Abstract: A method for cooling a system having a midplane design in which the midplane includes holes to allow air to flow via the midplane. Cards connected to the midplane have a front face that includes holes to allow the air to flow. The air flows from front to back or back to front to cool the cards connected to the midplane. A multi-slot chassis includes rails to support the cards. The rails form spaces to permit access to sockets associated with the cards to which cables may be connected. Platforms associated with the cards may permit a user to manage cables connected to the cards.

Abstract: An example computing device includes a prefix lookup module, and a Bloom filter that includes a set of queues. The prefix lookup module is configured to receive policy configuration information, examine a state of a queue of the set of queues, and determine whether to bypass the first Bloom filter based on the policy configuration information and the state of the queue. In one example, the prefix lookup module may be configured to, using the policy configuration information, determine to bypass the Bloom filter when the queue is full. In another example, the prefix lookup module may be configured to, using the policy configuration information, determine not to bypass the Bloom filter and send a lookup request to the Bloom filter upon determining that the queue is no longer full.

Abstract: In general, techniques are described for automatic assignment of hardware addresses within computer networks. As one example, a network device comprising a physical network interface and a control unit may implement these techniques. The network interface receives a first message from a client device requesting a layer three (L3) network address. The first message also includes a layer two (L2) hardware address currently assigned to a network interface of the client device. The control unit selects a replacement L2 hardware address for use by the network interface of the client device as a replacement for the L2 hardware address included in the first message and generates a second message having a field that specifies the replacement L2 hardware address. The network interface outputs the second message to the client device so as to automatically assign the replacement L2 hardware address for use by the network interface of the client device.

Abstract: Methods and apparatuses for inspecting packets are provided. A primary security system may be configured for processing packets. The primary security system may be operable to maintain flow information for a group of devices to facilitate processing of the packets. A secondary security system may be designated for processing packets upon a failover event. Flow records may be shared from the primary security system with the secondary security system.

Abstract: A router maintains routing information including (i) route data representing destinations within a computer network, (ii) next hop data representing interfaces to neighboring network devices, and (iii) indirect next hop data that maps a subset of the routes represented by the route data to a common one of the next hop data elements. In this manner, routing information is structured such that routes having the same next hop use indirect next hop data structures to reference common next hop data. In particular, in response to a change in network topology, the router need not change all of the affected routes, but only the common next hop data referenced by the intermediate data structures. This provides for increased efficiency in updating routing information after a change in network topology, such as link failure.

Abstract: A system allocates resources in a network. The system receives an allocation request for a first flow and a second flow from an application and identifies the application based on the allocation request. The system schedules resources for the first flow based on the identification of the application and the second flow.

Abstract: A laser system includes an array of lasers that emit light at a number of different, fixed wavelengths. A group of optical transport systems connect to the laser system. Each of the optical transport systems is configured to modulate data signals onto the light from the laser system to create optical signals and transmit the optical signals on one or more optical fibers.

Abstract: A multi-chassis network device may automatically detect whether cables connected between chassis devices are correctly inserted. The device may insert, into a first data stream output from a first port of the device, control information identifying the first port. The device may receive, from a second data stream received by the first port of the device, second control information identifying a second port, at another device connected to the device via a cable. The device may determine, based on the second control information, whether the connection of the first port to the second port, via the cable, is valid and cause, when the connection of the first port to the second port is determined to not be valid, the device to output an indication that the connection is not valid or to reconfigure the device to make the connection of the first port to the second port valid.

Abstract: A method may include obtaining a layer two identification of an endpoint that is seeking access to a network, the endpoint omitting an agent to communicate a layer three address of the endpoint to a policy node, applying one or more authentication rules based on the layer two identification of the endpoint, assigning the layer three address to the endpoint, learning, by the policy node, the layer three address of the endpoint, and provisioning layer three access for the endpoint to the network based on the learned layer three address.

Abstract: A resource recovery system may maintain a counter in memory that indicates a number of times one or more threads of execution, which use shared resources, have crashed. The system may associate a first value of the counter with a resource allocated to a thread of the one or more threads, and may set an indicator associated with the thread to indicate whether the thread has crashed. The system may determine whether to re-allocate the resource to the thread based on the first value of the counter associated with the resource and based on the indicator associated with the thread.

Abstract: Principles of the invention are described for providing multicast virtual private networks (MVPNs) across a public network that are capable of carrying high-bandwidth multicast traffic with increased scalability. In particular, the MVPNs may transport layer three (L3) multicast traffic, such as Internet Protocol (IP) packets, between remote sites via the public network. The principles described herein may reduce the overhead of protocol independent multicast (PIM) neighbor adjacencies and customer control information maintained for MVPNs. The principles may also reduce the state and the overhead of maintaining the state in the network by removing the need to maintain at least one dedicated multicast tree per each MVPN.

