Abstract: In one example, a network management system discovers a plurality of network devices behind a network address translation device, such as a firewall. The network management system may receive a model of a seed network device, generate a first activation configuration and commit the first activation configuration on the seed network device. The network management system may connect to the seed network device and discover neighboring devices from information in the seed network device. The network management system may connect to the neighboring devices, automatically create a model of the neighboring network devices, generate s activation configurations for the neighboring network devices and commit the activation configurations on the neighboring network devices. The network management system may iterative perform these steps until it discovers all the discoverable network devices behind the network address translation device.

Abstract: A network management system may discover a plurality of network devices behind a network address translation device, such as a firewall. The network management system may receive a model of N network devices, generate a bulk activation configuration for the N network devices and commit the bulk activation configuration on a seed network device. The network management system may receive a request for a first connection from a first neighboring network device and may connect to the first neighboring network device. The first neighboring network device may have received the bulk activation configuration from the seed device. The network management system may determine whether the first neighboring network device is one of the N network devices and commit a second activation configuration on the first neighboring network device if it is one of the N network devices. A plurality of neighboring network device may be configured in this fashion.

Abstract: An example method includes receiving, by a control system for a software upgrade image, respective characterization data for network devices of a network; generating, by the control system and based on the characterization data for the network devices, an image map that indicates, for each portion of a plurality of different portions of the software upgrade image, an image proxy network device selected by the control system from among the network devices to store the portion based on the characterization data; and outputting, by the control system, the image map to a network device of the network devices to cause the network device to obtain each portion of the plurality of different portions of the software upgrade image from the corresponding image proxy network device selected by the control system to store the portion.

Abstract: In one example, a network management system discovers a plurality of network devices behind a network address translation device, such as a firewall. The network management system may receive a model of a seed network device, generate a first activation configuration and commit the first activation configuration on the seed network device. The network management system may connect to the seed network device and discover neighboring devices from information in the seed network device. The network management system may connect to the neighboring devices, automatically create a model of the neighboring network devices, generate s activation configurations for the neighboring network devices and commit the activation configurations on the neighboring network devices. The network management system may iterative perform these steps until it discovers all the discoverable network devices behind the network address translation device.

Abstract: A controller device manages a plurality of network devices. The controller device includes one or more processing units implemented in circuitry and configured to maintain a graph data structure representing device level configuration schemas for the plurality of network devices, the graph data structure including trie nodes for every first device level configuration schema element for a first model of a version of network device of the plurality of network devices; obtain corresponding second device level configuration schema elements based on a path for a second model of the version of the network device; determine a deviation between the second device level configuration schema element and the first device level configuration schema; and update the trie node to add a branch to a node representing the second device level configuration schema element.

Abstract: In one example, a network management system discovers a plurality of network devices behind a network address translation device, such as a firewall. The network management system may receive a model of a seed network device, generate a first activation configuration and commit the first activation configuration on the seed network device. The network management system may connect to the seed network device and discover neighboring devices from information in the seed network device. The network management system may connect to the neighboring devices, automatically create a model of the neighboring network devices, generate s activation configurations for the neighboring network devices and commit the activation configurations on the neighboring network devices. The network management system may iterative perform these steps until it discovers all the discoverable network devices behind the network address translation device.

Abstract: An example controller device that manages a plurality of network devices includes one or more processing units implemented in circuitry and configured to: obtain device-level configuration information from a network device of the plurality of network devices at a first time; determine one or more out-of-band (OOB) configuration changes between the device-level configuration information from the network device and previous device-level intent configuration information compiled from one or more intents maintained by the controller device to manage the plurality of network devices; and store the one or more OOB configuration changes associated with the network device in incremental deltas.

Abstract: Scalable, robust cloud-based network management systems (NMSs) are described. In one, an NMS includes a set of NMS applications, a pool of device communication managers (DCMs), and a pool of device operations managers (DOMs). Each of the DCMs and DOMs executed by the processors as software containers. The NMS includes an API gateway configured to route remote procedure calls (RPCs) from the DCMs to the DOMs via the APIs exposed by the DOMs and according to device identifiers of the managed elements. The DOMs are configured to establish a set of persistent application-layer communication sessions from the DOMs to the DCMs and to direct communications from the NMS applications to the DCMs over the persistent application-layer communication sessions according to a mapping between device identifiers associated with the managed elements and network addresses associated with the DCMs.

