Abstract: A network device may receive an instruction to update a data structure implemented by the network device and update the data structure based on receiving the instruction. The data structure may include a routing instruction to direct the network device to provide a data flow to a server device for processing. The network device may receive the data flow destined for a destination device; determine the routing instruction based on at least a portion of an internet protocol (IP) address associated with the data flow and based on the data structure; execute the routing instruction to provide the data flow to the server device and to cause the data flow to be processed by the server device to form a processed data flow; and receive the processed data flow and provide the processed data flow towards the destination device.

Abstract: A network device may receive an instruction to update a data structure implemented by the network device and update the data structure based on receiving the instruction. The data structure may include a routing instruction to direct the network device to provide a data flow to a server device for processing. The network device may receive the data flow destined for a destination device; determine the routing instruction based on at least a portion of an internet protocol (IP) address associated with the data flow and based on the data structure; execute the routing instruction to provide the data flow to the server device and to cause the data flow to be processed by the server device to form a processed data flow; and receive the processed data flow and provide the processed data flow towards the destination device.

Abstract: A network device may receive an instruction to update a data structure implemented by the network device and update the data structure based on receiving the instruction. The data structure may include a routing instruction to direct the network device to provide a data flow to a server device for processing. The network device may receive the data flow destined for a destination device; determine the routing instruction based on at least a portion of an internet protocol (IP) address associated with the data flow and based on the data structure; execute the routing instruction to provide the data flow to the server device and to cause the data flow to be processed by the server device to form a processed data flow; and receive the processed data flow and provide the processed data flow towards the destination device.

Abstract: In general, techniques are described for defining an interface to a network router software infrastructure that allows developers to dynamically extend a routing protocol executed by the network router to distribute data throughout the routing domain for use with custom applications. In some examples, a routing protocol process executing on a control plane of a network device may expose an interface, such as an Application Programming Interface (API), that defines methods and parameters for extending the operation of a routing protocol executed by the routing protocol process.

Abstract: A network device may receive information regarding a service set identifying service to apply to a data flow received via a particular interface of the network device; receive the data flow via the particular interface; identify a service to provide to the data flow based on the information regarding the service set; identify a processing device to process the data flow; and provide the data flow to the processing device. The processing device may be different than the network device and may process the data flow, on behalf of the network device, to form a processed data flow. The processed data flow may include the data flow with the service applied to the data flow. The network device may further receive the processed data flow from the processing device and transmit the processed data flow toward a destination device.

Abstract: A distributed computing system includes a primary device and one or more backend devices. The primary device provides a management interface for the distributed computing system. A plurality of applications may be installed on the backend devices for execution. The primary device generates registration data that associates the applications with management interface commands or configuration parameters in response to messages received from the applications. Subsequently, when the primary device receives a particular command at the management interface, the primary device identifies, based on the registration data, a particular application from among the plurality of applications. In response to identifying the application, the primary device may send to the application an outgoing message.

Abstract: A network device may receive information regarding a service set identifying service to apply to a data flow received via a particular interface of the network device; receive the data flow via the particular interface; identify a service to provide to the data flow based on the information regarding the service set; identify a processing device to process the data flow; and provide the data flow to the processing device. The processing device may be different than the network device and may process the data flow, on behalf of the network device, to form a processed data flow. The processed data flow may include the data flow with the service applied to the data flow. The network device may further receive the processed data flow from the processing device and transmit the processed data flow toward a destination device.

Abstract: A device may be configured to receive information regarding one or more ports associated with a routing device; output, to the routing device, filter information associated with at least a particular port, of the one or more ports associated with the routing device, the filter information specifying one or more conditions associated with traffic of interest; receive, from the routing device, and based on the outputted filter information, information regarding traffic of interest received or sent by the routing device via the particular port, the traffic of interest being less than or equal to all traffic received or sent by the routing device via the particular port; and store or output a representation of at least a portion of the received information regarding the traffic of interest.

Abstract: A network device may receive information regarding a service set identifying service to apply to a data flow received via a particular interface of the network device; receive the data flow via the particular interface; identify a service to provide to the data flow based on the information regarding the service set; identify a processing device to process the data flow; and provide the data flow to the processing device. The processing device may be different than the network device and may process the data flow, on behalf of the network device, to form a processed data flow. The processed data flow may include the data flow with the service applied to the data flow. The network device may further receive the processed data flow from the processing device and transmit the processed data flow toward a destination device.

Abstract: A device may be configured to receive information regarding one or more ports associated with a routing device; output, to the routing device, filter information associated with at least a particular port, of the one or more ports associated with the routing device, the filter information specifying one or more conditions associated with traffic of interest; receive, from the routing device, and based on the outputted filter information, information regarding traffic of interest received or sent by the routing device via the particular port, the traffic of interest being less than or equal to all traffic received or sent by the routing device via the particular port; and store or output a representation of at least a portion of the received information regarding the traffic of interest.

