Abstract: Apparatus and methods described herein relate to an apparatus including a memory and a processor operatively coupled to the memory. The processor can receive a package associated with a network management device and management input. The processor can generate at least one management device schema based on the package, and can modify a controller schema based on the management input and the at least one management device schema. The processor can receive a configuration input signal that includes instructions to configure the network management device. The processor can determine a management device schema associated with the network management device based on the controller schema, and can convert the configuration input signal into a configuration signal based on the management device schema. The processor can also send the configuration signal to cause a modification to a configuration of the network management device based on the configuration signal.

Abstract: A network device is configured to receive an inbound packet from a first server device via a network tunnel, the first inbound packet including an outer header, a virtual private network (VPN) label, an inner header, and a data payload, the inner header including an inner source IP address of a source virtual machine. The processors are also configured to determine a first tunnel identifier, determine, based on the inner source IP address, a second tunnel identifier associated with a second server device hosting the source virtual machine, compare the second tunnel identifier with the first tunnel identifier to determine whether the tunnel on which the first inbound packet was received is the same as a tunnel used for forwarding traffic to the source virtual machine, and drop the inbound packet when the second tunnel identifier does not match the first tunnel identifier.

Abstract: In one example, a method includes by a Software Defined Networking (SDN) controller, receiving one or more virtual routes to virtual interfaces from a first virtual router agent managed by the SDN controller, the one or more virtual routes received via a messaging protocol session between the SDN controller and the first virtual router agent; storing, by the SDN controller, the one or more virtual routes to a data structure; in response to determining the messaging protocol session has closed, marking, by the SDN controller, the one or more virtual routes in the data structure as stale without deleting the one or more virtual routes from the data structure and without withdrawing the virtual routes from routing protocol peers of the SDN controller; and subsequent to marking the one or more virtual routes as stale, sending, by the SDN controller, the one or more virtual routes to a second virtual router agent.

Abstract: Techniques are described for an enhanced two-way active measurement protocol (TWAMP) to measure network performance of links and/or network paths in a fully converged Software Defined Wide Area Network (SD-WAN), using a single TWAMP instance. In one example, a first network device executing a TWAMP session-sender may send a test packet embedded with one or more metrics to the TWAMP session-reflector executed by another network device, which reflects the test packet embedded with one or more metrics back to the TWAMP session-sender. The TWAMP session-sender may further reflect a test packet embedded with one or more additional metrics back to a TWAMP session-reflector to enable the network devices to independently perform network performance calculations using the metrics embedded within the test packets exchanged in a single TWAMP instance.

Abstract: A device may receive information that identifies a set of tasks to be executed and precedence constraints associated with the set of tasks. The device may store the set of tasks in a data structure including a directed acyclic graph, and may determine a set of paths based on the information that identifies the set of tasks and the precedence constraints associated with the set of tasks. Each path, of the set of paths, may include particular tasks of the set of tasks. The device may determine a set of path execution times, for the set of paths, based on an artificial intelligence technique. The device may determine a critical path, of the set of paths, based on the set of path execution times. The device may determine an execution priority of the set of tasks based on the critical path. The device may provide the set of tasks for execution based on the execution priority.

Abstract: A network device may include a packet generator device implemented in hardware. The packet generator device may include a control component, a payload generation component, and an interface element to receive test packet generation information. The test packet generation information may include one or more control inputs, header data that is to be included in one or more test packets, and information regarding a data pattern that is to be included in payload data of the one or more test packets. The one or more control inputs, when provided to the control component, may cause the control component to control the payload generation component to generate the one or more test packets based on the header data and the information regarding the data pattern.

Abstract: A first device may receive a packet that includes information identifying a path through a network. The first device may configure a header of the packet to include a first set of identifiers that identifies the path and the first device via which the packet was received. The first device may configure the header of the packet to include a second set of identifiers that identifies a set of devices associated with the path. The set of devices may be associated with providing the packet via a network. The first device may determine whether a counter associated with the first set of identifiers has been initialized. The first device may modify a value of the counter to record a metric. The first device may provide the packet to a second device. The first device may perform an action related to the packet or based on the value of the counter.

Abstract: A device may receive, from the packet processing component and through an internal interface, a packet that includes a virtual routing and forwarding (VRF) interface identifier associated with a VRF interface of a virtual device. The internal interface may be associated with multiple external interfaces. The device may modify a value identifying an incoming interface via which the packet is received after receiving the packet that includes the VRF interface identifier. The modified value may be associated with the virtual device, and the modified value may allow an upper communication layer to determine that the packet is associated with the virtual device. The device may provide the packet to the upper communication layer after modifying the value identifying the incoming interface via which the packet is received to permit the upper communication layer to forward the packet to a destination.

Abstract: A device may determine a link aggregation group (LAG) that aggregates links that includes a first group of links that connects the device to a first provider edge (PE) device and a second group of links that connects the device to the second PE device, where the first PE device and the second PE device are on an Ethernet virtual private network (EVPN) and are multi-homed PE devices for the device, and where the first PE device provides a local connection to a customer edge (CE) device for the device. The device may receive a message from the first PE device indicating that the first PE device lacks a connection with the EVPN, and may send, based on the message, traffic intended for the CE device via the first PE device and traffic intended for the EVPN via the second PE device and not the first PE device.

