Abstract: The present technology provides a system, method and computer-readable medium for configuration pattern recognition and inference, directed to a device with an existing configuration, through an extensible policy framework. The policy framework uses a mixture of python template logic and CLI micro-templates as a mask to infer the intent behind an existing device configuration in a bottom-up learning inference process. Unique values for device/network identifiers and addresses as well as other resources are extracted and accounted for. The consistency of devices within the fabric is checked based on the specific policies built into the extensible framework definition. Any inconsistencies found are flagged for user correction or automatically remedied by a network controller. This dynamic configuration pattern recognition ability allows a fabric to grow without being destroyed and re-created, thus new devices with existing configurations may be added and automatically configured to grow a Brownfield fabric.

Abstract: Techniques for utilizing a Software-Defined-Networking (SDN) controller and/or a Data Center Network Manager (DCNM) and network border gateway switches associated with a multi-site cloud computing network to provide reachability data indicating physical links between the border gateways disposed in different sites of the multi-site network to establish secure connection tunnels utilizing the physical links and unique encryption keys. The SDN controller and/or DCNM may be configured to generate a physical underlay model representing the physical underlay, or network transport capabilities, and/or a logical overlay model representing a logical overlay, or overlay control-plane, of the multi-site network. The SDN controller may also generate an encryption key model representing the associations between the encryption keys and the physical links between the associated network border gateway switches.

Abstract: The present technology provides a system, method and computer-readable medium for configuration pattern recognition and inference, directed to a device with an existing configuration, through an extensible policy framework. The policy framework uses a mixture of python template logic and CLI micro-templates as a mask to infer the intent behind an existing device configuration in a bottom-up learning inference process. Unique values for device/network identifiers and addresses as well as other resources are extracted and accounted for. The consistency of devices within the fabric is checked based on the specific policies built into the extensible framework definition. Any inconsistencies found are flagged for user correction or automatically remedied by a network controller. This dynamic configuration pattern recognition ability allows a fabric to grow without being destroyed and re-created, thus new devices with existing configurations may be added and automatically configured to grow a Brownfield fabric.

Abstract: Techniques for utilizing a Software-Defined-Networking (SDN) controller and/or a Data Center Network Manager (DCNM) and network border gateway switches associated with a multi-site cloud computing network to provide reachability data indicating physical links between the border gateways disposed in different sites of the multi-site network to establish secure connection tunnels utilizing the physical links and unique encryption keys. The SDN controller and/or DCNM may be configured to generate a physical underlay model representing the physical underlay, or network transport capabilities, and/or a logical overlay model representing a logical overlay, or overlay control-plane, of the multi-site network. The SDN controller may also generate an encryption key model representing the associations between the encryption keys and the physical links between the associated network border gateway switches.

Abstract: The present technology provides a system, method and computer-readable medium for configuration pattern recognition and inference, directed to a device with an existing configuration, through an extensible policy framework. The policy framework uses a mixture of python template logic and CLI micro-templates as a mask to infer the intent behind an existing device configuration in a bottom-up learning inference process. Unique values for device/network identifiers and addresses as well as other resources are extracted and accounted for. The consistency of devices within the fabric is checked based on the specific policies built into the extensible framework definition. Any inconsistencies found are flagged for user correction or automatically remedied by a network controller. This dynamic configuration pattern recognition ability allows a fabric to grow without being destroyed and re-created, thus new devices with existing configurations may be added and automatically configured to grow a Brownfield fabric.

Abstract: A system and a method are disclosed for enabling interoperability between data plane learning endpoints and control plane learning endpoints in an overlay network environment. An exemplary method for managing network traffic in the overlay network environment includes receiving network packets in an overlay network from data plane learning endpoints and control plane learning endpoints, wherein the overlay network extends Layer 2 network traffic over a Layer 3 network; operating in a data plane learning mode when a network packet is received from a data plane learning endpoint; and operating in a control plane learning mode when the network packet is received from a control plane learning endpoint. Where the overlay network includes more than one overlay segment, the method further includes operating as an anchor node for routing inter-overlay segment traffic to and from hosts that operate behind the data plane learning endpoints.

