Abstract: In general, techniques are described for organizing execution of distributed operating systems for network devices. A device comprising hardware computing nodes may be configured to perform the techniques. The hardware computing nodes may execute a protocol by which to discover a topology of the plurality of hardware computing nodes, and determine, based on the topology, a subset of the plurality of hardware computing nodes to manage execution of a distributed operating system. The determined subset of the plurality of hardware computing nodes may execute a communication bus by which to synchronize operating system state information between the subset of the plurality of hardware computing nodes. The hardware computing nodes may further execute, based on the operating system state information, the distributed operating system to provide an execution environment in which one or more applications execute.

Abstract: In general, techniques are described for organizing execution of distributed operating systems for network devices. A device comprising hardware computing nodes may be configured to perform the techniques. The hardware computing nodes may execute a protocol by which to discover a topology of the plurality of hardware computing nodes, and determine, based on the topology, a subset of the plurality of hardware computing nodes to manage execution of a distributed operating system. The determined subset of the plurality of hardware computing nodes may execute a communication bus by which to synchronize operating system state information between the subset of the plurality of hardware computing nodes. The hardware computing nodes may further execute, based on the operating system state information, the distributed operating system to provide an execution environment in which one or more applications execute.

Abstract: In general, techniques are described for maintaining coherency in distributed operating systems for network devices. A network device comprising hardware computing nodes may be configured to perform the techniques. The hardware computing nodes may execute a distributed operating system. At least one the hardware computing nodes may determine whether one or more of the plurality of hardware computing nodes has failed and is no longer supporting execution of the distributed operating system, and determine whether remaining ones of the plurality of hardware computing nodes exceeds a quorum threshold. The at least one of the hardware computing nodes may further restart, when the remaining ones of the plurality of hardware computing nodes is less than the quorum threshold, the distributed operating system.

Abstract: In general, techniques are described for organizing execution of distributed operating systems for network devices. A device comprising hardware computing nodes may be configured to perform the techniques. The hardware computing nodes may execute a protocol by which to discover a topology of the plurality of hardware computing nodes, and determine, based on the topology, a subset of the plurality of hardware computing nodes to manage execution of a distributed operating system. The determined subset of the plurality of hardware computing nodes may execute a communication bus by which to synchronize operating system state information between the subset of the plurality of hardware computing nodes. The hardware computing nodes may further execute, based on the operating system state information, the distributed operating system to provide an execution environment in which one or more applications execute.

Abstract: In general, techniques are described for communicating state information in distribute operating system. A network device comprises a first hardware node and a second hardware node. The first hardware node may execute a first instance of a distributed operating system, and maintain a first data structure that stores a plurality of objects defining a portion of state information. The second hardware node may execute a second instance of the distributed operating system, and maintain a second data structure that stores synchronized versions of the plurality of objects. The first hardware node may further receive updated state information, update the first data structure to include the updated state information, and synchronize the updated first data structure with the second data structure. The second hardware node may synchronize the second data structure with the updated first data structure.

Abstract: In general, techniques are described for communicating state information in distribute operating system. A network device comprises a first hardware node and a second hardware node. The first hardware node may execute a first instance of a distributed operating system, and maintain a first data structure that stores a plurality of objects defining a portion of state information. The second hardware node may execute a second instance of the distributed operating system, and maintain a second data structure that stores synchronized versions of the plurality of objects. The first hardware node may further receive updated state information, update the first data structure to include the updated state information, and synchronize the updated first data structure with the second data structure. The second hardware node may synchronize the second data structure with the updated first data structure.

Abstract: In general, techniques are described for communicating state information in distribute operating system. A network device comprises a first hardware node and a second hardware node. The first hardware node may execute a first instance of a distributed operating system, and maintain a first data structure that stores a plurality of objects defining a portion of state information. The second hardware node may execute a second instance of the distributed operating system, and maintain a second data structure that stores synchronized versions of the plurality of objects. The first hardware node may further receive updated state information, update the first data structure to include the updated state information, and synchronize the updated first data structure with the second data structure. The second hardware node may synchronize the second data structure with the updated first data structure.

