Abstract: A UMR auto-discovery mechanism which allows a gateway EVPN router to advertise a UMR route and to suppress redistribution of remote domain MAC-IP routes. In one embodiment, upon joining a local EVPN domain of a network, a network device (an EVPN router) advertises its UMR capability, which may include UMR installer capability or UMR originator capability. The UMR-capable devices in the network are also advertised to the newly added network device. A UMR originator (e.g., gateway) with knowledge of the UMR capabilities of the devices in the network then generates and sends a route list to the devices, where the route list includes a UMR route, or MAC/IP routes, or both, depending upon whether all of the network devices are all UMR-capable, none are UMR-capable, or the devices include both UMR-capable and non-UMR-capable devices, respectively.

Abstract: A first network device for a first virtual network identifier (VNI) domain may be coupled to a second network device for a second VNI domain via an interconnect network. When serving as the downstream network device for processing network traffic from the first VNI domain to the second VNI domain, the second network device may perform remote VNI to local VNI translation for the network traffic, thereby facilitating proper network traffic handling even in network configurations in which the first network device is not configured to perform downstream VNI translation. If desired, instead of or in addition to performing VNI translation for its own VNI domain, the second network device may serve as a service device to perform VNI translation for a third VNI domain.

Abstract: In general, embodiments relates to a method for creating an on-demand tunnel (ODT) in a network between a first network device and a second network device, the method comprising: storing by the first network device, a potentially suboptimal path to the second network device, determining that a trigger condition to create the ODT between the first network device and the second network device is satisfied, in response to the determination: transmitting, by the first network device, an ODT signaling packet to the second network device via the potentially suboptimal path, receiving, from the second network device and in response to transmitting the ODT signaling packet, an ODT keepalive by first network device via the ODT, and transmitting, after receiving the ODT keepalive, a second packet to the second network device via the ODT.

Abstract: A method for generating an application-aware virtual topology (AAVT) routing table for a network device among network devices connected via a wide area network is provided. The method is executed by a network controller connected to the network and includes: receiving, from the network devices, path information of the network devices; generating, using the path information, an underlay graph specifying a path topology of the network device; generating, based on the path topology specified in the underlay graph, the AAVT routing table for the network device where the AAVT routing table includes a set of paths; and transmitting, in response to generating the AAVT routing table, the AAVT routing table to the network device to cause the network device to program the set of paths.

Abstract: Systems, methods and products for distributing traffic to top-of-rack switches (TORs) that dynamically determine their capability to handle traffic and advertise this capability to border leaf router(s). The advertised information may include the bandwidth between the TOR and the instances of the service to which it is connected, and/or the number of instances of the service to which the TOR is connected. The border leaf router computes a distribution of received traffic to the TORs based on this information and forwards traffic to the TORs according to the calculated distribution. As parameters of the TORs and servers change, the TORs can advertise the updated information, and the border leaf router can update its computed distribution to account for the changed parameters.

Abstract: A method for transmitting network traffic across a wide area network (WAN) from a first site to a second site is provided. The method is executed by a first edge network device at the first site that further includes a second edge network device, and the method includes: receiving the network traffic from a client device at the first site; determining, using ipath characteristics and a classification of the network traffic, that the network traffic should be transmitted by the second edge network device to the second site; forwarding in response to the determination, the network traffic to the second edge network device using a local tunnel over a local area network (LAN) of the first site such that the network traffic is transmitted to the second site by the second edge network device.

Abstract: First and second network devices may be configured to multihome a host. The first network device may advertise a first MAC and IP advertisement route indicative of a first link between the first network device and the host. The second network device may advertise a backup MAC and IP advertisement route indicative of a second link between the second network device and the host. Based on the backup MAC and IP advertisement route, the first network device may store a backup path for reaching the host via the second network device. After failure of the first link, the first network device may forward traffic destined for the host based on the stored backup path.

Abstract: A method for generating an application-aware virtual topology (AAVT) routing table for a network device among network devices connected via a wide area network is provided. The method is executed by a network controller connected to the network and includes: receiving, from the network devices, path information of the network devices; generating, using the path information, an underlay graph specifying a path topology of the network device; generating, based on the path topology specified in the underlay graph, the AAVT routing table for the network device where the AAVT routing table includes a set of paths; and transmitting, in response to generating the AAVT routing table, the AAVT routing table to the network device to cause the network device to program the set of paths.

Abstract: A method for servicing network traffic in a wide area network (WAN) comprising a plurality of network devices is provided. The method is executed by a network device among the plurality of network devices and comprises: receiving a request to transmit the network traffic to a destination network device where the request specifies that the network traffic is to be serviced by a network service; determining, based on the request and using a service-aware virtual topology (SAVT) routing table, a path through the WAN for reaching the network service and a service instance identifier (ID) of the network service; configuring the network traffic to include a service bit indicating whether service is to be performed and instructions specifying the path for reaching the network service; and transmitting, after configuring the network traffic, the network traffic toward the destination device through the at least one network service.

Abstract: A system and method for provisionally authenticating a host moving from a source port of a switch device to a destination port of the switch device is disclosed. The host is initially authenticated at the source port and blocked from forwarding network traffic at the destination port. During a provisional authentication session, an authentication agent executing on the switch intercepts one or more authentication packets sourced by the host and headed for the destination port of the switch device and redirects the authentication packets to an authentication server for validating the host at the destination port of the switch device. The switch device removes the block at the destination port in response to receiving an acknowledgment of successful authentication at the destination port from the authentication server.

