Abstract: A method and apparatus of a network element that authenticates a field replaceable unit of the network element is described. The network element authenticates a field replaceable unit of the network element by generating a nonce. In addition, the network element generates a signature using a nonce and a private encryption key that is securely stored in the field replaceable unit. The network element further verifies the signature using a public encryption key that is a pair to the private encryption key and is not securely stored in the field replaceable unit. If the field replaceable unit is verified, the network element uses the field replaceable unit to operate the network element. Otherwise, the network element disables the field replaceable unit.

Abstract: A method for distributing VXLAN information that includes receiving, from a first leaf network device and by a first intermediate network device, first VXLAN information associated with a first computing device. The first leaf network device is connected to the first computing device and includes a first database server. The first intermediate network device includes a first database client and a second database server. The method also includes storing the first VXLAN information in a first database entry on the first intermediate network device; sending, by a second database server, a first copy of the first database entry to a higher-tier network device, and sending, by the first database client, a second copy of the first database entry to a third database server. The third database server is executing on a second leaf network device.

Abstract: A method and apparatus of a device that simulates a plurality of network elements is described. In an exemplary embodiment, the device receives network topology information for the plurality of simulated network elements. The device further instantiates a container for each of the plurality of simulated network elements. The device additionally configures a set of processes for each of the plurality of containers, where each of the set of processes simulates at least one of the plurality of simulated network elements. The plurality of set of processes further implements a network topology represented by the network topology information. The device performs a test of the network topology and saves the results of the test.

Abstract: A method and apparatus of a network element that processes control plane data in a network element is described. In an exemplary embodiment, the device receives control plane data with a network element operating system, where at least a functionality of the network element operating system is executing in a container of the network element. In addition, the network element includes a data plane with a plurality of hardware tables and the host operating system. Furthermore, the network element processes the control plane data with the network element operating system. The network element additionally updates at least one of the plurality of hardware tables with the process control plane data using the network element operating system.

Abstract: A method and apparatus of a network element that hitlessly upgrades a network element operating system of a network element is described. In an exemplary embodiment, the network element receives a second image for the network element operating system, where a first image of the network element operating system is executing as a first set of processes in a first container and the first set of processes manages the plurality of hardware tables for the network element. The network element further instantiates a second container for the second image. In addition, the network element starts a second set of processes using at least the second image in the second container. The network element additionally synchronizes state data between the first set of processes and the second set of processes. Furthermore, the network element sets the second set of processes as managing the plurality of hardware tables, and stops the first set of processes within the first container.

Abstract: A method and apparatus of a network element that installs a device driver used to manage hardware of the network element is described. In an exemplary embodiment, the network element detects, with a functionality of a network element operating system, the hardware of a data plane of the network element, where at least one component of the network element operating system is executing in a first container as a first set of processes. The network element further determines a device driver for the hardware and installs the device driver in a kernel of the host operating system. The network element additionally manages the data, with the network element operating system, using the device driver.

Abstract: A method for executing a command line interface (CLI) command by receiving a hyper text transport protocol (HTTP) comprising the CLI command from a controller, extracting the CLI command from the HTTP request, and executing, by a network device, the CLI command to generate a populated model comprising results generated from executing the CLI command. The method also executes the CLI command by converting the populated model into a JSON format using a JSON engine to obtain a JSON result; encapsulating the JSON result in a JSON Remote Procedure Call (RPC), and transmitting the JSON RPC as a HTTP response to the controller.

Abstract: A method for active network fabric management. The method includes receiving a probe packet by a termination beacon, where the probe packet is associated with a stream, the stream is identified using an origin beacon identification (ID) for an origin beacon, a stream source IP address, a stream destination IP address, an L2 origin interface, and a TTL value or an IP Hop value. The method further includes generating, after receiving the probe packet and after the expiration of a probe rate request (PRR) refresh timer, a rate control packet (RCP) by the termination beacon where the RCP includes a PRR for the stream, and sending the RCP to the origin beacon using an origin beacon IP address, where the origin beacon IP address is different than the stream source IP address.

Abstract: A method and apparatus of a device that determines a cause and effect of congestion in this device is described. In an exemplary embodiment, the device measures a queue group occupancy of a queue group for a port in the device, where the queue group stores a plurality of packets to be communicated through that port. In addition, the device determines if the measurement indicates a potential congestion of the queue group, where the congestion prevents a packet from being communicated within a time period. If potential congestion exists on that queue group, the device further gathers information regarding packets to be transmitted through that port. For example, the device can gather statistics packets that are stored in the queue group and/or new enqueue packets.

Abstract: A method for virtual extensible local area network (VXLAN) encapsulation. The method includes receiving a first augmented MAC frame on a first ingress port of a first network device, where the first augmented MAC frame includes a first egress port ID (EPID), a first ingress port ID (IPID), and a first MAC frame. The method further includes identifying a first destination VXLAN tunnel endpoint (VTEP) internet protocol (IP) address based on the first EPID, where the first destination VTEP IP address is associated with a first destination VTEP. The method further includes identifying a source VTEP IP address based on the first IPID, performing VXLAN encapsulation of the first MAC frame to obtain a VXLAN frame, and sending the VXLAN frame to the first destination VTEP via a first egress port of the first network device.

