Abstract: A layer 2 tunneling protocol access concentrator (LAC) may receive an indication to set up a layer 2 tunneling protocol (L2TP) tunnel. The LAC may determine, based on the indication, a multicast address associated with initiating setup of the L2TP tunnel. The LAC may provide, to the multicast address, a request associated with initiating the L2TP tunnel. The request may be provided such that a plurality of L2TP network servers (LNSs) receives the request. The LAC may receive a set of responses to the request. The set of responses may be provided by a respective set of LNSs. The plurality of LNSs may include the respective set of LNSs. The LAC may select, based on the set of responses, a particular LNS, of the respective set of LNSs, with which to set up the L2TP tunnel.

Abstract: The disclosed computer-implemented method may include (1) receiving, at a network node within a network, a request to downgrade a first version of an operating system that is currently active to a second version of the operating system that predates the first version of the operating system, (2) rebooting the network node to facilitate downgrading the first version of the operating system to the second version of the operating system, and (3) during the reboot, downgrading the first version of the operating system to the second version of the operating system by (A) reclassifying an active set of packages from the first version of the operating system as a previous set of packages and (B) executing a pending set of packages from the second version of the operating system. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A network device may receive network traffic, originating from an input component, via a first set of input ports of a first switching element. The first switching element may be included in a stage of a multi-stage switching fabric. The first set of input ports may be associated with the input component. The network device may determine, based on the input component, a first set of output ports of the first switching element that are reserved for the input component. The network device may route the network traffic, via the first set of output ports, to second switching elements included in another stage of the multi-stage switching fabric. The second switching elements may receive the network traffic via a second set of input ports of the second switching elements.

Abstract: A network device may determine a plurality of reputation indicators that indicate a measure of reputation associated with the flow. A first reputation indicator, of the plurality of reputation indicators, may be determined based on applying a first reputation analysis technique in association with the flow. A second reputation indicator, of the plurality of reputation indicators, may be determined based on applying a second reputation analysis technique in association with the flow. The second reputation analysis technique may be different from the first reputation analysis technique. The network device may determine a reputation score for the flow based on the plurality of reputation indicators. The network device may prioritize the flow based on the reputation score.

Abstract: A network device receives multicast packets that include information identifying destinations in the network, identifies next hops associated with the destinations, and populates a cache with the destinations and addresses of the identified next hops. The network device receives a particular multicast packet that includes information identifying particular destinations included in the cache, identifies one or more next hops for the particular destinations from the cache, and forwards the particular multicast packet to the identified one or more next hops to permit the identified one or more next hops to forward the multicast packet toward the particular destinations.

Abstract: A system may comprise a first switch connected to an output of a first power source, a second switch connected to an output of a second power source, a first sensor connected to an output of the first switch, a second sensor connected to an output of the second switch, a third switch connected to the first sensor and the second sensor and connected to a load, and a control device connected to the first switch, the second switch, the first sensor, the second sensor, and the third switch.

Abstract: The disclosed apparatus may include a storage device that stores a set of routes. In this example, the apparatus may also include a processing unit that is communicatively coupled to the storage device. This processing unit may (1) analyze an unknown flow of packets that are destined for a certain node, (2) identify at least one characteristic of the unknown flow based at least in part on the analysis, (3) determine, based at least in part on the characteristic, that the unknown flow of packets likely represents traffic that corresponds to a specific application, (4) predictively select, from the set of routes, a non-default route that facilitates transfer to the certain node in connection with the specific application, and then (5) forward a first packet of the unknown flow to the certain node by way of the non-default route. Various other apparatuses, systems, and methods are also disclosed.

Abstract: A device may determine a set of network traffic monitoring parameters associated with identifying a packet for capture. The set of network traffic monitoring parameters may identify a particular protocol layer at which to perform packet capture. The device may configure packet capture and protocol layer state determination based on the set of network traffic monitoring parameters. The device may perform packet capture of the packet at a time when the packet is received at a protocol stack associated with the particular protocol layer based on configuring packet capture and protocol layer state determination. The device may determine a protocol layer state at the time when the packet is received at the protocol stack based on configuring packet capture and protocol layer state determination. The device may provide information identifying the packet and/or the protocol layer state.

Abstract: A device may determine first configuration information associated with configuring a chassis. The device may configure the chassis in a first mode using the first configuration information to cause the chassis to perform routing for a network. The device may determine, after a first period of routing for the network, second configuration information associated with configuring the chassis. The second configuration information may relate to utilizing one or more computing resources of a server device external to the chassis to perform routing for the chassis. The device may configure the chassis in a second mode using the second configuration information to cause the chassis to perform, in a second period, routing for the network.

Abstract: A device may include one more processors to receive designed network information corresponding to a designed network; generate a data graph corresponding to a topology of the designed network based on the designed network information; receive discovered network information corresponding to discovered network devices of a discovered network; generate a query graph corresponding to the discovered network based on the discovered network information; perform a validation analysis of a topology of the discovered network relative to the topology of the designed network based on the data graph and the query graph; and/or perform an action based on a result of the validation analysis.

Abstract: A system may include a set of 4N packet processors and a switching fabric to interconnect the set of 4N packet processors. The switching fabric may include the following switching elements having a size of at least 3N×3N: a first switching element, a second switching element, a third switching element, and a fourth switching element. The first switching element may be directly connected to the second switching element and the third switching element, and may be indirectly connected to the fourth switching element. The second switching element may be directly connected to the fourth switching element, and may be indirectly connected to the third switching element. The third switching element may be directly connected to the fourth switching element.

