are described for establishing a segment routed label switched path (LSP) regardless of whether a router along the shortest path is not enabled for segment routing. For example, a resource reservation LSP (e.g., a resource reservation protocol (RSVP) LSP) is established across the router that is not enabled for segment routing, such that the segment routed LSP may be established to tunnel through the resource reservation LSP. For example, when a centralized controller receives a request to establish a path using segment routing, one or more routers along the shortest path may not be enabled for segment routing. Instead of rejecting the request to establish the segment routed LSP in response to determining that one or more routers in a selected path are not enabled for segment routing, the controller may establish a resource reservation LSP to tunnel around the router that is not enabled for segment routing.

Abstract: A device may receive a file to be analyzed in a sandbox environment, and may determine configuration information for configuring the sandbox environment. The configuration information may be determined based on at least one of: file information associated with the file to be analyzed, or client device information associated with a client device for which the file is intended. The device may configure the sandbox environment using the configuration information. The configuration information may identify a system configuration for the sandbox environment. The device may analyze the file in the sandbox environment based on configuring the sandbox environment using the configuration information.

Abstract: An example network device includes a memory configured to store existing configuration information formatted according to a high level structured input format for the network device, and a processor comprising digital logic circuitry and configured to receive data defining new configuration information formatted according to the high level structured input format, determine one or more differences between the new configuration information and the existing configuration information, translate the one or more differences into one or more sets of data defining device level configuration changes for the network device without translating the entire new configuration information, and configure the network device to update existing device level configuration for the network device according to the sets of data defining the device level configuration changes.

Abstract: Techniques are described for forwarding traffic within an Ethernet Virtual Private Network (EVPN) fabric of port-extenders by modeling a port-extender as a port-extender Ethernet segment. For example, a method includes receiving, by a provider edge (PE) device of a plurality of PE devices configured with an EVPN instance reachable by a port-extender Ethernet segment connecting the plurality of PE devices to a port-extender device, an EVPN route including information identifying an extended-port of the port-extender device associated with the port-extender Ethernet segment; storing, by the PE device, the information identifying the extended-port of the port-extender device associated with the port-extender Ethernet segment; and generating, by the PE device, a packet header of a data packet to be forwarded toward the extended-port of the port-extender device, the packet header including the information identifying the extended-port of the port-extender device.

Abstract: In some examples, an electronic device includes a printed circuit board (PCB) device that includes a first trace electrically connected to a first pad of a first trace via on a first layer and a second trace electrically connected to a second pad of a second trace via on a second layer. In some examples, the PCB device also includes four ground pads on the first layer and an antipad surrounding the two trace vias, where a first ground pad is positioned between the first trace and the second trace, where the first ground pad and the second ground pad are approximately symmetrically positioned about a perpendicular bisector of a line from the first pad to the second pad, and wherein the third ground pad and the fourth ground pad are approximately symmetrically positioned about the perpendicular bisector of the line from the first pad to the second pad.

Abstract: In some examples, a method includes selecting, by a first virtual routing node of a single-chassis network device having a plurality of forwarding components and a plurality of fabric links coupling respective pairs of the plurality of forwarding components at respective fabric interfaces of the plurality of forwarding components, a fabric interface of a forwarding component of the plurality of forwarding components that has an egress interface toward a network destination and that is associated with the first virtual routing node; in response to receiving a message specifying the fabric interface, storing, by the second virtual routing node to a context forwarding table of the second virtual node, the fabric interface as a next hop for the network destination; selecting, by the second virtual routing node and based on the context forwarding table and a context next hop in a first forwarding table pointing to the context forwarding table, the fabric interface for forwarding network packets destined for the ne

Abstract: A device determines a first current, of a first input phase of a power system, and a second current, of a second input phase of the power system. The device determines whether the first input phase and the second input phase are balanced based on the first current and the second current. When the first input phase and the second input phase are not balanced, the device selects the first input phase and an output phase of the power system. The device balances the first input phase and the second input phase by using the first input phase and the output phase.

Abstract: In some examples, a switching system includes a plurality of fabric endpoints and a multi-stage switching fabric having a plurality of fabric planes each having a plurality of stages to switch data units between any of the plurality of fabric endpoints. A fabric endpoint of the fabric endpoints is configured to send, to a switch of a first one of the stages and within a first fabric plane of the plurality of fabric planes, a self-ping message destined for the fabric endpoint. The fabric endpoint is configured to send, in response to determining the fabric endpoint has not received the self-ping message after a predetermined time, an indication of a connectivity fault for the first fabric plane.

Abstract: In some embodiments, an apparatus includes an optical transmitter module that can be electrically coupled to an electrical serializer/deserializer and a controller. The optical transmitter module can include an electrical detector that can receive an in-band signal. The electrical detector can send to the controller a first power error signal and a second power error signal based on the in-band signal. The controller can send a correction control signal to the electrical serializer/deserializer based on the first power error signal and the second power error signal such that the electrical serializer/deserializer sends a pre-emphasized signal to the optical transmitter module based on the correction control signal. In such embodiments, the first power error signal, the second power signal and the correction control signal are out-of-band signals.

Abstract: A controller coordinates execution of a set of related processes executed by respective devices in the virtual network, wherein coordinating comprises causing the respective devices to execute the set of related processes; receiving a data set for the set of related processes from the respective devices, comprising receiving operational states of the related processes from the respective devices; reading a previous data set comprising previous operational states of the related processes from the respective devices; processing an update to the previous operational states from the received operational states of the received data set; and aggregating the received operational states of the data set with the previous operational states of the related processes to form aggregated data of updated operational states.

Abstract: A network device may detect a reduced switching fabric bandwidth due to switching fabric degradation of a switching fabric. The network device may allocate the reduced switching fabric bandwidth to one or more interfaces of a packet processor. The network device may determine a first maximum reservable bandwidth for an interface of the one or more interfaces. The network device may identify a reserved bandwidth for the interface. The network device may determine an unreserved bandwidth for the interface based on the first maximum reservable bandwidth and the reserved bandwidth. The network device may advertise the unreserved bandwidth, for the interface, to a neighbor network device that communicates with the network device via the interface. The network device may provide an instruction, to the neighbor network device, for the neighbor network device to update a second maximum reservable bandwidth associated with the neighbor network device.