Abstract: A device may load a process under test into virtual memory associated with the device. The virtual memory may include a plurality of memory pages. The device may insert a malware inspection element and a memory tracking element into the process under test and may provide a notification of an event associated with the process under test to a memory tracking element. The device may identify, using the memory tracking element, one or more memory pages of the plurality of memory pages. The one or more memory pages may be assigned to, and used by, the process under test. The device may generate, based on identifying the one or more memory pages, a memory map, associated with the process under test, that may include information identifying the one or more memory pages as being assigned to, and used by, the process under test.

Abstract: A disclosed method for applying firewall rules on packets in kernel space on network devices may include (1) intercepting, via a socket-intercept layer in kernel space on a routing engine of a network device, a packet that is destined for a remote device and then, in response to intercepting the packet in kernel space on the routing engine, (2) identifying an egress interface index that specifies an egress interface that (A) is external to kernel space and (B) is capable of forwarding the packet from the network device to the remote device, and (3) applying, on the packet in kernel space, at least one firewall rule based at least in part on the egress interface index before the packet egresses from the routing engine. Various other apparatuses, systems, and methods are also disclosed.

Abstract: A device may receive information identifying a set of tasks to be executed by a microservices application that includes a plurality of microservices. The device may determine an execution time of the set of tasks based on a set of parameters and a model. The set of parameters may include a first parameter that identifies a first number of instances of a first microservice of the plurality of microservices, and a second parameter that identifies a second number of instances of a second microservice of the plurality of microservices. The device may compare the execution time and a threshold. The threshold may be associated with a service level agreement. The device may selectively adjust the first number of instances or the second number of instances based on comparing the execution time and the threshold.

Abstract: A disclosed method may include (1) receiving a packet at a tunnel driver in kernel space on a routing engine of a network device, (2) identifying, at the tunnel driver, metadata of the packet that indicates whether at least one firewall filter had already been correctly applied to the packet before the packet arrived at the tunnel driver, (3) determining, based at least in part on the metadata of the packet, that the firewall filter had not been correctly applied to the packet before the packet arrived at the tunnel driver, and then in response to determining that the firewall filter had not been correctly applied to the packet, (4) invoking at least one firewall filter hook that applies at least one firewall rule on the packet before the packet is allowed to exit kernel space on the routing engine. Various other apparatuses systems, and methods are also disclosed.

Abstract: The disclosed apparatus may include (1) a plurality of individual heatsink bases designed to interface with a plurality of removable communication modules installed on a telecommunications device, (2) a plurality of heat pipes that are thermally coupled to the individual heatsink bases, and (3) a ganged heat exchanger that is (A) mechanically coupled to the telecommunications device and (B) thermally coupled to the heat pipes. Various other apparatuses, systems, and methods are also disclosed.

Abstract: The techniques describe adaptive load-balancing based on traffic feedback from packet processors. In one example, a source virtual network node of the network device may determine whether a particular destination packet processor is or may become oversubscribed. For example, source packet processors of the source virtual network node may exchange feedback messages including traffic flow rate information. The source virtual network node may compute a total traffic flow rate and compare the total traffic flow rate with a bandwidth of the particular destination packet processor. In response to determining that the bandwidth of the destination packet processor is oversubscribed, the source virtual network node may update a forwarding plane data structure to reduce a likelihood of selecting the destination packet processor to which to forward packet flows.

Abstract: A device may receive a set of design parameters for a network service. The set of design parameters may include information that identifies one or more network functions associated with the network service. The device may determine attribute information associated with a plurality of virtual network functions (VNFs). A VNF, of the plurality of VNFs, may be configurable to perform at least one network function of the one or more network functions. The device may generate a network service design, associated with providing the network service, based on the set of design parameters and the attribute information. The network service design may include information identifying one or more VNFs, of the plurality of VNFs, that are capable of providing the network service in accordance with the set of design parameters. The device may provide information associated with the network service design.

Abstract: An example device includes one or more memories; and one or more processors, communicatively coupled to the one or more memories, to, during a loading process of a boot process of an operating system, identify a file to be loaded for the operating system, where the operating system is being loaded during the boot process; identify a manifest of the file; verify the manifest of the file based on a supplied signature of the manifest; identify a fingerprint, associated with the file, in a fingerprint library; calculate a hash of the file; compare the hash of the file and the fingerprint; and verify the file based on the hash of the file matching the fingerprint associated with the file.

Abstract: Techniques are disclosed for implementing scalable port range policies across a plurality of categories that support application workloads. In one example, a policy agent receives, from a centralized controller for a computer network, a plurality of policies. Each policy of the plurality of policies includes one or more policy rules, and each of the one or more policy rules specifies one or more tags specifying one or more dimensions for application workloads executed by the one or more computing devices and a corresponding port range. The policy agent assigns, based on a policy rule, a port range specified by the policy rule to objects of the one or more computing devices that belong to categories described by the one or more dimensions of the one or more tags of the policy rule. The categories support the application workloads and are assigned to the tags by a centralized controller.

Abstract: Optical alignment of an optical connector to input/output couplers of a photonic integrated circuit can be achieved by first actively aligning the optical connector successively to two loopback alignment features formed in the photonic chip of the PIC, optically unconnected to the PIC, and then moving the optical connector, based on precise knowledge of the positions of the loopback alignment features relative to the input/output couplers of the PIC, to a position aligned with the input/output couplers of the PIC and locking it in place.

