Abstract: Techniques are described for specifying and constructing multi-protocol label switching (MPLS) rings. Routers may signal membership within MPLS rings and automatically establish ring-based label switch paths (LSPs) as components of the MPLS rings for packet transport within ring networks. In one example, a router includes a processor configured to output Label Distribution Protocol (LDP) messages, as described herein, to establish an MPLS ring having a plurality of ring LSPs. Each of the ring LSPs is configured to transport MPLS packets around the ring network to a different one of the routers operating as an egress router for the respective ring LSP. Moreover, each of the ring LSPs comprises two counter-rotating multipoint-to-point (MP2P) LSPs for which any of the routers can operate as an ingress to source packet traffic into the ring LSP for transport to the respective egress router for the ring LSP.

Abstract: A security device may receive actual behavior information associated with an object. The actual behavior information may identify a first set of behaviors associated with executing the object in a live environment. The security device may determine test behavior information associated with the object. The test behavior information may identify a second set of behaviors associated with testing the object in a test environment. The security device may compare the first set of behaviors and the second set of behaviors to determine a difference between the first set of behaviors and the second set of behaviors. The security device may identify whether the object is an evasive malicious object based on the difference between the first set of behaviors and the second set of behaviors. The security device may provide an indication of whether the object is an evasive malicious object.

Abstract: The disclosed apparatus may include (1) a cage that houses at least one field-replaceable electronic module that, when operational, emits heat within a computing device, wherein the cage comprises (A) a front entry side that facilitates installation of the field-replaceable electronic module and (B) a back side that is located opposite the front entry side, (2) a heatsink that removably interfaces with the field-replaceable electronic module when the field-replaceable electronic module is installed in the cage, and (3) a spring plate that (A) is coupled to the heatsink and (B) applies force to the heatsink such that the heatsink (I) is pressed against the field-replaceable electronic module and (II) establishes thermal contact with the field-replaceable electronic module to facilitate heat transfer from the field-replaceable electronic module to the heatsink. Various other apparatuses, systems, and methods are also disclosed.

Abstract: A method may include detecting a presence of a first server device; communicating, with the first server device, to obtain information associated with the first server device; sending, to a second server device, a request for authentication services, where the request includes the information associated with the first server device; receiving, from the second server device, a notification that the first server device has been authenticated, where the notification includes a session threshold; and establishing, based on the notification, a session with the first server device by associating the first server device with a virtual local area network (VLAN), where the associating permits network traffic to be received from or sent to the first server device via the VLAN, and where the network node uses the session threshold received from the second server device, instead of a threshold associated with the VLAN, to determine a duration permitted for the session.

Abstract: In some embodiments, an apparatus includes an optical transceiver configured to be operatively coupled to a network. The optical transceiver includes a photo diode and a processor configured to be operatively coupled to the photo diode. The photo diode is configured to measure a receiver optical power (ROP) value and send the ROP value to the processor. The processor is configured to measure a bit error rate (BER) value of a digital modulated signal at an input port of the optical transceiver. The processor is also configured to determine an estimated optical signal noise ratio (OSNR) value at the input port of the optical transceiver based on the ROP value and the BER value. The processor is configured to send a signal indicating the estimated OSNR value such that a planned route is selected for sending data signals through within the optical transceiver based on the estimated OSNR value.

Abstract: A redundant service delivery gateway system and method. Configuration information defining roles for redundant service delivery gateways is received via a user interface defined for each of a plurality of redundant service delivery gateways. Configuration information defining one or more redundancy events, a redundancy policy associated with each redundancy event and two or more redundancy sets is also received via a user interface. Each redundancy set is associated with one or more of the redundancy events and each redundancy set includes a master redundancy state and a standby redundancy state. A first redundancy event detected in a first service delivery gateway leads to a transition, in the first service delivery gateway, from a master redundancy state to a standby redundancy state in the redundancy set associated with the first redundancy event.

