Abstract: Systems, methods, and computer-readable media for designing network performance and configuration include determining one or more use cases for a network to be provisioned, based on at least one or more business verticals related to a customer of the network. A data plane scale is determined from the use cases and an initial data plane scale generated using a linear regression on one or more data plane parameters. The data plane parameters include a platform type, feature set, packet size, or software version of the network. A control plane scale is determined from the use cases and an initial control plane scale generated using a linear regression on one or more control plane parameters of the network. The control plane parameters include a platform type, feature set, or software version of the network. The network is provisioned for the data plane scale and the control plane scale.

Abstract: Systems, methods, and computer-readable media for designing network performance and configuration include determining one or more use cases for a network to be provisioned, based on at least one or more business verticals related to a customer of the network. A data plane scale is determined from the use cases and an initial data plane scale generated using a linear regression on one or more data plane parameters. The data plane parameters include a platform type, feature set, packet size, or software version of the network. A control plane scale is determined from the use cases and an initial control plane scale generated using a linear regression on one or more control plane parameters of the network. The control plane parameters include a platform type, feature set, or software version of the network. The network is provisioned for the data plane scale and the control plane scale.

Abstract: In one embodiment, a device in a serial network determines that a suspicious event has occurred in the network. The suspicious event is identified based on timing information for one or more frames in the serial network. The device assesses whether the suspicious event is malicious by evaluating a sequence of events in the network that precede the suspicious event. The device causes a mitigation action to be performed in the network when the suspicious event is deemed malicious.

Abstract: In one embodiment, a device in a serial network determines that a suspicious event has occurred in the network. The suspicious event is identified based on timing information for one or more frames in the serial network. The device assesses whether the suspicious event is malicious by evaluating a sequence of events in the network that precede the suspicious event. The device causes a mitigation action to be performed in the network when the suspicious event is deemed malicious.

Abstract: An example network device includes a set of interfaces, a control unit, and a forwarding engine. The control unit includes an interface group information repository that stores data defining interface groups. Each interface group includes one or more interfaces. The forwarding engine includes a media access control (MAC) address repository that stores a mapping of a first interface to a source MAC address, and a MAC address management module that determines whether an interface group to which the first interface is assigned is the same interface group as the interface group to which a second interface is assigned. The control unit is configured to receive a layer two (L2) communication via the second interface, wherein the L2 communication includes the source MAC address. The forwarding engine dynamically updates the MAC address repository based on the determination of the MAC address management module.

Abstract: In general, techniques are described for decentralizing handling of subscriber sessions within a gateway device of a mobile network. A mobile network gateway comprises a data plane having a plurality of forwarding components to receive session requests from a mobile service provider network in which the mobile network gateway resides. A control plane comprises a plurality of distributed subscriber management service units coupled by a switch fabric to the data plane. Each of the subscriber management service units serve as anchors for communication sessions for mobile devices that are accessing one or more packet data network by the mobile service provider network. A request delegation module within each of the forwarding components directs the session requests to the subscriber management service units unit to provide management services for the sessions requested by the mobile device.

Abstract: In general, techniques are described for performing scalable layer two (L2) learning in computer networks. A network device that includes interfaces and a control unit may implement these techniques. The control unit stores a L2 learning table having entries that are each associated with a service tag identifying a service virtual local area network. In response to receiving a packet that includes a service tag, the interfaces access the L2 learning table using the service tag to determine whether any of the entries of the L2 learning table are associated with the service tag. When none of the entries are associated with the service tag, the L2 learning module updates the L2 learning table to create a new entry defining an association between the one of the interfaces that received the packet and the service tag.

Abstract: In general, techniques are described for preparing a computer network for planned events. A network device comprising a control unit and an interface implements these techniques. The control unit is configured to be a member a maintenance association that verifies connectivity a single service instance. The interface outputs a maintenance message to an additional network device to verify connectivity between the network device and the additional network device. The control unit receives an indication to initiate a planned event capable of disrupting the maintenance association. Prior to the control unit performing the planned event, the interface generates a modified maintenance message indicating that the planned event will be performed by the network device. The interface then transmits the modified outgoing maintenance message to the additional network device to direct the additional network device to avoid detecting the planned event as a connectivity fault.

Abstract: In general, the invention is directed to techniques for breaking out mobile data traffic from a mobile service provider network to a packet data network. For example, as described herein, a breakout gateway device (BGW) receives a first service request and data traffic for a data session associated with the requested service from a mobile device in a radio access network, wherein the first service request is addressed to a serving node of a mobile core network of the mobile service provider network, and wherein the data traffic is destined for the PDN. A control packet analysis module forwards the first service request from the breakout gateway device to the serving node. A breakout module of the BGW bypasses the serving node by sending the data traffic from the breakout gateway device to the PDN on a data path from the radio access network to the PDN.

Abstract: A network system includes a provider backbone bridged network (PBBN) and a multi-homed provider bridge network (PBN) having an L2 switch that operate as backboned edge bridge (BEBs) to bridge L2 packets between the PBN and the PBBN. The L2 switch executes a PBBN routing instance and a separate PBN routing instance. A plurality of packet-forwarding engine (PFE) of the L2 switch are configured to forward L2 packets between interfaces of the PBN routing instance and the PBBN routing instance. The PFEs store L2 network address tables that specify L2 network addresses reachable by the interfaces. The PFEs of the L2 switch are configured to selectively share L2 network addresses between the L2 network address tables of the PBN routing instance and the L2 network address tables of the PBBN routing instance.

