Abstract: A method performed by a provider edge node of an Ethernet virtual private network (EVPN) in which the provider edge node is configured to communicate with peer provider edge nodes of the EVPN that are multihomed to a multicast receiver, comprises: receiving, from the peer provider edge nodes, selective multicast routes for multicast traffic, and designated forwarder states that each indicates whether a respective one of the peer provider edge nodes is a designated forwarder or a non-designated forwarder for the multicast traffic; upon receiving the multicast traffic, determining which of the peer provider edge nodes is the designated forwarder for the multicast traffic based on the designated forwarder states received from the peer provider edge nodes; and selectively forwarding the multicast traffic only to the designated forwarder.

Abstract: Techniques are described herein for performing filtering of frames by a provider edge device. The techniques comprise receiving information about one or more local customer edge devices in communication with a provider edge device. The techniques further comprise receiving a frame (e.g., a multi-destination frame) at the provider edge device to be provided to multiple customer edge devices. The techniques further comprise, upon determining, based on information included in the frame, that the device at which the frame originated is not a root device, identifying a subset of the set of local customer edge devices associated with a root status and providing the frame to the subset of the set of local customer edge devices while not providing the multi-destination frame to local customer edge devices outside of the subset.

Abstract: A system and associated methods provide procedures for establishing multicast connections and forwarding multicast content from a source to a subscriber when an ingress provider edge in communication with the subscriber is connected to an egress provider edge device belonging to an EVPN instance, especially in cases where the egress provider edge device is not receiving content from the source. The system configures “backup” provider edge devices belonging to the EVPN instance to temporarily forward the multicast content to the egress provider edge device on behalf of the source, enabling the ingress provider edge device and subscriber to continue to receive the multicast content from the source while the multicast network adjusts to recognize a new egress provider edge device. Methods of establishing connections between the ingress provider edge device and the correct egress provider edge device are also provided to avoid flooding and inefficient content forwarding throughout the network.

Abstract: Existing Equal Cost Multi-path (ECMP) grouping strategies in a multi-homing network have scalability issues due to limited hardware resources. To address this, devices, systems, methods, and processes for adaptive optimization of ECMP groups are described herein. An optimization logic, coupled to a plurality of network devices, receives a set of route advertisements of the plurality of network devices and allocates a shared ECMP group, including two or more network devices of the plurality of network devices, for at least two ESs based on the set of route advertisements. A next hop list is generated in which the at least two ESs point to the shared ECMP group. The optimization logic may update the next hop list based on link failures or route withdrawal advertisements associated with the two or more network devices included in the shared ECMP group. The ES may be removed from pointing to the shared ECMP group.

Abstract: Devices, networks, systems, methods, and processes for tracking a multi-homed host device are provided herein. A communication network may include at least two network devices and a host device that is multi-homed to the at least two network devices. A network device of the at least two network devices transmits a first tracking request to the host device and receives a tracking response for the first tracking request at a network-side interface of the network device. The first tracking request includes a first data sequence. The network device transmits, based on receiving the tracking response at the network-side interface, one or more second tracking requests with varying second data sequences in an attempt to force a response from the host device at a host-side interface of the network device. Thus, the host device is tracked in an efficient manner without changing a hashing algorithm of the host device.

Abstract: Described herein are techniques for implementing a low earth orbit (LEO) satellite network and routing communications (e.g., packets) over that network. In embodiments, the techniques may comprise receiving, at a first ground station computing device, a request to determine destination information for a communication, determining, at the first ground station computing device based on information about the communication, a target computing device to which the communication is to be routed, determining, at the first ground station computing based on the target computing device, a location of a destination ground station, determining, at the first ground station computing by mapping orbital data to the location of the destination ground station, a destination satellite, generating the destination information to include at least an address for the destination satellite, and providing the destination information in response to the request.

Abstract: In an embodiment, a method includes receiving an address-resolution-protocol (ARP) request at a first edge device from a first host device, advertising a first remote route associated with a first flag indicating the first edge device operates in a layer-3 optimized integrated-routing-and-bridging (IRB) mode by the first edge device based on the ARP request, receiving the first remote route at a second edge device from the first edge device, responsive to detecting the first flag by the second edge device, installing the first remote route into a layer-2 routing information base (RIB) associated with the second edge device.

Abstract: A system and associated methods provide procedures for establishing multicast connections and forwarding multicast content from a source to a subscriber when an ingress provider edge in communication with the subscriber is connected to an egress provider edge device belonging to an EVPN instance, especially in cases where the egress provider edge device is not receiving content from the source. The system configures “backup” provider edge devices belonging to the EVPN instance to temporarily forward the multicast content to the egress provider edge device on behalf of the source, enabling the ingress provider edge device and subscriber to continue to receive the multicast content from the source while the multicast network adjusts to recognize a new egress provider edge device. Methods of establishing connections between the ingress provider edge device and the correct egress provider edge device are also provided to avoid flooding and inefficient content forwarding throughout the network.

Abstract: In one aspect, a method includes defining a corresponding depth for each leaf device and each spine device in a leaf-spine network fabric having a hierarchical structure; defining one or more zones in the leaf-spine network fabric; generating a corresponding replication list for each leaf device and one or more spine devices in the leaf-spine network fabric based at least in part of the corresponding depth and the one or more zones defined; and performing ingress replication of network traffic received at a given leaf device using the corresponding replication list of the given leaf device and the corresponding replication list of at least one of the one or more spine devices.

