Abstract: This disclosure is related to devices, systems, and techniques for using a Domain Name System (DNS) server to identify one or more network devices capable of operating according to a protocol. For example, a DNS system device includes a memory and one or more processors implemented in circuitry. The one or more processors are configured to receive, from a client device, a DNS query including a specification of a hostname and a request for an MP-TCP capability, determine, using the memory, at least one IP address corresponding to the hostname and corresponding to one of the devices that is MP-TCP capable, and send, to the client device, a DNS response including an indication of the at least one of the IP addresses.

Abstract: Techniques are described for dynamically computing a segment routing policy for a segment routing for traffic engineering (SR-TE) path. For example, in a discontinuous SR network in which SR islands (e.g., groups of neighboring routers that are enabled for segment routing) are separated by one or more routers not enabled for segment routing, instead of returning a failure because one or more routers along a path are not enabled for SR, an ingress router may generate an SR-TE operations, administrations, and management (OAM) Multi-Protocol Label Switching (MPLS) traceroute packet send the packet to a first border router of the RSVP-enabled devices along a computed path to trigger the creation of a resource reservation Label Switched Path (LSP) through the RSVP-enabled devices. In this way, segment routed LSP may be established to tunnel through the resource reservation LSP for a SR-TE path used in an SR-TE policy.

Abstract: In an example, a method comprises, by a computing device, in response to receiving an indication of a modified network topology for a segment routing (SR)-enabled network comprising one or more network nodes: determining whether an existing, first multipath in the modified network topology for the network satisfies a path computation deviation for a SR policy, wherein the path computation deviation is a deviation from an initial path computation constraint for the SR policy; when the first multipath in the modified network topology satisfies the path computation deviation for the SR policy, performing a recomputation policy action that is associated with the path computation deviation; and when the first multipath in the modified network topology does not satisfy the path computation deviation for the SR policy, computing a second multipath in the modified network topology for the network to satisfy the initial path computation constraint for the SR policy.

Abstract: An example method includes receiving a resource management request associated with resources provided by at least one data center, creating, based on the resource management request, task data elements including at least first and second task data elements, adding the task data elements to a task data structure accessible at least by a first and second worker processes, removing, by the first worker process, a first task data element from the task data structure and initiate execution of a first task, removing, by the second worker process, a second task data element from the task data structure and initiate execution of a second task, wherein the second worker process executes at least a portion of the second task while the first worker process executes at least a portion of the first task in parallel, and sending, to the client computing device, a response to the resource management request.

Abstract: Techniques are disclosed for implementing scalable port range policies across a plurality of categories that support application workloads. In one example, a policy agent receives, from a centralized controller for a computer network, a plurality of policies. Each policy of the plurality of policies includes one or more policy rules, and each of the one or more policy rules specifies one or more tags specifying one or more dimensions for application workloads executed by the one or more computing devices and a corresponding port range. The policy agent assigns, based on a policy rule, a port range specified by the policy rule to objects of the one or more computing devices that belong to categories described by the one or more dimensions of the one or more tags of the policy rule. The categories support the application workloads and are assigned to the tags by a centralized controller.

Abstract: In general, the disclosure describes techniques for configuring a forwarding path of a network device. For example, a network device system includes a compiler. The compiler is configured to receive text comprising syntax elements in an arrangement that indicates a topology for a plurality of nodes. Additionally, the compiler is configured to generate, based on the text, code for instantiating the plurality of and compile the code to generate a software image. The network device system includes a network device comprising a forwarding manager configured to execute the software image to configure a forwarding path to include the corresponding forwarding path elements for each of the plurality of nodes. Additionally, the network device system includes at least one packet processor operably coupled to a memory, wherein the at least one packet processor is configured to process packets received by the forwarding unit by executing the forwarding path elements.

Abstract: An apparatus includes a reconfigurable optical add/drop multiplexer (ROADM) having an input port to receive a first optical signal from a second device. The ROADM also includes a first wavelength selective switch (WSS), in optical communication with the input port, to convert the first optical signal into a second optical signal, a loopback, in optical communication with the first WSS, to transmit the second optical signal, and a second WSS, in optical communication with the loopback, to convert the second optical signal to a third optical signal and direct the third optical signal back to the second device via the input port.

Abstract: A network device may receive a request to install a filter associated with an application identifier or a uniform resource locator (URL), and may add, based on the request, information identifying the filter to a list of filters associated with the network device. The network device may receive a packet destined for an endpoint device, may generate a copy of the packet, and may cause the packet to be forwarded to the endpoint device. The network device may perform deep packet inspection of the copy to identify a packet application identifier or a packet URL, and may determine whether the packet application identifier or the packet URL matches the application identifier or the URL. The network device may cause the copy of the packet to be forwarded to a content destination device when the packet application identifier or the packet URL matches the application identifier or the URL.

Abstract: A network device may receive a request, to install a filter, that includes information identifying a first source address, a first destination address, a content destination device, and a tapping level indicator. The network device may create an additional filter, based on the tapping level indicator, by setting the first destination address as a second source address, determining a third destination address that is a destination for the second source address, and setting the third destination address as a third source address. The network device may add the filter and the additional filter to a list of filters, and may receive, from source devices, packets destined for destination devices. The network device may generate a copy of a packet, and may determine that the copy of the packet matches the filter or the additional filter. The network device may forward the copy of the packet to the content destination device.

