Abstract: A device may receive a firewall filter entry that includes one or more match conditions associated with filtering network traffic. The device may identify an access control list (ACL) template associated with the firewall filter entry. The ACL template may be associated with a template type. The device may identify one or more rules, for verifying the firewall filter entry, based on the template type associated with the ACL template. The device may verify the firewall filter entry using the one or more rules. The device may determine a hardware resource, for storing the firewall filter entry, based on the template type and based on verifying the firewall filter entry. The device may store the firewall filter entry using the hardware resource of the device.

Abstract: A network device may receive a packet flow, and may identify an application associated with the packet flow. The network device may determine that packets associated with the application are not to be encrypted using a security protocol. The network device may store a rule that indicates that the packets are not to be encrypted using the security protocol based on determining that the packets are not to be encrypted using the security protocol. The rule may include network layer information or transport layer information associated with the packet flow, and may exclude application layer information associated with the packet flow. The network device may transmit, based on the rule, the packets without using the security protocol to encrypt the packets.

Abstract: A method and apparatus for in-line processing a data packet while routing the packet through a router in a system transmitting data packets between a source and a destination over a network including the router. The method includes receiving the data packet and pre-processing layer header data for the data packet as the data packet is received and prior to transferring any portion of the data packet to packet memory. The data packet is thereafter stored in the packet memory. A routing through the router is determined including a next hop index describing the next connection in the network. The data packet is retrieved from the packet memory and a new layer header for the data packet is constructed from the next hop index while the data packet is being retrieved from memory. The new layer header is coupled to the data packet prior to transfer from the router.

Abstract: A publication exchange device may receive information that identifies a subscriber device, and may receive a set of subscription keys associated with subscribed-to network event information to be provided to the subscriber device. The publication exchange device may receive published network event information from one or more publisher devices, and may determine that the published network event information includes information that matches the set of subscription keys. The publication exchange device may identify the subscribed-to network event information, from the published network event information, using the set of subscription keys. The publication exchange device may provide the subscribed-to network event information to the subscriber device based on identifying the subscribed-to network event information.

Abstract: A device includes a master control card that performs control plane processing, a backup control card, where the backup control card takes over control plane processing if the master control card goes out of service, and a database card that connects to the master control card and the backup control card, where the database control card stores information relating to control plane processing. A method of achieving hitless failover in a network element includes detecting that a master control card of the network element has gone out of service, designating the backup control card as a new master control card of the network element, establishing communication with a database card of the network element, and retrieving protocol states information from the database card.

Abstract: A network device may receive network traffic, originating from an input component, via a first set of input ports of a first switching element. The first switching element may be included in a stage of a multi-stage switching fabric. The first set of input ports may be associated with the input component. The network device may determine, based on the input component, a first set of output ports of the first switching element that are reserved for the input component. The network device may route the network traffic, via the first set of output ports, to second switching elements included in another stage of the multi-stage switching fabric. The second switching elements may receive the network traffic via a second set of input ports of the second switching elements.

Abstract: The disclosed computer-implemented method may include (1) detecting an online communication session established between a plurality of computing devices, (2) identifying at least one application involved in the online communication session established between the plurality of computing devices, (3) determining a security mode for a security proxy that inspects the online communication session based at least in part on the application involved in the online communication session, and then (4) configuring the security proxy to inspect the online communication session in accordance with the determined security mode. Various other systems, methods, and apparatuses are also disclosed.

Abstract: In one embodiment, an apparatus can include a switch fabric. The apparatus can also include a first edge device operatively coupled to an edge of the switch fabric and having a plurality of ports. The apparatus can also include a second edge device operatively coupled to the edge of the switch fabric and having a plurality of ports, the switch fabric defining a plurality of single-hop paths between the first edge device and the second edge device. The first edge device configured to send to a peripheral processing device operatively coupled to the first edge device a representation of a mapping of a portion of the plurality of ports of the first edge device and a portion of the plurality of ports of the second edge device to a plurality of ports included in a non-edge device represented within a virtual multi-hop network topology.

Abstract: In some embodiments, an apparatus includes a quadrature amplitude modulation (QAM) optical modulator which includes a first phase modulator (PM), a second PM, a tunable optical coupler (TOC), and an optical combiner (OC). The TOC is configured to split a light wave at an adjustable power splitting ratio to produce a first split light wave and a second split light wave. The first PM is configured to modulate the first split light wave in response to a first multi-level electrical signal to produce a first modulated light wave. The second PM is configured to modulate the second split light wave in response to a second multi-level electrical signal to produce a second modulated light wave. The OC is then configured to combine the first modulated light wave and the second modulated light wave to generate a QAM optical signal.

Abstract: A network includes an egress node connected to an ingress node via a network path. The egress node is configured to receive, from the ingress node, a group of packets via the network path, where each packet includes an operations, administration, and management (OAM) field appended to the packet, and where the OAM field stores OAM information. The egress node is further configured to read the OAM information from the packets; analyze the OAM information, associated with one or more of the packets, to determine that a network condition exists on the network path; and notify the ingress node that the network condition exists to permit the ingress node to perform a rerouting operation.

Abstract: In some embodiments, an apparatus includes a first controller configured to be operatively coupled within a network having a set of network nodes, a forwarding gateway and a configuration entity. The first controller is configured to manage session state and node state associated with the set of network nodes independent of the forwarding gateway. The first controller is configured to fail over to a second controller when the first controller fails, without the forwarding gateway failing over and without the configuration entity failing over.