Abstract: Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a random IP address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a random IP address that cannot be used to identify the endpoint device or service. The client device may then communicate data packets to the server using the random IP address as the destination address, and a gateway that works in conjunction with DNS can convert the random IP address to the actual IP address of the server using NAT and forward the data packet onto the server.

Abstract: Devices, systems, methods, and processes for fabric congestion management are described herein. At each ingress switch, virtual output (“VO”) queues are created for egress ports based on identifiers, state indicators, and encapsulation values of the egress ports received via an Ethernet Virtual Private Network (“EVPN”) control plane. When a data packet is received at the ingress switch, an egress port for the data packet is determined, an identifier and an encapsulation value of the egress port are added to the data packet, and the data packet is stored in a corresponding VO queue. The data packet remains at the ingress switch until an egress switch is available. At the egress switch, one or more tags are added in the data packet based on the encapsulation value, whereas the destination egress port is identified based on the identifier. Thus, a quick egress through the egress switch is achieved.

Abstract: This disclosure describes techniques for enabling interoperability between asymmetric and symmetric Integrated Routing and Bridging (IRB) modes. An interfacing component may be configured to receive a first route advertisement from a first edge node in a Layer-2 (L2) fabric. The first route advertisement may correspond to an asymmetric format route, for instance. The interfacing component may be further configured to receive a second route advertisement from a second edge node in a L2/Layer-3 (L3) fabric. The second edge node may be configured for symmetric integrated routing and bridging (IRB). The interfacing component may be configured to re-originate the first route and the second route such that the interfacing component is included as a hop in the resultant routes between the L2 fabric and the L2/L3 fabric.

Abstract: Described herein are techniques for leveraging ground station computing devices for performing route planning calculations to be used in a LEO satellite network for traffic routing. Such techniques may comprise receiving, at a ground station computing device, a request to generate routing information for a satellite node over a period of time, determining, by the ground station computing device, a number of communication connections associated with at least one destination node, each communication connection of the number of communication connections associated with a portion of the period of time, selecting, by the ground station computing device, one or more communication connection of the number of communication connections to cover the period of time, populating, by the ground station computing device, the routing information with an indication of the selected at least one communication connection, and providing the routing information to the satellite node.

Abstract: A system and method for handling multicast traffic in Ethernet Virtual Private Network multi-homed networks includes receiving a first route table for a first route, determining that the first route table is associated with another peer device in the multi-home network, generating a second route table for a second route, determining a route to transmit data and the determined route is the first route or the second route based on the first preference value and the second preference value, and transmitting the data using the determined route.

Abstract: Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a random IP address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a random IP address that cannot be used to identify the endpoint device or service. The client device may then communicate data packets to the server using the random IP address as the destination address, and a gateway that works in conjunction with DNS can convert the random IP address to the actual IP address of the server using NAT and forward the data packet onto the server.

Abstract: In one embodiment, a method includes receiving, by a first router, data from a network component. The method also includes determining, by the first router, a first link bandwidth capacity between the first router and a host device and determining, by the first router, a first score for the first router based on the first link bandwidth capacity. The method also includes determining, by the first router, a second link bandwidth capacity between a second router and the host device and determining, by the first router, a second score for the second router based on the second link bandwidth capacity. The method further includes comparing, by the first router, at least the first score and the second score to determine a highest score and assigning, by the first router, an edge router associated with the highest score to communicate the data to the host device.

Abstract: In one embodiment, a method includes receiving, by a route reflector, a subscription request from a first provider edge node in a network and generating a subscription policy for the first provider edge node. The method also includes receiving a first Ethernet Virtual Private Network (EVPN) Type 2 Route from a second provider edge node, assigning a sequence number to the first EVPN Type 2 Route, and communicating the first EVPN Type 2 Route with the sequence number to the first provider edge node. The method further includes receiving a second EVPN Type 2 Route from a third provider edge node, generating an updated sequence number in response to receiving the second EVPN Type 2 Route from the third provider edge node, and communicating the second EVPN Type 2 Route with the updated sequence number to the first provider edge node and the second provider node.

Abstract: In one aspect, a method of IP obfuscation of a user device includes receiving, over an Extendible Authentication Protocol (EAP) session between a user device and a network access point, location preferences of the user device, generating, based on the location preferences or a network policy, a geohash for the user device, identifying, for the user device, an IP anchor, sending, over the EAP session, the geohash to the user device, and receiving, from the user device, network traffic, wherein the network access point utilizes the geohash and the IP anchor to route the network traffic for the user device and obfuscate IP address of the user device from third-party access.

Abstract: Techniques are described herein for resolving conflicts in role statuses assigned to a customer edge device by multiple provider edge devices in communication with that customer edge device. In embodiments, such techniques may involve receiving information about a customer edge device in communication with the first provider edge device and storing, based on the information about the customer edge device, an indication of a first role status of the customer edge device. The techniques may further involve receiving, from at least one second provider edge device in communication with the customer edge device, an advertisement message that includes a second role status of the customer edge device, comparing the first role status to the second role status, and upon determining that the first role status does not match the second role status, updating the first role status of the customer edge device.

Abstract: A system and method for handling multicast traffic in Ethernet Virtual Private Network multi-homed networks includes receiving a first route table for a first route, determining that the first route table is associated with another peer device in the multi-home network, generating a second route table for a second route, determining a route to transmit data and the determined route is the first route or the second route based on the first preference value and the second preference value, and transmitting the data using the determined route.