Abstract: A device may select a first pseudorandom integer within a range of integers. The device may generate a first candidate prime, based on the first pseudorandom integer, for primality testing. Based on determining that the first candidate prime fails a primality test, the device may select a second pseudorandom integer within the range of integers. The device may generate a second candidate prime, based on the second pseudorandom integer, for primality testing. The device may determine whether the second candidate prime satisfies the primality test. The device may selectively: re-perform, based on the second candidate prime failing the primality test, the selecting the second pseudorandom integer, the generating the second candidate prime, and the determining whether the second candidate prime satisfies the primality test, or using, based on the second candidate prime satisfying the primality test, the second candidate prime as a prime integer in a cryptographic protocol.

Abstract: A device receives network data associated with a network that includes network devices interconnected by links, wherein the network devices utilize segment routing. The device receives segment routing data associated with the network, wherein the segment routing data at least includes a list of segments associated with paths provided through the network by two or more of the network devices and corresponding links. The device merges the network data and the segment routing data to generate merged data, and processes the merged data, with an optimization model, to determine potential network plans within a particular time period. The device identifies a potential network plan, of the potential network plans, that maximizes throughput associated with operating the network, and performs one or more actions based on the potential network plan.

Abstract: An example control plane that is executed on one or more processors in a distributed computing system is configured to receive an indication of a node to be onboarded into the distributed computing system, wherein the node comprises one of a compute node or a network device node, to discover one or more compute resources or network device resources that are associated with the node, and to assign, based on the discovery, the node to a collector that is executed in the distributed computing system, wherein the collector is configured to collect real-time telemetry data for the node during operation of the node. The control plane is further configured to receive, from the collector, the real-time telemetry data for the node that is collected by the collector, and to output, for display, a visual representation of the real-time telemetry data for the node.

Abstract: In some implementations, a network device may identify a segment routing traffic engineering (SR-TE) algorithm supported by the network device. The network device may determine, based on identifying the SR-TE algorithm, an identification value associated with the network device. The network device may generate an advertisement packet that includes the identification value and information identifying the SR-TE algorithm. The network device may send the advertisement packet to another network device to cause the other network device to update a data structure to indicate that the network device supports the SR-TE algorithm and that the network device is associated with the identification value. The other network device may determine, using the SR-TE algorithm, a forwarding path for a data packet that indicates the network device as a hop in the forwarding path.

Abstract: A script analysis platform may obtain a script associated with content wherein the script includes one or more functions that include one or more expressions. The script analysis platform may parse the script to generate a data structure and may traverse the data structure to determine the one or more functions and to determine properties of the one or more expressions, wherein traversing the data structure includes evaluating one or more constant sub-expressions of the one or more expressions. The script analysis platform may analyze the properties of the one or more expressions to determine whether the script exhibits malicious behavior. The script analysis platform may cause an action to be performed concerning the script or the content based on determining whether the script exhibits malicious behavior.

Abstract: A disclosed apparatus may be a circuit board that includes (1) a first unique sublaminate that includes a plurality of ground layers and a plurality of signal layers, (2) a second unique sublaminate that includes a plurality of power layers and another plurality of signal layers, and (3) a symmetry axis that bisects the circuit board between the first unique sublaminate and the second unique sublaminate, wherein the first unique sublaminate and the second unique sublaminate are distinct from one another. Various other apparatuses, systems, and methods are also disclosed.

Abstract: A first packet forwarding plane (PFE) of a network device may receive a packet and may perform a first lookup for the packet. The first PFE may provide the packet to a service plane based on the first lookup. The service plane may apply a service to the packet and may provide the packet to the first PFE. The first PFE may perform a second lookup. The first PFE may provide the packet to a second PFE of the network device based on the second lookup and may store flow information associated with the packet and second PFE information in a table. The network device may provide the flow information and the second PFE information from the table to the service plane to cause the service plane to send subsequent packets directly to the second PFE thereby saving fabric, memory, and processing bandwidth and improving overall network performance.

Abstract: A disclosed apparatus may include (1) an integrated circuit electrically coupled to a substrate, (2) a plurality of electrical contacts that are disposed on the substrate and are electrically coupled to the integrated circuit via the substrate, (3) at least one cable assembly electrically coupled to the plurality of electrical contacts, and (4) a package stiffener physically coupled to the substrate around the integrated circuit such that the at least one cable assembly is accessible to at least one electrical cable. Various other apparatuses, systems, and methods are also disclosed.

Abstract: A network device may receive network traffic associated with a session, wherein the session is associated with a network. The network device may determine, from the network traffic, an application path that is associated with the session and may determine an application path identifier associated with the application path. The network device may determine, based on policy information that is associated with the application path identifier, whether the network traffic associated with the session is permitted to be communicated via the network and may perform, based on whether the network traffic is determined to be permitted, an action associated with communication of the network traffic.

Abstract: A first network device may receive, from a second network device, a clock quality indication that is associated with a clock of the second network device, wherein the clock of the second network device is a reference clock for a network that includes the first network device and the second network device. The first network device may determine, based on a clock signal of the second network device, that a quality metric of the clock does not satisfy a threshold. The first network device may provide, to the second network device, a clock fault notification to cause the second network device to downgrade the clock quality indication transmitted by the second network device. The first network device may select a new reference clock for the first network device based on receiving the downgraded clock quality indication from the second network device.

Abstract: A managing network node may provide, to a bootstrap device, a request for provisioning information to provision the managing network node and one or more managed network nodes, wherein the managing network node and the one or more managed network nodes have an existing relationship, wherein the request comprises a respective identifier for each of the managing network node and the one or more managed network nodes. The managing network node may receive, from the bootstrap device, the provisioning information, wherein the provisioning information includes first provisioning information for the managing network node and respective second provisioning information for each of the one or more managed network nodes. The managing network node may provision the managing network node using the first provisioning information and the one or more managed network nodes using the respective second provisioning information.