Abstract: A method is performed at a provider edge node configured to communicate with remote provider edge nodes over an Ethernet virtual private network. The method includes receiving, from the remote provider edge nodes, route advertisements for a common subnet hosted on the remote provider edge nodes. The route advertisements include distinct remote route distinguishers, a common IP prefix for the common subnet, and remote paths for the common subnet. The method further includes determining whether there are at least a predetermined number of the remote paths preferred over a local path for the common subnet hosted on the provider edge node based on the remote route distinguishers and a local route distinguisher for the local path. The method includes, when there are at least the predetermined number of the remote paths preferred over the local path, suppressing sending of a route advertisement for the local path for the common subnet.

Abstract: In an example method, a head node connected to a source device transmits a multicast data flow from the source device to receiving devices connected to tail nodes using Default MDT. The example method further includes determining that requirements have been met to begin transmitting the multicast data flow using Data MDT. The method may further include determining whether the tail nodes are able to receive the multicast data flow using Data MDT. In response to determining that all the tail nodes are able to receive the multicast data flow using Data MDT, switch to transmitting the multicast data flow to the tail nodes using Data MDT.

Abstract: Systems and techniques are provided for synchronizing DHCP snoop information. In some examples, a method can include, performing, by a first PE device from a plurality of PE devices, DHCP snooping of a first plurality of DHCP messages between a DHCP client and a DHCP server, wherein the plurality of PE devices is part of an ethernet segment for multihoming the DHCP client. In some aspects, the method includes determining, based on snooping the first plurality of DHCP messages, an association between an IP address corresponding to the DHCP client and a MAC address corresponding to the DHCP client. In some examples, the method includes sending, by the first PE device to at least one other PE device from the plurality of PE devices, a first route advertisement that includes the association between the IP address corresponding to the DHCP client and the MAC address corresponding to the DHCP client.

Abstract: The present technology provides a system, method and computer-readable medium for configuration pattern recognition and inference, directed to a device with an existing configuration, through an extensible policy framework. The policy framework uses a mixture of python template logic and CLI micro-templates as a mask to infer the intent behind an existing device configuration in a bottom-up learning inference process. Unique values for device/network identifiers and addresses as well as other resources are extracted and accounted for. The consistency of devices within the fabric is checked based on the specific policies built into the extensible framework definition. Any inconsistencies found are flagged for user correction or automatically remedied by a network controller. This dynamic configuration pattern recognition ability allows a fabric to grow without being destroyed and re-created, thus new devices with existing configurations may be added and automatically configured to grow a Brownfield fabric.

Abstract: A system and method are disclosed for enabling interoperability between asymmetric and symmetric Integrated Routing and Bridging (IRB) modes. A system is configured to receive a route advertisement, examine the label fields of the route advertisement, and determine whether Layer 2 or Layer 3 information is conveyed. The system is further configured to build a route advertisement to advertise to a second device based on whether Layer 2 or Layer 3 information is conveyed in the first route advertisement.

Abstract: The present technology provides a framework for user-guided end-to-end automation of network deployment and management, that enables a user to guide the automation process for any kind of network deployment from the ground up, as well as offering network management, visibility, and compliance verification. The disclosed technology accomplishes this by creating a stateful and interactive virtual representation of a fabric using a customizable underlay fabric template instantiated with user-provided parameter values and network topology data computed from one or more connected network devices. A set of expected configurations corresponding to the user-specified underlay and overly fabric policies is then generated for deployment onto the connected network devices.

Abstract: Techniques for utilizing a Software-Defined-Networking (SDN) controller and/or a Data Center Network Manager (DCNM) and network border gateway switches associated with a multi-site cloud computing network to provide reachability data indicating physical links between the border gateways disposed in different sites of the multi-site network to establish secure connection tunnels utilizing the physical links and unique encryption keys. The SDN controller and/or DCNM may be configured to generate a physical underlay model representing the physical underlay, or network transport capabilities, and/or a logical overlay model representing a logical overlay, or overlay control-plane, of the multi-site network. The SDN controller may also generate an encryption key model representing the associations between the encryption keys and the physical links between the associated network border gateway switches.

