Abstract: One function of a communications network, or of nodes in such a network, is to gather data that is useful in assessing network performance, and quantifying metrics of node and/or network performance. Various embodiments disclosed herein improve the ability of nodes and networks to gather such data, and quantify metrics of node and/or network performance by selectively marking existing network traffic, and in preferred embodiments without having to dilute network traffic by generating and transmitting dummy data packets.

Abstract: Techniques are disclosed for promulgating service information and topology information in a network in a high availability manner. An example device is configured to create a first service and topology exchange protocol (STEP) document. The first STEP document includes service information and topology information. The example device is configured to send the first STEP document to a first STEP repository for forwarding to at least one subscribing network device. The example device is also configured to send the first STEP document to a second STEP repository for forwarding to the at least one subscribing network device.

Abstract: Techniques are disclosed for session-based routing of multipoint Open Systems Interconnection (OSI) Model Layer-2 (L2) frames of an L2 network extended over Layer-3 (L3) networks. In one example, L2 networks connect a source device to an ingress router and receiver devices to egress routers. An L3 network connects the ingress and egress routers. The ingress router receives, from the source device, a multipoint L2 frame destined for the receiver devices. The ingress router forms, for each egress router that is connected to at least one multipoint receiver device, a unicast L3 packet for the L2 frame and forwards the unicast L3 packet to the egress router. Each egress router generates, in response to receiving the unicast L3 packet, the multipoint L2 frame and forwards, to the receiver devices, the multipoint L2 frame.

Abstract: A first router generates session establishment metrics for use in network path selection. For example, a plurality of routers connect a client device to a network service instance hosted by a server. A first router is connected to the network service instance via first and second paths. The first router receives session performance requirements for a session between the client device and the network service instance. The first router forwards, along the first path, network traffic for the session by modifying a first packet of the session to include a session identifier for the session. The first router determines that session establishment metrics for the session do not satisfy the session performance requirements. In response, the first router forwards, along the second path, the network traffic for the session by modifying a second packet of the session to include the session identifier for the session.

Abstract: Techniques are disclosed for avoiding sending network traffic through a backup network device when an active network device is operational. An example device is configured to receive a first address resolution protocol (ARP) request from an active network device and a second ARP request from a backup network device. The device is also configured to, in response to receiving the first ARP request and the second ARP request, send a first ARP response to the active network device.

Abstract: Techniques are disclosed for inline security key exchanges between network devices. An example network device includes one or more processors and memory coupled to the one or more processors. The memory stores instructions that, upon execution, cause one or more processors to obtain a first payload key and obtain a path key. The instructions cause the one or more processors to encrypt a first payload of a first packet using the first payload key and insert the first payload key into first metadata of the first packet. The instructions cause the one or more processors to encrypt the first metadata using the path key and send the first packet to another network device.

Abstract: Techniques are described for forming on-demand mesh connections between spoke routers of a Software-Defined Wide Area Network (SD-WAN) arranged in a hub-and-spoke topology. A first spoke router modifies the first packet to include metadata specifying first reachability information and first Internet Protocol (IP) address information for the first spoke router. The first spoke router forwards the first packet to a hub router for forwarding to a second spoke router. The first spoke router receives a second packet from the hub router that includes metadata specifying second reachability information and second IP address information for the second spoke router. In response to determining that the first reachability information is compatible with the second reachability information, the first spoke router initiates a peering connection with the second spoke router along a path which bypasses the hub router for forwarding subsequent packets of the forward packet flow.

Abstract: Techniques are disclosed for session-based routing within Open Systems Interconnection (OSI) Model Layer-2 (L2) networks extended over Layer-3 (L3) networks. In one example, L2 networks connect a first client device to a first router and a second client device to a second router. An L3 network connects the first and second routers. The first router receives, from the first client device, an L2 frame destined for the second client device. The first router generates an L3 packet comprising an L3 header specifying L3 addresses of the first and second routers, a first portion of metadata comprising L2 addresses for the first and second client devices, and a second portion of metadata comprising L3 addresses for the first and second client devices, and forwards the L3 packet to the second router. The second router recovers the L2 frame from the metadata and forwards the L2 frame to the second client device.

Abstract: A network device has an input configured to receive a message relating to a given device attempting to forward one or more packets across a computer network. The message has given device information relating to the given device. In addition, the routing device also has a selector, operatively coupled with the input, configured to select (after receiving the given data) a given group routing policy from a plurality of group routing policies. Preferably, the selector is configured to select the given group routing policy as a function of the given device information. The routing device also has an output operatively coupled with the selector. The output is configured to cause routing of device communication across the network using link-layer routes specified by the given group routing policy.

Abstract: A network device has an input configured to receive a message relating to a given user attempting to forward one or more packets across a computer network. The message has given user information relating to the given user. In addition, the routing device also has a selector, operatively coupled with the input, configured to select (after receiving the message) a given group routing policy from a plurality of group routing policies. Preferably, the selector is configured to select the given group routing policy as a function of the given user information. The routing device also has an output operatively coupled with the selector. The output is configured to cause routing of user communication across the network using link-layer routes specified by the given group routing policy.

Abstract: Techniques are disclosed for session-based routing within Open Systems Interconnection (OSI) Model Layer-2 (L2) networks extended over Layer-3 (L3) networks. In one example, L2 networks connect a first client device to a first router and a second client device to a second router. An L3 network connects the first and second routers. The first router receives, from the first client device, an non-session-based L2 frame destined for the second client device. The first router forms an L3 packet comprising an L3 header specifying L3 addresses of the first and second routers and a protocol selected based on an L3 service for the L2 frame, a payload comprising the L2 frame, and metadata comprising a session identifier distinctly identifying the L2 frame, and forwards the L3 packet to the second router. The second router recovers the L2 frame from the payload and forwards the L2 frame to the second client device.

