Abstract: Embodiments of the present disclosure include techniques for securing the flow of configuration commands issued to network devices. When an authorized command source, such as an authorized user or program, issues a command, security data for the command is generated and associated with the command. The command and security data may flow across multiple software applications to the network device. The network device receiving the command may use the security data to verify that the command source is an authorized source and to validate that the command was unaltered.

Abstract: A centralized manager in a network deployment is configured to perform periodic automated rotation of secrets used in the network and customer devices in the deployment. The centralized manager is further configured with intelligence to automatically install the rotated secrets onto the deployed devices. The centralized controller can provide high frequency rotations to improve network security.

Abstract: A method and apparatus of a device that performs a hitless update a boot image of a network element. In this embodiment, the device identifies the network element to update and determines if the network element has redundant paths. If this network element has redundant paths, the device configures the network element to drain data processing of the network element. In addition, the device updates the network element to a new boot image when the data processing of the network element is drained.

Abstract: A method and apparatus of a device that performs a hitless update a boot image of a network element. In this embodiment, the device identifies the network element to update and determines if the network element has redundant paths. If this network element has redundant paths, the device configures the network element to drain data processing of the network element. In addition, the device updates the network element to a new boot image when the data processing of the network element is drained.

Abstract: A method and apparatus of a device that performs a hitless update a boot image of a network element. In this embodiment, the device identifies the network element to update and determines if the network element has redundant paths. If this network element has redundant paths, the device configures the network element to drain data processing of the network element. In addition, the device updates the network element to a new boot image when the data processing of the network element is drained.

Abstract: A method and apparatus of a device that performs a hitless update a boot image of a network element. In this embodiment, the device identifies the network element to update and determines if the network element has redundant paths. If this network element has redundant paths, the device configures the network element to drain data processing of the network element. In addition, the device updates the network element to a new boot image when the data processing of the network element is drained.

Abstract: A method and apparatus of a device that determines a cause and effect of congestion in this device is described. In an exemplary embodiment, the device measures a queue group occupancy of a queue group for a port in the device, where the queue group stores a plurality of packets to be communicated through that port. In addition, the device determines if the measurement indicates a potential congestion of the queue group, where the congestion prevents a packet from being communicated within a time period. If potential congestion exists on that queue group, the device further gathers information regarding packets to be transmitted through that port. For example, the device can gather statistics packets that are stored in the queue group and/or new enqueue packets.

Abstract: A method and apparatus of a device that determines a cause and effect of congestion in this device is described. In an exemplary embodiment, the device measures a queue group occupancy of a queue group for a port in the device, where the queue group stores a plurality of packets to be communicated through that port. In addition, the device determines if the measurement indicates a potential congestion of the queue group, where the congestion prevents a packet from being communicated within a time period. If potential congestion exists on that queue group, the device further gathers information regarding packets to be transmitted through that port. For example, the device can gather statistics packets that are stored in the queue group and/or new enqueue packets.

Abstract: A method and apparatus of a device that determines a cause and effect of congestion in this device is described. The device determines an effect of congestion in the device. The device measures a queue group occupancy of a queue group for a port in the device, where the queue group stores a plurality of packets to be communicated through that port. The device further determines if congestion exists on that queue group using the measurement, where the congestion prevents a packet of the plurality of packets from being communicated within a time period. If the congestion exists on that queue group, the device additionally gathers information regarding packets to be transmitted through that port. For example, the device can gather statistics packets that are stored in the queue group and/or new enqueue packets.

Abstract: A method and apparatus of a device that determines a cause and effect of congestion in this device is described. In an exemplary embodiment, the device measures a queue group occupancy of a queue group for a port in the device, where the queue group stores a plurality of packets to be communicated through that port. In addition, the device determines if the measurement indicates a potential congestion of the queue group, where the congestion prevents a packet from being communicated within a time period. If potential congestion exists on that queue group, the device further gathers information regarding packets to be transmitted through that port. For example, the device can gather statistics packets that are stored in the queue group and/or new enqueue packets.

Abstract: A method and apparatus of a device that notifies another device of a failed device is described. In an exemplary embodiment, a network element detects that a first device is unavailable, where the network element couples the first device to the second device. In response to detecting that the first device is unavailable, the network element configures a proxy for the first device. The network element additionally receives network data that is destined for the first device, where the second device originated the network data. If the proxy can process the network data, the network element transmits a response to the second device from the proxy, where the response indicates that the first device is unavailable, where the first response includes an address of the first device. If the proxy cannot process the network data, the network element drops the network data.

Abstract: A method and apparatus of a device that performs a hitless update a boot image of a network element. In this embodiment, the device identifies the network element to update and determines if the network element has redundant paths. If this network element has redundant paths, the device configures the network element to drain data processing of the network element. In addition, the device updates the network element to a new boot image when the data processing of the network element is drained.

