Abstract: A method of measuring (100) metrics of a computer network, comprising the steps of: —from a data source collecting (110) sets of data points during a sampling time period, wherein the set of data points constitute a sample, and uploading (120) each sample to a server for further processing (130), wherein from each sample, a tractile information instance is produced (131), wherein the tractile information has a type and each data source is associated (110a) with a fractile information type.

Abstract: In this disclosure, in a network comprising a plurality of network devices, a network device includes processing circuitry configured to: receive packet data corresponding to a network flow originating at a first device, the packet data destined to a second device; generate an entropy label to add to a label stack of the packet data, wherein the entropy label is generated from one or more attributes corresponding to the network flow that originated at the first device and is destined to the second device; generate a flow record including the entropy label, wherein the entropy label identifies the network flow amongst a plurality of network flows in the network; and send, to a controller of the network, the flow record, wherein the controller identifies the flow record based on the entropy label corresponding to the network flow originating at the first device and is destined to the second device.

Abstract: A system for configuring a data center includes a fabric management server coupled to a management switch. A provisional Software Defined Networking (SDN) controller executing on the fabric management server can discover physical servers coupled to the management switch, receive network interface configuration information from the physical servers, and use the discovered network interface configuration information to determine a configuration for switches and servers coupled to an IP fabric. The configuration can be migrated to a full functionality SDN controller.

Abstract: In general, the disclosure describes a method that includes partitioning resources of a computing device into a first namespace comprising a first physical network interface and a second namespace comprising a second physical network interface; creating, by a test agent executing as a process in the second namespace, a test agent child in the second namespace; migrating the test agent to execute as a process in the first namespace; communicating, by the test agent child via the second physical network interface, test packets; obtaining, by the test agent, network performance measurement data that is based at least on the test packets; and outputting, by the test agent while executing as a process in the first namespace, an indication of the network performance measurement data.

Abstract: Techniques are described for providing fast reroute for traffic in EVPN-VXLAN. For example, a backup PE device of an Ethernet segment is configured with an additional tunnel endpoint address (“reroute tunnel endpoint address”) for a backup path associated with a second split-horizon group that is different than a tunnel endpoint address and first split-horizon group for another path used for normal traffic forwarding. The backup PE device sends the reroute tunnel endpoint address to a primary PE device of the Ethernet segment, which uses the reroute tunnel endpoint address to configure a backup path to the backup PE device over the core network. For example, the primary PE device may install the reroute tunnel endpoint address within its forwarding plane and one or more operations to cause the primary PE device to encapsulate a VXLAN header including the reroute tunnel endpoint address when rerouting the packet along the backup path.

Abstract: A router configured as an autonomous system border router (ASBR) in a local autonomous system (AS), includes: (1) a control component for communicating and computing routing information, the control component running a Border Gateway Protocol (BGP) and peering with at least one BGP peer device in an outside autonomous system (AS) different from the local AS; and (2) a forwarding component for forwarding packets using forwarding information derived from the routing information computed by the control component, wherein the control component (i) receives reachability information for an external prefix corresponding to a device outside the local AS, and (ii) associates the external prefix, as a BGP next hop (B_NH), an abstract next hop (ANH) that identifies a set of BGP (eBGP) sessions that contains at least one eBGP session over which given external prefix has been learned, each of the at least one eBGP sessions being between the ASBR and a BGP peer device in an AS outside the AS, wherein the device located out

Abstract: Techniques are disclosed for session-based routing within Open Systems Interconnection (OSI) Model Layer-2 (L2) networks extended over Layer-3 (L3) networks. In one example, L2 networks connect a first client device to a first router and a second client device to a second router. An L3 network connects the first and second routers. The first router receives, from the first client device, an L2 frame destined for the second client device. The first router generates an L3 packet comprising an L3 header specifying L3 addresses of the first and second routers, a first portion of metadata comprising L2 addresses for the first and second client devices, and a second portion of metadata comprising L3 addresses for the first and second client devices, and forwards the L3 packet to the second router. The second router recovers the L2 frame from the metadata and forwards the L2 frame to the second client device.