Abstract: Techniques are disclosed for session-based routing of multipoint Open Systems Interconnection (OSI) Model Layer-2 (L2) frames of an L2 network extended over Layer-3 (L3) networks. In one example, L2 networks connect a source device to an ingress router and receiver devices to egress routers. An L3 network connects the ingress and egress routers. The ingress router receives, from the source device, a multipoint L2 frame destined for the receiver devices. The ingress router forms, for each egress router that is connected to at least one multipoint receiver device, a unicast L3 packet for the L2 frame and forwards the unicast L3 packet to the egress router. Each egress router generates, in response to receiving the unicast L3 packet, the multipoint L2 frame and forwards, to the receiver devices, the multipoint L2 frame.

Abstract: As described herein, a router signals a source device to establish a new stateful communication session with a destination device by changing a network path used by traffic associated with the session. In one example, a router forwards traffic of a first stateful routing session established by the source device along a first path. In response to determining that that the first path should not be used, the router forwards a packet of the first session along a second path. The destination device recognizes the change in path, which causes the destination device to reject the packet, which in turn causes the source device to establish a second stateful routing session. The router forwards subsequent traffic of the second stateful routing session along the second path.

Abstract: Techniques are disclosed for session-based routing within Open Systems Interconnection (OSI) Model Layer-2 (L2) networks extended over Layer-3 (L3) networks. In one example, L2 networks connect a first client device to a first router and a second client device to a second router. An L3 network connects the first and second routers. The first router receives, from the first client device, an L2 frame destined for the second client device. The first router generates an L3 packet comprising an L3 header specifying L3 addresses of the first and second routers, a first portion of metadata comprising L2 addresses for the first and second client devices, and a second portion of metadata comprising L3 addresses for the first and second client devices, and forwards the L3 packet to the second router. The second router recovers the L2 frame from the metadata and forwards the L2 frame to the second client device.

Abstract: Techniques are disclosed for session-based routing within Open Systems Interconnection (OSI) Model Layer-2 (L2) networks extended over Layer-3 (L3) networks. In one example, L2 networks connect a first client device to a first router and a second client device to a second router. An L3 network connects the first and second routers. The first router receives, from the first client device, an non-session-based L2 frame destined for the second client device. The first router forms an L3 packet comprising an L3 header specifying L3 addresses of the first and second routers and a protocol selected based on an L3 service for the L2 frame, a payload comprising the L2 frame, and metadata comprising a session identifier distinctly identifying the L2 frame, and forwards the L3 packet to the second router. The second router recovers the L2 frame from the payload and forwards the L2 frame to the second client device.

Abstract: Techniques are disclosed for session-based routing of multipoint Open Systems Interconnection (OSI) Model Layer-2 (L2) frames of an L2 network extended over Layer-3 (L3) networks. In one example, L2 networks connect a source device to an ingress router and receiver devices to egress routers. An L3 network connects the ingress and egress routers. The ingress router receives, from the source device, a multipoint L2 frame destined for the receiver devices. The ingress router forms, for each egress router that is connected to at least one multipoint receiver device, a unicast L3 packet for the L2 frame and forwards the unicast L3 packet to the egress router. Each egress router generates, in response to receiving the unicast L3 packet, the multipoint L2 frame and forwards, to the receiver devices, the multipoint L2 frame.

Abstract: A network device is configured to associate a tenant of a plurality of tenants with a virtual routing and forwarding (VRF) instance of a plurality of VRF instances. The network device receives a packet comprising metadata specifying a tenant identifier for the tenant. The network device identifies, based on the tenant identifier specified by the metadata, the VRF instance associated with the tenant. The network device retrieves one or more routes from a routing information base (RIB) of the VRF instance associated with the tenant and forwards the packet toward a destination via the one or more routes.

Abstract: A routing system for implementing a service and topology exchange protocol (STEP) comprises a primary STEP server configured to maintain a STEP repository and a plurality of routers, each router including a STEP client in communication with the primary STEP server. The STEP client of each router is configured to transmit, using the service and topology exchange protocol, service and topology state information for at least one route or service available through the router to the primary STEP server for storage in the STEP repository.

Abstract: A routing system for routing packets for a route or service comprises a plurality of routers including a source router, wherein the source router is configured to receive, using a service and topology exchange protocol, service and topology state information from a STEP repository for at least one other router based on configured relationships between routers; determine a first path to a destination for a route or service based on the service and topology state information, the first path including an ordered list of successive routers to receive a packet associated with the route or service starting with a first successive router and ending with a destination router; and transmit a packet toward the first successive router with first metadata including a list of at least one remaining router of the ordered list of routers to receive the packet associated with the route or service.

Abstract: Techniques are described for a router providing metric-based multi-hop path selection. For example, a first router of a plurality of routers receives a plurality of network performance metrics for a plurality of links interconnecting the plurality of routers. The plurality of links form a plurality of multi-hop paths through the plurality of routers to a service instance. The router determines, based on the plurality of network performance metrics for the plurality of links, an end-to-end performance of each of the plurality of multi-hop paths. The router selects a multi-hop path over which to forward traffic associated with the session based on the end-to-end performance of each of the plurality of multi-hop paths and one or more performance requirements for a service associated between a session between a client device and the service instance. The router forwards the traffic to the service instance along the selected multi-hop path.