Abstract: The potential problem of too many unique protocol independent multicast (PIM) joins (corresponding to unique (Source, Group) combinations) in PIM join/prune messages being received by a router may be solved by controlling (e.g., limiting) a number of unique PIM joins to be sent to the router from a downstream device. This may be accomplished, for example, by communicating a limit (or multiple different limits) from a PIM device to one or more downstream PIM neighbors. For example, the limit may be encoded in a PIM Hello message (e.g., as an Option Type-Length-Value (TLV)).

Abstract: A data forwarding device belonging to both (1) a segment routing (SR) domain and (2) a label distribution protocol (LDP) domain may be used to perform a method comprising: (a) receiving, by the data forwarding device, information uniquely associated with each of one or more nodes in the LDP domain; (b) associating, for each of the one or more nodes in the LDP domain, a unique SR segment identifier (SID) with the information uniquely associated with the node in the LDP domain, to generate one or more SR SID-to-LDP node associations; and (c) transmitting the one or more SR SID-to-LDP node associations for propagation to at least one other node in the SR domain, whereby the at least one other node in the SR domain will become aware of the one or more nodes in the LDP domain. The SR-LDP border router is aware of all the nodes in SR and LDP domain including the SRGB database (base label, node label, and label range).

Abstract: A device may receive information identifying a set of conditions related to controlling implementation of a set of security rules. The set of conditions may be associated with a set of security actions that a device is to perform based on whether the set of conditions is satisfied. The device may determine the set of security rules that is to be controlled by the set of conditions using information related to the set of security rules. The device may modify information related to the set of security rules to cause the implementation of the set of security rules to be controlled by the set of conditions. The modification to cause the device to process the set of security rules to dynamically implement the set of security actions based on satisfaction of the set of conditions. The device may perform an action after modifying the information.

Abstract: Techniques are described for dynamically mapping hash indices to member interfaces of an aggregated interface in a hash data structure. As one example, a network device may compute net weights for the member links of a link aggregation group (LAG) and respective utilization values of hash indices in a hash map for the LAG. The network device may generate binary trees based on the net weights and utilization values of the member links of the LAG, and may map values, e.g., median values, of one or more nodes of the binary trees to member interfaces, and update the hash data structure based on the mapping.

Abstract: An apparatus includes a first reconfigurable optical add/drop multiplexer (ROADM) to receive a first optical signal and a second ROADM to receive a second optical signal. The apparatus also includes a reconfigurable optical switch that includes a first switch, switchable between a first state and a second state, to transmit the first optical signal at the first state and block the first optical signal at the second state. The reconfigurable optical switch also includes a second switch, switchable between the first state and the second state, to transmit the second optical signal at the first state and block the second optical signal at the second state. The reconfigurable optical switch also includes an output port to transmit an output signal that is a sum of possible optical signals transmitted through the first switch and the second switch.

Abstract: In general, techniques are described for providing control plane-based OISM forwarding. For example, network devices may configure two types of next hops for a multicast group. For example, the next hops may include an L2-switched next hop and an L3-routed next hop. The L2-switched next hop specifies the one or more other PE devices as a next hop for multicast traffic for the multicast group that is received on an access-facing interface of the PE device and switched on a source Virtual Local Area Network (VLAN). The L3-routed next hop specifies a list (e.g., either an empty list or specifying incapable Integrated Routing and Bridging (IRB) devices) as a next hop for multicast traffic for the multicast group that is received over an EVPN core on a core-facing interface of the PE device and locally routed from the source VLAN to a listener VLAN.

Abstract: A socket-intercept layer in kernel space on a network device may intercept a packet destined to egress out of the network device. The socket-intercept layer may then query a routing daemon for the Maximum Transmission Unit (MTU) value of the interface out of which that packet is to egress from the network device. In response to this query, the routing daemon may provide the socket-intercept layer with the MTU value of that interface. A tunnel driver in kernel space may identify the size of the packet and fragment the packet into segments whose sizes are each less than or equal to the MTU value of the interface. The tunnel driver may then push the segments of the packet to a packet forwarding engine on the network device. In turn, the packet forwarding engine may forward the segments of the packet to the corresponding destination via the interface.

