Abstract: An autonomous system border router (ASBR) provided in a domain in which routers share an anycast address, may perform a method comprising: (a) receiving, from an exterior Border Gateway Protocol (eBGP) peer, first reachability information for a first prefix, the first reachability information including a first next hop (NH) address; (b) communicating first link state information about the first prefix to another router in the domain, the first link state information associating the first prefix with the anycast address; (c) receiving, from an eBGP peer, second reachability information for a second prefix, the second reachability information including a second next hop (NH) address; and (d) communicating second link state information about the second prefix to the other router in the domain, the second link state information associating the second prefix with the anycast address. This effectively reduces the number of next hops related to a prefix learned by two or more ASBRs (e.g.

Abstract: The same prefix segment identifier (SID) may be configured and/or used for either (A) more than one prefix within an interior gateway protocol (IGP) domain, or (B) one prefix with more than one path computation algorithm within the IGP domain by: (a) receiving, by a node in the IGP domain, an IGP advertisement including both (1) a prefix SID and a segment routing global block (SRGB) slice identifier; (b) determining whether or not the SRGB slice identified by the SRGB slice identifier is provisioned on the node; and (c) responsive to a determination that the SRGB slice identified by the SRGB slice identifier is not provisioned on the node, not processing the prefix SID included in the received IGP advertisement, and otherwise responsive to a determination that the SRGB slice identified by the SRGB slice identifier is provisioned on the node, (1) processing the prefix SID and SRGB slice to generate a unique, per SRGB slice, MPLS label for the prefix, and (2) updating a label forwarding information base (LFIB)

Abstract: In some examples, a computing device comprises a first service function instance to apply a service function and a service function forwarder to: receive a first layer 3 routing protocol route advertisement that includes service function instance data for a second service function instance, the service function instance data indicating a service function type and a service identifier for the service function instance; receive a second layer 3 routing protocol route advertisement that includes service function chain data for a service function chain, the service function chain data indicating a service path identifier and one or more service function items; and send, to the second service function instance and based at least on determining a service function item of the one or more service function items indicates the second service function instance, a packet classified to the service function chain.

Abstract: Techniques are disclosed for service-based tunnel selection for forwarding network traffic. In one example, a network device obtains, based on service parameters associated with a network service, a tunnel selection scheme. The tunnel selection scheme identifies a primary mapping mode including a primary service color for mapping the network service to a primary service color transport tunnel and at least one fallback service color for mapping the network service to at least one fallback service color transport tunnel. The tunnel selection scheme also identifies at least one fallback mapping mode for mapping the network service to fallback transport tunnels. The primary mapping mode is categorized according to a first type comprising tunnel colorization, while the at least one fallback mapping mode is categorized according to a type other than tunnel colorization.

Abstract: Failure impact analysis (or “impact analysis”) is a process that involves identifying effects of a network event that are may or will results from the network event. In one example, this disclosure describes a method that includes generating, by a control system managing a resource group, a resource graph that models resource and event dependencies between a plurality of resources within the resource group; detecting, by the control system, a first event affecting a first resource of the plurality of resources, wherein the first event is a network event; and identifying, by the control system and based on the dependencies modeled by the resource graph, a second resource that is expected to be affected by the first event.

Abstract: In one embodiment, edge devices can be configured to be coupled to a multi-stage switch fabric and peripheral processing devices. The edge devices and the multi-stage switch fabric can collectively define a single logical entity. A first edge device from the edge devices can be configured to be coupled to a first peripheral processing device from the peripheral processing devices. The second edge device from the edge devices can be configured to be coupled to a second peripheral processing device from the peripheral processing devices. The first edge device can be configured such that virtual resources including a first virtual resource can be defined at the first peripheral processing device. A network management module coupled to the edge devices and configured to provision the virtual resources such that the first virtual resource can be migrated from the first peripheral processing device to the second peripheral processing device.

