Abstract: In one embodiment, an apparatus includes a network management module configured to execute at a network device operatively coupled to a switch fabric. The network management module is configured to receive a first set of configuration information associated with a subset of network resources from a set of network resources, the set of network resources being included in a virtual local area network from a plurality of virtual local area networks, the plurality of virtual local area networks being defined within the switch fabric. The first set of configuration information dynamically includes at least a second set of configuration information associated with the set of network resources.

Abstract: A network device may select a candidate entry to remove from a media access control (MAC) table maintained at the network device based on determining that the MAC table is exhausted. The candidate entry may include an identifier for a first virtual local area network (VLAN) associated with the candidate entry. The network device may receive a packet from a source node having a MAC address that does not appear in the MAC table, where the packet may include an identifier for a second VLAN in which the source node is a member. The network device may replace the candidate entry in the MAC table with a new entry corresponding to the source node based on determining that the second VLAN is associated with a greater number of ports than the first VLAN.

Abstract: A first network device may generate a layer-3 virtual private network (L3VPN) route advertisement associated with the first network device. The L3VPN route advertisement may include a first portion, associated with a second network device included in an L3VPN with the first network device, for separate transport-layer tunnel and service-layer tunneling, and a second portion, associated with the second network device, for collapsed transport-layer and service-layer tunneling. The first network device may transmit the L3VPN route advertisement.

Abstract: A device receives network segment information identifying network segments associated with a network, and receives endpoint host session information identifying sessions associated with endpoint hosts communicating with the network. The device generates, based on the network segment information and the endpoint host session information, a data structure that includes information associating the network segments with the sessions associated with the endpoint hosts. The device updates the data structure based on changes in the sessions associated with the endpoint hosts and based on changes in locations of the endpoint hosts within the network segments, and identifies, based on the data structure, a particular endpoint host, of the endpoint hosts, that changed locations within the network segments. The device determines a threat policy action to enforce for the particular endpoint host, and causes the threat policy action to be enforced, by the network, for the particular endpoint host.

Abstract: A hypervisor of a device may receive information that identifies a virtual machine that is to use a universal asynchronous receiver/transmitter (UART) of the device. The hypervisor may map a set of first register addresses, associated with a physical UART port, and a set of variable addresses. The hypervisor may map a second set of register addresses, associated with a virtual UART port of the virtual machine, and the set of variable addresses. The hypervisor may permit the virtual machine to communicate, with a remote device, using the physical UART port based on mapping the set of second register addresses and the set of variable addresses.

Abstract: Methods and apparatus for automatically obtaining status from an isolated AP that cannot connect to the cloud. The obtained status information is then used to automatically mitigate the issue and accelerate connecting the isolated AP back to the cloud. The methods are well suited for use in a system with a variety of access points, e.g., wireless and/or wired access points, which can be used to obtain access to the Internet or another network such as “the cloud”. Network management system has been configured to monitor the network and use preconfigured data to determine a remedial action to be automatically taken when an AP loses connectivity with the cloud.

Abstract: In some embodiments, a non-transitory processor-readable medium includes code to cause a processor to receive, at a management device, an instantiation request for a first virtual machine. The code includes code to cause the processor to identify a first compute device at a first time such that the first compute device is undersubscribed at the first time. The code includes code to cause the processor to send an instruction to instantiate the first virtual machine at the compute device, and receive a signal indicating that a boot process associated with the first virtual machine is complete and that the virtual machine is instantiated at the first compute device. The code includes code to cause the processor to send at a second time, a signal to migrate the first virtual machine from the first compute device to a second compute device in response to the boot process being complete.

Abstract: A network device may receive a packet associated with a traffic flow of a session that includes session identification information for the session. The network device may determine to offload subsequent packets associated with the traffic flow using offloading indicators and/or a data model. The network device may store, using a data structure, the session identification information with other session identification information for other sessions that have been selected for offloading, and may provide the packet to a device. The network device may receive another packet associated with the traffic flow, and may determine to offload the other packet by determining that the other packet includes the session identification information. The device may offload the other packet to permit the other packet to traverse through the network device without the network device performing security checks on the other packet, and may provide the other packet to the device.

Abstract: A method and network device to execute an Ethernet Virtual Private Network (EVPN) protocol to configure the network device to participate as one of a plurality of customer edge (CE) routers that provide an active-active configuration for an Ethernet segment coupling the CE routers to a plurality of provider edge (PE) routers, wherein the processor is configured to determine whether a packet that is to be forwarded is an operations, administration, and management (OAM) packet; in response to determining that the packet comprises an OAM packet, replicate the OAM packet for one or more interface links of an Ethernet segment associated with the CE router; configure forwarding instructions to the one or more interface links of the Ethernet segment associated with the CE router; and forward the OAM packet and the replicated OAM packets to the PE routers.

Abstract: A printed circuit board (PCB) may include a plurality of horizontally disposed signal layers. The PCB may include a first vertically disposed differential via electrically connected to a first horizontally disposed signal layer, of the plurality of horizontally disposed signal layers, and a second horizontally disposed signal layer of the plurality of horizontally disposed signal layers. The PCB may include a second vertically disposed differential via electrically connected to the first signal horizontally disposed layer and the second horizontally disposed signal layer. The PCB may include a first set of clearances encompassing the first vertically disposed differential via and the second vertically disposed differential via, a second set of clearances encompassing the first vertically disposed stub, and a third set of clearances encompassing the second vertically disposed stub.

