Abstract: A method and apparatus of a network element that processes control plane data in a network element is described. In an exemplary embodiment, the device receives control plane data with a network element operating system, where at least a functionality of the network element operating system is executing in a container of the network element. In addition, the network element includes a data plane with a plurality of hardware tables and the host operating system. Furthermore, the network element processes the control plane data with the network element operating system. The network element additionally updates at least one of the plurality of hardware tables with the process control plane data using the network element operating system.

Abstract: A method for executing a command line interface (CLI) command by receiving a hyper text transport protocol (HTTP) comprising the CLI command from a controller, extracting the CLI command from the HTTP request, and executing, by a network device, the CLI command to generate a populated model comprising results generated from executing the CLI command. The method also executes the CLI command by converting the populated model into a JSON format using a JSON engine to obtain a JSON result; encapsulating the JSON result in a JSON Remote Procedure Call (RPC), and transmitting the JSON RPC as a HTTP response to the controller.

Abstract: A method for active network fabric management. The method includes receiving a probe packet by a termination beacon, where the probe packet is associated with a stream, the stream is identified using an origin beacon identification (ID) for an origin beacon, a stream source IP address, a stream destination IP address, an L2 origin interface, and a TTL value or an IP Hop value. The method further includes generating, after receiving the probe packet and after the expiration of a probe rate request (PRR) refresh timer, a rate control packet (RCP) by the termination beacon where the RCP includes a PRR for the stream, and sending the RCP to the origin beacon using an origin beacon IP address, where the origin beacon IP address is different than the stream source IP address.

Abstract: A method and apparatus of a device that determines a cause and effect of congestion in this device is described. In an exemplary embodiment, the device measures a queue group occupancy of a queue group for a port in the device, where the queue group stores a plurality of packets to be communicated through that port. In addition, the device determines if the measurement indicates a potential congestion of the queue group, where the congestion prevents a packet from being communicated within a time period. If potential congestion exists on that queue group, the device further gathers information regarding packets to be transmitted through that port. For example, the device can gather statistics packets that are stored in the queue group and/or new enqueue packets.

Abstract: A method for virtual extensible local area network (VXLAN) encapsulation. The method includes receiving a first augmented MAC frame on a first ingress port of a first network device, where the first augmented MAC frame includes a first egress port ID (EPID), a first ingress port ID (IPID), and a first MAC frame. The method further includes identifying a first destination VXLAN tunnel endpoint (VTEP) internet protocol (IP) address based on the first EPID, where the first destination VTEP IP address is associated with a first destination VTEP. The method further includes identifying a source VTEP IP address based on the first IPID, performing VXLAN encapsulation of the first MAC frame to obtain a VXLAN frame, and sending the VXLAN frame to the first destination VTEP via a first egress port of the first network device.

Abstract: A method for virtual extensible local area network (VXLAN) encapsulation. The method includes receiving a first augmented MAC frame on a first ingress port of a first network device, where the first augmented MAC frame includes a first egress port ID (EPID), a first ingress port ID (IPID), and a first MAC frame. The method further includes identifying a first destination VXLAN tunnel endpoint (VTEP) internet protocol (IP) address based on the first EPID, where the first destination VTEP IP address is associated with a first destination VTEP. The method further includes identifying a source VTEP IP address based on the first IPID, performing VXLAN encapsulation of the first MAC frame to obtain a VXLAN frame, and sending the VXLAN frame to the first destination VTEP via a first egress port of the first network device.

Abstract: A method and apparatus of a network element that authenticates a field replaceable unit of the network element is described. The network element authenticates a field replaceable unit of the network element by generating a nonce. In addition, the network element generates a signature using a nonce and a private encryption key that is securely stored in the field replaceable unit. The network element further verifies the signature using a public encryption key that is a pair to the private encryption key and is not securely stored in the field replaceable unit. If the field replaceable unit is verified, the network element uses the field replaceable unit to operate the network element. Otherwise, the network element disables the field replaceable unit.

Abstract: A method for license management. The method includes making a first determination by a local license server of a coordination point that a feature license that is not available on the local license server is required by the local license server. The method further includes, based on the first determination: sending, by the coordination point, a license availability request to an auto activation server, receiving, by the coordination point and from the auto activation server, information about available feature licenses, and sending, by the local license server of the coordination point to a central license manager, an activation request specifying the feature license. The specified feature license is one of the available feature licenses. The method further includes, in response to sending the activation request: receiving, by the local license server from the central license manager, an activated feature license.

Abstract: A method and apparatus of a device that installs a new access control list for a port of a network element is described. In an exemplary embodiment, a network element receives an indication that the first access control list for the port is to be updated with a second access control list and the port processes data communicated with port with the first access control list. In addition, the network element configures the port to use a fallback access control list, where the fallback access control list includes a plurality of rules and the port uses the fallback access control list to process data communicated with the port. Furthermore, the network element loads the second access control list for the port. The network element additionally configures the port to use the second access control list, wherein the port uses the second access control list to process data communicated with the port.