Abstract: In one example embodiment, a server, using Border Gateway Protocol Link-State, obtains, from a particular network node of a plurality of network nodes in a network fabric configured for segment routing, network topology information of the plurality of network nodes including segment identifiers of the plurality of network nodes. The particular network node gathered the network topology information from other network nodes of the plurality of network nodes using an underlay routing protocol. Based on the network topology information, the server generates a visualization of a topology of the network fabric including the plurality of network nodes and a plurality of links connecting the plurality of network nodes.

Abstract: A method for programming a MAC address table by a first leaf node in a network comprising a plurality of leaf nodes is provided. Each leaf node comprises one or more Virtual Tunnel End Points (“VTEPs”) and instantiates a plurality of Virtual Routing and Forwarding elements (“VRFs”), with a corresponding Bridge Domain (“BD”) assigned to each VRF. The method includes obtaining information indicating one or more VTEP Affinity Groups (VAGs), each VAG comprising an identification of one VTEP per leaf node, obtaining information indicating assignment of each VRF to one of the VAGs, assigning each VAG to a unique Filtering Identifier (“FID”), thereby generating one or more FIDs, and programming the MAC address table, using FIDs instead of BDs, by populating the MAC address table with a plurality of entries, each entry comprising a unique combination of a FID and a MAC address of a leaf node.

Abstract: The present technology provides a system, method and computer-readable medium for configuration pattern recognition and inference, directed to a device with an existing configuration, through an extensible policy framework. The policy framework uses a mixture of python template logic and CLI micro-templates as a mask to infer the intent behind an existing device configuration in a bottom-up learning inference process. Unique values for device/network identifiers and addresses as well as other resources are extracted and accounted for. The consistency of devices within the fabric is checked based on the specific policies built into the extensible framework definition. Any inconsistencies found are flagged for user correction or automatically remedied by a network controller. This dynamic configuration pattern recognition ability allows a fabric to grow without being destroyed and re-created, thus new devices with existing configurations may be added and automatically configured to grow a Brownfield fabric.

Abstract: In one implementation, a method performed by a first node with interfaces configured as IP unnumbered interfaces sharing a single IP address and to communicate with a DHCP-associated second node includes: obtaining a first message that indicates a configuration status of a third node at a respective interface; obtaining a second message for the third node from the DHCP-associated second node that includes a temporary IP address for the third node and an indicator of a file server; obtaining a third message associated with the third node that includes the temporary IP address, the third message requests address information for the file server; and configuring the third node by establishing a connection between the third node and the file server to transfer at least one configuration file, where configuring the third node includes providing the temporary IP address to the DHCP-associated second node via BGP.

Abstract: A system and a method are disclosed for enabling interoperability between data plane learning endpoints and control plane learning endpoints in an overlay network environment. An exemplary method for managing network traffic in the overlay network environment includes receiving network packets in an overlay network from data plane learning endpoints and control plane learning endpoints, wherein the overlay network extends Layer 2 network traffic over a Layer 3 network; operating in a data plane learning mode when a network packet is received from a data plane learning endpoint; and operating in a control plane learning mode when the network packet is received from a control plane learning endpoint. Where the overlay network includes more than one overlay segment, the method further includes operating as an anchor node for routing inter-overlay segment traffic to and from hosts that operate behind the data plane learning endpoints.

Abstract: In one example embodiment, a server, using Border Gateway Protocol Link-State, obtains, from a particular network node of a plurality of network nodes in a network fabric configured for segment routing, network topology information of the plurality of network nodes including segment identifiers of the plurality of network nodes. The particular network node gathered the network topology information from other network nodes of the plurality of network nodes using an underlay routing protocol. Based on the network topology information, the server generates a visualization of a topology of the network fabric including the plurality of network nodes and a plurality of links connecting the plurality of network nodes.

Abstract: The present disclosure involves systems and methods for automating interconnecting or stitching disparate Layer 2 domains across data center interconnects without the need to renumber virtual local area networks (VLANs) within an existing network. The interconnected networks may allow components or virtual machines, such as containers, within the connected networks or data centers to exchange Layer 2 communications while the connected VLANs or fabrics retain existing VLAN identification numbers to minimize alterations made to the data center networks. Further, the process of interconnecting the data centers may be automated such that administrators of the networks may provide an indication of interconnecting the data center networks without the need to manually access and configure edge devices of the networks to facilitate the Layer 2 communication.

