Abstract: Techniques are described for providing end-to-end segment routing paths across metropolitan area networks. For example, a method comprises receiving, by an area border router (ABR) connected to one or more metropolitan area networks and a core network, a packet including a segment routing label stack including at least a label of the ABR, a context label associated with a routing instance of the ABR, and a subsequent label identifying a device in the segment routing path, determining, from a lookup of the context label in the metro routing table, a table next hop to the core routing table (or metro routing table); in response to determining the table next hop, determining, from a lookup of the subsequent label in the core routing table (or metro routing table), a next hop in the segment routing path; and sending, by the ABR, the packet toward the device in the segment routing path.

Abstract: Embodiments provide for guided alignment of the orientation of two wireless devices. A first wireless device is at a known position and a known orientation. A signal from a second wireless device is received via a plurality of receive elements of the first wireless device. The first wireless device measures phase differences of the signal at the plurality of receive elements, and determines locations of each of the second wireless device's transmit elements based on the differences. Based on the transmit element locations, and a known antenna layout of the second wireless device, an orientation of the second wireless device is determined. Based on differences between the determined orientation and the known orientation of the first wireless device, instructions for aligning the devices are generated. Once the devices are aligned, location estimates of a third wireless device are made by both the first wireless device and the second wireless device.

Abstract: An example network device includes a primary node and a secondary node. The primary node includes one or more processors implemented in circuitry and configured to receive a message from a collector device requesting to subscribe to statistics of a metrics streaming session; initiate a telemetry session for sending the statistics to the collector device; replicate data of the telemetry session to the secondary node; and send the data of the telemetry session to the collector device. In this manner, in the event of the switchover, the secondary node may act as the primary node and resume the telemetry session. That is, the secondary node, acting as a primary node following the switchover, may receive statistics data from one or more sensors related to the metrics streaming session, and send telemetry session data, representative of the statistics data, to the collector device as part of the telemetry session.

Abstract: Techniques are described for providing security extensions to neighbor discovery in Ethernet Virtual Private Network (EVPN). For example, a network device that implements Ethernet Virtual Private Network (EVPN) receives a neighbor discovery response message including a nonce originated by a second network device and not originated by the first network device. The network device processes the neighbor discovery response message including the nonce originated by the second network device and not originated by the first network device.

Abstract: An example first network device includes a control unit configured to execute at least one application and a forwarding unit. The forwarding unit includes an interface configured to receive packets, at least one packet processor operably coupled to a memory, and a forwarding path, wherein at least a portion of the forwarding path is stored in the memory and is executable by the at least one packet processor. The forwarding unit is configured to receive an advertisement originated by a second network device in a network, wherein the advertisement specifies a second micro segment identifier (SID), and store, in a destination lookup table, a route entry comprising a first micro SID associated with the first network device and the second micro SID.

Abstract: Techniques are disclosed for session-based routing within Open Systems Interconnection (OSI) Model Layer-2 (L2) networks extended over Layer-3 (L3) networks. In one example, L2 networks connect a first client device to a first router and a second client device to a second router. An L3 network connects the first and second routers. The first router receives, from the first client device, an non-session-based L2 frame destined for the second client device. The first router forms an L3 packet comprising an L3 header specifying L3 addresses of the first and second routers and a protocol selected based on an L3 service for the L2 frame, a payload comprising the L2 frame, and metadata comprising a session identifier distinctly identifying the L2 frame, and forwards the L3 packet to the second router. The second router recovers the L2 frame from the payload and forwards the L2 frame to the second client device.

Abstract: A node may be an active node associated with a high-availability service and may route session traffic communicated via a first route path between a first endpoint and a second endpoint. The node may determine a first measurement of a traffic metric of the first route path and may receive, from another node associated with the high-availability service, a second measurement of the traffic metric of a second route path. The node may compare the first measurement and the second measurement and determine that the traffic metric is enhanced on the second route path relative to the first route path. The node may cause, via a high-availability link between the node and the other node, the other node to become the active node for routing the session traffic between the first endpoint and the second endpoint.