Abstract: The present technology provides a framework for user-guided end-to-end automation of network deployment and management, that enables a user to guide the automation process for any kind of network deployment from the ground up, as well as offering network management, visibility, and compliance verification. The disclosed technology accomplishes this by creating a stateful and interactive virtual representation of a fabric using a customizable underlay fabric template instantiated with user-provided parameter values and network topology data computed from one or more connected network devices. A set of expected configurations corresponding to the user-specified underlay and overly fabric policies is then generated for deployment onto the connected network devices.

Abstract: A method is performed at a provider edge node configured to communicate with remote provider edge nodes over an Ethernet virtual private network. The method includes receiving, from the remote provider edge nodes, route advertisements for a common subnet hosted on the remote provider edge nodes. The route advertisements include distinct remote route distinguishers, a common IP prefix for the common subnet, and remote paths for the common subnet. The method further includes determining whether there are at least a predetermined number of the remote paths preferred over a local path for the common subnet hosted on the provider edge node based on the remote route distinguishers and a local route distinguisher for the local path. The method includes, when there are at least the predetermined number of the remote paths preferred over the local path, suppressing sending of a route advertisement for the local path for the common subnet.

Abstract: A system and method are disclosed for enabling interoperability between asymmetric and symmetric Integrated Routing and Bridging (IRB) modes. A system is configured to receive a route advertisement, examine the label fields of the route advertisement, and determine whether Layer 2 or Layer 3 information is conveyed. The system is further configured to build a route advertisement to advertise to a second device based on whether Layer 2 or Layer 3 information is conveyed in the first route advertisement.

Abstract: Techniques for a configuration change service to transition a network controller into a frozen state, causing network users submitting configuration changes associated with the network to refrain from deploying the configuration changes for a period of time are disclosed. A first user configured as a stager role may submit data representing a proposed change to the configuration change service, where the proposed change may be stored in association with a list of proposed changes. A second user configured as an approver role may submit data representing an approval or disapproval of the proposed changes to the configuration change service, where a modified list of proposed changes may be generated. A third user configured as an administrator role may submit data configured to transition the controller to an unfrozen state and/or deploy the changes included in the list of proposed changes to the network controller, subsequent to the period of time.

Abstract: Presented herein are systems and methods to enable simultaneous interoperability with policy-aware and policy-unaware data center sites. A multi-site orchestrator (MSO) device can be configured to obtain configuration information for each of a plurality of different data center sites. The data center sites may include one or more on-premises sites and one or more off-premises sites, each of which may include one or more policy-aware sites and/or one or more policy-unaware sites. The MSO can selectively use namespace translations to create a unified fabric across the different data center sites, enabling one or more hosts and/or applications at a first of the data center sites to communicate with one or more hosts and/or applications at a second of the data center sites, regardless of the sites' respective configurations.

Abstract: In one embodiment, a first label-distribution-protocol (LDP) session is established between a first interface of a first computing device and a second computing device, while a second LDP session is established between a second interface and the second computing device. The method may further comprise receiving a request from a third computing device to subscribe to a multicast group, storing an association between a first label, the multicast group, and the first interface, and sending, to the second computing device via the first LDP session, an indication that the first label is associated with the multicast group. Further, the method may include receiving a request from a fourth computing device to subscribe to the multicast group, storing an association between a second label, the multicast group and, the second interface, and sending, via the second LDP session, an indication that the second label is associated with the multicast group.

Abstract: Techniques for a configuration change service to transition a network controller into a frozen state, causing network users submitting configuration changes associated with the network to refrain from deploying the configuration changes for a period of time are disclosed. A first user configured as a stager role may submit data representing a proposed change to the configuration change service, where the proposed change may be stored in association with a list of proposed changes. A second user configured as an approver role may submit data representing an approval or disapproval of the proposed changes to the configuration change service, where a modified list of proposed changes may be generated. A third user configured as an administrator role may submit data configured to transition the controller to an unfrozen state and/or deploy the changes included in the list of proposed changes to the network controller, subsequent to the period of time.

