Abstract: Techniques are described herein for resolving conflicts in role statuses assigned to a customer edge device by multiple provider edge devices in communication with that customer edge device. In embodiments, such techniques may involve receiving information about a customer edge device in communication with the first provider edge device and storing, based on the information about the customer edge device, an indication of a first role status of the customer edge device. The techniques may further involve receiving, from at least one second provider edge device in communication with the customer edge device, an advertisement message that includes a second role status of the customer edge device, comparing the first role status to the second role status, and upon determining that the first role status does not match the second role status, updating the first role status of the customer edge device.

Abstract: A system and method for handling multicast traffic in Ethernet Virtual Private Network multi-homed networks includes receiving a first route table for a first route, determining that the first route table is associated with another peer device in the multi-home network, generating a second route table for a second route, determining a route to transmit data and the determined route is the first route or the second route based on the first preference value and the second preference value, and transmitting the data using the determined route.

Abstract: Stateless network address privacy may be provided. A data packing may be received with an obfuscated destination address and an un-obfuscated source address. An un-obfuscated destination address may be determined based on the obfuscated destination address. An obfuscated source address may be determined based on the un-obfuscated source address. The obfuscated destination address may be replaced with the un-obfuscated destination address and the un-obfuscated source address may be replaced with the obfuscated source address. The packet may be forwarded.

Abstract: Described herein are techniques for routing communications to a destination node within a LEO satellite network. The techniques may comprise receiving, at a satellite node in a network of satellites, a communication directed to an address for a destination satellite, determining whether the satellite node is the destination satellite, upon determining that the satellite node is the destination satellite, transmitting the communication to a ground station in communication range of the satellite node, and upon determining that the satellite node is not the destination satellite: identifying, via a local routing table, a second satellite node associated with the address for the destination satellite, and forwarding the communication to the second satellite node.

Abstract: A system and associated methods provide solutions for reducing a volume of traffic through a multicast network attributed to repeated maintenance messages, which are required in order to maintain a multicast connection. The system configures provider edge devices to generate and send maintenance messages on behalf of members of a multicast group to establish and maintain the multicast connection and provides options for determining unknown locations of sources and/or subscribers, thereby reducing the overall volume of traffic transmitted over the multicast network.

Abstract: A system and associated methods provide solutions for reducing a volume of traffic through a multicast network attributed to repeated maintenance messages, which are required in order to maintain a multicast connection. The system configures provider edge devices to generate and send maintenance messages on behalf of members of a multicast group to establish and maintain the multicast connection and provides options for determining unknown locations of sources and/or subscribers, thereby reducing the overall volume of traffic transmitted over the multicast network.

Abstract: According to an embodiment, a node comprises one or more processors operable to execute instructions to cause the node to perform operations. The operations comprise determining a link quality associated with each satellite link of a plurality of satellite links and applying load balancing to the plurality of satellite links. The load balancing is based at least in part on the respective link quality associated with each satellite link. The load balancing comprises determining which of the satellite links to include in an active set selected to communicate data to or from the node and, for each satellite link in the active set, determining a portion of the data to communicate via the respective satellite link. The operations further comprise transmitting or receiving the data via the satellite links in the active set. Each satellite link in the active set communicates its respective portion of the data.

Abstract: Techniques are described herein for performing filtering of frames by a provider edge device. The techniques comprise receiving information about one or more local customer edge devices in communication with a provider edge device. The techniques further comprise receiving a frame (e.g., a multi-destination frame) at the provider edge device to be provided to multiple customer edge devices. The techniques further comprise, upon determining, based on information included in the frame, that the device at which the frame originated is not a root device, identifying a subset of the set of local customer edge devices associated with a root status and providing the frame to the subset of the set of local customer edge devices while not providing the multi-destination frame to local customer edge devices outside of the subset.

Abstract: Techniques are described herein for resolving conflicts in role statuses assigned to a customer edge device by multiple provider edge devices in communication with that customer edge device. In embodiments, such techniques may involve receiving information about a customer edge device in communication with the first provider edge device and storing, based on the information about the customer edge device, an indication of a first role status of the customer edge device. The techniques may further involve receiving, from at least one second provider edge device in communication with the customer edge device, an advertisement message that includes a second role status of the customer edge device, comparing the first role status to the second role status, and upon determining that the first role status does not match the second role status, updating the first role status of the customer edge device.

Abstract: Systems, methods, and computer-readable media are provided for securely advertising autoconfigured prefixes in a cloud environment. In some examples, a method can include, receiving, by a first router, an indication of an available network address prefix. In some aspects, the method can also include selecting, by the first router, a first network address prefix that is within the available network address prefix, wherein the first network address prefix provides at least one route to one or more network elements associated with the first router. In some cases, the method may further include sending, to a second router, a message including a stub registration option that indicates the first network address prefix.

