Abstract: In general, this disclosure describes techniques for provisioning virtual private network (VPN) services for cloud native routers using a multi-stage process. In an example, a method comprises deploying, in a first computing device, using a layer 2 bridge domain that includes the first computing device, a containerized routing protocol process; deploying, in the first computing device, using the layer 2 bridge domain, a containerized application; configuring, in the containerized routing protocol process executing on the first computing device, a virtual private network (VPN); and exchanging, by the containerized routing protocol process executing on the first computing device, routing protocol messages with another router to provide virtual connectivity between the containerized application and another application that is external to the first computing device.

Abstract: The disclosure relates to computer networking and, more specifically, to service chaining a containerized network function (CNF) using a containerized router, the CNF and containerized router both deployed to the same server. In an example, a method comprises executing, with a computing device: a containerized network function; a virtual router to implement a data plane for a containerized router; and a containerized routing protocol daemon to implement a control plane for the containerized router, wherein the containerized network function and containerized routing protocol daemon execute on the same computing device, and wherein a first virtual network interface of the computing device enables communications between the containerized network function and the virtual router; and forwarding, by the virtual router, based on a static route, traffic destined for a prefix to the first virtual network interface to send the traffic to the containerized network function.

Abstract: In some examples, a router comprising a control unit comprising a processor, the control unit configured to receive configuration data defining a measurement endpoint for measuring performance of a layer 3 (L3) service and associating the measurement endpoint with a remote measurement endpoint of a remote router. The control unit is further configured to encapsulate, to generate a flow measurement packet, a layer 2 (L2) measurement packet in a layer 4 (L4) header and an L3 header that identify a measurement flow. The control unit is further configured to output the flow measurement packet to the remote router.

Abstract: A method and apparatus for managing packet flow based on content signatures are disclosed. A process of netflow management, in one embodiment, is able to receive a packet flow traveling through a communications network and obtain a signature from the packet flow. Upon retrieving a predefined signature from storage in accordance with the signature, the signature and the predefined signature are compared. A message of unauthorized distribution associated with the packet flow is issued when bit pattern of the signature matches with bit pattern of the predefined signature.

Abstract: A procedure, and an apparatus, system and computer program that operate in accordance with the procedure, for operating a dual homed communications network. In the procedure, a backup aggregation n ode is configured in accordance with a configuration of a primary multi-service router. A failure is detected in a first communication path that includes a primary multi-service router. In response to the detection, a second, backup communication path is activated that includes a backup multi-service router. In response to the activation, a router is negotiated with so that traffic forwarded by the router is provided to the second, backup communication path instead of the first communication path.

Abstract: Procedures, apparatuses, systems, and computer-readable media for operating primary and backup network elements (NEs). The procedure for operating the primary NE includes determining a failure in a primary path in which the primary NE is interposed. A switch-over notification message is provided via an inter-chassis communication link to a backup NE. At least one status synchronization message is communicated with at least one of the backup NE via the inter-chassis communication link and a head-end NE in accordance with a standardized protection switching protocol. The procedure for operating the backup NE includes receiving the switch-over notification message, indicating failure in a primary path, via the inter-chassis communication link. A status synchronization message is provided in accordance with the standardized protection switching protocol to a head-end NE to establish communication with the head-end NE via a secondary path.

Abstract: A network layout between network elements and routers using network redundancy to improve reliability of network communication is disclosed. Upon detecting a link failure associated with a primary link between an access switch and a primary router by the access switch via a connectivity verification protocol, the access switch sends a message to the primary router indicating connection defect via the connectivity verification protocol such as IEEE 802.1ag standard. After enabling protection switching mechanism to activate a secondary link between the access switch and a backup router for network communication, routing data streams are routed between the access switch and the router via the secondary link. In one aspect, the protection switching mechanism is operated in accordance with G.8031 under International Telecommunication Union (“ITU”) standard.

Abstract: A network configuration having multiple network elements and routers using point-to-point network redundancy to improve network reliability and performance is disclosed. A process using point-to-point network redundancy is able to detect a first checking message (“CM”) formatted in a connectivity verification protocol (“CVP”) such as IEEE 802.1ag indicating a primary link failure. The primary link is a connection between a first network element (“NE”) situated in a first network such as Ethernet based LAN network and a second NE situated in a second network such as an IP based MPLS network. Upon sending a second CM indicating the primary link failure to the second NE, a coordinated failover from the primary link to the backup link at both first and second NEs is performed.

Abstract: An apparatus and method for enhancing data integrity during router recovery using dual-homed host configuration are disclosed. A process of routing resumption, in one embodiment, is able to recover or reset a network element (“NE”) such as a primary router from system failure. A first link configured to transmit data packets between the NE and a network device is reestablished. Upon reestablishing a second link configured to transmit data packets between the NE and other NEs, a network discovery process utilizing network reachability protocol is initiated to identify routing paths associated with the NE. A routing table in the NE is updated in accordance with the routing paths. A ready message is issued from the NE to the network device when the routing table is at least partially completed.