Abstract: In some examples, a method includes receiving, by an egress network device for a network, messages from each of a plurality of ingress network devices for the network, wherein each of the messages specifies a multicast source, a multicast group, and an upstream multicast hop weight value for multicast traffic for the multicast source and the multicast group; selecting, by the egress network device and based on the upstream multicast hop weight values specified by the received messages, one of the plurality of ingress network devices to which to send a multicast join message of a plurality of multicast join messages for the multicast source and multicast group; and sending, by the egress network device, the multicast join message to the selected one of the plurality of ingress network devices.

Abstract: Network controllers are described that enable creation of logical interconnects between logical routers of different, isolated virtual networks and for auto-generation and deployment of routing policies to control “leaking” of select routes amongst the different virtual networks. In one example, a network controller includes a memory and processing circuitry configured to identify a source logical router of a first virtual network and a destination logical router of a second virtual network implemented on one or more physical devices of a switch fabric, form a policy defining one or more rules for controlling leaking of one or more of the routes through a logical router interconnect from the source logical router to the destination logical router, and push the policy to the one or more physical devices of the switch fabric for application to communications through the logical router interconnect.

Abstract: The disclosed embodiments provide for management of a Wi-Fi network in the presence of a high priority receiver. When a high priory receiver is identified, a portion of the Wi-Fi network that could potentially interfere with the high priority receiver is identified and steps are taken to reduce the probability of such interference. For example, some wireless transmitters may be switched to alternate channels to reduce the probability of interference. By sharing information relating to high priority receivers across a plurality of wireless transmitters, the disclosed embodiments provide for more efficient operation in the presence of high priority receivers when compared to methods that independently detect a high priority receiver at each wireless transmitter.

Abstract: A device provides path data associated with a network that includes network devices interconnected by links. The path data includes data identifying a first path and a second path to be provided through the network. The device provides an instruction to cause the network devices to provide information identifying the first path and to route traffic via the first path, and receives an indication of a failure associated with the first path. The indication causes the network devices to provide information identifying the second path and to re-route the traffic from the first path to the second path. The device causes the failure associated with the first path to be repaired while the traffic is re-routed to the second path, and provides, based on causing the failure to be repaired, another instruction to cause the network devices to route the traffic via the first path.

Abstract: A method for configuring a fabric managed by a software-defined networking (SDN) controller includes, with a first control host installed in a first rack having a first management switch and a second control host installed in a second rack, executing controller nodes that implement an SDN controller using a controller virtual network extending between the first rack and the second rack. The first management switch is configured to route traffic between the controller virtual network and a device management network extending from the first management switch to a fabric network device of the fabric managed by the SDN controller. The method further includes configuring, with the SDN controller, via the first management switch, the fabric network device with the controller virtual network to enable communications, via the controller virtual network, between the first control host and a compute node or a storage node connected to the fabric network device.

Abstract: Techniques are disclosed for session-based routing of multipoint Open Systems Interconnection (OSI) Model Layer-2 (L2) frames of an L2 network extended over Layer-3 (L3) networks. In one example, L2 networks connect a source device to an ingress router and receiver devices to egress routers. An L3 network connects the ingress and egress routers. The ingress router receives, from the source device, a multipoint L2 frame destined for the receiver devices. The ingress router forms, for each egress router that is connected to at least one multipoint receiver device, a unicast L3 packet for the L2 frame and forwards the unicast L3 packet to the egress router. Each egress router generates, in response to receiving the unicast L3 packet, the multipoint L2 frame and forwards, to the receiver devices, the multipoint L2 frame.