Abstract: A method for virtual extensible local area network (VXLAN) encapsulation. The method includes receiving a first augmented MAC frame on a first ingress port of a first network device, where the first augmented MAC frame includes a first egress port ID (EPID), a first ingress port ID (IPID), and a first MAC frame. The method further includes identifying a first destination VXLAN tunnel endpoint (VTEP) internet protocol (IP) address based on the first EPID, where the first destination VTEP IP address is associated with a first destination VTEP. The method further includes identifying a source VTEP IP address based on the first IPID, performing VXLAN encapsulation of the first MAC frame to obtain a VXLAN frame, and sending the VXLAN frame to the first destination VTEP via a first egress port of the first network device.

Abstract: A method and apparatus of a network element that authenticates a field replaceable unit of the network element is described. The network element authenticates a field replaceable unit of the network element by generating a nonce. In addition, the network element generates a signature using a nonce and a private encryption key that is securely stored in the field replaceable unit. The network element further verifies the signature using a public encryption key that is a pair to the private encryption key and is not securely stored in the field replaceable unit. If the field replaceable unit is verified, the network element uses the field replaceable unit to operate the network element. Otherwise, the network element disables the field replaceable unit.

Abstract: A method for license management. The method includes making a first determination by a local license server of a coordination point that a feature license that is not available on the local license server is required by the local license server. The method further includes, based on the first determination: sending, by the coordination point, a license availability request to an auto activation server, receiving, by the coordination point and from the auto activation server, information about available feature licenses, and sending, by the local license server of the coordination point to a central license manager, an activation request specifying the feature license. The specified feature license is one of the available feature licenses. The method further includes, in response to sending the activation request: receiving, by the local license server from the central license manager, an activated feature license.

Abstract: A method and apparatus of a device that installs a new access control list for a port of a network element is described. In an exemplary embodiment, a network element receives an indication that the first access control list for the port is to be updated with a second access control list and the port processes data communicated with port with the first access control list. In addition, the network element configures the port to use a fallback access control list, where the fallback access control list includes a plurality of rules and the port uses the fallback access control list to process data communicated with the port. Furthermore, the network element loads the second access control list for the port. The network element additionally configures the port to use the second access control list, wherein the port uses the second access control list to process data communicated with the port.

Abstract: A method and apparatus of a device that evaluates multiple network asserts in response to changing network of network elements is described. In an exemplary embodiment, the device receives the multiple network asserts, where each of the plurality of network asserts represents a Boolean expression regarding a condition of at least one characteristic of at least one of the network elements. The device further detects a change in the network. In response to the detected change, the device, for one or more of the network asserts, evaluates this network assert to determine if this network asserts raises an action associated with this network assert. The device further performs the action associated this network assert if the network assert was raised.

Abstract: A method and apparatus of a device that determines a cause and effect of congestion in this device is described. The device determines an effect of congestion in the device. The device measures a queue group occupancy of a queue group for a port in the device, where the queue group stores a plurality of packets to be communicated through that port. The device further determines if congestion exists on that queue group using the measurement, where the congestion prevents a packet of the plurality of packets from being communicated within a time period. If the congestion exists on that queue group, the device additionally gathers information regarding packets to be transmitted through that port. For example, the device can gather statistics packets that are stored in the queue group and/or new enqueue packets.

Abstract: A method for detecting abnormalities in network element operation. The method includes monitoring at least a portion of the network element for abnormalities and making a determination that an abnormality exists, in response to the monitoring, and based on the determination, tracking the abnormality. An abnormality includes a measured performance that deviates from a nominal performance, but that does not cause erroneous behavior of the network element.

Abstract: A method and apparatus of a device that determines a cause and effect of congestion in this device is described. In an exemplary embodiment, the device measures a queue group occupancy of a queue group for a port in the device, where the queue group stores a plurality of packets to be communicated through that port. In addition, the device determines if the measurement indicates a potential congestion of the queue group, where the congestion prevents a packet from being communicated within a time period. If potential congestion exists on that queue group, the device further gathers information regarding packets to be transmitted through that port. For example, the device can gather statistics packets that are stored in the queue group and/or new enqueue packets.

Abstract: A method for transmitting MAC frames between hosts/remote machines and virtual machines across network elements (e.g., switches, routers, and multilayer switches) that conventionally do not hold capacity to address VXLAN encapsulation to any and all possible destination VTEPs within expanding data centers. More specifically, the method permits a network element the functionality of retaining VXLAN encapsulation table entries corresponding to VTEPs on Top of Rack (ToR) switches versus to VTEPs on hosts that reside under those ToR switches. This use of indirect VXLAN bridging may reduce the number of required VTEPs stored on a network element for the purposes of performing VXLAN encapsulation, thereby once again establishing the capability for packets to reach any arbitrary destination VTEP as data centers scale.

Abstract: A method for accessing operational information of a deployed network device through non-preprogrammed command line interface instructions. More specifically, a show command service is disclosed, which enables the procurement of additional configuration and/or state information on a network device through a coordination point.