Abstract: An aggregation device may detect a change to a status of a campus network. The campus network may include a set of satellite clusters. Each satellite cluster, of the set of satellite clusters, may include one or more satellite devices. The aggregation device may generate one or more satellite cluster specific control messages (SCSCMs) to update the campus network based on detecting the change to the status of the campus network. The one or more SCSCMs may include at least one of a control-and-status protocol (CSP) message, or a link layer discovery protocol (LLDP) message. The aggregation device may include information relating to the set of satellite clusters in a configurable portion of the one or more SCSCMs. The aggregation device may transmit the one or more SCSCMs with a border satellite device, of the one or more satellite devices, to update the campus network.

Abstract: The disclosed method may include (1) establishing a communication session between a plurality of network nodes to enable the plurality of network nodes to exchange route updates with one another, and then during the communication session, (2) detecting, at one of the network nodes, at least one route update to send to another one of the network nodes, (3) compressing, at the network node, the route update to reduce an amount of data included in the route update, and then upon compressing the route update, (4) sending the compressed route update to the other network node to enable the other network node to forward traffic along a path whose route is advertised in the compressed route update. Various other methods, systems, and apparatuses are also disclosed.

Abstract: In some embodiments, a non-transitory processor-readable medium stores code representing instructions to be executed by a processor. The code causes the processor to receive, at an edge device, a first data unit having a characteristic. The code causes the processor to identify, at a first time, an identifier of a service module associated with the characteristic in response to each entry from a set of entries within a flow table not being associated with the characteristic. The code causes the processor to define an entry in the flow table associated with the characteristic and the identifier of the service module. The code causes the processor to send the first data unit to the service module. The code causes the processor to receive, at the edge device, a second data unit having the characteristic, and send the second data unit to the service module based on the entry.

Abstract: In one example, a network management system (NMS) device manages a plurality of network devices including first and second network devices. Initially the first and second network devices are configured according to a first high-level configuration. The NMS is configured to determine a difference between the first high-level configuration and a second high-level configuration, apply a first transformation function, specific to the first network device, to the difference to generate a first low-level configuration change specific to the first device, apply a second transformation function, specific to the second network device, to the difference to generate a second low-level configuration change specific to the second device, configure the first device with the first low-level configuration change, and configure the second device with the second low-level configuration change.

Abstract: A device may generate a frame including data to be provided to a client device. The data may be associated with a rate corresponding to the client device. The device may determine rate information, associated with a set of client devices, that identifies the rate and one or more other rates. The device may determine a relative frame transmission time (RFTT) associated with the frame. The device may determine a frame scheduling number (FSN), associated with the frame, based on the RFTT. The device may schedule the frame for provision to the client device based on the FSN. The device may provide the frame to the client device based on scheduling the FSN. The frame may be provided to cause relative airtime fairness between a first group of frames, corresponding to the rate, and a second group of frames, corresponding to the one or more other rates, to be achieved.

Abstract: In some examples, a controller provisions services for transporting packet flows within a network. A controller service provisioning module receives a service request that comprises a definition for a service to be provided by the network for a subscriber or a customer of the network. The service provisioning module determines a plurality of network resources of at least one network device to be configured to implement the service in the network and apply the service to the packet-based network traffic of the subscriber. A locking unit of the service provisioning module acquires a lock from a network-wide coordination repository that stores a software representation for each of the network resources, the lock providing exclusive configuration access to the service provisioning module for the network resources. The service provisioning module, only upon the locking unit acquiring the lock for the network resources, configures the network resources to provision the service.

Abstract: In one example, a method includes by a Software Defined Networking (SDN) controller, receiving one or more virtual routes to virtual interfaces from a first virtual router agent managed by the SDN controller, the one or more virtual routes received via a messaging protocol session between the SDN controller and the first virtual router agent; storing, by the SDN controller, the one or more virtual routes to a data structure; in response to determining the messaging protocol session has closed, marking, by the SDN controller, the one or more virtual routes in the data structure as stale without deleting the one or more virtual routes from the data structure and without withdrawing the virtual routes from routing protocol peers of the SDN controller; and subsequent to marking the one or more virtual routes as stale, sending, by the SDN controller, the one or more virtual routes to a second virtual router agent.