Abstract: Techniques disclosed herein provide a method for efficiently propagating address resolution reply messages. A first router in a first network receives an address resolution request message from a second router in a second network. The first router generates an entry for the address resolution request message and stores the entry in a pending address resolution requests table. When the first router receives a route advertisement, it extracts a network layer address from the route advertisement and determines whether the pending address resolution requests table includes an entry for the network layer address. If so, the router extracts a link layer address from the route advertisement and generates an address resolution reply message comprising the network layer address and the link layer address. The router then transmits the address resolution reply message to the second router.

Abstract: In response to receiving an ASR message, a VTEP generates a specially modified control plane message advertising the IP-to-MAC binding of the ASR message. The control plane message may be modified to indicate that it is not to be used for MAC learning. The control plane message is advertised over the network. When an intended recipient receives the message, it uses that message just for the IP-to-MAC binding. When an unintended recipient receives the message, it may drop it as invalid.

Abstract: A method for synchronizing a binding process among a group of network devices connected to a server that is multi-homed to the group of network devices in provided. The method is executed by a first network device among the group of network devices and includes: receiving, from the server, network traffic associated with a host executing on the server; configuring, using the network traffic, a binding between the first network device and the host and setting a binding status of the first network device for the host to a first status; and transmitting, in response to the setting and via an out-of-band (OOB) channel to a second network device among the plurality of network devices, first binding instructions for causing the second network device set a binding status of the second network device for the host to a second status different from the first status.

Abstract: A system and method for provisionally authenticating a host moving from a source port of a switch device to a destination port of the switch device is disclosed. The host is initially authenticated at the source port and blocked from forwarding network traffic at the destination port. During a provisional authentication session, an authentication agent executing on the switch intercepts one or more authentication packets sourced by the host and headed for the destination port of the switch device and redirects the authentication packets to an authentication server for validating the host at the destination port of the switch device. The switch device removes the block at the destination port in response to receiving an acknowledgment of successful authentication at the destination port from the authentication server.

Abstract: A method for supporting virtual machine (VM) mobility between network devices connected to a network includes: selecting a first type of route for interconnecting VMs that are connected to the network devices; and adding a feature of a second type of route to the first type of route to enable the network devices to execute proxy address resolution protocol (ARP) for transmitting network traffic between the VMs without requiring each of the network devices to store a physical address of each of the VMs in respective ones of a network address table.

Abstract: A method for transmitting network traffic across a wide area network (WAN) from a first site to a second site is provided. The method is executed by a first edge network device at the first site that further includes a second edge network device, and the method includes: receiving the network traffic from a client device at the first site; determining, using ipath characteristics and a classification of the network traffic, that the network traffic should be transmitted by the second edge network device to the second site; forwarding in response to the determination, the network traffic to the second edge network device using a local tunnel over a local area network (LAN) of the first site such that the network traffic is transmitted to the second site by the second edge network device.

Abstract: In general, embodiments relates to a method for creating an on-demand tunnel (ODT) in a network between a first network device and a second network device, the method comprising: storing by the first network device, a a potentially suboptimal path to the second network device, determining that a trigger condition to create the ODT between the first network device and the second network device is satisfied, in response to the determination: transmitting, by the first network device, an ODT signaling packet to the second network device via the potentially suboptimal path, receiving, from the second network device and in response to transmitting the ODT signaling packet, an ODT keepalive by first network device via the ODT, and transmitting, after receiving the ODT keepalive, a second packet to the second network device via the ODT.

Abstract: A method for servicing network traffic in a wide area network (WAN) comprising a plurality of network devices is provided. The method is executed by a network device among the plurality of network devices and comprises: receiving a request to transmit the network traffic to a destination network device where the request specifies that the network traffic is to be serviced by a network service; determining, based on the request and using a service-aware virtual topology (SAVT) routing table, a path through the WAN for reaching the network service and a service instance identifier (ID) of the network service; configuring the network traffic to include a service bit indicating whether service is to be performed and instructions specifying the path for reaching the network service; and transmitting, after configuring the network traffic, the network traffic toward the destination device through the at least one network service.

Abstract: A method for synchronizing a binding process among a group of network devices connected to a server that is multi-homed to the group of network devices in provided. The method is executed by a first network device among the group of network devices and includes: receiving, from the server, network traffic associated with a host executing on the server; configuring, using the network traffic, a binding between the first network device and the host and setting a binding status of the first network device for the host to a first status; and transmitting, in response to the setting and via an out-of-band (OOB) channel to a second network device among the plurality of network devices, first binding instructions for causing the second network device set a binding status of the second network device for the host to a second status different from the first status.

Abstract: Systems and methods are provided herein for a mechanism for faster convergence of network traffic after a network device's link is interrupted by leveraging the withdrawal of the ethernet virtual private network (EVPN) auto discovery (AD) route. This may be accomplished by a first device checking an ethernet segment identifier (ESI) status flag before generating an entry in the first device's forwarding table, where the entry is based on an IP route for a host received by a second network device. In response to receiving a withdrawal of an EVPN AD route from the second device, the first device may update the ESI status flag to indicate that the host on the ethernet segment (ES) is reachable only via the third device and update the entry that was based on the IP route for the host received by the second network device to prevent sending traffic to the host via the second device.