Abstract: A wavelength division multiplexing (WDM) transceiver module comprising an optical port and an optical modulator is disclosed herein. The optical port includes a data transmit and receive optical fiber connector and a laser source-in optical fiber connector. The laser source-in optical fiber connector is configured to couple to a laser source external to the WDM transceiver module, and provide polarization alignment for a polarization-maintaining fiber. The optical modulator is configured to receive a laser output from the external laser source via the polarization-maintaining fiber and modulate the laser output based on analog electrical signals generated by a digital signal processor. The WDM transceiver module may not including an onboard laser source.

Abstract: A configurable advertisement count and skew timer in a virtual router can be used to improve the speed with which a backup virtual router assumes the role of master upon the master router's failure. Enhanced VRRP packets having a type other than one may be used to cause MAC address movement from a failed master router to a backup router assuming the role of master router without placing an undue load on other routers in the network, such as by dropping the enhanced VRRP packets having a type other than one without processing the packets in the control plane of a receiving virtual router.

Abstract: In some embodiments, an apparatus includes a compute device to communicate with a network control entity at each access switch from a set of access switches that define a portion of a data plane having a switch fabric coupling as hierarchical peers each access switch from the set of access switches. The compute device is operable to define a portion of a control plane that includes the network control entities from the set of access switches such that the compute device is hierarchically removed from the network control entities from the set of access switches. The compute device is operable to receive forwarding-state information from a first access switch from the set of access switches. The compute device to send the forwarding-state information to a second access switch from the set of access switches.

Abstract: A network filter is implemented so that filter terms that include intra-term OR conditions and converted to sub-terms that include only logical AND conditions. In one implementation, a device may include logic to receive a filter definition including one or more terms, at least some of the terms including logical OR conditions, that define how network traffic through the device is to be filtered, the logic expanding the one or more terms in the filter such that terms that contain logical OR conditions are expanded into a plurality of sub-terms that each contains only logical AND conditions. The device may further include a ternary content-addressable memory (TCAM) programmed to include a separate entry corresponding to each of the sub-terms.

Abstract: In general, techniques are described for managing group policies in a network. In some examples, a policy enforcement device comprising a plurality of service planes, each having one or more processors operably coupled to a memory, receives a policy enforcement request that includes data identifying a subscriber from a policy control server for a network. The plurality of service planes are further configured to assign, in response to determining that the subscriber is a member of a subscriber group that includes a plurality of subscribers, the subscriber to a selected service plane of the plurality of service planes. The selected service plane applies a group policy for the subscriber group to subscriber data traffic associated with the subscriber.

Abstract: In one example, a first routing device of an Ethernet virtual private network (EVPN) is multihomed to a customer edge (CE) routing device with a second routing device. The first routing device includes one or more network interfaces configured to send and receive packets. The first routing device also includes one or more processors configured to receive, via the one or more network interfaces, a first packet from the CE routing device including multicast join information, update multicast state information of the first routing device using the multicast join information from the first packet, and send, via the one or more network interfaces, a second packet including data representative of the multicast join information to the second routing device to synchronize multicast state information of the second routing device with the multicast state information of the first routing device.

Abstract: A device may receive first data center information associated with first data centers in a first region. The device may receive second data center information associated with second data centers in a second region that is different from the first region. The device may generate a spanning tree based on the first data center information and the second data center information. The spanning tree may be associated with exchanging metrics associated with the first data centers and the second data centers, and may be used to exchange the metrics between the device and other devices included in the first data centers or the second data centers. The device may exchange the metrics with the other devices based on the spanning tree.

Abstract: A device may identify a plurality of first values associated with network traffic of a label-switched path of a plurality of label-switched paths. The device may determine an adjustment policy based on the plurality of first values. The adjustment policy may include one or more factors associated with a plurality of second values. The plurality of second values may be determined based on the plurality of first values. The device may implement the adjustment policy in association with the label-switched path. A bandwidth reservation of the label-switched path may be adjusted based on the adjustment policy. The adjustment policy may be implemented for fewer than all of the plurality of label-switched paths.

Abstract: In some embodiments, an apparatus includes an automatic integrated circuit (IC) handler having a change kit. The change kit has a plunger moveably disposable onto an automatic test equipment (ATE). In such embodiments, the ATE is configured to receive an integrated circuit having an optical interface. The plunger has a first position and a second position. In such embodiments, the plunger is out of contact with the integrated circuit when the plunger is in the first position. The plunger includes an optical connector operatively coupled to the optical interface of the integrated circuit when the plunger is in the second position.

Abstract: Changes to a virtual system, such as a set of virtual machines in a data center, may be automatically synchronized with the corresponding physical system. In one implementation, an application may receive information regarding changes made to a virtual system. The application may determine whether the information regarding the changes necessitates a change in the configuration of one or more physical switches, and may reconfigure affected ones of the physical switches for compatibility with the changes made to the virtual system.

Abstract: A device may comprise security processing units (SPUs) including a SPU to receive a session request. The SPU may identify global counter information and update counter information. The global counter information may include a global counter identifier and a global counter value. The update counter information may include an update counter identifier and an update counter value. The SPU may identify a global limit associated with the global counter, may determine that the global limit has not been met, and may cause the session to be created. The SPU may create a modified global counter value. The SPU may create a modified update counter value. The SPU may determine that a local update message is required based on the modified update counter value, and may provide the local update message to another SPU. The local update message may include the global counter identifier and the modified global counter value.

