Abstract: A method and apparatus of a network element that manages a network interface controller on a device coupled to a network element is described. In an exemplary embodiment, the network element detects that the network interface controller is manageable, wherein the network interface controller is coupled to the network element by a link. In addition, the network element transmits a command packet to the network interface controller in-band, where the network interface controller determines a response to the command packet using the resources of the network interface controller and without communicating data between the network interface controller and the device. The network element receives the response from the network interface controller.

Abstract: Embodiments disclosed herein relate to method and systems for updating hardware tables. Such methods may include receiving a flexible pipeline definition from a controller at a compiler; generating, by the compiler, a hardware table update initial instruction set; and transmitting the hardware table update initial instruction set to a network device. The network device may use the hardware table initial instruction set to configure the network device to implement the flexible pipeline definition for a network chip.

Abstract: In general, embodiments of the invention relate to processing network traffic data units (NTDUs). More specifically, embodiments of the invention relate to processing NTDUs transmitted between client device and the one or more protected resources. The protected resources are logically surrounded by a perimeter, which is implemented as a set of network devices that manage the flow of NTDUs between client devices and the protected resources. The perimeter works in conjunction with a set of filtering devices to determine whether a given NTDU can ultimately be transmitted to, and processed by, a protected resource.

Abstract: In general, embodiments of the invention relate to processing network traffic data units (NTDUs). More specifically, embodiments of the invention relate to processing NTDUs transmitted between client device and the one or more protected resources. The protected resources are logically surrounded by a perimeter, which is implemented as a set of network devices that manage the flow of NTDUs between client devices and the protected resources. The perimeter works in conjunction with a set of filtering devices to determine whether a given NTDU can ultimately be transmitted to, and processed by, a protected resource.

Abstract: A method and apparatus of a network element that processes data using a data processing pipeline with standby memory is described. In one embodiment, the network element prepares a new image for the data processing pipeline of the network element, where the data processing pipeline processes incoming network data received by the network element and the new image modifies a current set of functionalities of the data processing pipeline. The network element further writes the new image into a standby memory of the data processing pipeline, where the network element includes an active memory that programs the current set of functionalities of the data processing pipeline. In addition, the network element programs the data processing pipeline using the new image. The network element additionally processes the incoming network data received by using the data processing pipeline using modified current set of functionalities.

Abstract: Embodiments disclosed herein relate to method and systems for updating hardware tables. Such methods may include receiving a flexible pipeline definition from a controller at a compiler; generating, by the compiler, a hardware table update initial instruction set; and transmitting the hardware table update initial instruction set to a network device. The network device may use the hardware table initial instruction set to configure the network device to implement the flexible pipeline definition for a network chip.

Abstract: Certain embodiments disclosed herein relate to method for egress maximum transmission unit (MTU) enforcement. The method may include receiving a protocol packet at an ingress interface of a network device; make a first determination of a protocol packet payload length; performing an ingress MTU identifier lookup in an ingress MTU identifier table using the protocol packet payload length to obtain an ingress MTU identifier; performing a packet propagation lookup to obtain an egress MTU identifier; performing an MTU enforcement lookup in an MTU enforcement table using the ingress MTU identifier and the egress MTU identifier to obtain an egress action; and performing the egress action.

Abstract: Certain embodiments disclosed herein relate to method for egress maximum transmission unit (MTU) enforcement. The method may include receiving a protocol packet at an ingress interface of a network device; make a first determination of a protocol packet payload length; performing an ingress MTU identifier lookup in an ingress MTU identifier table using the protocol packet payload length to obtain an ingress MTU identifier; performing a packet propagation lookup to obtain an egress MTU identifier; performing an MTU enforcement lookup in an MTU enforcement table using the ingress MTU identifier and the egress MTU identifier to obtain an egress action; and performing the egress action.

Abstract: A method and apparatus of a device that updates a software image for a network element is described. In an exemplary embodiment, a device receives a signal to update the network element with the new software image, where the network element includes a plurality of hardware forwarding engines and a control plane. The device further boots the control plane with the new software image, where the booting is accomplished without restarting the control plane. In one embodiment, the device boots the control plane by chain booting from a current software image to the new software image. The device additionally restarts and reconfigures the plurality of hardware forwarding engines. In a further embodiment, the device additionally prefills one or more queues in the hardware forwarding engines with keep-alive messages. These keep-alive messages are transmitted during the time that the control plane is being restarted. In a further embodiment, the hardware forwarding engines are reconfigured without restarting them.

Abstract: In some implementations, a method is provided. The method includes receiving, by an agent of a first container of a network device from a second container of the network device, a request for a forwarding engine of the network device to perform an operation. The first container and the second container are located on a control plane of the network device. The first container comprises a set of drivers to support multiple types of forwarding engines. The first container further comprises an operating system. The method also includes providing the request to the operating system. The operating system uses a first driver of the set of drivers to communicate with the forwarding engine. The method further includes performing the operation requested by the second container. The method further includes providing a result of the operation to the second container in response to determining that the result should be provided to the second container.

