Abstract: In some embodiments, a system includes a set of servers, a set of switches within a switch fabric, and an optical device. The optical device is operatively coupled to the set of servers via a first set of optical fibers. Each server from the set of servers is associated with at least one wavelength from a set of wavelengths upon connection to the optical device. The optical device is operatively coupled to each switch from a set of switches via an optical fiber from a second set of optical fibers. The optical device, when operative, wavelength demultiplexes optical signals received from each switch from the set of switches, and sends, for each wavelength from the set of wavelengths, optical signals for that wavelength to the server from the set of servers.

Abstract: Techniques are described for applying double experimental (EXP) quality of service (QoS) markings to Multiprotocol Label Switching (MPLS) packets. According to the techniques, an edge router of an MPLS network is configured to map a Differentiated Services Code Point (DSCP) marking for customer traffic to at least two EXP fields of at least two different labels included in a MPLS packet encapsulating the customer traffic. In this way, the edge router may map the full DSCP marking across the first and second EXP fields to provide full resolution QoS for the customer traffic over the MPLS network. The techniques also include a core router of an MPLS network configured to identify a QoS profile for a received MPLS packet based on a combination of a first EXP field of a first label and a second EXP field of a second label included in the MPLS packet.

Abstract: A method and a network device are provided to transmit network packets through a network security device. The method, performed by the network device, receives a request to send a network packet from a first computing device to a second computing device over a network that includes the network device and the network security device. The network packet includes a first network interface identifier for identifying the first computing device and a second network interface identifier for identifying the second computing device. The method identifies third and fourth network interface identifiers that cause the network packet to be transmitted through the network security device. The method transmits the network packet over the network through the network security device using the third and fourth network interface identifiers. The method transmits the network packet to the second computing device using the first and second network interface identifiers.

Abstract: A device may receive client cipher information, associated with initiating a secure session, identifying at least one key exchange cipher supported by a client device associated with the secure session. The device may determine, based on the client cipher information, that a Diffie-Hellman key exchange is to be used to establish the secure session. The device may determine whether a server device, associated with the secure session, supports use of the Diffie-Hellman key exchange. The device may manage establishment of the secure session using a first decryption technique based on determining that the server device does not support the use of the Diffie-Hellman key exchange, or manage establishment of the secure session using a second decryption technique based on determining that the server device supports the use of the Diffie-Hellman key exchange or being unable to determine whether the server device supports the use of the Diffie-Hellman key exchange.

Abstract: The disclosed apparatus may include a storage device that stores an asymmetric key pair including a public encryption key and a private encryption key assigned to a computing device. This apparatus may also include at least one processing unit communicatively coupled to the storage device. The processing unit may encrypt, via one key within the asymmetric key pair, a copy of identification information that identifies the computing device. The processing unit may then maintain the encrypted copy of the identification information and an unencrypted copy of the identification information in connection with the computing device. Next, the processing unit may detect evidence of device tampering in connection with the computing device by (1) decrypting, via another key within the asymmetric key pair, the encrypted copy of the identification information and (2) determining that the decrypted copy of the identification information differs from the unencrypted copy of the identification information.

Abstract: An example device includes a control unit that provides an execution environment for a network management application and a network interface. The network management application generates a request message based at least in part on a predicted amount of time required for the device to receive a response to a request message, wherein the predicted amount of time is based at least in part on object identifier processing time information, and wherein the predicted amount of time satisfies a timeout threshold. The network interface sends the request message and receives the response message. The network management application determines an amount of time that elapsed between when the device sent the request message and received the response message, and, responsive to determining that the amount of time that elapsed does not satisfy the timeout threshold, updates at least one of the object identifier processing time information and the timeout.

Abstract: In some embodiments, an apparatus includes an optical transceiver that includes a first set of electrical transmitters operatively coupled to a switch. Each electrical transmitter from the first set of electrical transmitters is configured to transmit an electrical signal from a set of electrical signals. In such embodiments, the switch is configured to switch an electrical signal from the set of electrical signals such that the set of electrical signals are transmitted via a second set of electrical transmitters. Each electrical transmitter from the second set of electrical transmitters is operatively coupled to an optical transmitter from a set of optical transmitters. The set of optical transmitters is operatively coupled to an optical multiplexer. In such embodiments, at least one electrical transmitter from the second set of electrical transmitters is associated with a failure within the optical transceiver.

Abstract: In some embodiments, an apparatus includes an optical detector that can sample asynchronously an optical signal from an optical component that can be either an optical transmitter or an optical receiver. In such embodiments, the apparatus also includes a processor operatively coupled to the optical detector, where the processor can calculate a metric value of the optical signal without an extinction ratio of the optical signal being measured. The metric value is proportional to the extinction ratio of the optical signal. In such embodiments, the processor can define an error signal based on the metric value of the optical signal and the processor can send the error signal to the optical transmitter such that the optical transmitter modifies an output optical signal.