Abstract: A controller at an IP (e.g., client) layer in a multi-layer network can request a network topology map from another controller at an optical (e.g., server) layer in the multi-layer network. The controller at the optical layer of the network can use a layer mapping function and common attributes between the formats used to describe the network topology map at the two layers to generate a common layer abstraction model representing the network topology map stored at the controller at the optical layer of the network. A controller-to-controller interface can translate and/or send the common layer abstraction model to the controller at the IP layer for processing data on the network.

Abstract: A static label-switched path (LSP) over which packets belonging to a forwarding equivalency class (FEC) are forwarded may be tested by (a) generating a multi-protocol label switching (MPLS) echo request message including a target FEC stack type-length-value (TLV), the target FEC stack TLV having a Nil FEC sub-TLV; and (b) sending the MPLS echo request message with a label stack corresponding to the FEC for forwarding over the static LSP. A static segment routed traffic engineered (SRTE) path, including at least two segments, over which packets belonging to a forwarding equivalency class (FEC) are forwarded, may be tested by (a) generating a multi-protocol label switching (MPLS) echo request message including, for each of the at least two segments, a target FEC stack type-length-value (TLV), each target FEC stack TLV having a Nil FEC sub-TLV; and (b) sending the MPLS echo request message with a label stack corresponding to the FEC for forwarding over the static SRTE path.

Abstract: For use in an Ethernet Virtual Private Network (EVPN) in which a site including at least one MAC-addressable device is multihomed, via a customer edge device (CE), to at least two provider edge devices (PE1 and PE2), the potential problem of one of the at least two provider edge devices (PE2) dropping or flooding packets designed for a MAC-addressable device of the multihomed site is solved by controlling advertisements of an auto-discovery per EVPN instance (A-D/EVI) route (or an auto-discovery per Ethernet segment identifier (A-D/ESI) route) to a remote provider edge device (PE3), belonging to the EVPN but not directly connected with the CE.

Abstract: A device may store raw random data in a raw random data store. The raw random data may include a first plurality of data strings. The device may generate, using a quotient ring transform (QRT), cryptographic random data based on the raw random data. The cryptographic random data includes a second plurality of data strings that is transformed from the first plurality of data strings based on an extraction state stored in an extraction state store. The device may store the cryptographic random data in a cryptographic random data store and may use the cryptographic random data for various purposes.

Abstract: The potential problem of sending (or resending) PIM join/prune messages (referred to as “PIM join(s)”) too infrequently may be solved by: (a) sending a PIM join, including a unique message identifier value, to an upstream PIM peer; (b) responsive to sending the PIM join, (1) starting a quick refresh timer, and (2) starting a standard refresh timer, which is longer than the quick refresh timer; (c) responsive to a determination that the quick refresh timer expired, (1) resending the PIM join to the upstream PIM peer, and (2) restarting the quick refresh timer; (d) responsive to a determination that the standard refresh timer expired, (1) resending the PIM join message to the upstream PIM peer, and (2) restarting the standard refresh timer; (e) receiving a PIM join response from the upstream PIM peer, wherein the PIM join response includes a unique message identifier value; (f) responsive to receiving the PIM join response and determining that the unique message identifier value in the PIM join response matches

Abstract: Port synchronization is provided for multicast on an Ethernet segment (ES) in which a device (CE) is multihomed to at least two devices (PE1 and PE2) of a VLAN.

Abstract: In general, techniques are described for providing diversity in simulation datasets during modeling. A device comprising a memory and a processor may be configured to perform the techniques. The memory may store simulation configuration files for conducting simulations of the network device within a test environment. The processor may conduct, based on the simulation configuration files, each of the simulations with respect to the network device to collect corresponding simulation datasets indicative of an operating state of the network device. The processor may determine a level of similarity between the simulation datasets, and select, responsive to a comparison of the level of similarity to a diversity threshold, a subset of the simulation datasets. The processor may generate, based on the selected subset of the simulation datasets, a model representative of the network device that predicts, responsive to configuration parameters for the network device, an operating state of the network device.