Abstract: Scalable, robust cloud-based network management systems (NMSs) are described. In one, an NMS includes a set of NMS applications, a pool of device communication managers (DCMs), and a pool of device operations managers (DOMs). Each of the DCMs and DOMs executed by the processors as software containers. The NMS includes an API gateway configured to route remote procedure calls (RPCs) from the DCMs to the DOMs via the APIs exposed by the DOMs and according to device identifiers of the managed elements. The DOMs are configured to establish a set of persistent application-layer communication sessions from the DOMs to the DCMs and to direct communications from the NMS applications to the DCMs over the persistent application-layer communication sessions according to a mapping between device identifiers associated with the managed elements and network addresses associated with the DCMs.

Abstract: In one example, a network management system discovers a plurality of network devices behind a network address translation device, such as a firewall. The network management system may receive a model of a seed network device, generate a first activation configuration and commit the first activation configuration on the seed network device. The network management system may connect to the seed network device and discover neighboring devices from information in the seed network device. The network management system may connect to the neighboring devices, automatically create a model of the neighboring network devices, generate s activation configurations for the neighboring network devices and commit the activation configurations on the neighboring network devices. The network management system may iterative perform these steps until it discovers all the discoverable network devices behind the network address translation device.

Abstract: A network management system may discover a plurality of network devices behind a network address translation device, such as a firewall. The network management system may receive a model of N network devices, generate a bulk activation configuration for the N network devices and commit the bulk activation configuration on a seed network device. The network management system may receive a request for a first connection from a first neighboring network device and may connect to the first neighboring network device. The first neighboring network device may have received the bulk activation configuration from the seed device. The network management system may determine whether the first neighboring network device is one of the N network devices and commit a second activation configuration on the first neighboring network device if it is one of the N network devices. A plurality of neighboring network device may be configured in this fashion.

Abstract: An example controller device that manages a plurality of network devices includes one or more processing units implemented in circuitry and configured to: obtain device-level configuration information from a network device of the plurality of network devices at a first time; determine one or more out-of-band (OOB) configuration changes between the device-level configuration information from the network device and previous device-level intent configuration information compiled from one or more intents maintained by the controller device to manage the plurality of network devices; and store the one or more OOB configuration changes associated with the network device in incremental deltas.

Abstract: A controller device manages a plurality of network devices. The controller device is configured to receive, for a data structure, a configlet specifying a set of configuration changes to be applied to a resource of a plurality of resources of the plurality of network devices. A low level configuration for each respective owned resource of a set of owned resources of the plurality of resources includes a pointer indicating an owner for the respective owned resources. The one or more processing units are further configured to determine the set of configuration changes does not conflict in response to determining the low level configuration for the resource does not include a pointer indicating the owner for the resource is not the configlet and apply the set of configuration changes to the resource in response to determining the set of configuration changes does not conflict with the set of owned resources.

Abstract: A controller device manages a plurality of network devices. The controller device includes one or more processing units implemented in circuitry and configured to maintain a graph data structure representing device level configuration schemas for the plurality of network devices, the graph data structure including trie nodes for every first device level configuration schema element for a first model of a version of network device of the plurality of network devices; obtain corresponding second device level configuration schema elements based on a path for a second model of the version of the network device; determine a deviation between the second device level configuration schema element and the first device level configuration schema; and update the trie node to add a branch to a node representing the second device level configuration schema element.

Abstract: A controller device manages a plurality of network devices. The controller device is configured to receive, for a data structure, a configlet specifying a set of configuration changes to be applied to a resource of a plurality of resources of the plurality of network devices. A low level configuration for each respective owned resource of a set of owned resources of the plurality of resources includes a pointer indicating an owner for the respective owned resources. The one or more processing units are further configured to determine the set of configuration changes does not conflict in response to determining the low level configuration for the resource does not include a pointer indicating the owner for the resource is not the configlet and apply the set of configuration changes to the resource in response to determining the set of configuration changes does not conflict with the set of owned resources.

Abstract: A device stores time series data, based on time stamps, in a compact prefix tree, and receives new time series data to be added to the compact prefix tree. The device determines whether the new time series data is different than previously stored time series data in the compact prefix tree. The device selectively stores the new time series data in the compact prefix tree by storing the new time series data in the compact prefix tree when the new time series data is different than the previously stored time series data in the compact prefix tree, and updates a last time stamp for one of the previously stored time series data, based on the new time series data, when the new time series data is not different than the one of the previously stored time series data.