Abstract: A system and a method are disclosed for enabling interoperability between data plane learning endpoints and control plane learning endpoints in an overlay network environment. An exemplary method for managing network traffic in the overlay network environment includes receiving network packets in an overlay network from data plane learning endpoints and control plane learning endpoints, wherein the overlay network extends Layer 2 network traffic over a Layer 3 network; operating in a data plane learning mode when a network packet is received from a data plane learning endpoint; and operating in a control plane learning mode when the network packet is received from a control plane learning endpoint. Where the overlay network includes more than one overlay segment, the method further includes operating as an anchor node for routing inter-overlay segment traffic to and from hosts that operate behind the data plane learning endpoints.

Abstract: Presented herein are hybrid approaches to multi-destination traffic forwarding in overlay networks that can be used to facilitate interoperability between head-end-replication-support network devices (i.e., those that only use head-end-replication) and multicast-support network devices (i.e., those that only use native multicast). By generally using existing tunnel end-points (TEPs) supported functionality for sending multi-destination traffic and enhancing the TEPs to receive multi-destination traffic with the encapsulation scheme they do not natively support, the presented methods and systems minimize the required enhancements to achieve interoperability and circumvents any hard limitations that the end-point hardware may have. The present methods and systems may be used with legacy hardware that are commissioned or deployed as well as new hardware that are configured with legacy protocols.

Abstract: Coexistence and migration of legacy and VXLAN networks may be provided. A first anchor leaf switch and a second anchor leaf switch may detect that they can reach each other over a Virtual Extensible Local Area Network (VXLAN) overlay layer 2 network. In response to detecting that they can reach each other over the VXLAN, the second anchor leaf switch may block VLANs mapped to the VXLAN's VXLAN Network Identifier (VNI) on the second anchor leaf switch's ports connecting to spine routers. In addition, the first anchor leaf switch and the second anchor leaf switch may detect that they can reach each other over a physical layer 2 network. In response to detecting that they can reach each other over a physical layer 2 network, the second anchor leaf switch may block Virtual Extensible Local Area Network (VXLAN) segments at the second anchor leaf switch.

Abstract: The present disclosure involves systems and methods for automating interconnecting or stitching disparate Layer 2 domains across data center interconnects without the need to renumber virtual local area networks (VLANs) within an existing network. The interconnected networks may allow components or virtual machines, such as containers, within the connected networks or data centers to exchange Layer 2 communications while the connected VLANs or fabrics retain existing VLAN identification numbers to minimize alterations made to the data center networks. Further, the process of interconnecting the data centers may be automated such that administrators of the networks may provide an indication of interconnecting the data center networks without the need to manually access and configure edge devices of the networks to facilitate the Layer 2 communication.

Abstract: Systems, methods, and computer-readable media for OAM in overlay networks. In response to receiving a packet associated with an OAM operation from a device in an overlay network, the system generates an OAM packet. The system can be coupled with the overlay network and can include a tunnel endpoint interface associated with an underlay address and a virtual interface associated with an overlay address. The overlay address can be an anycast address assigned to the system and another device in the overlay network. Next, the system determines that a destination address associated with the packet is not reachable through the virtual interface, the destination address corresponding to a destination node in the overlay network. The system also determines that the destination address is reachable through the tunnel endpoint interface. The system then provides the underlay address associated with the tunnel endpoint interface as a source address in the OAM packet.

Abstract: Techniques are disclosed for configuring a LISP mobility network. A management tool receives a configuration for a network fabric. The configuration specifies values for one or more attributes associated with a Locator ID Separation Protocol (LISP)-enabled network. The management tool generates one or more commands based on the specified values for the one or more attributes associated with the LISP-enabled network. The generated commands are distributed to a plurality of network devices in the network fabric. Each network device executes the one or more commands to configure the network fabric.

Abstract: Packet transmission techniques are disclosed herein. An exemplary method includes receiving a packet that identifies an internet protocol (IP) address assigned to more than one destination node; selecting a virtual routing and forwarding table based, at least in part, on a segmentation identification in the packet; identifying a designated destination node in the packet based, at least in part, on the selected virtual routing and forwarding table; and transmitting the packet to the designated destination node.