Abstract: A network device may receive policy data identifying a first segment routing (SR) policy and a second SR policy. The first SR policy may be associated with a first path through a network and a first next hop, and the second SR policy may be associated with a second path through the network and a second next hop. The network device may advertise, to another device, reachability associated with the first next hop and the second next hop, and may receive, from the other device, a packet with a header. The network device may determine, from the header, data identifying the first next hop or the second next hop, without performing a lookup, and may cause the packet to be routed to a destination address, via the first path or the second path, based on the policy data associated with the first next hop or the second next hop.

Abstract: A secure IGP topology or other link state topology can be implemented by a network security unit that runs in a centralized environment on servers separate from a network associated with the IGP topology. The network security unit acquires the topology information, such as by participating in IGP or through border gateway protocol with link state (BGP-LS). The network security unit detects possible network problems, such as indicators of potential network attacks. Once an indicator of a potential network attack is detected, the network security unit identifies the node that is compromised. Once the compromised node is identified, the network security unit can report the node for manual or automated intervention. In some aspects, the network security unit can isolate the compromised node by shutting down links connected to the compromised node.

Abstract: A first network device may receive an advertisement that includes a prefix for a second network device, wherein the advertisement is destined for a third network device. The first network device may determine, based on a network topology, whether a next hop is one hop away or multiple hops away. The first network device may selectively modify the advertisement to include a first segment identifier, based on the next hop being one hop away and to generate a first modified advertisement, or may modify the advertisement to include a second segment identifier, based on the next hop being multiple hops away and to generate a second modified advertisement. The first network device may forward the first modified advertisement or the second modified advertisement toward the third network device.

Abstract: A first network device may receive an advertisement that includes a prefix for a second network device, wherein the advertisement is destined for a third network device. The first network device may determine, based on a network topology, whether a next hop is one hop away or multiple hops away. The first network device may selectively modify the advertisement to include a first segment identifier, based on the next hop being one hop away and to generate a first modified advertisement, or may modify the advertisement to include a second segment identifier, based on the next hop being multiple hops away and to generate a second modified advertisement. The first network device may forward the first modified advertisement or the second modified advertisement toward the third network device.

Abstract: A first network device may receive an advertisement that includes a prefix for a second network device, wherein the advertisement is destined for a third network device. The first network device may determine, based on a network topology, whether a next hop is one hop away or multiple hops away. The first network device may selectively modify the advertisement to include a first segment identifier, based on the next hop being one hop away and to generate a first modified advertisement, or may modify the advertisement to include a second segment identifier, based on the next hop being multiple hops away and to generate a second modified advertisement. The first network device may forward the first modified advertisement or the second modified advertisement toward the third network device.

Abstract: A network device may receive policy data identifying a first segment routing (SR) policy and a second SR policy. The first SR policy may be associated with a first path through a network and a first next hop, and the second SR policy may be associated with a second path through the network and a second next hop. The network device may advertise, to another device, reachability associated with the first next hop and the second next hop, and may receive, from the other device, a packet with a header. The network device may determine, from the header, data identifying the first next hop or the second next hop, without performing a lookup, and may cause the packet to be routed to a destination address, via the first path or the second path, based on the policy data associated with the first next hop or the second next hop.

Abstract: A network device may receive policy data identifying a first segment routing (SR) policy and a second SR policy. The first SR policy may be associated with a first path through a network and a first next hop, and the second SR policy may be associated with a second path through the network and a second next hop. The network device may advertise, to another device, reachability associated with the first next hop and the second next hop, and may receive, from the other device, a packet with a header. The network device may determine, from the header, data identifying the first next hop or the second next hop, without performing a lookup, and may cause the packet to be routed to a destination address, via the first path or the second path, based on the policy data associated with the first next hop or the second next hop.

Abstract: Techniques are described for providing end-to-end segment routing paths across metropolitan area networks. For example, a method comprises receiving, by an area border router (ABR) connected to one or more metropolitan area networks and a core network, a packet including a segment routing label stack including at least a label of the ABR, a context label associated with a routing instance of the ABR, and a subsequent label identifying a device in the segment routing path, determining, from a lookup of the context label in the metro routing table, a table next hop to the core routing table (or metro routing table); in response to determining the table next hop, determining, from a lookup of the subsequent label in the core routing table (or metro routing table), a next hop in the segment routing path; and sending, by the ABR, the packet toward the device in the segment routing path.