Abstract: A method includes applying, to a modulated digital signal, a forward error correction (FEC) including a low-density parity-check (LDPC) to produce a coded digital signal. Nyquist shaping is applied to the coded digital signal to generate a filtered digital signal. A representation of the filtered digital signal is transmitted in an optical communication channel via a dense wavelength division multiplexing (DWDM) scheme.

Abstract: In general, techniques are described for communicating state information in distribute operating system. A network device comprises a first hardware node and a second hardware node. The first hardware node may execute a first instance of a distributed operating system, and maintain a first data structure that stores a plurality of objects defining a portion of state information. The second hardware node may execute a second instance of the distributed operating system, and maintain a second data structure that stores synchronized versions of the plurality of objects. The first hardware node may further receive updated state information, update the first data structure to include the updated state information, and synchronize the updated first data structure with the second data structure. The second hardware node may synchronize the second data structure with the updated first data structure.

Abstract: A controller device manages a plurality of network devices. The controller device includes a memory configured to store a dependency model representing dependencies between resources provided by the network devices and a programmed merge strategy, and one or more processors implemented in circuitry and configured to: determine the resources provided by the network devices; determine relationships between the resources according to the programmed merge strategy; construct the dependency model using the determined relationships; determine that at least one of the resources has experienced a failure; and perform a root cause analysis using the dependency mathematical model to determine a root cause of the failure of the at least one of the resources.

Abstract: A system for configuring a data center includes a fabric management server coupled to a management switch. A provisional Software Defined Networking (SDN) controller executing on the fabric management server can discover physical servers coupled to the management switch, receive network interface configuration information from the physical servers, and use the discovered network interface configuration information to determine a configuration for switches and servers coupled to an IP fabric. The configuration can be migrated to a full functionality SDN controller.

Abstract: An Access Gateway Function (AGF) node can receive requests to join a multicast stream from a computing device. If the request is the first request to join the multicast stream, the AGF can forward the request to the UPF node. The multicast stream is then received via a tunnel between the AGF node and UPF node that is associated with the computing device. The tunnel associated with the first computing device to request joining the multicast stream can be a primary tunnel for the multicast stream. Subsequent requests to join the same multicast stream can cause the AGF node add tunnels associated with the requesting computing devices as secondary tunnels. The multicast stream is received via the primary tunnel and replicated to computing devices associated with the secondary tunnels. A secondary tunnel may be promoted to a primary tunnel in response to a failure or disconnection of the primary tunnel.

Abstract: A network device may decrypt a record received from a source device and associated with an encrypted session. The network device may process the decrypted record. The network device may encrypt the record to generate an encrypted payload. The network device may store an entry in a retransmission mapping that includes a decryption key used to decrypt the record and an encryption key used to encrypt the record. The network device may transmit the encrypted payload in a first TCP packet toward the destination device. The network device may receive retransmitted data and may determine, based on the record entry, that the retransmitted data is associated with the record. The network device may decrypt, using the decryption key, the retransmitted data and may re-encrypt, using the encryption key, the decrypted record. The network device may transmit, toward the destination device, the encrypted payload in a second TCP packet.

Abstract: The disclosed computer-implemented method may include (1) receiving, at a network node within a network, a packet from another network node within the network, (2) identifying, within the packet, a label stack that includes a plurality of labels that collectively represent at least a portion of a label-switched path within the network, (3) popping, from the label stack, a label that corresponds to a next hop of the network node, (4) determining, based at least in part on the label, that the next hop has experienced a failure that prevents the packet from reaching a destination via the next hop, (5) identifying a backup path that merges with the label-switched path at a next-to-next hop included in the label-switched path, and then (6) forwarding the packet to the next-to-next hop via the backup path. Various other methods, systems, and apparatuses are also disclosed.

