Abstract: A disclosed method for applying firewall rules on packets in kernel space on network devices may include (1) intercepting, via a socket-intercept layer in kernel space on a routing engine of a network device, a packet that is destined for a remote device and then, in response to intercepting the packet in kernel space on the routing engine, (2) identifying an egress interface index that specifies an egress interface that (A) is external to kernel space and (B) is capable of forwarding the packet from the network device to the remote device and (3) applying, on the packet in kernel space, at least one firewall rule based at least in part on the egress interface index before the packet egresses from the routing engine. Various other apparatuses, systems, and methods are also disclosed.

Abstract: Described are various configurations of integrated wavelength lockers including asymmetric Mach-Zehnder interferometers (AMZIs) and associated detectors. Various embodiments provide improved wavelength-locking accuracy by using an active tuning element in the AMZI to achieve an operational position with high locking sensitivity, a coherent receiver to reduce the frequency-dependence of the locking sensitivity, and/or a temperature sensor and/or strain gauge to computationally correct for the effect of temperature or strain changes.

Abstract: In some embodiments, an apparatus includes a set of power supply units where each power supply unit from the set of power supply units is associated with a power zone from a set of power zones. The apparatus can also include a redundant power supply unit and a set of electronic devices where each electronic device from the set of electronic devices is associated with a power zone from the set of power zones. Additionally, each electronic device from the set of electronic devices is operatively coupled to a power supply unit from the set of power supply units for that power zone and is also operatively coupled to the redundant power supply unit.

Abstract: Described are various configurations for an amplifying optical demultiplexer. Various embodiments can receive an input signal comprising multiple sub-signals, and separate and amplify the signals within the demultiplexer. Some embodiments include a multistage demultiplexer with amplifiers located between a first and second stage. Some embodiments include a multistage demultiplexer with amplifiers located between a second and third stage.

Abstract: A device may receive an indication to perform a loopback test to identify a source of a communication error among a set of devices. The device may configure a value in a data structure to permit identification of a set of packets during the loopback test. The value may be associated with a parameter related to the set of packets. The device may perform the loopback test using the set of packets. A header of the set of packets may be configured with a same value for a same parameter as the value configured in the data structure. The device may identify the source of the communication error based on a result of performing the loopback test. The device may perform an action related to addressing the communication error based on identifying the source of the communication error.

Abstract: A system and method of transferring cells through a switch fabric having a shared memory crossbar switch, a plurality of cell receive blocks and a plurality of cell transmit blocks. The system determines, based on a number of cells queued up in respective output buffers in the cell transmit blocks, output buffers in the cell transmit blocks that can receive cells on a low latency path. The cells transferred include first cells that can be transferred on the low latency path and second cells that cannot be transferred via the low latency path. The first cells are transferred via a bypass mechanism in shared memory to the output buffers. The second cells are transferred by writing the second cells to shared memory, reading the second cells from shared memory and transferring the second cells read from shared memory to the output buffers in the cell transmit blocks.

Abstract: A device may receive a first portion of network traffic associated with a flow. The device may perform a first upper layer inspection of the first portion of network traffic associated with the flow. The device may identify a set of parameters of the flow based on performing the first upper layer inspection of the first portion of network traffic associated with the flow. The device may determine, based on the set of parameters, a sampling rate at which to perform a second upper layer inspection of a second portion of network traffic associated with the flow. The device may instruct a lower layer to use the sampling rate to provide the second portion of network traffic associated with the flow for the second upper layer inspection. The device may perform the second upper layer inspection of the second portion of network traffic associated with the flow based on receiving the second portion of network traffic associated with the flow from the lower layer.

Abstract: A device may receive, via a first message, first route information for directing network traffic for a network. The first route information may identify a media access control (MAC) route corresponding to a MAC address associated with a host device connecting to a subnet of the network. The first route information may fail to include Internet protocol (IP)/MAC binding information associated with the host device. The device may transmit a request for IP/MAC binding information associated with the host device. The device may receive a response, to the request for IP/MAC binding information, identifying the IP/MAC binding information. The device may advertise, via a second message, second route information for directing network traffic for the network based on receiving the response identifying the IP/MAC binding information. The second route information may identify the IP/MAC binding information associated with the host device.

Abstract: A device may include one or more processors. The device may receive an instruction identifying a set of objects to be generated by a kernel associated with the device. The kernel may generate the set of objects based on receiving information identifying a corresponding set of write operations. The device may provide a first message to cause the kernel to perform first operations corresponding to a first subset of objects of the set of objects. The device may receive one or more notifications indicating whether each operation, of the first operations, was successfully performed. The device may determine, based on whether each operation was successfully performed, a quantity of objects to include in a second subset of objects, of the set of objects. The device may provide a second message to cause the kernel to perform second operations corresponding to the second subset of objects.

Abstract: The disclosed computer-implemented method may include (1) receiving, at a network node within a network, a packet from another network node within the network, (2) identifying, within the packet, a label stack that includes a plurality of labels that collectively represent at least a portion of a label-switched path within the network, (3) popping, from the label stack, a label that corresponds to a next hop of the network node, (4) determining, based at least in part on the label, that the next hop has experienced a failure that prevents the packet from reaching a destination via the next hop, (5) identifying a backup path that merges with the label-switched path at a next-to-next hop included in the label-switched path, and then (6) forwarding the packet to the next-to-next hop via the backup path. Various other methods, systems, and apparatuses are also disclosed.