Abstract: A multilayered printed circuit board (PCB) may include a plurality of pads associated with facilitating a connection to a component. The component may include a first edge and a second edge. The plurality of pads may include a first pad, located between a second pad and the first edge. The PCB may include a plurality of vertically disposed vias electrically connected to the plurality of pads and a plurality of horizontally disposed signal layers, electrically connected by the plurality of vias, to route a set of signals toward the first edge. The set of signals may include a first signal that is routed by a first via, of the plurality of vias, and a first signal layer of the plurality of signal layers and a second signal that is routed by a second via, of the plurality of vias, and a second signal layer of the plurality of signal layers.

Abstract: In some embodiments, an apparatus includes an optical transceiver which includes a rate-adaptive forward error correction (FEC) encoder and a rate-adaptive FEC decoder. The rate-adaptive FEC encoder is configured to adjust a number of a set of known symbols associated with a codeword to achieve rate adaption. A length of the codeword is fixed. The rate-adaptive FEC encoder is configured to generate the codeword based on (1) a set of information symbols including the set of known symbols and a set of data symbols, and (2) a fixed number of a set of parity symbols generated using information symbols. The rate-adaptive FEC decoder is configured to receive a set of reliability values associated with a channel word, and expand the set of reliability values to produce an expanded set of reliability values. The rate-adaptive FEC decoder is further configured to decode the expanded set of reliability values.

Abstract: A device may receive, via a first message, first route information for directing network traffic for a network. The first route information may identify a media access control (MAC) route corresponding to a MAC address associated with a host device connecting to a subnet of the network. The first route information may fail to include Internet protocol (IP)/MAC binding information associated with the host device. The device may transmit a request for IP/MAC binding information associated with the host device. The device may receive a response, to the request for IP/MAC binding information, identifying the IP/MAC binding information. The device may advertise, via a second message, second route information for directing network traffic for the network based on receiving the response identifying the IP/MAC binding information. The second route information may identify the IP/MAC binding information associated with the host device.

Abstract: An example network system includes a layer two (L2) device and a layer three (L3) device. The L2 device includes a control unit is configured to determine a preferred network path from a first L2 network in which the L2 device resides to an intermediate L3 network in which the L3 device resides that couples the first L2 network to a second L2 network having a second L2 device. The control unit includes a management endpoint (MEP) module. The MEP module executes an operations, administration, and management (OAM) protocol to monitor the first L2 network and output an L2 frame in accordance with the OAM protocol to the L3 device to notify the L3 device that it is within the preferred network path. A MEP module of the L3 device executes an OAM protocol that outputs L2 frames to the L2 device indicating the status of the L3 network.

Abstract: A system is configured to: transmit requests to a first device and a second device; receive a first reply from the first device in response to one of the requests; determine an address of the first device based on the first reply; assign a first port to a first network when the first device is a first one of one or more devices that replied to the requests and have a same address as the first device; receive a second reply from the second device in response to another one of the requests; assign a second port to a second network when the address of the second device is the same as the address of the first device; and reassign the second port, from the second network, to the first network when a failure of the first device occurs.

Abstract: A system may include a removable board that is adapted for inserting into and removing from an enclosure, an electronic component that is attached to the removable board, and a cooling system that is attached to the removable board. The cooling system may include a first heat exchanger that is attached to the electronic component by a physical interface. The cooling system may include a coolant pipe that that is at least partially filled with a working fluid to receive heat, generated by the electronic component, via the first heat exchanger. The cooling system may include a second heat exchanger, attached to the coolant pipe and situated to be located outside of the enclosure when the removable board is inserted into the enclosure. The cooling system may be adapted to remain attached to the removable board when inserting and removing the removable board.

Abstract: In general, techniques are described for configuring and managing virtual networks. For example, a distributed virtual network controller is described that configures and manages an overlay network within a physical network formed by plurality of switches. A plurality of servers are interconnected by the switch fabric, each of the servers comprising an operating environment executing one or more virtual machines in communication via the overlay networks. The servers comprises a set of virtual switches that extends the overlay network as a virtual network to the operating environment of the virtual machines.

Abstract: In one example, a method includes performing L2 learning of a C-MAC address included in a first L2 data message by a first provider edge (PE) router included in an Ethernet Segment of a Provider-Backbone Bridging Ethernet Virtual Private Network (PBB-EVPN); sending to a second PE router within the Ethernet Segment an L2 control message comprising the C-MAC address and a B-MAC address corresponding to the Ethernet Segment of the PBB-EVPN, wherein the L2 control message informs the second PE router of the reachability of the C-MAC address through the first PE router; receiving, by the first PE router and from the second PE router, a second L2 data message as unicast traffic destined for the C-MAC address; and forwarding the second L2 data message to the first CE router.

Abstract: In general, techniques are described for dynamically scheduling and establishing paths in a multi-layer, multi-topology network to provide dynamic network resource allocation and support packet flow steering along paths prescribed at any layer or combination of layers of the network. In one example, a multi-topology path computation element (PCE) accepts requests from client applications for dedicated paths. The PCE receives topology information from network devices and attempts to identify paths through a layer or combination of layers of the network that can be established at the requested time in view of the specifications requested for the dedicated paths and the anticipated bandwidth/capacity available in the network. The PCE schedules the identified paths through the one or more layers of the network to carry traffic for the requested paths. At the scheduled times, the PCE programs path forwarding information into network nodes to establish the scheduled paths.