Abstract: Systems, methods, and computer-readable media for interconnecting SDWANs through segment routing. A first SDWAN and a second SDWAN of a SDWAN fabric can be identified. A segment routing domain that interconnects the first SDWAN and the second SDWAN can be formed across a WAN underlay of the SDWAN fabric. Data transmission between the first SDWAN and the second SDWAN can be controlled by performing segment routing through the segment routing domain formed between the first SDWAN and the second SDWAN.

Abstract: Systems, methods, and computer-readable media for interconnecting SDWANs through segment routing. A first SDWAN and a second SDWAN of a SDWAN fabric can be identified. A segment routing domain that interconnects the first SDWAN and the second SDWAN can be formed across a WAN underlay of the SDWAN fabric. Data transmission between the first SDWAN and the second SDWAN can be controlled by performing segment routing through the segment routing domain formed between the first SDWAN and the second SDWAN.

Abstract: Systems, methods, and computer-readable media for interconnecting SDWANs through segment routing. A first SDWAN and a second SDWAN of a SDWAN fabric can be identified. A segment routing domain that interconnects the first SDWAN and the second SDWAN can be formed across a WAN underlay of the SDWAN fabric. Data transmission between the first SDWAN and the second SDWAN can be controlled by performing segment routing through the segment routing domain formed between the first SDWAN and the second SDWAN.

Abstract: Systems, methods, and computer-readable media for interconnecting SDWANs through segment routing. A first SDWAN and a second SDWAN of a SDWAN fabric can be identified. A segment routing domain that interconnects the first SDWAN and the second SDWAN can be formed across a WAN underlay of the SDWAN fabric. Data transmission between the first SDWAN and the second SDWAN can be controlled by performing segment routing through the segment routing domain formed between the first SDWAN and the second SDWAN.

Abstract: Systems, methods, and computer-readable media for interconnecting SDWANs through segment routing. A first SDWAN and a second SDWAN of a SDWAN fabric can be identified. A segment routing domain that interconnects the first SDWAN and the second SDWAN can be formed across a WAN underlay of the SDWAN fabric. Data transmission between the first SDWAN and the second SDWAN can be controlled by performing segment routing through the segment routing domain formed between the first SDWAN and the second SDWAN.

Abstract: Systems, methods, and computer-readable media for interconnecting SDWANs through segment routing. A first SDWAN and a second SDWAN of a SDWAN fabric can be identified. A segment routing domain that interconnects the first SDWAN and the second SDWAN can be formed across a WAN underlay of the SDWAN fabric. Data transmission between the first SDWAN and the second SDWAN can be controlled by performing segment routing through the segment routing domain formed between the first SDWAN and the second SDWAN.

Abstract: Systems, methods, and computer-readable media for interconnecting SDWANs through segment routing. A first SDWAN and a second SDWAN of a SDWAN fabric can be identified. A segment routing domain that interconnects the first SDWAN and the second SDWAN can be formed across a WAN underlay of the SDWAN fabric. Data transmission between the first SDWAN and the second SDWAN can be controlled by performing segment routing through the segment routing domain formed between the first SDWAN and the second SDWAN.

Abstract: Techniques are presented herein for redirection between any number of network devices that are distributed to any number of sites. A first message of a flow is received from a network endpoint at a first network device. A relationship between the endpoint and the first network device is registered in a directory that maps endpoints for network devices. A state for the flow is stored at the first network device. A second message is received for the flow which is indicative of the first endpoint at a second network device. It is determined that the second network device does not store the flow state for the flow. Querying is performed to receive information indicative of the relationship between the endpoint and the first network device. The received information is stored in a cache at the second network device. Services are applied to the second message according to the stored information.

Abstract: In one embodiment, a device receives a first packet stream and a second packet stream over different paths through a network, wherein each of said sent first and the second packet streams includes a same replicated stream of packets. The apparatus processes packets of the first packet stream when the first packet stream is in an active packet stream, and while buffering and subsequently dropping packets of the second packet stream when the second packet stream is in a non-active state. In response to identifying a difference in a number of packets in the same replicated stream of packets received in the second packet stream compared to in the first packet stream equaling or exceeding a predetermined threshold, the second packet stream becomes in the active state and missing packets are forwarded from the buffered second stream packets.

Abstract: In an example embodiment, there is disclosed herein an apparatus comprising an ingress interface, an egress interface, and a storm controller coupled to the ingress interface and the egress interface. The storm controller is operable to determine whether to forward packets for a traffic flow received at the ingress interface to the egress interface based on a rate over a time period. The storm controller forwards packets for the traffic flow while the rate exceeds a first threshold and is less than a second threshold while a predefined condition exits. The storm controller limits traffic for the traffic flow to the first threshold while the rate exceeds the first threshold and the predefined condition does not exist.