Abstract: An example method includes determining, by a network controller, based on a high-level data model, vendor-agnostic device information for a first network device, translating the vendor-agnostic device information into vendor-specific device information, sending, to the first network device, first configuration information included in the vendor-specific device information to cause the first network device to switch into a maintenance mode and enable diversion of network traffic from the first network device to a second network device, responsive to verifying that the first network device has diverted the traffic, initiating maintenance procedures on the first network device while the first network device is in the maintenance mode, and sending, to the first network device, second configuration information included in the vendor-specific device information to cause the first network device to switch out of the maintenance mode and enable reversion of network traffic from the second device to the first network

Abstract: Techniques are described for extending a two-way active measurement protocol (TWAMP) to enable measurement of service key performance indicators (KPIs) in a software defined network (SDN) and network function virtualization (NFV) architecture. The TWAMP extensions enable control messaging to be handled by a TWAMP control client executed on a centralized controller, and data messaging to be handled by a TWAMP session initiator executed on a separate network device. Techniques are also described for extending TWAMP to enable measurement of any of a plurality of service KPIs for a given service supported at a TWAMP server. The service KPIs may include one or more of keepalive measurements, round trip time measurements, path delay measurements, service latency measurements, or service load measurements. The TWAMP extensions for the service KPIs may be used in both conventional network architectures and in SDN and NFV architectures.

Abstract: Techniques are disclosed for implementing scalable policies across a plurality of categories that support application workloads. In one example, a policy controller assigns to the plurality of categories tags specifying one or more of a plurality of dimensions. The policy controller distributes a plurality of policies to policy agents for the plurality of categories. Each policy includes one or more policy rules, and each policy rule includes one or more tags specifying one or more of the plurality of dimensions. For each policy rule, the policy agents allow or deny a traffic flow between objects that belong to categories of the plurality of categories described by the one or more dimensions of a respective tag of the policy rule.

Abstract: An example user device may include a terrestrial mobile network radio; a satellite network radio; and one or more processors to establish, via the terrestrial mobile network radio, a first communication link with a terrestrial mobile network, establish, via the satellite network radio, a second communication link with a satellite network, monitor a characteristic of the first communication link and a characteristic of the second communication link, select the terrestrial mobile network or the satellite network for traffic communication based on the characteristic of the first communication link and the characteristic of the second communication link, and/or perform an action associated with the traffic communication based on selecting the terrestrial mobile network or the satellite network for traffic communication.

Abstract: Disclosed are structures as well as methods of manufacture and operation of integrated optoelectronic devices that facilitate directly heating the diode or waveguide structures to regulate a temperature of the device while allowing electrical contacts to be placed close to the device to reduce the electrical resistance. Embodiments include, in particular, heterogeneous electro-absorption modulators that include a compound-semiconductor diode structure placed above a waveguide formed in the device layer of an SOI substrate.

Abstract: A Software-defined Networking (SDN) controller of data center with application-aware firewall policy enforcement is disclosed. In one example, the SDN controller receives a request to initialize an instance of an application. in response to receiving the request, the SDN controller transmits, to a firewall component positioned between an SDN gateway device of the data center and a network external to the data center, a message. In some examples, the messing includes an application signature corresponding to the instance of the application and an application firewall policy corresponding to the application signature. The message instructs the firewall component to install the application firewall policy for application to network traffic for the instance of the application.

Abstract: An example photonic integrated circuit includes a transmitter circuit with a optical communication path to an optical coupler configured to couple with an optical fiber. The optical communication path has a propagation direction away from the transmitter circuit and towards the optical coupler. A counter-propagating tap diverts light sent by a light source backward against the propagation direction of the optical communication path. A photodiode receives the diverted light and measures its power level. The photodiode generates a feedback signal for the optical coupler and provides the feedback signal to the optical coupler. The optical coupler receives the feedback signal and adjusts a coupling alignment of the optical communication path to the optical fiber based on the feedback signal, which indicates the measured power level of the diverted counter-propagating light.

Abstract: Techniques are disclosed for extending scalable policy management to supporting network devices. A network device comprising a memory and a processor may perform various aspects of the techniques. The memory may be configured to store a policy. The processor may be configured to obtain the policy to be enforced by a supporting network device coupled to a server, and identify a port of the supporting network device to which the server is coupled via the switch fabric. The policy controller may also identify a workload executed by the server to which the policy is associated, and convert the policy into configuration data supported by the network device. The policy controller may further configure, based on the configuration data, the network device to enforce the policy with respect to network traffic received via the identified port.

Abstract: A device may receive, from an ingress device, a packet for a protocol session associated with detecting faults in a path of a network that includes a link aggregation group (LAG). The packet may be encapsulated with a user datagram protocol (UDP) header that includes a dynamically assigned UDP source port identifier. The LAG may include a set of links. The device may select, using the dynamically assigned UDP source port identifier, a link in the LAG to use in the path. The device may provide, using the selected link, the packet to one or more downstream devices to permit a downstream device, of the one or more downstream devices, to determine whether packet timeout has occurred. The device may receive an instruction to maintain the protocol session or to close the protocol session and close the path. The device may provide the instruction to the ingress device.

Abstract: A network device may determine a control plane session type associated with a control plane session. The control plane session may be associated with the network device. The network device may determine whether the control plane session type is associated with a forwarding information base (FIB) cache on the network device. The network device may obtain, based on determining that the control plane session type is associated with the FIB cache, forwarding information associated with the control plane session. The forwarding information may be stored in a FIB, associated with the FIB cache, on the network device. The network device may store the forwarding information in the FIB cache and process the control plane session using the forwarding information stored in the FIB cache.

Abstract: In general, techniques are described for conflict resolution in source packet routing in networking. For example, a first router receives a first advertisement originated in a first Interior Gateway Protocol (IGP) level. The first advertisement specifies a first prefix and a segment identifier (SID). The first router also receives a second advertisement originated in a second IGP level of the network. The second advertisement specifies a second prefix and the SID. Based on the first advertisement and the second advertisement specifying the same SID and based on the first IGP level having less visibility than the second IGP level, the first router selects the SID to be associated with a route to the first prefix.