Abstract: Techniques for establishing connections between user devices and access points to connect to networks. Access points may indicate privacy-support capabilities, enabling a user device to discover privacy-capable access networks, and use this capability for network selection. Furthermore, the techniques enable the user device to request to enable and/or disable privacy support on an on-demand basis. The techniques described herein include the use of an access point that indicates the network's privacy capability to an endpoint device (e.g., source device, user device, etc.) over one or more link-layer messages, IP address configuration mechanisms, and over authentication protocols.

Abstract: Systems and techniques are provided for synchronizing DHCP snoop information. In some examples, a method can include, performing, by a first PE device from a plurality of PE devices, DHCP snooping of a first plurality of DHCP messages between a DHCP client and a DHCP server, wherein the plurality of PE devices is part of an ethernet segment for multihoming the DHCP client. In some aspects, the method includes determining, based on snooping the first plurality of DHCP messages, an association between an IP address corresponding to the DHCP client and a MAC address corresponding to the DHCP client. In some examples, the method includes sending, by the first PE device to at least one other PE device from the plurality of PE devices, a first route advertisement that includes the association between the IP address corresponding to the DHCP client and the MAC address corresponding to the DHCP client.

Abstract: A system and method for adaptive encryption for SD-WAN includes identifying an encrypted conversational flow and determining whether a duration of the encrypted conversational flow exceeds a threshold. The method also includes selecting a header-less tunnel for the encrypted conversational flow when the duration is more than the threshold. The method further includes transmitting the encrypted conversational flow to an egress router over the selected header-less tunnel.

Abstract: A system and associated methods provide a scalable solution for managing multiple multicast flows within a multicast group of a multicast network. The system groups redundant sources of the multicast group according to their associated multicast flows, assigns flow identifiers to each redundant source indicative of their associated multicast flows, and facilitates Single Forwarder election to select a Single Forwarder that belongs to the appropriate multicast flow. The system provides control plane extensions that enable signaling of which redundant source belongs to which multicast flow.

Abstract: In one embodiment, a method includes receiving, by a route reflector, a subscription request from a first provider edge node in a network and generating a subscription policy for the first provider edge node. The method also includes receiving a first Ethernet Virtual Private Network (EVPN) Type 2 Route from a second provider edge node, assigning a sequence number to the first EVPN Type 2 Route, and communicating the first EVPN Type 2 Route with the sequence number to the first provider edge node. The method further includes receiving a second EVPN Type 2 Route from a third provider edge node, generating an updated sequence number in response to receiving the second EVPN Type 2 Route from the third provider edge node, and communicating the second EVPN Type 2 Route with the updated sequence number to the first provider edge node and the second provider node.

Abstract: In one embodiment, a method includes receiving, by a route reflector, a subscription request from a first provider edge node in a network and generating a subscription policy for the first provider edge node. The method also includes receiving a first Ethernet Virtual Private Network (EVPN) Type 2 Route from a second provider edge node, assigning a sequence number to the first EVPN Type 2 Route, and communicating the first EVPN Type 2 Route with the sequence number to the first provider edge node. The method further includes receiving a second EVPN Type 2 Route from a third provider edge node, generating an updated sequence number in response to receiving the second EVPN Type 2 Route from the third provider edge node, and communicating the second EVPN Type 2 Route with the updated sequence number to the first provider edge node and the second provider node.

Abstract: In one aspect, a method includes receiving, at a first PE in a network of EVPNs, one or more of information on status of one or more nodes connected to the first PE, the one or more nodes being one of a leaf node or a root node; and a respective advertisement message from one or more second PEs.

Abstract: A system and associated methods provide solutions for reducing a volume of traffic through a multicast network attributed to repeated maintenance messages, which are required in order to maintain a multicast connection. The system configures provider edge devices to generate and send maintenance messages on behalf of members of a multicast group to establish and maintain the multicast connection and provides options for determining unknown locations of sources and/or subscribers, thereby reducing the overall volume of traffic transmitted over the multicast network.

Abstract: This disclosure describes methods of operating a leaf node device, such as a switch device, connected to a switch fabric of a network. The leaf node device receives, from another leaf node device via the switch fabric, an indication of a secure route to a host device. In response to receiving the indication of the secure route, the leaf node device creates or updates a routing entry for the host device in a routing information base of the leaf node device and creates or updates an entry for the host device in a Dynamic Host Configuration Protocol (DHCP) snoop database of the leaf node device. The leaf node may thereby communicate with the host device that is attached to the leaf node device as a result of moving from the other leaf node device.

Abstract: A computer network efficiently provides a multicast network flow to a multicast recipient across a multihomed network element. The multihomed network element includes network devices that receive multicast data from a source of a multicast network flow. Each particular network device that received the multicast data publishes a notification indicating that the multicast network flow is available from the particular network device. The computer network receives a subscription to the multicast network flow from a multicast recipient, and determines whether to bridge the multicast data across the multihomed network element based on a multicast configuration of the computer network. The multihomed network element provides the multicast data to the multicast recipient from at least one of the particular network devices that received the multicast data from the source of the multicast network flow.