Abstract: A wireless access point comprises a memory; and one or more processors operably coupled to the memory configured to: receive a first packet for an application; configure an initial packet flow for the application including a first forwarding action to send traffic for the application via a tunnel path; learn the application of the first packet; generate, based on a policy of the application, an entry in an application server address cache specifying an address of the application server and a second forwarding action to send traffic for the application via a local breakout path; receive a second packet for the application; and configure, in response to determining that a destination address of the second packet matches the entry in the application server address cache, a subsequent packet flow for the application including the second forwarding action to send traffic for the application via the local breakout path.

Abstract: The techniques describe example network systems providing core-facing designated forwarder (DF) election to forward multicast traffic into an EVPN of a core network. For example, a first PE device of a plurality of PE devices participating in an EVPN comprises one or more processors operably coupled to a memory, wherein the one or more processors are configured to: determine that a first multicast traffic flow has started for the first PE device; in response, send a source-active (SA) route to indicate the first multicast traffic flow has started for the first PE device; receive, from a second PE device, a second SA route that indicates that a second multicast traffic flow has started for the second PE device; and perform an election of a core-facing DF from among the first PE device and second PE device, wherein the core-facing DF is configured to forward the multicast traffic into the EVPN.

Abstract: A device may receive, from a first device, a port control protocol (PCP) request that includes a customer side translator (CLAT) prefix and one or more private internet protocol version X (IPvX) addresses. The PCP request may be received via an internet protocol version Y (IPvY) network. The device may store the CLAT prefix and the one or more private IPvX addresses using a data structure. The device may receive a packet that includes a private IPvX of the one or more private IPvX addresses and a private IPvY address that includes the CLAT prefix and a second instance of the private IPvX address. The device may use an application layer gateway (ALG). The device may translate the private IPvX address to a public IPvX address using the CLAT prefix. The device may provide the packet that includes the public IPvX address to a second device that supports IPvX.

Abstract: A device may receive policy information associated with a first application group and a second application group. The device may receive network topology information associated with a network. The device may generate a first policy based on the policy information and the network topology information, and generate a second policy based on the policy information and the network topology information. The device may provide, to the virtual network device, information associated with the first policy to permit the virtual network device to implement the first policy in association with network traffic transferred between the first application group and the second application group. The device may provide, to the physical network device, information associated with the second policy to permit the physical network device to implement the second policy in association with network traffic transferred between the first application group and the second application group.

Abstract: A network device is configured to associate a tenant of a plurality of tenants with a virtual routing and forwarding (VRF) instance of a plurality of VRF instances. The network device receives a packet comprising metadata specifying a tenant identifier for the tenant. The network device identifies, based on the tenant identifier specified by the metadata, the VRF instance associated with the tenant. The network device retrieves one or more routes from a routing information base (RIB) of the VRF instance associated with the tenant and forwards the packet toward a destination via the one or more routes.

Abstract: In an example, a method includes receiving, by a network management system (NMS), a configuration request comprising first configuration data for a network device, the first configuration data defining a data structure comprising a first property/value pair; generating, by the NMS from the first configuration data, a corresponding first path/value pair for the first property/value pair, wherein a path of the first path/value pair uniquely identifies the first path/value pair in an associative data structure; modifying, by the NMS, the associative data structure based on the first path/value pair; generating, by the NMS, from the associative data structure, a configuration resource comprising second configuration data for the network device, the second configuration data comprising a second property/value pair that corresponds to the first path/value pair; and sending, by the NMS, the second configuration data to the network device to modify a configuration of the network device.

Abstract: A network device may receive, from a first network, one or more fragments of a first network packet of a first network packet type, where the first network packet encapsulates a second network packet of a second network packet type. The network device may buffer the one or more fragments in. The network device may, upon receiving a fragment of the first network packet that includes an indication of a source network address and a source port for the second network packet, perform an anti-spoof check of the fragment flow without assembling the first network packet. The network device may, based on the fragment flow passing the anti-spoof check, in response to receiving all fragments of the first network packet: assemble the first network packet, decapsulate the second network packet from the assembled first network packet, and forward, to a second network, the second network packet.