Abstract: A network device may receive policy data identifying a first segment routing (SR) policy and a second SR policy. The first SR policy may be associated with a first path through a network and a first next hop, and the second SR policy may be associated with a second path through the network and a second next hop. The network device may advertise, to another device, reachability associated with the first next hop and the second next hop, and may receive, from the other device, a packet with a header. The network device may determine, from the header, data identifying the first next hop or the second next hop, without performing a lookup, and may cause the packet to be routed to a destination address, via the first path or the second path, based on the policy data associated with the first next hop or the second next hop.

Abstract: This disclosure describes techniques for using Operations, Administration, and Management (OAM) operations when routing packets using micro SIDs in segment routing. For example, a network device comprises one or more processors configured to: receive a packet; determine whether the packet is encapsulated with one or more micro segment identifiers (SIDs); in response to a determination that the packet is not encapsulated with one or more micro SIDs, determine whether the packet has reached a segment routing tunnel endpoint; and in response to a determination that the packet has reached the segment routing tunnel endpoint, initiate Operations, Administration, and Maintenance (OAM).

Abstract: Techniques are described for providing end-to-end segment routing paths across metropolitan area networks. For example, a method comprises receiving, by an area border router (ABR) connected to one or more metropolitan area networks and a core network, a packet including a segment routing label stack including at least a label of the ABR, a context label associated with a routing instance of the ABR, and a subsequent label identifying a device in the segment routing path, determining, from a lookup of the context label in the metro routing table, a table next hop to the core routing table (or metro routing table); in response to determining the table next hop, determining, from a lookup of the subsequent label in the core routing table (or metro routing table), a next hop in the segment routing path; and sending, by the ABR, the packet toward the device in the segment routing path.

Abstract: In one example, a method includes by a first network device positioned on a border of a first area of a multi-area hierarchical network and a second area of the multi-area hierarchical network, determining a cost associated with sending network traffic from a client group to the first network device, wherein the client group is positioned in the first area, the first area and the second area being distinct routing domains of the multi-area hierarchical network; and outputting, by the first network device to a second network device positioned in the second area, a routing advertisement that specifies the determined cost as a reverse metric. In some examples, a route reflector receives the routing advertisement and based on the cost from the client group to the area border network device, selects an egress point from among a plurality of egress points of the multi-area hierarchical network.

Abstract: A routing device coupled to a remote routing device via a link on which a flood reduction technique is used, such as a demand circuit, is configured to store an indication of a link state of the remote routing device and a first sequence number associated with the link state, receive an indication that the remote routing device is performing a graceful restart, and then receive data indicative of a new link state of the remote routing device and a second sequence number. The routing device determines whether the new link state is different than the stored indication of the link state, and if not, avoids requesting the current link state from the remote routing device. In this manner, the routing device may reduce link-state protocol traffic within an autonomous system including the routing device and the remote routing device.

Abstract: In general, techniques are described for managing routing information in a hub-and-spoke network in a manner that reduces flooding of link information. A hub router of the hub-and-spoke network including a memory and a processor may perform the techniques. The memory may be configured to store a representation of a topology of the hub-and-spoke network. The processor may be configured to utilize a separate instance of a multi-instance version of a link state protocol to communicate with each of a plurality of spoke routers of the hub-and-spoke network. Each separate instance of the multi-instance version of the link state protocol may include the hub router and a different one of the plurality of spoke routers. The processor may process link state advertisements from the separate instances of the multi-instance version of the link state protocol to maintain the representation of the topology of the hub-and-spoke network.

Abstract: A routing device coupled to a remote routing device via a link on which a flood reduction technique is used, such as a demand circuit, is configured to store an indication of a link state of the remote routing device and a first sequence number associated with the link state, receive an indication that the remote routing device is performing a graceful restart, and then receive data indicative of a new link state of the remote routing device and a second sequence number. The routing device determines whether the new link state is different than the stored indication of the link state, and if not, avoids requesting the current link state from the remote routing device. In this manner, the routing device may reduce link-state protocol traffic within an autonomous system including the routing device and the remote routing device.

Abstract: In general, techniques are described for managing routing information in a hub-and-spoke network in a manner that reduces flooding of link information. A hub router of the hub-and-spoke network including a memory and a processor may perform the techniques. The memory may be configured to store a representation of a topology of the hub-and-spoke network. The processor may be configured to utilize a separate instance of a multi-instance version of a link state protocol to communicate with each of a plurality of spoke routers of the hub-and-spoke network. Each separate instance of the multi-instance version of the link state protocol may include the hub router and a different one of the plurality of spoke routers. The processor may process link state advertisements from the separate instances of the multi-instance version of the link state protocol to maintain the representation of the topology of the hub-and-spoke network.