Abstract: This disclosure describes techniques that determine device connectivity in the absence of a network layer 2 discovery protocol such as Link Layer Discovery Protocol (LLDP). In one example, this disclosure describes a method that includes retrieving, from a bridge data store of a bridge device on a network having one or more host devices, a plurality of first interface indexes, wherein each first interface index corresponds to a network interface of network interfaces of the bridge device; retrieving, from the bridge data store, remote network addresses corresponding to the network interfaces of the bridge device, each remote network address of the remote network addresses corresponding to a second interface index; selecting a remote network address having a second interface index that matches the first interface index; determining a host device having the selected remote network address; and outputting an indication that the bridge device is coupled to the host device.

Abstract: An alarm service can receive an alarm rule as an “intent” that defines a rule in a high level “natural language.” An alarm rule compiler can receive the intent and translate the high level intent into one or more lower level rules that can be programmatically processed by multiple alarm rule execution engines. Devices in a network system can be associated with alarm rule execution engines in a distributed manner. For example, devices in a network can be associated with different instances of an alarm rule execution engine, thus distributing the resource usage for obtaining telemetry data and processing alarms with respect to the devices in a network across multiple alarm rule execution engines.

Abstract: Embodiments improve error detection and recovery in media access control security sessions. A MACsec session is torn down after three liveness time intervals elapse without receiving a MACsec key exchange protocol data unit (MKPDU) from a remote peer. This delay between a cessation of effective network communication over the MACsec session and the expiration of the three “liveness” intervals results in increased packet loss and an increased network convergence time as a network continues to route/forward data over the MACsec session for a period of time after the MACsec session has entered secure block mode. To solve this problem, embodiments define a new alarm, called a MACsec link alert, which is raised earlier than a MACsec session timeout generated by traditional embodiments. The MACsec link alert is raised, by at least some embodiments, after a failure to successfully receive an MKPDU from the remote peer after a single MACsec “liveness” timeout interval elapses.

Abstract: Ping or traceroute functionality is supported in a path spanning multiple autonomous systems (ASes) having segment routing (SR) enabled, the path including an ingress node in a first autonomous system (AS) and an egress node in an AS other than the first AS, using a reverse path label pair including (1) a node segment identifier (SID) corresponding to an AS Border Router (ASBR) of the second AS (second ASBR), and (2) an egress peer engineering (EPE) SID corresponding to a segment between the second ASBR to an ASBR of the first AS (first ASBR). Responsive to receiving a ping or traceroute request by a router in the second AS, the router generates a ping or traceroute reply including the reverse path label pair. The ping or traceroute reply is forwarded to the second ASBR using the node SID of the reverse path label pair. The ping or traceroute reply is then forwarded from the second ASBR to the first ASBR using the EPE SID of the reverse path label pair.

Abstract: Techniques are described for policy driven on-demand tunnel creation and deletion between end points in a software-defined wide area network (SD-WAN) having a hub-and-spoke topology. A software-defined networking (SDN) controller that facilitates cloud-based services of a service provider network that sets up the SD-WAN is configured to determine whether a tunnel between end-points is to be created or deleted based on information indicative of the traffic, such as amount, time, application generating the traffic, and the like, between end-points.

Abstract: A network system includes a server comprising a set of virtual routers configured to extend virtual networks to virtual machines. A virtual router of the set of virtual routers may receive a tunnel packet comprising a outer header and an inner packet that defines a first packet flow, and determine, based at least on the outer header, that the tunnel packet is associated with a first virtual network of the virtual networks. The virtual router may also associate, based on the inner packet, the tunnel packet to a layer three link of a plurality of layer three links coupling the virtual router to two or more top-of-rack switches in the virtual network, where the plurality of layer three links form a layer three multi-homing connection between the virtual router and the top-of-rack switches in the virtual network. The virtual router may transmit the tunnel packet via the layer three link.

Abstract: A disclosed method may include (1) detecting one or more requests for a memory chunk of a specific size on a computing device, (2) determining that the computing device has yet to implement a memory pool dedicated to fixed memory chunks of the specific size, (3) computing an amount of memory that is potentially wasted in part by satisfying the one or more requests from an existing memory pool dedicated to fixed memory chunks of a different size, (4) determining that the amount of memory that is potentially wasted exceeds a waste threshold, and then in response to determining that the amount of memory that is potentially wasted exceeds the waste threshold, (5) creating an additional memory pool dedicated to fixed memory chunks of the specific size on the computing device. Various other apparatuses, systems, and methods are also disclosed.