Abstract: A controller device includes a memory and one or more processors coupled to the memory. The memory stores instructions that, when executed, cause the one or more processors to receive a query indicating a first time and a network service, determine a first set of configuration elements using telemetry data associated with the first time and the network service, and determine a second set of configuration elements using an intent model. The instructions further cause the one or more processors to determine one or more first metrics that occur at the first time using the first set of configuration elements and the second set of configuration elements, determine one or more second metrics at a second time using telemetry data received from the plurality of network devices, and generate data representing a user interface presenting the one or more first metrics and the one or more second metrics.

Abstract: In general, techniques are described for forwarding L2 BUM traffic within an Ethernet Virtual Private Network (EVPN) by implementing a forwarding preference for local interfaces of a PE device for broadcast domains in the EVPN. For example, a method includes receiving, by a first provider edge (PE) device of a plurality of PE devices configured with an EVPN instance comprising one or more broadcast domains reachable by a plurality of Ethernet segments connecting the plurality of PE devices to a plurality of customer edge (CE) devices, first EVPN routes; and configuring, by the first PE device in response to determining the first EVPN routes indicate the first PE device has a local interface for each of the plurality of Ethernet segments, forwarding information of the first PE device to cause the first PE device to perform local-bias forwarding of layer 2 (L2) packets for the EVPN instance.

Abstract: A network monitoring device may receive, from a mediation device, flow-tap geolocation information that identifies a geographical location (e.g., that is derived based on current and/or previous flow-tap investigation reports) and may obtain, from a geographical Internet protocol (GeoIP) database and based on the flow-tap geolocation information, a plurality of Internet protocol (IP) addresses that are associated with the geographical location. The network device may map the plurality of IP addresses to a flow-tap content destination address of a content destination device in a plurality of entries of a flow-tap geolocation filter. The network device may detect, based on the flow-tap geolocation filter, a traffic flow that is associated with the geographical location, may generate a traffic flow copy, and may provide the traffic flow copy to the flow-tap content destination address, wherein the traffic flow copy is to be accessible to the content destination to enable a context analysis of the traffic flow.

Abstract: A network device may obtain information concerning a virtual chassis that indicates that the network device and an additional network device are to be included in the virtual chassis. The network device may determine, based on the information concerning the virtual chassis, that the network device is connected to the additional network device, wherein the network device is connected to the additional network device via a link between a network interface of the network device and a network interface of the additional network device. The network device may cause the network interface of the network device to be converted to a virtual chassis interface and the network interface of the additional network device to be converted to a virtual chassis interface to enable the network device and the additional network device to be included in the virtual chassis to allow bootstrapping of the virtual chassis as a single logical device.

Abstract: A network device may establish a media access control security (MACsec) key agreement (MKA) session with another network device via a MACsec communication link; establish a fast heartbeat session via the MACsec communication link, between a first packet processing engine of the network device and a second packet processing engine of the other network device, where the fast heartbeat session is to permit the first packet processing engine and the second packet processing engine to exchange fast heartbeat messages via the fast heartbeat session and the MACsec communication link; place an MKA protocol of the MKA session in a pause state until the first packet processing engine detects a rekey event; determine that a key for the MKA session is to be regenerated based on detection of the rekey event; and perform an action based on the rekey event for the MKA session.

Abstract: A device may transmit a packet for communicating via a tunnel. The packet may be associated with a protocol. The device may determine that the packet has been dropped by a security device. The device may selectively encrypt, after determining that the packet has been dropped, the packet using a null encryption for transport layer security (TLS) or a combination of encryption associated with the protocol and TLS encryption to generate an encrypted packet. The device may transmit the encrypted packet for communicating via the tunnel.