Abstract: A data communication network (DCN) having a plurality of network devices coupled to the DCN with at least one of the network devices having a “boot once” connectivity manager processor (CMP). The CMP receives its power over the DCN rather than from the power applied to the network devices. The CMP can execute special operating system code and maintain network connectivity even if the network device itself is powered off, is being booted or is otherwise non-functional. The CMP is also coupled to the network device's memory so that it may respond to out-of-band polling requests for device status information from network management tools. With CMP, network administrators can monitor the boot process of network devices, determine that a network device is non-functional due to power loss and can maintain an accurate inventory status of spare network devices that are stored un-powered in a spares closet.

Abstract: A method and apparatus of a device that notifies another device of a failed device is described. In an exemplary embodiment, a network element detects that a first device is unavailable, where the network element couples the first device to the second device. In response to detecting that the first device is unavailable, the network element configures a proxy for the first device. The network element additionally receives network data that is destined for the first device, where the second device originated the network data. If the proxy can process the network data, the network element transmits a response to the second device from the proxy, where the response indicates that the first device is unavailable, where the first response includes an address of the first device. If the proxy cannot process the network data, the network element drops the network data.

Abstract: A method and apparatus of a device that determines a cause and effect of congestion in this device is described. In an exemplary embodiment, the device measures a queue group occupancy of a queue group for a port in the device, where the queue group stores a plurality of packets to be communicated through that port. In addition, the device determines if the measurement indicates a potential congestion of the queue group, where the congestion prevents a packet from being communicated within a time period. If potential congestion exists on that queue group, the device further gathers information regarding packets to be transmitted through that port. For example, the device can gather statistics packets that are stored in the queue group and/or new enqueue packets.

Abstract: A method and apparatus of a device that determines a cause and effect of congestion in this device is described. The device determines an effect of congestion in the device. The device measures a queue group occupancy of a queue group for a port in the device, where the queue group stores a plurality of packets to be communicated through that port. The device further determines if congestion exists on that queue group using the measurement, where the congestion prevents a packet of the plurality of packets from being communicated within a time period. If the congestion exists on that queue group, the device additionally gathers information regarding packets to be transmitted through that port. For example, the device can gather statistics packets that are stored in the queue group and/or new enqueue packets.

Abstract: A method and apparatus of a device that determines a network policy for an attached device based on one or more characteristics of the attached device is described. In one example, a network element detects a device on a port coupled to a link connecting the network element and the device. In response to the detecting of the device on the port, the network element further determines a device configuration signature from the device, where the device configuration signature based on a configuration of the device. The network element additionally determines a port-based network policy based on the device configuration signature. The network element applies the port-based network policy to the port, wherein the network element applies the port-based network policy to process network data communicated through the port.

Abstract: In one embodiment, a source device (e.g., a VOIP phone) establishes a call connection with a remote device depending on which of multiple network paths provides an acceptable latency (e.g., a lower latency). For example, in response to receiving a request to establish a connection with a remote destination device over a network, the source device (e.g., a caller's phone) obtains multiple service code values. The source device encodes each of multiple data packets to include a unique service code value for transmission of the messages over different network topologies to a remote destination. Thus, when transmitted, each of the multiple messages follows a different logical network topology of a network as specified by a respective service code value. Based on feedback from a remote device that receives the multiple messages, the source learns a preferred logical network topology of the network for establishing the call connection.

Abstract: A data communication network (DCN) having a plurality of network devices coupled to the DCN with at least one of the network devices having a “boot once” connectivity manager processor (CMP). The CMP receives its power over the DCN rather than from the power applied to the network devices. The CMP can execute special operating system code and maintain network connectivity even if the network device itself is powered off, is being booted or is otherwise non-functional. The CMP is also coupled to the network device's memory so that it may respond to out-of-band polling requests for device status information from network management tools. With CMP, network administrators can monitor the boot process of network devices, determine that a network device is non-functional due to power loss and can maintain an accurate inventory status of spare network devices that are stored un-powered in a spares closet.

Abstract: A data communication network (DCN) having a plurality of network devices coupled to the DCN with at least one of the network devices having a “boot once” connectivity manager processor (CMP). The CMP receives its power over the DCN rather than from the power applied to the network devices. The CMP can execute special operating system code and maintain network connectivity even if the network device itself is powered off, is being booted or is otherwise non-functional. The CMP is also coupled to the network device's memory so that it may respond to out-of-band polling requests for device status information from network management tools. With CMP, network administrators can monitor the boot process of network devices, determine that a network device is non-functional due to power loss and can maintain an accurate inventory status of spare network devices that are stored un-powered in a spares closet.