Abstract: A method and apparatus of a device that evaluates multiple network asserts in response to changing network of network elements is described. In an exemplary embodiment, the device receives the multiple network asserts, where each of the plurality of network asserts represents a Boolean expression regarding a condition of at least one characteristic of at least one of the network elements. The device further detects a change in the network. In response to the detected change, the device, for one or more of the network asserts, evaluates this network assert to determine if this network asserts raises an action associated with this network assert. The device further performs the action associated this network assert if the network assert was raised.

Abstract: A method and apparatus of a device that determines a cause and effect of congestion in this device is described. The device determines an effect of congestion in the device. The device measures a queue group occupancy of a queue group for a port in the device, where the queue group stores a plurality of packets to be communicated through that port. The device further determines if congestion exists on that queue group using the measurement, where the congestion prevents a packet of the plurality of packets from being communicated within a time period. If the congestion exists on that queue group, the device additionally gathers information regarding packets to be transmitted through that port. For example, the device can gather statistics packets that are stored in the queue group and/or new enqueue packets.

Abstract: A method for detecting abnormalities in network element operation. The method includes monitoring at least a portion of the network element for abnormalities and making a determination that an abnormality exists, in response to the monitoring, and based on the determination, tracking the abnormality. An abnormality includes a measured performance that deviates from a nominal performance, but that does not cause erroneous behavior of the network element.

Abstract: A method and apparatus of a device that determines a cause and effect of congestion in this device is described. In an exemplary embodiment, the device measures a queue group occupancy of a queue group for a port in the device, where the queue group stores a plurality of packets to be communicated through that port. In addition, the device determines if the measurement indicates a potential congestion of the queue group, where the congestion prevents a packet from being communicated within a time period. If potential congestion exists on that queue group, the device further gathers information regarding packets to be transmitted through that port. For example, the device can gather statistics packets that are stored in the queue group and/or new enqueue packets.

Abstract: A method for transmitting MAC frames between hosts/remote machines and virtual machines across network elements (e.g., switches, routers, and multilayer switches) that conventionally do not hold capacity to address VXLAN encapsulation to any and all possible destination VTEPs within expanding data centers. More specifically, the method permits a network element the functionality of retaining VXLAN encapsulation table entries corresponding to VTEPs on Top of Rack (ToR) switches versus to VTEPs on hosts that reside under those ToR switches. This use of indirect VXLAN bridging may reduce the number of required VTEPs stored on a network element for the purposes of performing VXLAN encapsulation, thereby once again establishing the capability for packets to reach any arbitrary destination VTEP as data centers scale.

Abstract: A method for accessing operational information of a deployed network device through non-preprogrammed command line interface instructions. More specifically, a show command service is disclosed, which enables the procurement of additional configuration and/or state information on a network device through a coordination point.

Abstract: A method for transmitting MAC frames. The method includes receiving, by a first switch in the MLAG domain, a first media access control (MAC) frame from an external device, wherein the external device is directly connected to the first switch, where the MLAG domain consists of the first switch and the second switch. The method further includes making a first determination that the external device is not a singly-connected external device and based on the first determination, encapsulating the first MAC frame in a first VXLAN frame using a first virtual tunnel endpoint (VTEP), where the first VXLAN frame comprises a virtual VTEP Internet Protocol (IP) address, where the virtual VTEP IP address is associated with the MLAG domain. The method further includes transmitting the first VXLAN frame to an IP fabric, where the first switch is directly connected to the IP fabric.

Abstract: In general, the invention relates to a method for programming a network device to perform routing of data packets between and/or within networks. More specifically, the method provides a more efficient process for updating the forwarding equivalence class (FEC) table with minimal impacting of the mappings in the forward information base (FIB) of the network device.

Abstract: In general, embodiments of the invention relate to a method of programming a data plane forwarding information base (FIB). The method includes obtaining, by a FIB entry optimizer in a control plane, a new entry to be loaded into the data plane FIB, making a first determination, by the FIB entry optimizer, that the data plane FIB is not full; and based on the first determination: loading, by the FIB entry optimizer, the new entry into the data plane FIB.

Abstract: In general, embodiments of the invention relate to routing packets between servers in different layer 2 domains. More specifically, embodiments of the invention relate to using overlay routing mechanisms in an Internet Protocol (IP) fabric to enable communication between servers in different layer 2 domains to communication. The overlay routing mechanisms may include direct routing, indirect routing, naked routing, or a combination thereof (e.g., hybrid routing).

Abstract: A method and system for applying a network policy in a virtual extensible local area network (VXLAN) environment. The method includes receiving, at a network device, a VXLAN frame that includes a source VXLAN network identifier (VNI). The network device includes a first network policy. The method also includes examining the VXLAN frame to determine the source VNI; obtaining, based on the source VNI, the first network policy; and processing the VXLAN frame based on the application of the first network policy.