Abstract: A first device may receive a network information request that identifies a data object relating to a network device. The data object may correspond to or identify an attribute associated with the network device. The first device may determine that the attribute is a static attribute relating to a configuration of the network device. The first device may determine whether a second device stores the data object. The second device may store data objects corresponding to static attributes. The first device may selectively obtain the data object from the network device or from the second device based on determining whether the second device stores the data object. The first device may provide the data object based on the network information request.

Abstract: A distributed routing system may include a first network device. The first network device may receive a packet that includes a first virtual local area network (VLAN) tag. The first network device may identify a packet priority based on a port via which the packet is received and information included in the first VLAN tag. The first network device may assign a forwarding class to the packet based on the packet priority. The first network device may generate a second VLAN tag that identifies the forwarding class. The first network device may add the second VLAN tag to the packet while keeping the first VLAN tag in the packet. The first network device may transmit the packet, including the first VLAN tag and the second VLAN tag, to a second network device included in the distributed routing system.

Abstract: Techniques are described for separating control plane functions in a network device using virtual machines. The techniques include initializing multiple virtual machine instances in a control unit of a standalone router, and running different control processes for the router in each of the virtual machines. For example, in a root system domain (RSD)-protected system domain (PSD) system, a control unit of the standalone router may support a RSD virtual machine (VM) and one or more PSD VMs configured to form logical devices and execute logically separate control processes without requiring physically separate, hardware-independent routing engines to form the PSDs. Each of the RSD VM and PSD VMs includes a separate kernel, an operating system, and control processes for the logical device. When a software failure occurs in the PSD VM, the PSD VM may perform a software failover without affecting the operation of the RSD VM.

Abstract: The techniques include communicating a plurality of TCP data segments from different TCP connections as a single TCP data segment via a TCP gateway connection. For example, network host devices of autonomous systems may ordinarily transfer TCP data segments across dedicated TCP connections. An Autonomous System Boundary Router (ASBR) on one end of the TCP gateway connection may intercept TCP data segments from different TCP connections and may append the TCP data segments as a single appended TCP data segment and communicated via the TCP gateway connection. An ASBR on the other end of the TCP gateway connection may separate TCP data segments from the appended TCP data segment and determine, based on connection flow information, the TCP connections associated with each of the separated TCP data segments. The ASBR may then forward the separated TCP data segments to their original destinations.

Abstract: A device may receive a packet associated with a flow and may identify a capacity indicator associated with a flow table. The capacity indicator may indicate an available storage capacity associated with the flow table. The flow table may be stored by another device and may include entries for one or more flows and one or more corresponding actions to be taken in association with the one or more flows. The device may determine a service indicator that indicates a priority associated with the flow and may compare the capacity indicator and the service indicator. The device may selectively provide a message to the other device based on comparing the capacity indicator and the service indicator. The message may include an instruction for the other device to store an entry, associated with the flow, in the flow table.

Abstract: A device may determine that a received transmission control protocol (TCP) segment includes data for a hypertext transfer protocol (HTTP) version N stream, where N is greater than or equal to 2. The device may identify, from the received TCP segment, a stream identifier for the HTTP version N stream. The device may determine that a condition is satisfied for releasing one or more TCP segments, associated with the stream identifier, from a TCP reassembly queue. The device may release the one or more TCP segments from the TCP reassembly queue based on determining that the condition is satisfied.

Abstract: In one example, a network device comprising a first chassis of a multi-chassis link aggregation group (MC-LAG) having three or more chassis, comprises one or more network interfaces configured to receive a packet to be forwarded using the MC-LAG, and a control unit configured to determine whether the packet was received from a device outside of the MC-LAG, when the packet was received from the device outside of the MC-LAG, add data to the packet that identifies the first chassis as a source of the packet for the MC-LAG, and forward the packet via at least one of the network interfaces. In this manner, chassis of the MC-LAG can prevent forwarding of the packet to the source of the packet for the MC-LAG, based on the data that identifies a source of the packet for the MC-LAG.

Abstract: In some examples, a customer edge device (CE) is configured to receive configuration data for multi-homed connectivity for a local layer 2 (L2) network with a L2 virtual private network (L2VPN) for a layer 3 (L3) network for switching L2 packet data units (PDUs) among two or more L2 networks connected to the L3 network including the local L2 network, wherein the configuration data for multi-homed connectivity configures the CE with a primary attachment circuit to a primary neighbor provider edge device (PE) for the L2VPN and with a backup attachment circuit to a backup neighbor PE for the L2VPN; and generate and send, in response to snooping a multicast join message indicating a multicast group, a control plane message via the backup attachment circuit to the backup neighbor PE for the L2VPN, wherein the control plane message is destined for the backup neighbor PE for the L2VPN.

Abstract: In general, techniques are described for providing data consistency for managed device data among network managers in a hierarchical and distributed network management system in which the network managers operate according to a microservices-based software architecture. For example, a method comprises receiving a data model for a network device, wherein the data model comprises an object and an annotation that indicates a type of scope for the object; and processing, based on the object and annotation, the data model to generate application code for a microservice application for a network manager for managing instances of the network device, wherein the application code, when compiled, and executed by the network manager, causes the network manager to replicate data associated with the object to one or more of a plurality of network managers of a distributed network managed system.