Abstract: A device may receive data from a first endpoint device. The device may identify a network protocol. The network protocol may be associated with receiving the data. The device may identify a format. The format may be associated with encoding textual information in the data. The device may determine, based on the format and the network protocol, text in the data. The device may determine whether the text includes a reference from a plurality of references. The plurality of references may identify addresses associated with malicious devices. The device may selectively forward the data to a second endpoint device based on determining whether the text includes the reference.

Abstract: The problem of looping at the egress of a transport network with a CE multihomed to a protected egress PE and a backup/protector egress PE can be avoided by (a) enabling the protector egress PE to distinguish between fast reroute (FRR) traffic coming from the protected egress PE and normal known unicast (KU) traffic coming from a PE of the transport network that is not attached to the same multihomed segment; (b) receiving, by the protector egress PE, known unicast data, to be forwarded to the CE; (c) determining, by the protector egress PE, that a link between it and the CE is unavailable; and (d) responsive to determining that the link between the protector egress PE and the CE is unavailable, (1) determining whether the known unicast traffic received was sent from the protected egress PE or from another PE of the transport network that is not attached to the same multihomed segment, and (2) responsive to a determination that the known unicast traffic received was sent from the protected egress PE, discardi

Abstract: A device may determine internet protocol (IP) traffic monitoring criteria and may monitor IP traffic based on the IP traffic monitoring criteria. The device may update, based on monitoring the IP traffic, a table of currently active IP traffic flows and may update, based on the table of currently active IP traffic flows, an address resolution protocol (ARP) packet filter. The device may receive one or more ARP packets from a different device and may determine whether to accept or discard the one or more ARP packets based on the ARP packet filter. The device may update an ARP table based on determining to accept the one or more ARP packets.

Abstract: Problems associated with providing a large Clos network having at least one top of fabric (ToF) node, a plurality of internal nodes, and a plurality of leaf nodes may be solved by: (a) providing L2 tunnels between each of the leaf nodes of the Clos and one or more of the at least one ToF node to ensure a non-partitioned IGP L2 backbone, and (b) identifying the L2 tunnels as non-forwarding adjacencies in link state topology information stored in ToF node(s) and leaf node(s) such that the L2 tunnels are not used for forwarding traffic. In some example implementations consistent with the present disclosure, the L2 tunnels are not used to compute routes from the link state topology information. Alternatively, in some other example implementations consistent with the present disclosure, the L2 tunnels are used to compute routes, but such routes are not used, or only used if no routes using only L1 (or L1-down adjacencies) are available.

Abstract: Methods and apparatus for controlling access to and/or forwarding of communicated information, e.g. traffic, in a wireless communication system are described. The key, e.g., PSK, used to secure data that is transmitted to an access point for communication to a destination device is taken into consideration when deciding whether or not to provide the destination device access to the communicated content. The decision of whether or not to provide the destination device access to a communication may involve deciding whether or not to forward the received data to another device, e.g., another access point, for delivery to the destination device and/or may involve deciding whether or not to transmit the data to the destination device. If the destination device is not associated with, e.g., does not have access to and/or authorization to use, the key used to secure the received data, the data is not communicated to the destination device.

Abstract: Photonic and electronic integrated circuits can be cooled using variable conductance heat pipes containing a non-condensable gas in addition to a phase-changing working fluid. To package the heat pipe with a subassembly including the integrated circuits in a standard housing providing a heat sink contact area, the heat pipe is oriented, in some embodiments, with its axis between evaporator and condenser ends substantially perpendicular to the direction along which the integrated circuit subassembly is separated from the heat sink contact area, and a portion of the exterior surface of the heat pipe is thermally insulated, with a suitable thermal insulation structure, from the heat sink contact area.