Abstract: In general, techniques are described for dynamically controlling host-bound traffic by dynamically adding and updating, within the forwarding plane of a network device, network packet policers that each constrains, for one or more packet flows, an amount of host-bound traffic of the packet flows permitted to reach the control plane in accordance with available resources. In one example, a control plane of the network device detects internal congestion in the communication path from the forwarding plane to control plane (the “host-bound path”), identifies packet flows utilizing an excessive amount of host-bound path resources, computes limits for the identified packet flows, and adds “penalty-box policers” configured with the computed limits for the identified packet flows to the forwarding plane. The forwarding plane subsequently applies the policers to the identified packet flows to constrain the amount of traffic of the packet flows allowed to reach the control plane to the computed limits.

Abstract: In general, techniques are described for organizing execution of distributed operating systems for network devices. A device comprising hardware computing nodes may be configured to perform the techniques. The hardware computing nodes may execute a protocol by which to discover a topology of the plurality of hardware computing nodes, and determine, based on the topology, a subset of the plurality of hardware computing nodes to manage execution of a distributed operating system. The determined subset of the plurality of hardware computing nodes may execute a communication bus by which to synchronize operating system state information between the subset of the plurality of hardware computing nodes. The hardware computing nodes may further execute, based on the operating system state information, the distributed operating system to provide an execution environment in which one or more applications execute.

Abstract: In general, techniques are described for maintaining coherency in distributed operating systems for network devices. A network device comprising hardware computing nodes may be configured to perform the techniques. The hardware computing nodes may execute a distributed operating system. At least one the hardware computing nodes may determine whether one or more of the plurality of hardware computing nodes has failed and is no longer supporting execution of the distributed operating system, and determine whether remaining ones of the plurality of hardware computing nodes exceeds a quorum threshold. The at least one of the hardware computing nodes may further restart, when the remaining ones of the plurality of hardware computing nodes is less than the quorum threshold, the distributed operating system.

Abstract: In general, techniques are described for communicating state information in distribute operating system. A network device comprises a first hardware node and a second hardware node. The first hardware node may execute a first instance of a distributed operating system, and maintain a first data structure that stores a plurality of objects defining a portion of state information. The second hardware node may execute a second instance of the distributed operating system, and maintain a second data structure that stores synchronized versions of the plurality of objects. The first hardware node may further receive updated state information, update the first data structure to include the updated state information, and synchronize the updated first data structure with the second data structure. The second hardware node may synchronize the second data structure with the updated first data structure.

Abstract: Techniques are described for establishing a second label switched path (LSP) instance of an LSP having a first LSP instance. In one example, for each downstream router designated for the second LSP instance of the LSP, the router determines whether the router is part of the first instance of the LSP and, if so, whether the first and second LSP instances for that downstream router share a common link to a nexthop router. If the first and second LSP instances share a common link to a nexthop router, the downstream router transmits a first message to the nexthop router, wherein the first message includes a suggested label. The downstream router receives, from the nexthop router, a second message, wherein the second message includes the suggested label. In another example, a label reuse indicator flag in a message from the ingress router causes routers on the second LSP instance to reuse the label of the first LSP instance when the same link is used to the upstream router for both LSP instances.

Abstract: In general, techniques are described for dynamically controlling host-bound traffic by dynamically adding and updating, within the forwarding plane of a network device, network packet policers that each constrains, for one or more packet flows, an amount of host-bound traffic of the packet flows permitted to reach the control plane in accordance with available resources. In one example, a control plane of the network device detects internal congestion in the communication path from the forwarding plane to control plane (the “host-bound path”), identifies packet flows utilizing an excessive amount of host-bound path resources, computes limits for the identified packet flows, and adds “penalty-box policers” configured with the computed limits for the identified packet flows to the forwarding plane. The forwarding plane subsequently applies the policers to the identified packet flows to constrain the amount of traffic of the packet flows allowed to reach the control plane to the computed limits.