Abstract: An apparatus may (1) receive, at the service provider's network, at least one flow of network traffic from a remote device included in a user's private network, (2) identify, within the flow of network traffic, at least one potentially non-unique private address that represents the remote device with respect to the user's private network, (3) determine, at least one unique routable address that represents the remote device with respect to the service provider's network based at least in part on a network interface assigned to the user's private network, the potentially non-unique private address, and the address-translation table, and then (4) translate, in response to determining the unique routable address, the potentially non-unique private address to the unique routable address to facilitate routing return network traffic to the remote device in connection with the flow of network traffic. Various other apparatuses, systems, and methods are also disclosed.

Abstract: A system may include a removable board that is adapted for inserting into and removing from an enclosure, an electronic component that is attached to the removable board, and a cooling system that is attached to the removable board. The cooling system may include a first heat exchanger that is attached to the electronic component by a physical interface. The cooling system may include a coolant pipe that that is at least partially filled with a working fluid to receive heat, generated by the electronic component, via the first heat exchanger. The cooling system may include a second heat exchanger, attached to the coolant pipe and situated to be located outside of the enclosure when the removable board is inserted into the enclosure. The cooling system may be adapted to remain attached to the removable board when inserting and removing the removable board.

Abstract: In some embodiments, an apparatus includes a processor configured to receive a set of digital samples associated with a set of optical signals received at a coherent optical receiver. The set of digital samples is associated with a set of optical channels. Each optical channel from the set of optical channels is spaced from at least one adjacent optical channel from the plurality of optical channels. The processor is configured to calculate, for each optical channel from the set of optical channels, a spacing between that optical channel and at least one adjacent optical channel from the set of optical channels based on digital signal processing of the set of digital samples. The processor is configured to send a signal indicating, for each optical channel from the set of optical channels, the spacing between that optical channel and the at least one adjacent optical channel.

Abstract: A device may receive a message, associated with establishing a secure session, including a first certificate chain associated with a server device. The device may generate a first certificate fingerprint associated with the first certificate chain and determine a policy identifier associated with a security policy on which the first certificate chain is to be validated. The device may identify a second certificate fingerprint associated with a second certificate chain that has been validated based on the security policy. The device may determine whether the first certificate fingerprint matches the second certificate fingerprint.

Abstract: A first maintenance endpoint (MEP) device may identify that a first interface of the first MEP device is associated with a connectivity failure. The first MEP device may provide, to a second MEP device, a first continuity check message (CCM), that includes a MEP identifier of the first MEP device. The first CCM may cause the second MEP device to designate a second interface of the second MEP device as being offline. The first MEP device may receive, from the second MEP device, a second CCM, that includes the MEP identifier of the first MEP device and information indicating that the second interface of the second MEP device is offline. The first MEP device may execute a rule to avoid a deadlock situation based on the second CCM including the MEP identifier of the first MEP device.

Abstract: In general, techniques are described for dynamically controlling host-bound traffic by dynamically adding and updating, within the forwarding plane of a network device, network packet policers that each constrains, for one or more packet flows, an amount of host-bound traffic of the packet flows permitted to reach the control plane in accordance with available resources. In one example, a control plane of the network device detects internal congestion in the communication path from the forwarding plane to control plane (the “host-bound path”), identifies packet flows utilizing an excessive amount of host-bound path resources, computes limits for the identified packet flows, and adds “penalty-box policers” configured with the computed limits for the identified packet flows to the forwarding plane. The forwarding plane subsequently applies the policers to the identified packet flows to constrain the amount of traffic of the packet flows allowed to reach the control plane to the computed limits.

Abstract: In general, techniques are described for load-balancing responsibility for forwarding of multicast traffic into an active-active Ethernet segment between two or more multi-homed provider edge (PE) routers in an Ethernet Virtual Private Network (EVPN). In one example, a PE router may receive an Internet Group Management Protocol (IGMP) join report for a multicast group. The PE router may send join synch routes used to synchronize the join report for the multicast group across the Ethernet segment. The PE router may deterministically determine whether the PE router is configured to be an elected multicast forwarder for one of a plurality of multicast groups. If the PE router is elected a multicast forwarder, the PE router may configure a forwarding state of the PE router to ignore a designated forwarder calculation and to forward the multicast traffic into the Ethernet segment regardless of whether the PE router is a designated forwarder.