Abstract: A method may include authenticating a device to a first server, where the device includes an agent; receiving a request, in the first server from a second server, to verify the authenticity of the device, where the device is not authenticated to the second server; sending a browser plug-in to the device to communicate with the agent for verifying the authenticity of the device; receiving, in the first server, a message from the agent verifying the authenticity of the device; and sending a message from the first server to the second server to authenticate the device to the second server.

Abstract: A data read/write system includes a system clock, a single port memory, a cache memory that is separate from the single port memory, and a controller coupled to an instruction pipeline. The controller receives, via the instruction pipeline, first data to write to an address of the single port memory, and further receives, via the instruction pipeline, a request to read second data from the single port memory. The controller stores the first data in the cache memory, and retrieves the second data from either the cache memory or the single port memory during one or more first clock cycles of the system clock. The controller copies the first data from the cache memory and stores the first data at the address in the single port memory during a second clock cycle of the system clock that is different than the one or more first clock cycles.

Abstract: In one example, a system includes a first computing device configured to execute a virtual machine, wherein the virtual machine is communicatively coupled to a virtual private network (VPN) via a first attachment circuit using a first set of network parameters, stop execution of the virtual machine, and create checkpoint data for the virtual machine, and a second computing device configured to execute the virtual machine, using at least some of the checkpoint data, and to cause the virtual machine to become communicatively coupled to the VPN via a second attachment circuit using a second set of network parameters different from the first set of network parameters. The system may further include a first provider edge (PE) routing device communicatively coupled to the first computing device via the first attachment circuit, and a second PE routing device communicatively coupled to the second computing device via the second attachment circuit.

Abstract: A method includes receiving one or more of user information, role information, or authorization information associated with a user accessing a network, selecting a traffic flow to monitor that is associated with the one or more of user information, role information, or authorization information, monitoring the traffic flow, determining whether an anomaly exists with respect to the traffic flow based on a traffic behavior pattern associated with the one or more of user information, role information, or authorization information, and performing a security response when it is determined that the anomaly exists.

Abstract: In general, techniques are described for providing feedback loops for service engineered paths. A service node comprising an interface and a control unit may implement the techniques. The interface receives traffic via a path configured within a network to direct the traffic from an ingress network device of the path to the service node. The control unit applies one or more services to the traffic received via the path and generates service-specific information related to the application of the one or more services to the traffic. The interface then sends the service-specific information to at least one network device configured to forward the traffic via the path so that the at least one network device configured to forward the traffic via the path is able to adapt the path based on the service-specific information.

Abstract: In some embodiments, a non-transitory processor-readable medium stores code representing instructions to be executed by a processor. The code causes the processor to receive, from a source peripheral processing device, a portion of a data packet having a destination address associated with a destination peripheral processing device. The code causes the processor to identify, based on the destination address, a service to be performed on the portion of the data packet. The code causes the processor to select, based on the service, an identifier of a service module associated with the service. The code further causes the processor to send the portion of the data packet to the service module via a distributed switch fabric such that the service module performs the service on the portion of the data packet and sends the portion of the data packet to the destination peripheral processing device via the distributed switch fabric.

Abstract: In general, techniques are described for selectively invoking graceful restart procedures when a route reflector member of a redundant route cluster fails. In one example, a method is provided that includes determining, by a provider edge router that supports graceful restart procedures, that a first router forms a redundant group with at least a second router. The method also includes detecting a failure of the first router and determining that at least the second router in the redundant group is operating approximately while the first router is failed. The method further includes overriding graceful restart procedures with respect to the failed first router when at least the second router is operating. The method also includes forwarding one or more data packets according to route information provided via the second router.

Abstract: In some embodiments, a non-transitory processor-readable medium stores code representing instructions to be executed by a processor. The code causes the processor to receive, at an edge device, a first data unit having a characteristic. The code causes the processor to identify, at a first time, an identifier of a service module associated with the characteristic in response to each entry from a set of entries within a flow table not being associated with the characteristic. The code causes the processor to define an entry in the flow table associated with the characteristic and the identifier of the service module. The code causes the processor to send the first data unit to the service module. The code causes the processor to receive, at the edge device, a second data unit having the characteristic, and send the second data unit to the service module based on the entry.

Abstract: A device, connected to a monitoring appliance, may include a traffic analyzer to receive a data unit and identify a traffic flow associated with the data unit. The device may also include a traffic processor to receive the data unit and information regarding the identified traffic flow from the traffic analyzer, determine that the identified traffic flow is to be monitored by the monitoring appliance, change a port number, associated with the data unit, to a particular port number to create a modified data unit when the identified traffic flow is to be monitored by the monitoring appliance, and send the modified data unit to the monitoring appliance.