Abstract: In general, techniques are described for enhanced learning in layer two (L2) networks. A first network device of the intermediate network comprising a control unit and an interface may implement these techniques. The control unit executes a loop-prevention protocol (LPP) that determines a bridge identifier associated with a second network device of the intermediate network, where the first and second network devices each couple to a first network. The LPP selects the second network device as a root bridge and detects a topology change that splits the first network into sub-networks. The interface then outputs a message to direct remaining network devices of the intermediate network to clear L2 address information learned when forwarding L2 communications. The message includes the bridge identifier determined by the loop-prevention protocol as the root bridge and directs these remaining network devices to clear only the L2 addresses learned from this bridge identifier.

Abstract: A network system includes a provider backbone bridged network (PBBN) and a multi-homed provider bridge network (PBN) having a plurality of L2 switches that operate as backboned edge bridges (BEBs) to bridges L2 packets between the PBN and the PBBN. A first one of the L2 switches is configured to bridge L2 packets from a first backbone VLAN (B-VLAN) to the PBN when a physical link of the multi-homed PBN is operational. The L2 switch is further configured to shunt the L2 packets from the first backbone VLAN to a second one of the L2 switches operating as a secondary BEB of the multi-homed PBN via a second B-VLAN when the physical link is non-operational.

Abstract: In general, techniques are described for decentralizing handling of subscriber sessions within a gateway device of a mobile network. A mobile network gateway comprises a data plane having a plurality of forwarding components to receive session requests from a mobile service provider network in which the mobile network gateway resides. A control plane comprises a plurality of distributed subscriber management service units coupled by a switch fabric to the data plane. Each of the subscriber management service units serve as anchors for communication sessions for mobile devices that are accessing one or more packet data network by the mobile service provider network. A request delegation module within each of the forwarding components directs the session requests to the subscriber management service units unit to provide management services for the sessions requested by the mobile device.

Abstract: An example network device includes a set of interfaces, a control unit, and a forwarding engine. The control unit includes an interface group information repository that stores data defining interface groups. Each interface group includes one or more interfaces. The forwarding engine includes a media access control (MAC) address repository that stores a mapping of a first interface to a source MAC address, and a MAC address management module that determines whether an interface group to which the first interface is assigned is the same interface group as the interface group to which a second interface is assigned. The control unit is configured to receive a layer two (L2) communication via the second interface, wherein the L2 communication includes the source MAC address. The forwarding engine dynamically updates the MAC address repository based on the determination of the MAC address management module.

Abstract: In general, the invention is directed to techniques for breaking out mobile data traffic from a mobile service provider network to a packet data network. For example, as described herein, a breakout gateway device (BGW) receives a first service request and data traffic for a data session associated with the requested service from a mobile device in a radio access network, wherein the first service request is addressed to a serving node of a mobile core network of the mobile service provider network, and wherein the data traffic is destined for the PDN. A control packet analysis module forwards the first service request from the breakout gateway device to the serving node. A breakout module of the BGW bypasses the serving node by sending the data traffic from the breakout gateway device to the PDN on a data path from the radio access network to the PDN.

Abstract: A derived state value is calculated based on a plurality of component state values. As any of the plurality of component state values changes, the derived state value is recalculated. When sending information about a MAC address or other data between two components, the derived state value is included in the information sent. An object receiving a MAC address or other data from another object checks the validity of the received derived state value to determine whether to accept the new data and flush old data, to accept the new data, or to ignore the new data.

Abstract: Methods, apparatus, and products are disclosed for routing frames in a TRILL network using service VLAN identifiers by: receiving a frame from an ingress bridge node for transmission through the TRILL network to a destination node that connects to the TRILL network through an egress node, the received frame including a customer VLAN identifier, a service VLAN identifier uniquely assigned to the ingress bridge node, and a destination node address for the destination node, the received frame not having mac-in-mac encapsulation; adding, in dependence upon the service VLAN identifier and the destination node address, a TRILL header conforming to the TRILL protocol, the TRILL header including an ingress bridge nickname and an egress bridge nickname; and routing, to the egress bridge node through which the destination node connects to the network, the frame in dependence upon the ingress bridge nickname and the egress bridge nickname.

Abstract: Methods, apparatus, and products are disclosed for routing frames in a TRILL network using service VLAN identifiers by: receiving a frame from an ingress bridge node for transmission through the TRILL network to a destination node that connects to the TRILL network through an egress node, the received frame including a customer VLAN identifier, a service VLAN identifier uniquely assigned to the ingress bridge node, and a destination node address for the destination node, the received frame not having mac-in-mac encapsulation; adding, in dependence upon the service VLAN identifier and the destination node address, a TRILL header conforming to the TRILL protocol, the TRILL header including an ingress bridge nickname and an egress bridge nickname; and routing, to the egress bridge node through which the destination node connects to the network, the frame in dependence upon the ingress bridge nickname and the egress bridge nickname.

Abstract: Compatibility between applications in a network node with a distributed architecture is maintained after application upgrades by associating version compatibility information with interprocess communications (IPC) message structures and then utilizing the version compatibility information to identify IPC message structures that are used for communications between applications. Once the version compatibility information is associated with the IPC message structures, applications are configured to use only those IPC message structures that are compatible with the currently running version.

Abstract: Compatibility between applications in a network node with a distributed architecture is maintained after application upgrades by associating version compatibility information with interprocess communications (IPC) message structures and then utilizing the version compatibility information to identify IPC message structures that are used for communications between applications. Once the version compatibility information is associated with the IPC message structures, applications are configured to use only those IPC message structures that are compatible with the currently running version.