Abstract: In one embodiment, a device in a network receives update recovery data from a neighbor of the device in the network. The device monitors the neighbor during installation of a software update by the neighbor. The device detects an installation failure of the software update by the neighbor. The device causes recovery of the neighbor using the update recovery data, in response to detecting the installation failure of the software update by the neighbor.

Abstract: In one embodiment, a method includes receiving at a virtual controller operating at a network device, global parameters for a plurality of virtual machines located in a first network site and in communication with a second network site through a switch, converting at the virtual controller, the global parameters into global overlay network parameters, and transmitting the global overlay network parameters to the switch for use in automatically creating a global network overlay. The global overlay network parameters define an end-to-end network extending from the virtual machines in the first network site to a plurality of virtual machines in the second network site. An apparatus and logic are also disclosed herein.

Abstract: A method in an example embodiment includes creating an initial information package for a device attempting to join a network domain of a network environment; communicating the initial information package to a signing authority; sending an authorization token generated by the signing authority to the device, wherein the device validates the authorization token based on a credential in the device; and receiving an audit history report of the device, wherein the audit history report comprises information regarding previous attempts by the device to join the network environment.

Abstract: In one embodiment, a method includes receiving at a virtual controller operating at a network device, global parameters for a plurality of virtual machines located in a first network site and in communication with a second network site through a switch, converting at the virtual controller, the global parameters into global overlay network parameters, and transmitting the global overlay network parameters to the switch for use in automatically creating a global network overlay. The global overlay network parameters define an end-to-end network extending from the virtual machines in the first network site to a plurality of virtual machines in the second network site. An apparatus and logic are also disclosed herein.

Abstract: A method is provided in one example embodiment and includes configuring a local network element as an autonomic registrar for a designated network domain; establishing an autonomic control plane (“ACP”) between the local network element and one or more remote network elements identified by local network element as a remote neighbor; designating a locally-defined subnet at the local network element to be extended to each of the one or more remote network elements; and executing an ACP command at the local network element, wherein the executing triggers a message to each of the one or more remote network elements, the message including information regarding the designated local subnet. The information included in the message is used by each of the remote network elements to auto-resolve its Locator/Identifier Separation Protocol (“LISP”) configuration, enabling the designated local subnet to be extended to each of the one or more remote network elements.

Abstract: In one embodiment, a device in a network receives update recovery data from a neighbor of the device in the network. The device monitors the neighbor during installation of a software update by the neighbor. The device detects an installation failure of the software update by the neighbor. The device causes recovery of the neighbor using the update recovery data, in response to detecting the installation failure of the software update by the neighbor.

Abstract: A method is provided in one example embodiment and includes configuring a local network element as an autonomic registrar for a designated network domain; establishing an autonomic control plane (“ACP”) between the local network element and one or more remote network elements identified by local network element as a remote neighbor; designating a locally-defined subnet at the local network element to be extended to each of the one or more remote network elements; and executing an ACP command at the local network element, wherein the executing triggers a message to each of the one or more remote network elements, the message including information regarding the designated local subnet. The information included in the message is used by each of the remote network elements to auto-resolve its Locator/Identifier Separation Protocol (“LISP”) configuration, enabling the designated local subnet to be extended to each of the one or more remote network elements.

Abstract: A method in an example embodiment includes creating an initial information package for a device attempting to join a network domain of a network environment; communicating the initial information package to a signing authority; sending an authorization token generated by the signing authority to the device, wherein the device validates the authorization token based on a credential in the device; and receiving an audit history report of the device, wherein the audit history report comprises information regarding previous attempts by the device to join the network environment.

Abstract: A method in an example embodiment includes creating an initial information package for a device in a domain of a network environment when the device is unconfigured. The method further includes communicating the initial information package to a signing authority, receiving an authorization token from the signing authority, and sending the authorization token to the unconfigured device, where the unconfigured device validates the authorization token based on a credential in the unconfigured device. In more specific embodiments, the initial information package includes a unique device identifier of the unconfigured device and a domain identifier of the domain. In further embodiments, the signing authority creates the authorization token by applying an authorization signature to the unique device identifier and the domain identifier. In other embodiments, the method includes receiving an audit history report of the unconfigured device and applying a policy to the device based on the audit history report.

Abstract: A computer system includes functionality enabling a provider edge router to determine whether network data such as VRF information is properly associated with a corresponding virtual private network. A first node through which the network data is transmitted generates a signature value uniquely associated with the virtual private network. The first node forwards the signature value along with the network data to a second node of the physical network. The second node, in turn, verifies that the network data (such as VRF information) is properly associated with the second node (and virtual network) based on its own generation of a signature value, which is compared with the signature value received from the first node.

Abstract: In one embodiment, accessing a device name, which includes a hostname and a domain name, of a network device; applying a hash function to the domain name to obtain 40 bits as a Global ID of an Internet Protocol version 6 (IPv6) unique local address (ULA); and encoding the hostname to obtain 80 bits as a Subnet ID and an Interface ID of the IPv6 ULA.

Abstract: A method in an example embodiment includes creating an initial information package for a device in a domain of a network environment when the device is unconfigured. The method further includes communicating the initial information package to a signing authority, receiving an authorization token from the signing authority, and sending the authorization token to the unconfigured device, where the unconfigured device validates the authorization token based on a credential in the unconfigured device. In more specific embodiments, the initial information package includes a unique device identifier of the unconfigured device and a domain identifier of the domain. In further embodiments, the signing authority creates the authorization token by applying an authorization signature to the unique device identifier and the domain identifier. In other embodiments, the method includes receiving an audit history report of the unconfigured device and applying a policy to the device based on the audit history report.

Abstract: In one embodiment, accessing a device name, which includes a hostname and a domain name, of a network device; applying a hash function to the domain name to obtain 40 bits as a Global ID of an Internet Protocol version 6 (IPv6) unique local address (ULA); and encoding the hostname to obtain 80 bits as a Subnet ID and an Interface ID of the IPv6 ULA.

Abstract: A computer system includes functionality enabling a provider edge router to determine whether network data such as VRF information is properly associated with a corresponding virtual private network. A first node through which the network data is transmitted generates a signature value uniquely associated with the virtual private network. The first node forwards the signature value along with the network data to a second node of the physical network. The second node, in turn, verifies that the network data (such as VRF information) is properly associated with the second node (and virtual network) based on its own generation of a signature value, which is compared with the signature value received from the first node.