Abstract: In one example, a network management system (NMS) is configured to enable a target network device to support a particular network service based on service configuration information for the particular network service. The service configuration information may include information about nodes in a vendor neutral model that need to be added or modified in order to support the particular network service. The NMS determines similarity scores between nodes in a vendor neutral model and nodes in a target device specific model. Based on the similarity scores, the NMS generates a mapping from the vendor neutral model to the target device specific model. Using the mapping, the NMS may configure a target device to support the particular service.

Abstract: An apparatus may be configured to be mounted on a rack. The apparatus may include a communication component. The communication component may be used for communicating with a network device when the network device is mounted on the rack. The apparatus may include a storage device. The storage device may be used for storing information to be provided to the network device, via the communication component, when the network device is mounted on the rack.

Abstract: A network device may identify first interfaces used by the network device to communicate with other network devices. The network device may use second interfaces to communicate with multicast receiver devices that are different from the other network devices. The network device may store information that identifies the first interfaces used to communicate with the other network devices. The network device may receive a packet, and may determine that the packet includes a bidirectional forwarding detection message, associated with a bidirectional forwarding detection protocol, to be used to verify multicast connectivity with a multicast source device. The network device may identify the first interfaces based on the stored information and based on determining that the packet includes the bidirectional forwarding detection message, and may transmit the packet via the first interfaces without transmitting the packet via the second interfaces.

Abstract: A device may receive a control packet associated with a connection. The control packet may include a network address. The device may identify an application layer identifier that is associated with the network address. The device may identify a service rule associated with the application layer identifier. The service rule may identify a service to be applied to a data packet associated with the connection. The device may provide the control packet based on identifying the service rule. The control packet may be provided to permit the service to be applied to the data packet in accordance with the service rule.

Abstract: A device may identify a set of features associated with the unknown object. The device may determine, based on inputting the set of features into a threat prediction model associated with a set of security functions, a set of predicted threat scores. The device may determine, based on the set of predicted threat scores, a set of predicted utility values. The device may determine a set of costs corresponding to the set of security functions. The device may determine a set of predicted efficiencies, associated with the set of security functions, based on the set of predicted utility values and the set of costs. The device may identify, based on the set of predicted efficiencies, a particular security function, and may cause the particular security function to be executed on the unknown object. The device may determine whether another security function is to be executed on the unknown object.

Abstract: An example method includes exchanging targeted hello messages to establish a targeted neighbor connection between a first routing device and a second routing device, wherein one of the routing devices comprises a central routing device, and wherein another one of the routing devices comprises an ingress routing device. The example method further includes processing a source-active register message that specifies a source address and an identifier that are collectively associated with a multicast stream, and wherein the source-active register message further indicates whether the multicast stream is active or withdrawn.

Abstract: A device may classify an application, associated with an endpoint, based on traffic associated with the endpoint. The device may determine a reputation score associated with the endpoint. The reputation score may be indicative of a level of trustworthiness of the endpoint. The device may selectively store a classification result, associated with classifying the application, in an application cache based on the reputation score associated with the endpoint. The classification result may be selectively used to process further traffic associated with the endpoint.

Abstract: A device may receive first information identifying multiple server devices and second information identifying multiple flows. The device may assign the multiple flows to the multiple server devices in a first order. The device may store the second information in multiple data structures to record the assignment of the multiple flows to the multiple server devices. A data structure, of the multiple data structures, may correspond to a respective server device of the multiple server devices. The device may receive an indication that a server device has been added to, or removed from, the multiple server devices after storing the second information. The device may reassign a subset of the multiple flows in a second order using third information identifying an order in which the multiple flows were assigned to the multiple server devices. The second order may be different from the first order.

Abstract: The disclosed apparatus may include (1) a base that (A) supports multiple heatsinks and (B) is coupled to a device that includes (i) a first component designed to operate at temperatures below a first threshold temperature and (ii) a second component designed to operate at temperatures below a second threshold temperature, the first threshold temperature being different than the second threshold temperature, (2) a first heatsink that (A) is secured to the base and (B) transfers heat away from the first component such that the first component operates at a temperature below the first threshold temperature, and (3) a second heatsink that is (A) secured to the base, (B) physically separated from the first heatsink by at least a certain amount of space, and (C) transfers heat away from the second component such that the second component operates at a temperature below the second threshold temperature.

Abstract: A clock distribution component may include a plurality of electrically connected buffer pair triads arranged in a plurality of levels. A buffer pair triad, of the plurality of buffer pair triads, may include three buffer pairs that are connected via wire. Each buffer pair triad may share at least one buffer pair with one or more buffer triads of the plurality of buffer pair triads. Buffer pairs, of the plurality of buffer pair triads, may be arranged in buffer rows and buffer columns. The plurality of levels may include a first level associated with a first buffer pair triad and one or more additional levels. Each level of the one or more additional levels may include at least three buffer pair triads and at least two more buffer pair triads and/or at least two less buffer pair triads than an adjacent level of the one or more additional levels.