Abstract: A disclosed method may include (1) identifying a set of network objects associated with a network whose performance is tracked by a monitoring service, (2) grouping a first subset of the network objects based at least in part on a first attribute, (3) grouping a second subset of the network objects based at least in part on a second attribute, and then (4) providing, for presentation on a computing device in connection with the monitoring service, a graphical user interface that includes a plurality of graphical cards in a single view, wherein the plurality of graphical cards comprise at least (A) a first graphical card that is positioned in a first section and graphically represents the first subset and (B) a second graphical card that is positioned in a second section and graphically represents the second subset. Various other systems and methods are also disclosed.

Abstract: According to various aspects of the present disclosure, an apparatus is provided. In an aspect, the apparatus includes an optical transceiver having a first port, a second port and an optical switch coupled to the first port and the second port. The optical switch is switchable between a unidirectional port operation mode and a bidirectional port operation mode. When the optical switch is in the unidirectional port operation mode, the first port is configured to send a first optical signal, and the second port configured to receive a second optical signal. When the optical switch is in the bidirectional port operation mode, the first port configured to send the first optical signal and receive the second optical signal, and the second port configured to receive a third optical signal and not send the first signal.

Abstract: In general, techniques are described for providing user nomadicity in wireline broadband networks. A network device positioned in a wireline broadband network comprising a processor and an interface may be configured to perform the techniques. The processor may be configured to execute a first virtual customer premises equipment to provide, to a first subscriber, access to the wireline broadband network from a first subscription point in accordance with a first subscription. The processor may also be configured to provide, to a second subscriber, access to the wireline broadband network from the first subscription point in accordance with a second subscription. The interface may be configured to forward, in accordance with the first subscription, traffic received from the first subscription point and associated with the first subscriber, and forward, in accordance with the second subscription, traffic received from the first subscription point and associated with the second subscriber.

Abstract: Network management techniques are described. A controller device of this disclosure manages a device group of a network. The controller device includes processing circuitry in communication with the memory, the processing circuitry being configured to receive, using a programmable diagnosis service executed by the processing circuitry, a programming input, to form, using the programmable diagnosis service, based on the programming input, a resource definition graph that models interdependencies between a plurality of resources supported by the device group, to detect, using the programmable diagnosis service, an event affecting a first resource of the plurality of resources, and to identify, using the programmable diagnosis service, based on the interdependencies modeled in the resource definition graph formed based on the programming input, a root cause event that caused the event affecting the first resource, the root cause event occurring at a second resource of the plurality of resources.

Abstract: This disclosure describes techniques for sharing routes between nodes in a distributed network system. An example method includes receiving, by a control node of a software-defined network (SDN) controller, a route from a compute node of a plurality of compute nodes in a network; publishing, by the control node and in response to receiving the route, a route update to an in-memory database service of the SDN controller; and sending, by the in-memory database service in response to receiving the published route update, the published route update to any of the plurality of compute nodes that have subscribed to receive route updates for an in-memory database instance associated with the control node.

Abstract: The disclosure describes techniques that enable detection of memory leaks of software executing on devices within a computer network. An example network device includes memory and processing circuitry. The processing circuitry monitors a usage of the memory by a software component operating within the network device. The processing circuitry periodically determines a memory growth pattern score for the software component based on the usage of the memory. The processing circuitry also predicts whether the user-level process is experiencing a memory leak based on the memory growth pattern score. The processing circuitry applies confirmation criteria to current memory usage of the software component to confirm that the software component is experiencing the memory leak. When the software component is experiencing the memory leak, the processing circuitry generates an alert.

Abstract: Techniques are described for in-service configuration data migration for distributed micro service-based applications. In one example, a network device comprises a plurality of legacy data repositories comprising configuration data in key-value pair format that specifies a plurality of parameters and corresponding values for operation of the network device, and a hierarchical configuration data model having a plurality of nodes arranged in a hierarchical organization having a root node and a plurality of leaf nodes. Each of the nodes of the configuration data model is configured to store a set of configuration data parameters for the network device. One or more of the nodes includes a plurality of external references to respective parameters of the plurality of parameters stored within the plurality of legacy data repositories. Process circuitry is configured to perform a migration of the configuration data from the legacy data repositories to the hierarchical data model.