Abstract: A variety of different graphical user interfaces are generated that when displayed provide a visual and interactive representation of one or more performance metrics associated with the operation of a computer network. The graphical user interfaces may be used to monitor the underlay computer network for a virtualization infrastructure, as one example. Aspects include grouping the servers of a computer network into a plurality of aggregates, each aggregate comprising one or more servers. A set of probes are configured that are issued by an agent of a server in one aggregate and sent through the computer network to one or more agents in the server(s) of a different aggregate. Responses and other measurements taken based on the issuance of the probes is gathered and analyzed to generate metrics that are then used to generate, at least in part, the information provided in the graphical user interfaces.

Abstract: Apparatus and methods described herein relate to an apparatus including a set of ports and a processor operatively coupled to each port of the set of ports. A port from the set of ports can be associated with a port of a multi-chassis aggregate (MCAE) interface and a virtual local area network (VLAN). The processor can generate an untagged data unit and tagged data units. The processor can send the untagged data unit and the tagged data units via the port from the set of ports, and can receive a tagged data unit included in the tagged data units, and/or the untagged data unit. The processor can also forward the received data unit to a destination network peer when the received tagged data unit is associated with the VLAN, and can disable the port of the MCAE interface in response to the port from the set of ports receiving the data unit, when the received data unit is associated with the VLAN.

Abstract: The disclosed computer-implemented method may include (1) receiving, at a source node, a request to discover a plurality of network paths that each lead from the source node to a destination node and (2) discovering the plurality of network paths by (A) identifying each next hop between the source node and the destination node, (B) sending, from the source node to each next hop, a path-request probe that prompts the next hop to (i) determine each next-closest hop and (ii) return, to the source node, a path-response probe that identifies the next-closest hops, (C) receiving the path-response probes from the next hops, (D) determining, at the source node based on the path-response probes, that one or more of the plurality of network paths include the next hops and the next-closest hops, and then (E) iteratively discovering any subsequent hops by sending a subsequent path-request probe to each next-closest hop.

Abstract: A device stores time series data, based on time stamps, in a compact prefix tree, and receives new time series data to be added to the compact prefix tree. The device determines whether the new time series data is different than previously stored time series data in the compact prefix tree. The device selectively stores the new time series data in the compact prefix tree by storing the new time series data in the compact prefix tree when the new time series data is different than the previously stored time series data in the compact prefix tree, and updates a last time stamp for one of the previously stored time series data, based on the new time series data, when the new time series data is not different than the one of the previously stored time series data.

Abstract: A first network device permits a bidirectional forwarding detection (BFD) session with a second network device. The first network device is a designated forwarder for a third network device, a first link is provided between the first network device and the third network device, the second network device is a backup designated forwarder for the third network device, a second link is provided between the second network device and the third network device. The first network device detects a link failure associated with the first link between the first network device and the third network device, and provides, via the BFD session, a BFD message to the second network device. The BFD message includes an indication of the link failure, and the BFD message is to cause the second network device to be a new designated forwarder for the third network device.

Abstract: Embodiments of the invention describe flexible (i.e., elastic) data center architectures capable of meeting exascale, while maintaining low latency and using reasonable sizes of electronic packet switches, through the use of optical circuit switches such as optical time, wavelength, waveband and space circuit switching technologies. This flexible architecture enables the reconfigurability of the interconnectivity of servers and storage devices within a data center to respond to the number, size, type and duration of the various applications being requested at any given point in time.

Abstract: A device may include one or more processors to receive network topology information of a network and device capability information of devices in the network; detect a threat to the network; determine threat information associated with the threat; select a security policy and an enforcement device of the network to enforce the security policy based on the network topology information, the device capability information, and the threat information; and perform an action associated with the threat based on the security policy and the enforcement device.

Abstract: A control device may subscribe to receive data from a network device. The data may be associated with a plurality of packets that have been dropped by the network device and include a first descriptor based on a type of packet drop associated with a packet of the plurality of packets that have been dropped by the network device, and one or more second descriptors based on a packet flow associated with the plurality of packets that have been dropped by the network device. The control device may determine a dropped packet profile associated with the network device, based on the first descriptor and the one or more second descriptors. The control device may generate a first notification based on the dropped packet profile associated with the network device and transmit the first notification to cause an action to be performed based on the first notification.

Abstract: A device may store first information regarding a first pseudowire connection with a first device, wherein the first pseudowire connection provides access to an Ethernet virtual private network (EVPN) to communicate with a host device. The device may store second information regarding a second pseudowire connection with a second device, wherein the second pseudowire connection provides access to the EVPN to communicate with the host device. The device may receive a message that includes a configuration identifier and identify the configuration identifier. The device may change a first characteristic of the first pseudowire connection based on the configuration identifier. The device may change a second characteristic of the second pseudowire connection based on the configuration identifier. The device may receive data from the host device based on changing the first characteristic of the first pseudowire connection and changing the second characteristic of the second pseudowire connection.

Abstract: A system and method for modifying services provided by one or more network devices. A processor of a first network device identifies defined events in each of a plurality of applications, including a first defined event associated with a first application. The processor assigns a signal-route to each defined event. The processor then executes the first application and, when the processor detects occurrence of the first defined event during execution of the first application, the processor modifies services provided by a second network device by adding the first signal-route to or removing the first signal-route from a routing information base (RIB) on the first network device and advertising, to the second network device, the change in the RIB.