Abstract: A network device creates multiple forwarding tables, and each forwarding table includes information associated with a first set of destinations and a second set of destinations. The first set of destinations is different than the second set of destinations. The network device determines, for each forwarding table, next hops for the first set of destinations, and determines, for each forwarding table, equal cost multipath next hops for the second set of destinations. The network device populates the multiple forwarding tables with information associated with the next hops and the equal cost multipath next hops, and the multiple forwarding tables are used to forward a multicast packet toward multiple destinations.

Abstract: Techniques are described for distributing network device tasks across virtual machines executing in a computing cloud. A network device includes a network interface to send and receive messages, a routing unit comprising one or more processors configured to execute a version of a network operating system, and a virtual machine agent. The virtual machine agent is configured to identify a virtual machine executing at a computing cloud communicatively coupled to the network device, wherein the identified virtual machine executes an instance of the version of the network operating system, to send, using the at least one network interface and to the virtual machine, a request to perform a task, and to receive, using the at least one network interface and from the virtual machine, a task response that includes a result of performing the task. The routing unit is configured to update the network device based on the result.

Abstract: An intrusion detection system (“IDS”) device is described that includes a flow analysis module to receive a first packet flow from a client and to receive a second packet flow from a server. The IDS includes a forwarding component to send the first packet flow to the server and the second packet flow to the client and a stateful inspection engine to apply one or more sets of patterns to the first packet flow to determine whether the first packet flow represents a network attack. The IDS also includes an application identification module to perform an initial identification of a type of software application and communication protocol associated with the first packet flow and to reevaluate the identification of the type of software application and protocol according to the second packet flow. The IDS may help eliminate false positive and false negative attack identifications.

Abstract: An example managed network device includes a control unit and a storage medium that stores a file that includes a variable value. The control unit provides an execution environment for a simple network management protocol (SNMP) engine operable by the control unit to establish, based on a set of authentication parameters, secure SNMP communication with a network management system, determine whether the file is corrupted, determine whether the variable value stored in the file is readable, determine whether the variable value is greater than or equal to a maximum value, and, responsive to determining that the file is corrupted, that the variable value is not readable, or that the variable value is greater than or equal to the maximum value: re-initialize the variable value, notify a network management system, and maintain the secure simple networking management protocol communication with network management system using the set of authentication parameters.

Abstract: A computer-implemented method for managing device configurations at various levels of abstraction may include (1) receiving a request to transform configuration details of at least one computing device into configuration details for an abstraction of the computing device, (2) using at least one compiler to transform the configuration details of the computing device into configuration details of the abstraction, and (3) returning the configuration details of the abstraction. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method may include (1) creating, at a proxy node within an IP network, a proxy group that includes a plurality of network nodes within a subnet of the IP network that are represented by a pseudo MAC address, (2) receiving a neighbor solicitation from a network node included in the proxy group, (3) identifying, within the neighbor solicitation, a link-layer address of the network node that sent the neighbor solicitation, (4) modifying the neighbor solicitation by replacing the link-layer address of the network node with the pseudo MAC address of the proxy group, and then (5) forwarding the modified neighbor solicitation to another network node included in the proxy group to facilitate completion of an NDP process in which the other network node responds to the modified neighbor solicitation with a neighbor advertisement proxied by the proxy node. Various other methods, systems, and apparatuses are also disclosed.

Abstract: In one embodiment, an apparatus includes an initialization module configured to receive a Fiber Channel over Ethernet Initialization Protocol (FIP) login request from a network device. The initialization module is configured to select an outbound port based at least in part on a load-balancing calculation. The initialization module is configured to define a destination Media Access Control (MAC) address. The initialization module is configured to associate the destination MAC address with the outbound port. The initialization module is configured to send, to the network device, a signal including the destination MAC address in response to the FIP login request.

Abstract: The disclosed apparatus may include a storage device that stores at least one policy for handling certain network traffic exchanged between multiple computing devices during at least one specific day. The apparatus may also include a policy-enforcement unit communicatively coupled to the storage device. The policy-enforcement unit may receive, at a network device that facilitates network traffic within a network, at least one packet to be exchanged between the multiple computing devices on the specific day. The policy-enforcement unit may then determine, due at least in part to receiving the packet on the specific day, that the policy applies to the packet. In response to determining that the policy applies to the packet, the policy-enforcement unit may handle the packet in accordance with the policy. Various other apparatuses, systems, and methods are also disclosed.

Abstract: The disclosed method may include (1) identifying a customer edge router that is multi-homed to a provider edge router and another provider edge router, (2) determining, by the provider edge router, that the other provider edge router has identified an Internet Protocol address of the customer edge router by way of an Address Resolution Protocol, (3) learning, by the provider edge router, the Internet Protocol address of the customer edge router from the other provider edge router, and then (4) advertising, by the provider edge router to at least one gateway of at least one other customer edge router, a route that facilitates communication with the customer edge router via the provider edge router based at least in part on the Internet Protocol address of the customer edge router. Various other methods, systems, and apparatuses are also disclosed.