Abstract: A device may be configured to receive information regarding one or more ports associated with a routing device; output, to the routing device, filter information associated with at least a particular port, of the one or more ports associated with the routing device, the filter information specifying one or more conditions associated with traffic of interest; receive, from the routing device, and based on the outputted filter information, information regarding traffic of interest received or sent by the routing device via the particular port, the traffic of interest being less than or equal to all traffic received or sent by the routing device via the particular port; and store or output a representation of at least a portion of the received information regarding the traffic of interest.

Abstract: In general, techniques are described for defining an interface to a network router software infrastructure that allows developers to dynamically extend a routing protocol executed by the network router to distribute data throughout the routing domain for use with custom applications. In some examples, a routing protocol process executing on a control plane of a network device may expose an interface, such as an Application Programming Interface (API), that defines methods and parameters for extending the operation of a routing protocol executed by the routing protocol process.

Abstract: A network device may receive information regarding a service set identifying service to apply to a data flow received via a particular interface of the network device; receive the data flow via the particular interface; identify a service to provide to the data flow based on the information regarding the service set; identify a processing device to process the data flow; and provide the data flow to the processing device. The processing device may be different than the network device and may process the data flow, on behalf of the network device, to form a processed data flow. The processed data flow may include the data flow with the service applied to the data flow. The network device may further receive the processed data flow from the processing device and transmit the processed data flow toward a destination device.

Abstract: A distributed computing system includes a primary device and one or more backend devices. The primary device provides a management interface for the distributed computing system. A plurality of applications may be installed on the backend devices for execution. The primary device generates registration data that associates the applications with management interface commands or configuration parameters in response to messages received from the applications. Subsequently, when the primary device receives a particular command at the management interface, the primary device identifies, based on the registration data, a particular application from among the plurality of applications. In response to identifying the application, the primary device may send to the application an outgoing message.

Abstract: A device may be configured to receive information regarding one or more ports associated with a routing device; output, to the routing device, filter information associated with at least a particular port, of the one or more ports associated with the routing device, the filter information specifying one or more conditions associated with traffic of interest; receive, from the routing device, and based on the outputted filter information, information regarding traffic of interest received or sent by the routing device via the particular port, the traffic of interest being less than or equal to all traffic received or sent by the routing device via the particular port; and store or output a representation of at least a portion of the received information regarding the traffic of interest.

Abstract: A network device may receive information regarding a service set identifying service to apply to a data flow received via a particular interface of the network device; receive the data flow via the particular interface; identify a service to provide to the data flow based on the information regarding the service set; identify a processing device to process the data flow; and provide the data flow to the processing device. The processing device may be different than the network device and may process the data flow, on behalf of the network device, to form a processed data flow. The processed data flow may include the data flow with the service applied to the data flow. The network device may further receive the processed data flow from the processing device and transmit the processed data flow toward a destination device.

Abstract: Techniques are described for preventing network attacks. More specifically, the techniques involve classification of routes based on the network protocol from which the routes were learned, and filtering of packets based on the classification. A network device, for example, is described that includes interface cards to receive routing information via one or more routing protocols, wherein the routing information defines network routes. The network device further includes a control unit to classify the routes based the routing protocol by which the routes were received, and selectively forward packets associated with the routes based on the classification of the routes. Edge routers within a service provider network, for example, may classify routes as either “internal” or “external” based on the protocols from which the routes were learned, and automatically filter packets to prevent network attacks using the techniques.

Abstract: A device may be configured to receive information regarding one or more ports associated with a routing device; output, to the routing device, filter information associated with at least a particular port, of the one or more ports associated with the routing device, the filter information specifying one or more conditions associated with traffic of interest; receive, from the routing device, and based on the outputted filter information, information regarding traffic of interest received or sent by the routing device via the particular port, the traffic of interest being less than or equal to all traffic received or sent by the routing device via the particular port; and store or output a representation of at least a portion of the received information regarding the traffic of interest.

Abstract: A network device may receive information regarding a service set identifying service to apply to a data flow received via a particular interface of the network device; receive the data flow via the particular interface; identify a service to provide to the data flow based on the information regarding the service set; identify a processing device to process the data flow; and provide the data flow to the processing device. The processing device may be different than the network device and may process the data flow, on behalf of the network device, to form a processed data flow. The processed data flow may include the data flow with the service applied to the data flow. The network device may further receive the processed data flow from the processing device and transmit the processed data flow toward a destination device.

Abstract: A label switching router (LSR) is described that spoof checks Multi-protocol Label Switching (MPLS) packets to prevent malicious or inadvertent injection of MPLS packets within a label switched path (LSP). The LSR ensures that MPLS packets received from an upstream label switching router (LSR) contain labels that were advertised to that upstream LSR. A software module associated with a signaling protocol, such as the Resource Reservation Protocol (RSVP), the Label Distribution Protocol (LDP), or the Border Gateway Protocol (BGP), is extended to utilize an MPLS forwarding table, and MPLS interface table, and a remote autonomous system table. A set of interfaces for which the label was advertised may be checked to determine whether an interface on which a packet was received is contained in the set of interfaces. The MPLS forwarding table may contain a spoof-check field used to specify one of several different types of spoof checks and to specify the set of interfaces.