Abstract: Systems, methods, and other embodiments associated with logically partitioned networking devices are described herein. One example method includes receiving a message from a common interface. The message comprises a logical partition header (LPH) and a network segmentation header (NSH). The LPH may be associated with a logical partition of a networking device. The NSH is associated with a grouping (e.g., segmentation) of networking devices. The example method may also include forwarding the message to the grouping of networking devices based, at least in part, on the NSH and a virtual route forwarding (VRF) table. Forwarding the message to the logical partition of the networking device based, at least in part, on the LPH.

Abstract: Techniques are presented herein for redirection between any number of network devices that are distributed to any number of sites. A first message of a flow is received from a network endpoint at a first network device. A relationship between the endpoint and the first network device is registered in a directory that maps endpoints for network devices. A state for the flow is stored at the first network device. A second message is received for the flow which is indicative of the first endpoint at a second network device. It is determined that the second network device does not store the flow state for the flow. Querying is performed to receive information indicative of the relationship between the endpoint and the first network device. The received information is stored in a cache at the second network device. Services are applied to the second message according to the stored information.

Abstract: In an example embodiment, there is disclosed herein an apparatus comprising an ingress interface, an egress interface, and a storm controller coupled to the ingress interface and the egress interface. The storm controller is operable to determine whether to forward packets for a traffic flow received at the ingress interface to the egress interface based on a rate over a time period. The storm controller forwards packets for the traffic flow while the rate exceeds a first threshold and is less than a second threshold while a predefined condition exits. The storm controller limits traffic for the traffic flow to the first threshold while the rate exceeds the first threshold and the predefined condition does not exist.

Abstract: In one embodiment, a device receives a first packet stream and a second packet stream over different paths through a network, wherein each of said sent first and the second packet streams includes a same replicated stream of packets. The apparatus processes packets of the first packet stream when the first packet stream is in an active packet stream, and while buffering and subsequently dropping packets of the second packet stream when the second packet stream is in a non-active state. In response to identifying a difference in a number of packets in the same replicated stream of packets received in the second packet stream compared to in the first packet stream equaling or exceeding a predetermined threshold, the second packet stream becomes in the active state and missing packets are forwarded from the buffered second stream packets.

Abstract: Systems, methods, and other embodiments associated with layer two (L2) encryption for data center interconnectivity are described. One example system includes a receive logic to receive an unencrypted L2 switched frame (UL2SF). The UL2SF may include a payload and an L2 header. The example system may also include an encryption logic to selectively encrypt the UL2SF into an encrypted frame if the UL2SF is to be sent through an L2 virtual private network (L2VPN) requiring encryption. The example system may also include a delivery logic that adds a header to the encrypted frame. The header may include data to identify a decryption function to decrypt the encrypted frame and routing information for the encrypted frame. The delivery logic may also provide the encrypted frame to the L2VPN, where the providing includes selectively sending the encrypted frame as one of, a point to point packet, and a multipoint packet.

Abstract: A method, apparatus and computer program product for providing IP Routing when using dynamic virtual local area networks (VLANs) with web based authentication. A downstream VLAN is assigned to a first switch port of a first network device. A first upstream VLAN is also assigned to the first switch port of the first network device. The first upstream VLAN is changed to a second upstream VLAN upon authentication, and the downstream VLAN is maintained.

Abstract: One embodiment provides a method to interconnect virtual network segments (VNETs) defined for a local-area network (LAN) infrastructure separated by a wide-area network infrastructure. The technique involves the routing device at the LAN-WAN interconnection points to impose or dispose the VNET-shim, which encodes the VNET-id information in a Layer 4 portion of the packet. In a data plane, a new IP protocol value may be used to signify the presence of the VNET-shim followed by cryptography specific information in an IP packet. In a control plane, the routing protocol is expanded to exchange the routing information along with the VNET information.

Abstract: In one embodiment, a technique for selecting a topology, in a multi-topology routing network, based on a source-destination pair of a packet is provided. The packet may be routed on a preferred path of the selected topology. By selecting the same topology for the source-destination pair even if the source and destination addresses are swapped, upstream and downstream traffic may be routed in a symmetrical manner. For some embodiments, a topology may be selected using a hash value that is generated using an algorithm that is commutative with respect to the source and destination addresses.

Abstract: PortChannel groups are disclosed which include multiple PortChannel links of a PortChannel. Further, the selection of a particular PortChannel group, and possibly a PortChannel link within a selected PortChannel group, for a packet is provided by user-programmable matching of programmed values or rules to data extracted from the packet. In this manner, the forwarding of packets over PortChannel groups can be explicit. Moreover, packets of different flows of a packet session can be caused to be forwarded over a same PortChannel group, possibly leading to a service node for performing one or more applications based on the packets of the flow(s) of a packet session.

Abstract: Systems, methods, and other embodiments associated with logically partitioned networking devices are described herein. One example method includes receiving a message from a common interface. The message comprises a logical partition header (LPH) and a network segmentation header (NSH). The LPH may be associated with a logical partition of a networking device. The NSH is associated with a grouping (e.g., segmentation) of networking devices. The example method may also include forwarding the message to the grouping of networking devices based, at least in part, on the NSH and a virtual route forwarding (VRF) table. Forwarding the message to the logical partition of the networking device based, at least in part, on the LPH.