Abstract: A computer-implemented method for detecting cache-poisoning attacks in networks using SDPs may include maintaining a cache of service information that identifies services provided by client devices connected to a network using an SDP. The method may also include detecting a cache-poisoning attack by (1) receiving, from a client device connected to the network, an SDP message related to a service allegedly provided via the network, (2) identifying, within the SDP message, an attribute of the service allegedly provided via the network, and then (3) determining that the client device is attempting to corrupt the cache of service information by determining that the identified attribute of the service suggests that the service is illegitimate. Finally, the method may include performing a security action to mitigate the cache-poisoning attack in response to detecting the cache-poisoning attack. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: In one embodiment, a method includes sending a configuration signal to a virtual network switch module within a control plane of a communications network. The configuration signal is configured to define a first network rule at the virtual network switch module. The method also includes configuring a packet forwarding module such that the packet forwarding module implements a second network rule, and receiving status information from the virtual network switch module and status information from the packet forwarding module. The status information is received via the control plane.

Abstract: A dispatch module implemented in at least one of a memory or a processing device is operatively coupled to a first processing module and a second processing module. The first processing module has a priority higher than a priority of the second processing module. The dispatch module includes a workload counter associated with the first processing module to provide an indication of a workload at the first processing module. The dispatch module initiates a clock signal at the second processing module only if the indication of the workload at the first processing module satisfies a criterion. The dispatch module sends a data unit to the second processing module for processing only if the indication of the workload at the first processing module satisfies a criterion.

Abstract: The disclosed apparatus may include at least one physical extension handle that connects to at least one ejector that facilitates securing a line card to a chassis of a telecommunications system and ejecting the line card from the chassis of the telecommunications system. The physical extension handle may, when connected to the ejector, extend the ejector such that a user is able to access the ejector by way of the physical extension handle to secure the line card to or eject the line card from the chassis of the telecommunications system using the physical extension handle. Additionally or alternatively, the physical extension handle may facilitate physically supporting one or more communication cables connected to the line card in a horizontal orientation such that the communication cables avoid hanging down vertically directly from the chassis. Various other apparatuses and systems are also disclosed.

Abstract: In one embodiment, a method includes sending a first flow control signal to a first stage of transmit queues when a receive queue is in a congestion state. The method also includes sending a second flow control signal to a second stage of transmit queues different from the first stage of transmit queues when the receive queue is in the congestion state.

Abstract: A device may determine a session life cycle associated with a communication session. The session life cycle may indicate a time period associated with expiration of the communication session. The device may compare the session life cycle and a threshold value, and may determine that the session life cycle satisfies the threshold value based on comparing the session life cycle and the threshold value. The device may initialize multiple ager rings based on determining that the session life cycle satisfies the threshold value. The multiple ager rings may be used to monitor the expiration of the communication session. The device may monitor the expiration of the communication session using the multiple ager rings.

Abstract: In some embodiments, an apparatus includes a first network switch configured to be within a Fiber Channel over Ethernet (FCoE) network, which has a set of network switches including the first network switch. The first network switch is configured to receive, from a first network device, a login signal including a proposed logical identifier for the first network device. The first network switch is configured to send, in response to the login signal, a multicast signal including the proposed logical identifier to remaining network switches from the set of network switches. As a result, a second network switch from the set of network switches enforces a zone policy in response to receiving the multicast signal and prior to sending the proposed logical identifier to a second network device.

Abstract: A device may receive a set of border gateway protocol labels via a set of corresponding border gateway protocol messages. A border gateway protocol label, of the set of border gateway protocol labels, may be associated with a label descriptor attribute. The label descriptor attribute being associated with providing information regarding a forwarding semantic associated with the border gateway protocol label. The device may select the border gateway protocol label for routing network traffic toward a network device associated with the border gateway protocol label based on the label descriptor attribute. The device may route the network traffic toward the network device based on the border gateway protocol label and after selecting the border gateway protocol label.

Abstract: A retention-extraction device is provided for a removable card in a chassis. The device includes an actuation rod having a cam slot, the actuation rod configured to provide linear movement along the length of the actuation rod, and an extraction lever operatively connected to a proximal end of the actuation rod and pivotally secured to the chassis. The device also includes a bell crank with a cam follower that is configured to ride in the cam slot and a latch hook that pivots between an open and closed position based on the motion of the bell crank. The linear movement of the actuation rod causes the extraction lever to apply a force to a portion of the card and causes the latch hook to pivot to an open position to allow removal of the card.

Abstract: A network device includes a first and a second control board, with each control board having a separate control plane and fabric plane. The network device is configured to establish an active control plane on the first control board and an active fabric plane on the second control board. The network device is configured to establish a standby fabric plane on the first control board and a standby control plane on the second control board. The network device is configured to detect a failure on the first control board or the second control board and switch the status of the control plane on the second control board from standby to active, when the failure is on the first control board, and switches the status of the fabric plane on the first control board from standby to active when the failure is on the second control board.

Abstract: An apparatus may include a heat sink to be mounted to a printed circuit board. The apparatus may include a power supply mounted to the heat sink. The power supply may receive input power and supply output power to one or more components of the printed circuit board.

Abstract: In some examples, a switching system includes a plurality of fabric endpoints and a multi-stage switching fabric having a plurality of fabric planes each having a plurality of stages to switch data units between any of the plurality of fabric endpoints. A fabric endpoint of the fabric endpoints is configured to send, to a switch of a first one of the stages and within a first fabric plane of the plurality of fabric planes, a self-ping message destined for the fabric endpoint. The fabric endpoint is configured to send, in response to determining the fabric endpoint has not received the self-ping message after a predetermined time, an indication of a connectivity fault for the first fabric plane.