Abstract: A method and apparatus of a network element that processes data by a network element with a data processing pipeline is described. In an exemplary embodiment, the network element prepares a new image for the data processing pipeline of the network element, where the data processing pipeline processes network data received by the network element and the new image modifies one or more functionalities of the data processing pipeline. In addition, the network element puts the data processing pipeline into a non-forwarding mode. Furthermore, the network element writes the new image into memory of the data processing pipeline. The network element additionally puts the data processing pipeline into a forwarding mode, where the data processing pipeline processes network data received by the network element using the new image.

Abstract: A method and apparatus of a network element that stores a lookup entry in a hardware table of a network element is described. In an exemplary embodiment, the network element receives a notification of a dirty lookup entry to be processed for a hardware table of a network element, where the hardware table includes a plurality of lookup entries. In addition, the network element determines a location for a table modification associated with the dirty lookup entry in the hardware table. Furthermore, the network element performs, with a hardware writer of the network element, the table modification associated with the lookup entry in a non-disruptive manner, where the hardware writer performs the table modification associated with the lookup entry in response to determining that the table modification associated with the lookup entry does not leave one of the plurality of lookup entries inconsistent after the table modification is performed.

Abstract: A method and apparatus of a network element that processes data by a network element with a data processing pipeline is described. In an exemplary embodiment, the network element prepares a new image for the data processing pipeline of the network element, where the data processing pipeline processes network data received by the network element and the new image modifies one or more functionalities of the data processing pipeline. In addition, the network element puts the data processing pipeline into a non-forwarding mode. Furthermore, the network element writes the new image into memory of the data processing pipeline. The network element additionally puts the data processing pipeline into a forwarding mode, where the data processing pipeline processes network data received by the network element using the new image.

Abstract: A method and apparatus of a network element that processes data using a data processing pipeline with standby memory is described. In one embodiment, the network element prepares a new image for the data processing pipeline of the network element, where the data processing pipeline processes incoming network data received by the network element and the new image modifies a current set of functionalities of the data processing pipeline. The network element further writes the new image into a standby memory of the data processing pipeline, where the network element includes an active memory that programs the current set of functionalities of the data processing pipeline. In addition, the network element programs the data processing pipeline using the new image. The network element additionally processes the incoming network data received by using the data processing pipeline using modified current set of functionalities.

Abstract: A method and apparatus of a network element that manages a network interface controller on a device coupled to a network element is described. In an exemplary embodiment, the network element detects that the network interface controller is manageable, wherein the network interface controller is coupled to the network element by a link. In addition, the network element transmits a command packet to the network interface controller in-band, where the network interface controller determines a response to the command packet using the resources of the network interface controller and without communicating data between the network interface controller and the device. The network element receives the response from the network interface controller.

Abstract: A method and apparatus of a network element that stores a lookup entry in a hardware table of a network element is described. In an exemplary embodiment, the network element receives a notification of a dirty lookup entry to be processed for a hardware table of a network element, where the hardware table includes a plurality of lookup entries. In addition, the network element determines a location for a table modification associated with the dirty lookup entry in the hardware table. Furthermore, the network element performs, with a hardware writer of the network element, the table modification associated with the lookup entry in a non-disruptive manner, where the hardware writer performs the table modification associated with the lookup entry in response to determining that the table modification associated with the lookup entry does not leave one of the plurality of lookup entries inconsistent after the table modification is performed.

Abstract: A method and apparatus of a network element that updates an interface list of a multi-link group of a network element is described. In an exemplary embodiment, a network element receives an indication that the interface list for the multi-link group on a network element is to change. In addition, the interface list includes a first set of interfaces. The network element further includes an address table having a plurality of address entries, where each of the plurality of address entries includes an address, a multi-link nexthop, and a tag group reference. The tag group reference references an entry in a tag group table, where a tag group entry includes a tag group identifier and a tag group set of interfaces. The network element further receives a second set of interfaces. The network element additionally updates the interface list for the tag group entry to include a second set of interfaces. Furthermore, the network element transmits data with the multi-link group using the second set of interfaces.

Abstract: A method and apparatus of a device that includes a shared memory hash table that notifies one or more readers of changes to the shared memory hash table is described. In an exemplary embodiment, a device modifies a value in the shared memory hash table, where the value has a corresponding key. The device further stores a notification in a notification queue that indicates the value has changed. In addition, the device invalidates a previous entry in the notification queue that indicates the value has been modified. The device signals to the reader that a notification is ready to be processed.

Abstract: A method and apparatus of a network element that updates an interface list of a multi-link group of a network element is described. In an exemplary embodiment, a network element receives an indication that the interface list for the multi-link group on a network element is to change. In addition, the interface list includes a first set of interfaces. The network element further includes an address table having a plurality of address entries, where each of the plurality of address entries includes an address, a multi-link nexthop, and a tag group reference. The tag group reference references an entry in a tag group table, where a tag group entry includes a tag group identifier and a tag group set of interfaces. The network element further receives a second set of interfaces. The network element additionally updates the interface list for the tag group entry to include a second set of interfaces. Furthermore, the network element transmits data with the multi-link group using the second set of interfaces.

Abstract: A method and apparatus of a device that includes a shared memory hash table that notifies one or more readers of changes to the shared memory hash table is described. In an exemplary embodiment, a device modifies a value in the shared memory hash table, where the value has a corresponding key. The device further stores a notification in a notification queue that indicates the value has changed. In addition, the device invalidates a previous entry in the notification queue that indicates the value has been modified. The device signals to the reader that a notification is ready to be processed.