Abstract: In general, techniques are described for signaling IP path tunnels for traffic engineering using constraints in an IP network. For example, network devices, e.g., routers, of an IP network may compute an IP path using constraint information and establish the IP path using, for example, Resource Reservation Protocol, to signal the IP path without using MPLS. As one example, the egress router generates a path reservation signaling message that includes an egress IP address that is assigned for use by the routers on the IP path to send traffic of the data flow by encapsulating the traffic with the egress IP address and forwarding toward the egress router. As each router in the IP path receives the path reservation signaling message, the router configures a forwarding state to forward traffic encapsulated with the egress IP address to a next hop along the IP path toward the egress router.

Abstract: A sourceless co-packaged optical-electrical chip can include a plurality of different optical transceivers, each of which can transmit to an external destination or internal components. Each of the transceivers can be configured for a different modulation format, such as different pulse amplitude, phase shift key, and quadrature amplitude modulation formats. Different light sources provide light for processing by the transceivers, where the light source and transceivers can be configured for different applications (e.g., different distances) and data rates. An optical coupler can combine the light for the different transceivers for input into the sourceless co-packaged optical-electrical chip via a polarization maintaining media (e.g., polarization maintaining few mode fiber and polarization maintaining single mode fiber), where another coupler operates in splitting mode to separate the different channels of light for the different transceivers according to different co-packaged configurations.

Abstract: A first device may receive content from a second device based on a request for the content. The first device may be located between the second device and a third device. The first device may determine a value for a portion of the content using a function, where the value is to be used to analyze the content. The value may uniquely identify the portion of the content. The first device may determine whether a classification of the content can be determined. The first device may selectively determine the classification of the content by providing the value or the portion of the content corresponding to the value, to a fourth device when the classification cannot be determined, or determine the classification of the content using a data store when the classification can be determined. The first device may perform an action with respect to the content.

Abstract: A controller may be used to create and process an assertion, in some cases, to implement single-sign on (SSO) in a computer network. In some examples, the controller includes processing circuitry coupled to a storage device. The processing circuitry is configured to create the assertion, where the assertion includes information indicative of a set of attributes and parse the assertion to determine the set of attributes. Additionally, the processing circuitry is configured to determine if each attribute of the set of attributes maps to a plurality of primary user groups stored in the storage device. Based on determining that an attribute of the set of attributes does not map to at least one primary user group of the plurality of primary user groups, the processing circuitry is configured to create a set of secondary user groups and a set of secondary user group names corresponding to the attribute.

Abstract: Compute nodes can execute virtual routers to implement a forwarding plane for one or more virtual networks having virtual network destinations hosted by the compute nodes. In one example, a method includes generating, by a software-defined networking (SDN) controller that manages a plurality of compute nodes, based on a unique identifier of a virtual network, a route target value for the virtual network, wherein the virtual network comprises virtual network endpoints executing on the compute nodes; and outputting, by the SDN controller and to a routing protocol peer device, a virtual private network (VPN) route that includes the route target value for the virtual network and a virtual network prefix associated with the virtual network, the VPN route for routing to the plurality of compute nodes executing the virtual network endpoints of the virtual network.

Abstract: An ingress network device may receive a core domain network segment identifier associated with a core domain network of the multi-domain network. The ingress network device may receive location data of an egress network device associated with a second leaf domain network of the multi-domain network, wherein the location data may include data identifying the core domain network segment identifier, a second leaf domain network segment identifier associated with the second leaf domain network, and an egress network device segment identifier associated with the egress network device. The ingress network device may store the core domain network segment identifier and the location data, and may utilize the core domain segment identifier and the location data to route traffic to the egress network device.

