Abstract: Disclosed are embodiments for automatically resolving faults in a complex network system. Some embodiments monitor one or more of system operational parameter values and message exchanges between network components. A machine learning model detects a fault in the complex network system, and an action is selected based on a cause of the fault. After the action is applied to the complex network system, additional monitoring is performed to either determine the fault has been resolved or additional actions are to be applied to further resolve the fault.

Abstract: This disclosure describes techniques for scaling resources that handle, participate, and/or control routing protocol sessions. In one example, this disclosure describes a method that includes instantiating a plurality of containerized routing protocol modules, each capable of storing routing information about a network having a plurality of routers; performing network address translation to enable each of the containerized routing protocol modules to communicate with each of the plurality of routers using a public address associated with the computing system; configuring each of the containerized routing protocol modules to peer with a different subset of the plurality of routers so that each of the containerized routing protocol modules share routing information with a respective different subset of the plurality of routers; and configuring each of the containerized routing protocol modules to peer with each other to share routing information received from the different subsets of the plurality of routers.

Abstract: A network monitoring system may receive a configuration request to generate a configuration file associated with collecting feature or debug data associated with a feature, hardware, or software associated with a network device. The network monitoring system may determine a command profile associated with the feature, hardware, or software that identifies a set of commands associated with obtaining the feature or debug data from the network device. The network monitoring system may determine respective parameters of one or more commands of the set of commands. The network monitoring system may determine, based on the respective parameters, respective arguments of the one or more commands. The network monitoring system may generate the configuration file based on the respective arguments and may perform an action associated with the configuration file to permit the configuration file to be used to collect the feature or debug data from the network device.

Abstract: A network device may receive, from a first network, a network packet of a first network packet type that encapsulates a fragment of a second network packet of a second network packet type, where the network packet includes an extension header that indicates a source port and a destination port for the second network packet. The network device may perform an anti-spoof check on the fragment of the second network packet based at least in part on at least one of: the source port or the destination port for the second network packet that is indicated by the extension header. The network device may, based on the fragment passing the anti-spoof check, forward the fragment of the second network packet to a second network.

Abstract: A device may receive client cipher information, associated with initiating a secure session, identifying at least one key exchange cipher supported by a client device associated with the secure session. The device may determine, based on the client cipher information, that a Diffie-Hellman key exchange is to be used to establish the secure session. The device may determine whether a server device, associated with the secure session, supports use of the Diffie-Hellman key exchange. The device may manage establishment of the secure session using a first decryption technique based on determining that the server device does not support the use of the Diffie-Hellman key exchange, or manage establishment of the secure session using a second decryption technique based on determining that the server device supports the use of the Diffie-Hellman key exchange or being unable to determine whether the server device supports the use of the Diffie-Hellman key exchange.

Abstract: A provider edge (PE) device may receive traffic associated with one or more services, wherein the traffic includes a plurality of packets, and may determine, based on the plurality of packets, one or more packets respectively associated with each service of the one or more services. The PE device may determine, based on the one or more packets respectively associated with each service of the one or more services, a respective status of each of the one or more services. The PE device may generate type-length-value (TLV) data that indicates the respective status of each of the one or more services and may cause the TLV data to be added to a link layer discovery protocol (LLDP) packet. The PE device may send the LLDP packet that includes the added TLV data to a customer edge (CE) device.

Abstract: A device may provide, to a network device, a subscribe request that includes a request for sensor data, and may receive sensor data packets that include the sensor data and header extensions identifying a group identifier for a group of sensor data and final packet information indicating whether the sensor data packet is a final one for the group. The device may store the sensor data packets until the final packet information of one of the sensor data packets indicates that the one of the sensor data packets is a final sensor data packet for the group, and may identify a complete set of the sensor data packets when the final packet information of the one of the sensor data packets indicates that the one of the sensor data packets is the final sensor data packet. The device may perform actions based on the complete set.

Abstract: This disclosure describes techniques that include determining the health of one or more routing engines included within a router. In one example, this disclosure describes a method that includes performing, by a first routing engine included within a router, routing operations, wherein the router includes a plurality of routing engines, including the first routing engine and a second routing engine; receiving, by a computing system, data including health indicators associated with the first routing engine; applying, by the computing system, a machine learning model to the data to determine, from the health indicators, a health status of the first routing engine, wherein the machine learning model has been trained to identify the health status from the health indicators; and determining, by the computing system and based on the health status of the first routing engine, whether to switch routing operations to the second routing engine from the first routing engine.

Abstract: A network device may receive data, may extract primary patterns from a plurality of domain names included in the data, may process the primary patterns, with a hash model, to generate hash keys for the primary patterns, wherein a hash key includes a hash value associated with a wildcard character, and may store the plurality of domain names in a hash table. The network device may extract a particular primary pattern from a particular domain name included in a search request, may determine potential matching patterns based on the particular primary pattern, and may process the potential matching patterns, with the hash model, to generate potential matching hash keys for the potential matching patterns, wherein a hash key includes a hash value associated with a wildcard character. The network device may search, based on the potential matching hash keys, the hash table to identify a matching domain name.

Abstract: A network device may receive, via a single port of the network device, a connection request from a user device and may obtain, based on the connection request, information related to an authentication history of the user device. The network device may determine, based on the information related to the authentication history of the user device, an authentication method to be used by the network device to authenticate the user device and may determine, using the authentication method, that the user device is authenticated. The network device may establish, based on determining that the user device is authenticated, an authenticated communication session with the user device on the single port of the network device. The network device may determine, using an additional authentication method, that an additional user device is authenticated and may establish an additional authenticated communication session with the additional user device on the single port.