Abstract: Techniques are described for detecting failure of one or more virtual computing environments and causing a migration of workloads. In some examples, a computing system includes a storage medium and processing circuitry having access to the storage medium. The processing circuitry is configured to communicate with a plurality of virtual computing environments (VCEs), including a first VCE and a second VCE, wherein each of the plurality of VCEs is operated by a different public cloud provider. The processing circuitry is further configured to deploy a group of workloads to the first VCE, detect a failure of at least a portion of the first VCE, and output, to the first VCE and responsive to detecting the failure, an instruction to transfer a set of workloads of the group of workloads to the second VCE to thereby cause a migration of the set of workloads to the second VCE.

Abstract: A network device is described that includes one or more processors configured to select a prioritized sub-set of a plurality of routing protocol sessions based on peer priority information. The one or more processors are configured to establish one or more routing protocol sessions of the prioritized sub-set. The one or more processors are configured to, in response to determining that a threshold for establishing the prioritized sub-set of the plurality of routing protocol sessions is satisfied, establish one or more routing protocol sessions of the plurality of routing protocol sessions that are not included in the prioritized sub-set. The one or more processors are configured to forward network traffic using the established one or more routing protocol sessions of the prioritized sub-set and the established one or more routing protocol sessions of the plurality of routing protocol sessions that are not included in the prioritized sub-set.

Abstract: A device receives a software program with potential malware and a loop to conceal the potential malware, and processes the software program, with a loop identification technique, to identify the loop in the software program. The device modifies, with a loop exit technique and based on data from the loop identification technique, the software program to exit the loop, and processes the software program, with a malware detection technique and after modifying the software program to exit the loop, to determine whether the software program contains malware. The device causes one or more actions to be performed based on a result of processing the software program with the malware detection technique.

Abstract: Disclosed are methods and systems for improved wireless terminal roaming. In some embodiments, a management module determines access point density metrics for a plurality of centrally managed access points of a communications site. The density metric considers an average RSSI of access point signals received by other access points of the site, and each access point's contribution to the average. A determination of whether a particular wireless terminal roams is based on the density metrics of the source and target access point, as well as statistics relating to a current capacity of each of the access points. The disclosed embodiments may determine that a wireless terminal should transition/roam away from an access point even when that access point's RSSI value at the wireless terminal is above a threshold that would cause traditional methods to inhibit roaming.

Abstract: A network device selects a primary source for multicast traffic and a secondary source for the multicast traffic, where the multicast traffic is provided to endpoint devices communicating with a network, and where the primary source and the secondary source are redundant sources. The network device provides a first join request that includes information that causes a primary path to be provided from the primary source through the network. The network device provides a second join request that includes information that causes a secondary path to be provided from the secondary source through the network. The network device receives the multicast traffic from the primary source via the primary path and the secondary source via the secondary path, and provides the multicast traffic received from the primary source to the endpoint devices. The network device prevents the multicast traffic received from the secondary source from reaching the endpoint devices.

Abstract: In some examples, a method includes receiving, by an orchestrator for a virtualized computing infrastructure, namespace specification data the specifies a namespace, a first virtual network for the namespace, and a second virtual network for the namespace; sending, by the orchestrator to a network controller for the virtualized computing infrastructure, based on the namespace specification data, at least one request to create, for a virtual execution element to be deployed to the namespace and instantiated in a computing device of the virtualized computing infrastructure, respective virtual network interfaces for the first virtual network and the second virtual network; and send, by the network controller to the computing device, interface configuration data to configure a first virtual network interface for the first virtual network and a second virtual network interface for the second virtual network.

Abstract: Techniques are described for facilitating flow symmetry using a scalable service platform that anchors the service chain. The scalable service platform may facilitate flow symmetry and, at least in some cases, flow stickiness for a first packet flow (a “forward packet flow” and a second, related packet flow (a “reverse packet flow”) both traversing the service chain in the forward and reverse directions, respectively. For example, a virtualized computing infrastructure may deploy a scalable service platform to perform load balancing of multiple forward packet flows, received from the gateway, among multiple parallel service instances for an ingress service in a service chain. For each corresponding reverse packet flows for the multiple forward packet flows, the scalable service platform load balances the reverse packet flow to the service instance for the egress service in the service chain that is applied to the corresponding forward packet flow.

Abstract: A first network device may receive packets as part of a traffic flow of an internet protocol session, select a packet based on a rule, and add, to a packet replica of the selected packet, routing information capable of being used to generate performance indicators associated with the IP session. The first network device may modify a portion of the packet replica to include values that will cause the packet replica to fail to reach a destination device associated with the IP session, and provide the packet replica to other network devices to cause a second network device to perform a validation procedure to determine that the packet replica is unable to be validated based on the values, to generate the performance indicators using the packet replica or a group of packet replicas that have been modified, and to provide the performance indicators to a particular device.

Abstract: A cooling manifold positioned on an electrical or computer to provide liquid cooling for a plurality of slot-mounted electrical modules received in a corresponding plurally of module slots arranged in faceplate assembly of an electrical or computer card is described and illustrated.