Abstract: Techniques for negotiating optical configuration parameters of transceivers are disclosed. In one example, a method may include outputting, by a first optical node to a second optical node, a negotiation request message that specifies a configuration parameter setting for optical transceivers, the setting comprising one of a speed, a forward error correction (FEC) scheme, a modulation type, a transmission power, a minimum central frequency, a maximum central frequency, a minimum input power, a maximum input power, or a signal-to-noise ratio threshold; receiving, by the first optical node from the second optical node, in response to the negotiation request message, a negotiation response message including an indication of support for the configuration parameter setting; and configuring, by the first optical node, in response to the indication of support, a configuration parameter of an optical transceiver for the first optical node with the configuration parameter setting for the configuration parameter.

Abstract: A first network device may configure a first bridge connecting a passive optical network (PON) controller and first optical line terminals (OLTs) of the first network device. The first network device may be associated with a PON and each of the first OLTs may be connected to a first plurality of optical network units (ONUs). The first network device may establish a connection between the first bridge and a second bridge of a second network device. The second network device is associated with the PON, the second bridge may connect with second OLTs of the second network device, and each of the second OLTs may connect to a second plurality of ONUs. The PON controller of first network device may receive traffic from a PON domain manager and may provide the traffic to the first OLTs and the first plurality of ONUs via the first bridge.

Abstract: A first device may determine a prime integer for generating public keys, wherein the prime integer is based on a set of distinct prime integers. The first device may generate a set of multiple public keys based on a set of secret keys. The first device may combine the set of multiple public keys into a single value based on the prime integer and the set of distinct prime integers. The first device may transmit the single value to a second device.

Abstract: A technique for implementing AP-local dynamic switching involves Layer 2 switching. This may be accomplished by providing data associated with wireless stations to an AP sufficient to enable the AP to determine whether traffic from a particular wireless station should be locally switched. Alternatively, the wireless station may be able to determine whether to locally switch traffic based upon the traffic itself. For example, it may be desirable to AP-locally switch voice traffic to avoid latency, which is particularly detrimental to voice transmissions such as voiceover-IP. Traffic that is not to be switched locally is Layer 2 tunneled upstream.

Abstract: A network device may receive a first configuration object associated with an application and may parse the first configuration object to identify first configuration data. The network device may calculate a first hash value based on the first configuration data and may generate a first operational object based on the first configuration data and the first hash value. The network device may receive a second configuration object associated with the application of the network device and may parse the second configuration object to identify second configuration data. The network device may calculate a second hash value based on the second configuration data and may determine whether the first hash value matches the second hash value. The network device may prevent, based on the first hash value matching the second hash value, generation of a second operational object based on the second configuration data and the second hash value.

Abstract: A first network device may install a receiving key for decrypting traffic on protocol hardware associated with a data plane of the first network device. The first network device may receive, from the data plane, a first notification indicating that the receiving key is installed on the protocol hardware and may provide, to a second network device, a first message identifying the receiving key. The first network device may receive, from the second network device, an acknowledgment message indicating that the receiving key is installed on the second network device and may install a transmission key for encrypting traffic on the protocol hardware. The first network device may receive, from the data plane, a second notification indicating that the transmission key is installed on the protocol hardware and may provide, to the second network device, a second message identifying the transmission key.

Abstract: A network device may receive a non-Internet protocol (non-IP) frame with a particular size and may compare the particular size to a maximum transmission unit (MTU) associated with a path between the network device and another network device. The network device may divide the non-IP frame into fragments, based on the particular size being greater than the MTU and may prepend generic fragmentation headers to the fragments to generate fragments with headers, based on the particular size being greater than the MTU. The network device may add generic fragmentation header labels and transport labels to the fragments with the headers to generate fragments with headers and labels, based on the particular size being greater than the MTU. The network device may transmit the fragments with the headers and the labels to the other network device, via the path, based on the particular size being greater than the MTU.

Abstract: A device receives border gateway protocol (BGP) data associated with links provided in a segment routing network. The segment routing network includes a first autonomous system (AS) with first network devices interconnected by a first portion of the links, a second AS with second network devices interconnected by a second portion of the links, and an inter-AS link provided between one of the first network devices and one of the second network devices. The device filters prefixes of the BGP data to identify BGP data associated with the inter-AS link, where the BGP data associated with the inter-AS link includes data identifying state information associated with the inter-AS link. The device determines an operational state of the inter-AS link based on the BGP data associated with the inter-AS link, and performs one or more actions based on the operational state of the inter-AS link.