Abstract: In one embodiment, edge devices can be configured to be coupled to a multi-stage switch fabric and peripheral processing devices. The edge devices and the multi-stage switch fabric can collectively define a single logical entity. A first edge device from the edge devices can be configured to be coupled to a first peripheral processing device from the peripheral processing devices. The second edge device from the edge devices can be configured to be coupled to a second peripheral processing device from the peripheral processing devices. The first edge device can be configured such that virtual resources including a first virtual resource can be defined at the first peripheral processing device. A network management module coupled to the edge devices and configured to provision the virtual resources such that the first virtual resource can be migrated from the first peripheral processing device to the second peripheral processing device.

Abstract: In general, techniques are described for enhancing communication between kernel modules operating in different network stacks within the kernel space of the same network device. An IPVLAN driver is configured to establish an endpoint in a first and second kernel module, wherein each kernel module executes in a different networking stack in the same kernel space. The endpoint in the first kernel module is associated with an interface of the first module. Selected packets are transferred from the second kernel module to the first kernel module via the interface of the first module.

Abstract: This disclosure describes techniques that include adding information to a network service header in packets being processed by a set of compute nodes in a service chain. The information added to the network service header can be used during selection of the next hop in a service chain, and may be used to help ensure that service level agreements (SLA) are met with respect to one or more metrics. In one example, this disclosure describes a method that includes receiving, by a service complex having a plurality of service nodes, a packet associated with a service chain representing a series of services to be performed on the packet by one or more of the plurality of service nodes; identifying, by the service complex, one or more service chain constraints associated with the service chain; and modifying the packet, by the service complex, to include information about the service chain constraints.

Abstract: In general, techniques are described for defining and executing device-independent commands on a network having a plurality of network devices. In some examples, a controller includes a graphical user interface. The controller displays, via the graphical user interface, network devices that support a device-independent command selected from one or more device-independent commands, wherein each device-independent command performs one or more operations on supported network devices. The controller receives, via the graphical user interface, user input selecting two or more of the displayed network devices and performs the one or more operations of the selected device-independent command on the selected network devices. In some examples, performing includes executing tasks associated with each network device, wherein the tasks, when executed, perform the one or more operations on each respective network device.

Abstract: The disclosed computer-implemented method may include (1) receiving, at a source node, a request to discover a plurality of network paths that each lead from the source node to a destination node and (2) discovering the plurality of network paths by (A) identifying each next hop between the source node and the destination node, (B) sending, from the source node to each next hop, a path-request probe that prompts the next hop to (i) determine each next-closest hop and (ii) return, to the source node, a path-response probe that identifies the next-closest hops, (C) receiving the path-response probes from the next hops, (D) determining, at the source node based on the path-response probes, that one or more of the plurality of network paths include the next hops and the next-closest hops, and then (E) iteratively discovering any subsequent hops by sending a subsequent path-request probe to each next-closest hop.

Abstract: A disclosed method may include (1) identifying a route installed in a Forwarding Information Base (FIB) of a network device included in a network, (2) identifying a plurality of active paths that lead from the network device to a destination device of the route installed in the FIB, (3) determining a load distribution of the plurality of active paths by calculating a plurality of traffic loads that represent amounts of traffic that traverse from the network device to the destination device via the plurality of active paths, and (4) making a trafficking decision in connection with the plurality of active paths based at least in part on the load distribution of the plurality of active paths. Various other apparatuses, systems, and methods are also disclosed.

Abstract: A disclosed method may include (1) publishing, by a writer, a first context that represents a lockless data structure at a first moment in time for access by a set of readers, (2) upon the publication of the first context, directing at least one of the readers to access an object stored in shared memory via the first context, (3) publishing, by the writer, a second context that represents the lockless data structure at a second moment in time for access by the set of readers, and (4) upon the publication of the second context, directing the at least one of the readers to access an additional object stored in the shared memory via the second context. Various other apparatuses, systems, and methods are also disclosed.