Abstract: This disclosure describes techniques for enabling interoperability between asymmetric and symmetric Integrated Routing and Bridging (IRB) modes. An interfacing component may be configured to receive a first route advertisement from a first edge node in a Layer-2 (L2) fabric. The first route advertisement may correspond to an asymmetric format route, for instance. The interfacing component may be further configured to receive a second route advertisement from a second edge node in a L2/Layer-3 (L3) fabric. The second edge node may be configured for symmetric integrated routing and bridging (IRB). The interfacing component may be configured to re-originate the first route and the second route such that the interfacing component is included as a hop in the resultant routes between the L2 fabric and the L2/L3 fabric.

Abstract: The present technology provides a system, method and computer-readable medium for configuration pattern recognition and inference, directed to a device with an existing configuration, through an extensible policy framework. The policy framework uses a mixture of python template logic and CLI micro-templates as a mask to infer the intent behind an existing device configuration in a bottom-up learning inference process. Unique values for device/network identifiers and addresses as well as other resources are extracted and accounted for. The consistency of devices within the fabric is checked based on the specific policies built into the extensible framework definition. Any inconsistencies found are flagged for user correction or automatically remedied by a network controller. This dynamic configuration pattern recognition ability allows a fabric to grow without being destroyed and re-created, thus new devices with existing configurations may be added and automatically configured to grow a Brownfield fabric.

Abstract: Techniques for utilizing a Software-Defined-Networking (SDN) controller and/or a Data Center Network Manager (DCNM) and network border gateway switches associated with a multi-site cloud computing network to provide reachability data indicating physical links between the border gateways disposed in different sites of the multi-site network to establish secure connection tunnels utilizing the physical links and unique encryption keys. The SDN controller and/or DCNM may be configured to generate a physical underlay model representing the physical underlay, or network transport capabilities, and/or a logical overlay model representing a logical overlay, or overlay control-plane, of the multi-site network. The SDN controller may also generate an encryption key model representing the associations between the encryption keys and the physical links between the associated network border gateway switches.

Abstract: The disclosed technology relates to a load balancing system. A load balancing system is configured to receive health monitoring metrics, at a controller, from a plurality of leaf switches. The load balancing system is further configured to determine, based on the health monitoring metrics, that a server has failed and modify a load balancing configuration for the network fabric. The load balancing system is further configured to transmit the load balancing configuration to each leaf switch in the network fabric and update the tables in each leaf switch to reflect an available server.

Abstract: The present technology provides a system, method and computer-readable medium for configuration pattern recognition and inference, directed to a device with an existing configuration, through an extensible policy framework. The policy framework uses a mixture of python template logic and CLI micro-templates as a mask to infer the intent behind an existing device configuration in a bottom-up learning inference process. Unique values for device/network identifiers and addresses as well as other resources are extracted and accounted for. The consistency of devices within the fabric is checked based on the specific policies built into the extensible framework definition. Any inconsistencies found are flagged for user correction or automatically remedied by a network controller. This dynamic configuration pattern recognition ability allows a fabric to grow without being destroyed and re-created, thus new devices with existing configurations may be added and automatically configured to grow a Brownfield fabric.

Abstract: Techniques for a configuration change service to transition a network controller into a frozen state, causing network users submitting configuration changes associated with the network to refrain from deploying the configuration changes for a period of time are disclosed. A first user configured as a stager role may submit data representing a proposed change to the configuration change service, where the proposed change may be stored in association with a list of proposed changes. A second user configured as an approver role may submit data representing an approval or disapproval of the proposed changes to the configuration change service, where a modified list of proposed changes may be generated. A third user configured as an administrator role may submit data configured to transition the controller to an unfrozen state and/or deploy the changes included in the list of proposed changes to the network controller, subsequent to the period of time.