Abstract: A disclosed method may include (1) sampling traffic forwarded by a network device in accordance with certain prefixes, (2) determining, based at least in part on the sampling of traffic, a subset of the prefixes whose usages satisfy a certain threshold, (3) computing a plurality of hit probabilities that each represent a relative likelihood that one of the subset of prefixes is used by the network device to forward the traffic, (4) identifying a plurality of outgoing interfaces that carry the traffic in connection with the subset of prefixes, (5) identifying a plurality of prefix-specific loads of the outgoing interfaces, and then (6) predicting a plurality of future traffic loads of the outgoing interfaces based at least in part on (A) the hit probabilities of the subset of prefixes and (B) the prefix-specific loads of the outgoing interfaces. Various other systems and methods are also disclosed.

Abstract: A device may receive an instruction to classify software. The device may identify a group of one or more user interfaces associated with the software based on receiving the instruction to classify the software. The device may determine a group of one or more user interface signatures associated with the group of one or more user interfaces. A user interface signature may include information, associated with a user interface in the group of one or more user interfaces, that may be used to classify the software. The device may generate information that identifies a classification of the software based on the group of one or more user interface signatures and based on known signature information. The known signature information may include information that corresponds to a correct software classification. The device may output the information that identifies the classification of the software.

Abstract: In one example, a method comprises generating, by a forwarding manager for an internal forwarding path executed by a plurality of packet processors of a forwarding unit of a network device, a dependencies structure that specifies one or more dependencies for a plurality of nodes, wherein the plurality of nodes represent different types of forwarding path elements of the forwarding path, wherein the plurality of nodes is binded to a first set of one or more packet processors of the plurality of packet processors; and rebinding, by the forwarding manager, a second set of one or more packet processors of the plurality of packet processors to the plurality of nodes, wherein rebinding the second set of one or more packet processors to the plurality of nodes is performed in a reverse direction of the dependencies structure.

Abstract: A device may receive a set of cryptographic parameters associated with an integer, wherein the set of cryptographic parameters includes a linked list of potential prime integers, in an order, used to generate the integer. The device may determine, iteratively and in the order, whether each potential prime integer included in the linked list of potential prime integers is a prime integer using a primality test or a lookup operation based on a set of proven prime integers. The device may determine whether the integer is a proven prime integer based on determining whether each potential prime integer included in the linked list of potential prime integers is a prime integer. The device may authorize, when the integer is a proven prime integer, the integer for use in a cryptographic protocol.

Abstract: A centralized configuration management system (CCM) may receive, from an NMS device, a request concerning a configuration for a microservice associated with the NMS device. The CCM may identify, based on the request, a first data model associated with default configuration information. The CCM may identify, based on the request, a second data model associated with customized configuration information. The CCM may generate, based on the first data model and the second data model, a response that includes at least one configuration parameter. The CCM may send the response to the NMS device to allow the microservice to be configured based on the at least one configuration parameter.

Abstract: An example network element includes one or more interfaces and a control unit, the control unit includes one or more processors configured to determine an egress network domain identifier (ID) and determine an abstracted interdomain network topology. The one or more processors are also configured to determine one or more interdomain paths from an abstracted ingress domain node to an abstracted egress domain node and determine whether an abstracted domain node is on the one or more interdomain paths. The one or more processors are configured to, based on the abstracted domain node being on the one or more interdomain paths, include one or more resources within a network domain in a filtered traffic engineering database (TED) and compute a path from an ingress node within the ingress network domain to an egress node within the egress network domain based on the filtered TED.

Abstract: A device may receive information associated with a service chain to be implemented in association with a flow. The information associated with the service chain may include a source network address associated with the flow, a destination network address associated with the flow, a set of protocols associated with the flow, and a set of network services, of the service chain, to be implemented in association with the flow. The device may implement the service chain in association with the flow. The device may receive network traffic information associated with the flow based on implementing the service chain in association with the flow. The device may modify the service chain based on the network traffic information associated with the flow to permit a modified service chain to be implemented in association with the flow.