Abstract: According to various aspects of the present disclosure, an apparatus is provided. In an aspect, the apparatus includes an optical transceiver having a first port, a second port and an optical switch coupled to the first port and the second port. The optical switch is switchable between a unidirectional port operation mode and a bidirectional port operation mode. When the optical switch is in the unidirectional port operation mode, the first port is configured to send a first optical signal, and the second port configured to receive a second optical signal. When the optical switch is in the bidirectional port operation mode, the first port configured to send the first optical signal and receive the second optical signal, and the second port configured to receive a third optical signal and not send the first signal.

Abstract: Techniques are disclosed for maintaining processing unit core affinity for fragmented packets. In one example, a service physical interface card (PIC) implementing a service plane of a network device receives fragmented and/or non-fragmented packet data for a traffic flow. The service PIC comprises at least one processing unit comprising multiple cores. A routing engine operating in a control plane of the network device defines one or more core groups comprising a subset of the cores. The routing engine assigns the traffic flow to a core group and a forwarding engine operating in a forwarding plane of the network device forwards the packet data for the traffic flow to the assigned core group. A core of the assigned core group applies a network service to the fragmented and/or non-fragmented packet data for the traffic flow, and the forwarding engine forwards the packet data for the traffic flow toward a destination.

Abstract: Techniques are described for an enhanced two-way active measurement protocol (TWAMP) to measure network performance of links and/or network paths in a fully converged Software Defined Wide Area Network (SD-WAN), using a single TWAMP instance. In one example, a first network device executing a TWAMP session-sender may send a test packet embedded with one or more metrics to the TWAMP session-reflector executed by another network device, which reflects the test packet embedded with one or more metrics back to the TWAMP session-sender. The TWAMP session-sender may further reflect a test packet embedded with one or more additional metrics back to a TWAMP session-reflector to enable the network devices to independently perform network performance calculations using the metrics embedded within the test packets exchanged in a single TWAMP instance.

Abstract: The disclosure describes techniques for concurrently operating multiple network stacks, one operating natively and one operating remotely, to control the routing table within a router of a network. An example network device includes a control unit comprising one or more processors. A native routing stack executes on the control unit to exchange routing protocol advertisements with a peer network device in accordance with a routing protocol. The native routing stack is configured to insert first routing entries into a routing table. The first routing entries are based on the routing protocol advertisements. A controller interface executed by the control unit receives second routing entries from a network controller and inserts the second routing entries into the routing table. A routing process generates a forwarding table based on the first and second routing entries.

Abstract: In this disclosure, in a network comprising a plurality of network devices, a network device includes processing circuitry configured to: receive packet data corresponding to a network flow originating at a first device, the packet data destined to a second device; generate an entropy label to add to a label stack of the packet data, wherein the entropy label is generated from one or more attributes corresponding to the network flow that originated at the first device and is destined to the second device; generate a flow record including the entropy label, wherein the entropy label identifies the network flow amongst a plurality of network flows in the network; and send, to a controller of the network, the flow record, wherein the controller identifies the flow record based on the entropy label corresponding to the network flow originating at the first device and is destined to the second device.

Abstract: Techniques are described for distributing network device tasks across virtual machines executing in a computing cloud. A network device includes a network interface to send and receive messages, a routing unit comprising one or more processors configured to execute a version of a network operating system, and a virtual machine agent. The virtual machine agent is configured to identify a virtual machine executing at a computing cloud communicatively coupled to the network device, wherein the identified virtual machine executes an instance of the version of the network operating system, to send, using the at least one network interface and to the virtual machine, a request to perform a task, and to receive, using the at least one network interface and from the virtual machine, a task response that includes a result of performing the task. The routing unit is configured to update the network device based on the result.