Abstract: A mounting bracket for mounting an electronic device to the T-bar of a drop ceiling provides for self-locking snap-action securing of the mounting bracket to a flange of the T-bar, suspending the mounting bracket from the T-bar. The mounting bracket also provides for self-locking snap-action attachment of the mounted device to the bracket, suspending the device from the suspended mounting bracket. A split adapter allows vertical offsetting of the device from the ceiling, reducing vertical displacement of ceiling tiles resting on the T-bar. The split adapter has two halves the are laterally slid on to the T-bar flange and are then longitudinally slid together to be joined against lateral separation. The composite adapter thus formed presents an adapter flange to which the mounting bracket snap-secures, the mounting bracket locking the adapter halves against longitudinal separation.

Abstract: Techniques are described for facilitating flow symmetry using a scalable service platform that anchors the service chain. The scalable service platform may facilitate flow symmetry and, at least in some cases, flow stickiness for a first packet flow (a “forward packet flow”) and a second, related packet flow (a “reverse packet flow”) both traversing the service chain in the forward and reverse directions, respectively. For example, a virtualized computing infrastructure may deploy a scalable service platform to perform load balancing of multiple forward packet flows, received from the gateway, among multiple parallel service instances for an ingress service in a service chain. For each corresponding reverse packet flows for the multiple forward packet flows, the scalable service platform load balances the reverse packet flow to the service instance for the egress service in the service chain that is applied to the corresponding forward packet flow.

Abstract: This disclosure describes techniques for improved port mirroring over Ethernet Virtual Private Network (EVPN) Virtual eXtensible Local Area Network (VXLAN). For example, a method includes receiving, by a first network device of a plurality of network devices of a leaf and spine network configured with an Ethernet Virtual Private Network and from a second network device of the plurality of network devices, an extended routing message including information indicating the second network device is connected to an analyzer, and wherein the plurality of network devices is configured with a Virtual Local Area Network (VLAN) for which the analyzer is configured to analyze packets. The method also includes configuring, within forwarding information of the first network device and in response to receiving the extended routing message advertised by the second network device, a next hop that specifies packets associated with the VLAN are to be forwarded to the second network device.

Abstract: This disclosure describes techniques for configuring software defined network (SDN) controllers within different cloud computing domains and, in particular, a multi-cluster controller that operates and presents, in some examples, a single interface for seamlessly controlling and configuring SDN controllers in different cloud computing domains. In one example, this disclosure describes a system that includes a plurality of clusters, each of the plurality of clusters including a plurality of configurable endpoints; a storage system; and processing circuitry having access to the storage system and capable of communicating with each of the plurality of configurable endpoints. In some examples, the processing circuitry is configured to receive a plurality of requests, each specifying a configuration operation, identify, for each of the requests, a configuration cluster and a configuration endpoint within the configuration cluster, and perform, for each of the requests, the specified configuration operation.

Abstract: Disclosed are methods and systems for improved wireless terminal roaming. In some embodiments, a management module determines access point density metrics for a plurality of centrally managed access points of a communications site. The density metric considers an average RSSI of access point signals received by other access points of the site, and each access point's contribution to the average. A determination of whether a particular wireless terminal roams is based on the density metrics of the source and target access point, as well as statistics relating to a current capacity of each of the access points. The disclosed embodiments may determine that a wireless terminal should transition/roam away from an access point even when that access point's RSSI value at the wireless terminal is above a threshold that would cause traditional methods to inhibit roaming.

Abstract: The disclosed method may include (1) deploying a virtual-tracking technology across a plurality of customer-facing platforms, (2) detecting, via one customer-facing platform, a first touchpoint between a browser of a contact related to a buyer-side business and a seller-side business, (3) generating, by way of the virtual-tracking technology, a cookie that is linked to the buyer-side business, (4) dropping the cookie into the browser of the contact during the first touchpoint, (5) detecting, via another customer-facing platform, a second touchpoint between the browser of the contact and the seller-side business based at least in part on the cookie, and then (6) tracing a customer journey that (A) represents the interactions between the buyer-side business and the seller-side business via the contact and (B) accounts for the first touchpoint and the second touchpoint. Various other systems, methods, and computer-readable media are also disclosed.