Abstract: Techniques are described for dynamically constructing a label switching protocol interface in a network device. For example, the techniques allow dynamic construction of a Multi-Protocol Label Switching (MPLS) interface. According to some embodiments, upon receiving a network communication from a subscriber, a network device determines whether the subscriber requires support for the label switching protocol. If the subscriber requires such support, the network device creates an interface stack for the subscriber that includes an interface for the label switching protocol. In this way, the network device may route packets from the subscriber across a network of computing devices that use the label switching protocol, and forward packets from such a network to the subscriber. The subscriber and the network device need not communicate according to the label switching protocol and, in example embodiments, instead communicate according to a layer 2 communication protocol.

Abstract: Techniques are described for reducing the impact of failure of a primary and a secondary routing control unit within a network device, i.e., a double-failure of the network device. For example, a network device, such as a router, initially establishes a routing communication session between a primary routing control unit of the router and a neighboring router. The initial routing communication session has a first restart time in the event of a session failure. The router reestablishes the routing communication session with a secondary routing control unit upon failure of the primary routing control unit. The reestablished routing communication session has a second restart time that is less than first restart time. Upon recovery of the failed routing control unit, the secondary routing control unit renegotiates the restart time associated with the session to an increased value with the neighboring routers to which the reduced restart time was initially advertised.

Abstract: A label switching router (LSR) is described that spoof checks Multi-protocol Label Switching (MPLS) packets to prevent malicious or inadvertent injection of MPLS packets within a label switched path (LSP). The LSR ensures that MPLS packets received from an upstream label switching router (LSR) contain labels that were advertised to that upstream LSR. A software module associated with a signaling protocol, such as the Resource Reservation Protocol (RSVP), the Label Distribution Protocol (LDP), or the Border Gateway Protocol (BGP), is extended to utilize an MPLS forwarding table, and MPLS interface table, and a remote autonomous system table. A set of interfaces for which the label was advertised may be checked to determine whether an interface on which a packet was received is contained in the set of interfaces. The MPLS forwarding table may contain a spoof-check field used to specify one of several different types of spoof checks and to specify the set of interfaces.

Abstract: A label switching router (LSR) is described that spoof checks Multi-protocol Label Switching (MPLS) packets to prevent malicious or inadvertent injection of MPLS packets within a label switched path (LSP). The LSR ensures that MPLS packets received from an upstream label switching router (LSR) contain labels that were advertised to that upstream LSR. A software module associated with a signaling protocol, such as the Resource Reservation Protocol (RSVP), the Label Distribution Protocol (LDP), or the Border Gateway Protocol (BGP), is extended to utilize an MPLS forwarding table, and MPLS interface table, and a remote autonomous system table. A set of interfaces for which the label was advertised may be checked to determine whether an interface on which a packet was received is contained in the set of interfaces. The MPLS forwarding table may contain a spoof-check field used to specify one of several different types of spoof checks and to specify the set of interfaces.

Abstract: Techniques are described for reducing the impact of failure of a primary and a secondary routing control unit within a network device, i.e., a double-failure of the network device. For example, a network device, such as a router, initially establishes a routing communication session between a primary routing control unit of the router and a neighboring router. The initial routing communication session has a first restart time in the event of a session failure. The router reestablishes the routing communication session with a secondary routing control unit upon failure of the primary routing control unit. The reestablished routing communication session has a second restart time that is less than first restart time. Upon recovery of the failed routing control unit, the secondary routing control unit renegotiates the restart time associated with the session to an increased value with the neighboring routers to which the reduced restart time was initially advertised.

Abstract: Techniques are described for preventing network attacks. More specifically, the techniques involve classification of routes based on the network protocol from which the routes were learned, and filtering of packets based on the classification. A network device, for example, is described that includes interface cards to receive routing information via one or more routing protocols, wherein the routing information defines network routes. The network device further includes a control unit to classify the routes based the routing protocol by which the routes were received, and selectively forward packets associated with the routes based on the classification of the routes. Edge routers within a server provider network, for example, may classify routes as either “internal” or “external” based on the protocols from which the routes were learned, and automatically filter packets to prevent network attacks using the techniques.

Abstract: Techniques are described for dynamically constructing a label switching protocol interface in a network device. For example, the techniques allow dynamic construction of a Multi-Protocol Label Switching (MPLS) interface. According to some embodiments, upon receiving a network communication from a subscriber, a network device determines whether the subscriber requires support for the label switching protocol. If the subscriber requires such support, the network device creates an interface stack for the subscriber that includes an interface for the label switching protocol. In this way, the network device may route packets from the subscriber across a network of computing devices that use the label switching protocol, and forward packets from such a network to the subscriber. The subscriber and the network device need not communicate according to the label switching protocol and, in example embodiments, instead communicate according to a layer 2 communication protocol.

Abstract: A label switching router (LSR) is described that spoof checks Multi-protocol Label Switching (MPLS) packets to prevent malicious or inadvertent injection of MPLS packets within a label switched path (LSP). The LSR ensures that MPLS packets received from an upstream label switching router (LSR) contain labels that were advertised to that upstream LSR. A software module associated with a signaling protocol, such as the Resource Reservation Protocol (RSVP), the Label Distribution Protocol (LDP), or the Border Gateway Protocol (BGP), is extended to utilize an MPLS forwarding table, and MPLS interface table, and a remote autonomous system table. A set of interfaces for which the label was advertised may be checked to determine whether an interface on which a packet was received is contained in the set of interfaces. The MPLS forwarding table may contain a spoof-check field used to specify one of several different types of spoof checks and to specify the set of interfaces.