Abstract: A network layout between network elements and routers using network redundancy to improve reliability of network communication is disclosed. Upon detecting a link failure associated with a primary link between an access switch and a primary router by the access switch via a connectivity verification protocol, the access switch sends a message to the primary router indicating connection defect via the connectivity verification protocol such as IEEE 802.1ag standard. After enabling protection switching mechanism to activate a secondary link between the access switch and a backup router for network communication, routing data streams are routed between the access switch and the router via the secondary link. In one aspect, the protection switching mechanism is operated in accordance with G.8031 under International Telecommunication Union (“ITU”) standard.

Abstract: A network layout between network elements and routers using network redundancy to improve reliability of network communication is disclosed. Upon detecting a link failure associated with a primary link between an access switch and a primary router by the access switch via a connectivity verification protocol, the access switch sends a message to the primary router indicating connection defect via the connectivity verification protocol such as IEEE 802.1 ag standard. After enabling protection switching mechanism to activate a secondary link between the access switch and a backup router for network communication, routing data streams are routed between the access switch and the router via the secondary link. In one aspect, the protection switching mechanism is operated in accordance with G.8031 under International Telecommunication Union (“ITU”) standard.

Abstract: Procedures, apparatuses, systems, and computer-readable media for operating primary and backup network elements (NEs). The procedure for operating the primary NE includes determining a failure in a primary path in which the primary NE is interposed. A switch-over notification message is provided via an inter-chassis communication link to a backup NE. At least one status synchronization message is communicated with at least one of the backup NE via the inter-chassis communication link and a head-end NE in accordance with a standardized protection switching protocol. The procedure for operating the backup NE includes receiving the switch-over notification message, indicating failure in a primary path, via the inter-chassis communication link. A status synchronization message is provided in accordance with the standardized protection switching protocol to a head-end NE to establish communication with the head-end NE via a secondary path.

Abstract: A procedure, and an apparatus, system and computer program that operate in accordance with the procedure, for operating a dual homed communications network. In the procedure, a backup aggregation n ode is configured in accordance with a configuration of a primary multi-service router. A failure is detected in a first communication path that includes a primary multi-service router. In response to the detection, a second, backup communication path is activated that includes a backup multi-service router. In response to the activation, a router is negotiated with so that traffic forwarded by the router is provided to the second, backup communication path instead of the first communication path.

Abstract: A network layout between network elements and routers using network redundancy to improve reliability of network communication is disclosed. Upon detecting a link failure associated with a primary link between an access switch and a primary router by the access switch via a connectivity verification protocol, the access switch sends a message to the primary router indicating connection defect via the connectivity verification protocol such as IEEE 802.1 ag standard. After enabling protection switching mechanism to activate a secondary link between the access switch and a backup router for network communication, routing data streams are routed between the access switch and the router via the secondary link. In one aspect, the protection switching mechanism is operated in accordance with G.8031 under International Telecommunication Union (“ITU”) standard.

Abstract: An apparatus and method for enhancing data integrity during router recovery using dual-homed host configuration are disclosed. A process of routing resumption, in one embodiment, is able to recover or reset a network element (“NE”) such as a primary router from system failure. A first link configured to transmit data packets between the NE and a network device is reestablished. Upon reestablishing a second link configured to transmit data packets between the NE and other NEs, a network discovery process utilizing network reachability protocol is initiated to identify routing paths associated with the NE. A routing table in the NE is updated in accordance with the routing paths. A ready message is issued from the NE to the network device when the routing table is at least partially completed.

Abstract: An apparatus and method of a network system between a host and a group of routers using virtual router redundancy protocol (“VRRP”) messages and bidirectional forwarding detection (“BFD”) sessions are disclosed. The network system is capable of facilitating a first communication between a host and a master router of multiple VRRP routers and establishing a BFD session between the host and the master router. When the BFD session fails, the priority of the master router is subsequently lowered and a backup router is activated. In one embodiment, the backup router capable of performing functions of the master router becomes a new master until the BFD session resumes.

Abstract: An apparatus and method of a network system between a host and a group of routers using virtual router redundancy protocol (“VRRP”) messages and bidirectional forwarding detection (“BFD”) sessions are disclosed. The network system is capable of facilitating a first communication between a host and a master router of multiple VRRP routers and establishing a BFD session between the host and the master router. When the BFD session fails, the priority of the master router is subsequently lowered and a backup router is activated. In one embodiment, the backup router capable of performing functions of the master router becomes a new master until the BFD session resumes.