Abstract: A device may load a process under test into virtual memory associated with the device. The virtual memory may include a plurality of memory pages. The device may insert a malware inspection element and a memory tracking element into the process under test and may provide a notification of an event associated with the process under test to a memory tracking element. The device may identify, using the memory tracking element, one or more memory pages of the plurality of memory pages. The one or more memory pages may be assigned to, and used by, the process under test. The device may generate, based on identifying the one or more memory pages, a memory map, associated with the process under test, that may include information identifying the one or more memory pages as being assigned to, and used by, the process under test.

Abstract: This disclosure describes techniques are described for proactively computing configuration information for policy-driven on-demand tunnel creation and deletion between sites in a software-defined networking in wide area network (SD-WAN) environment. In some examples, a controller device is configured to precompute configuration data for an overlay tunnel through the wide area network to connect a first site and a second site of a plurality of sites in the SD-WAN environment. The controller device is further configured to obtain, after precomputing the configuration data, an indication to configure the overlay tunnel. The controller device is also configured to send, in response to receiving the indication to configure the overlay tunnel, at least some of the configuration data to the first site to configure the first site with the overlay tunnel.

Abstract: Methods and apparatus relating to use of actual and/or virtual beacons are described. Virtual beacons are virtual in that an actual beacon need not be transmitted but a rather a virtual beacon transmitter at a desired location maybe considered to transmit virtual beacons. In some embodiments a set of beacon transmitter information for one or more beacons is supplied to devices in a communications system. The beacon transmitter information indicates transmission power and location of actual and virtual beacon transmitters as well as information to be communicated by virtual beacons. Devices with access to beacon information can determine based on the location of a wireless terminal whether the wireless terminal is within coverage area of a virtual beacon and report reception of the virtual beacon to the wireless terminal or a component of the wireless terminal which acts upon receiving an indication of beacon reception.

Abstract: In general, the disclosure describes techniques for lockless management of immutable objects by multi-threaded processes. A device comprising a processor may implement the techniques, where the processor execute a multi-threaded process including a producer thread and a consumer thread. The producer thread may instantiate an immutable object, and provide, to the consumer thread, a reference to the immutable object. The producer thread may also increment a reference counter to indicate that the reference has been provided to the consumer thread, where the reference counter is local to the producer thread and inaccessible to the at least two consumer threads. The producer thread may receive, from the consumer thread, a notification that the consumer thread has finished processing the immutable object, and decrement, responsive to receiving the notification, the reference counter. The producer thread may then delete, based on the reference counter, the immutable object.

Abstract: A disclosed apparatus ay include (1) a wireless receiver that facilitates communicatively coupling to a wireless transmitter of an access point connected to a network switch of a service provider, and (2) at least one processing device of a router communicatively coupled to the wireless receiver, wherein the processing device of the router (A) activates a wireless mode that (I) causes the router to establish a wireless connection with the access point via the wireless transmitter and the wireless receiver and (II) facilitates remote configuration of the router by a remote user who has gained access to the router via the wireless connection, (B) receives, via the wireless connection, at least one command from the remote user, and (C) applies, to an out-of-band management interface of the router, the command received from the remote user via the wireless connection. Various other apparatuses systems, and methods are also disclosed.

Abstract: The disclosure describes examples where a first data center includes a first gateway router, a first set of computing devices, and a second set of computing devices. The first set of computing devices is configured to execute a software defined networking (SDN) controller cluster to facilitate operation of one or more virtual networks within the first data center. The second set of computing devices is configured to execute one or more control nodes to exchange route information, between the first gateway router and a second gateway router of a second data center different than the first data center, for a virtual network between computing devices within the second data center, and to communicate control information for the second data center to the second set of computing devices, wherein the one or more control nodes form a subcluster of the SDN controller cluster.

Abstract: A network device may receive packets and may calculate, during a time interval, an arrival rate and a departure rate, of the packets, at one of multiple virtual output queues. The network device may calculate a current oversubscription factor based on the arrival rate and the departure rate, and may calculate a target oversubscription factor based on an average of previous oversubscription factors associated with the multiple virtual output queues. The network device may determine whether a difference exists between the target oversubscription factor and the current oversubscription factor and may calculate, when the difference exists, a scale factor based on the current oversubscription factor and the target oversubscription factor. The network device may calculate new scheduling weights based on prior scheduling weights and the scale factor, and may process packets received by the multiple virtual output queues based on the new scheduling weights.

Abstract: A first network device in a high-availability cluster may configure a first wireless channel for a wireless control link. The first network device may establish, using the first wireless channel, the wireless control link with a second network device in the high-availability cluster. The first network device may configure a second wireless channel for a wireless fabric link. The first network device may establish, using the second wireless channel, the wireless fabric link with the second network device.

Abstract: In general, techniques are described for supporting bulk delivery of change of authorization data in authentication, authorization, and accounting (AAA) protocols, where delivery is performed as a change of authorization after a subscriber has successfully authenticated and initially authorized. In one example, the techniques are directed to a method including determining, by a RADIUS server for a service provider network, change of authorization data for services to which the subscriber of the service provider network has subscribed. The method further includes generating, by the RADIUS server, RADIUS messages that form a transaction between the RADIUS server and a network access server acting as a RADIUS client. The RADIUS messages provide all of the change of authorization data to the network access server prior to the network access server provisioning the services. The method further includes outputting, by the RADIUS server, the RADIUS messages to the network access server.

Abstract: As described herein, a router signals a source device to establish a new stateful communication session with a destination device by changing a network path used by traffic associated with the session. In one example, a router forwards traffic of a first stateful routing session established by the source device along a first path. In response to determining that that the first path should not be used, the router forwards a packet of the first session along a second path. The destination device recognizes the change in path, which causes the destination device to reject the packet, which in turn causes the source device to establish a second stateful routing session. The router forwards subsequent traffic of the second stateful routing session along the second path.