Abstract: Techniques are described for establishing a second label switched path (LSP) instance of an LSP having a first LSP instance. In one example, for each downstream router designated for the second LSP instance of the LSP, the router determines whether the router is part of the first instance of the LSP and, if so, whether the first and second LSP instances for that downstream router share a common link to a nexthop router. If the first and second LSP instances share a common link to a nexthop router, the downstream router transmits a first message to the nexthop router, wherein the first message includes a suggested label. The downstream router receives, from the nexthop router, a second message, wherein the second message includes the suggested label. In another example, a label reuse indicator flag in a message from the ingress router causes routers on the second LSP instance to reuse the label of the first LSP instance when the same link is used to the upstream router for both LSP instances.

Abstract: A firewall coordinates with devices in a network to create a distributed filtering system. The firewall detects an attack in the network, such as a distributed denial of service attack, and creates attack information defining characteristics of malicious packets used in the attack. The attack information is forwarded to the devices in the network. The devices use the attack information to configure themselves to detect packets having the characteristics of the malicious packets. After configuration, the devices detect and discard malicious packets.

Abstract: In general, techniques are described for selectively invoking graceful restart procedures when a route reflector member of a redundant route cluster fails. In one example, a method is provided that includes determining, by a provider edge router that supports graceful restart procedures, that a first router forms a redundant group with at least a second router. The method also includes detecting a failure of the first router and determining that at least the second router in the redundant group is operating approximately while the first router is failed. The method further includes overriding graceful restart procedures with respect to the failed first router when at least the second router is operating. The method also includes forwarding one or more data packets according to route information provided via the second router.

Abstract: Routers balance network traffic among multiple paths through a network according to an amount of bandwidth that can be sent on an outgoing interface computed for each of the paths. For example, a router receives a link bandwidth for network links that are positioned between the first router and a second router of the network, and selects a plurality of forwarding paths from the first router to the second router. Upon determining that one of the network links is shared by multiple of the plurality of forwarding paths, the router computes a path bandwidth for each of the plurality of forwarding paths so as to account for splitting of link bandwidth of the shared network link across the multiple forwarding paths that share the network link. The router assigns packet flows to the forwarding paths based at least on the computed amount of bandwidth for each of the forwarding paths.

Abstract: In general, techniques are described for selectively invoking graceful restart procedures when a route reflector member of a redundant route cluster fails. In one example, a method is provided that includes determining, by a provider edge router that supports graceful restart procedures, that a first router forms a redundant group with at least a second router. The method also includes detecting a failure of the first router and determining that at least the second router in the redundant group is operating approximately while the first router is failed. The method further includes overriding graceful restart procedures with respect to the failed first router when at least the second router is operating. The method also includes forwarding one or more data packets according to route information provided via the second router.

Abstract: Routers balance network traffic among multiple paths through a network according to an amount of bandwidth that can be sent on an outgoing interface computed for each of the paths. For example, a router receives a link bandwidth for network links that are positioned between the first router and a second router of the network, and selects a plurality of forwarding paths from the first router to the second router. Upon determining that one of the network links is shared by multiple of the plurality of forwarding paths, the router computes a path bandwidth for each of the plurality of forwarding paths so as to account for splitting of link bandwidth of the shared network link across the multiple forwarding paths that share the network link. The router assigns packet flows to the forwarding paths based at least on the computed amount of bandwidth for each of the forwarding paths.

Abstract: A firewall coordinates with devices in a network to create a distributed filtering system. The firewall detects an attack in the network, such as a distributed denial of service attack, and creates attack information defining characteristics of malicious packets used in the attack. The attack information is forwarded to the devices in the network. The devices use the attack information to configure themselves to detect packets having the characteristics of the malicious packets. After configuration, the devices detect and discard malicious packets.