Abstract: In one embodiment, a method by an apparatus of a Border Gateway Protocol (BGP) network includes accessing an attestation token for the apparatus. The method further includes encoding the attestation token in a BGP signaling message. The method further includes sending the BGP signaling message with the encoded attestation token to a second apparatus of the BGP network.

Abstract: A system and method for handling multicast traffic in Ethernet Virtual Private Network multi-homed networks includes receiving a first route table for a first route, determining that the first route table is associated with another peer device in the multi-home network, generating a second route table for a second route, determining a route to transmit data and the determined route is the first route or the second route based on the first preference value and the second preference value, and transmitting the data using the determined route.

Abstract: In one embodiment, a method by an apparatus of a Border Gateway Protocol (BGP) network includes accessing an attestation token for the apparatus. The method further includes encoding the attestation token in a BGP signaling message. The method further includes sending the BGP signaling message with the encoded attestation token to a second apparatus of the BGP network.

Abstract: In one embodiment, a network comprises a first forwarding domain using a first data plane forwarding protocol and a second forwarding domain using a second data plane forwarding protocol different than the first data forwarding plane forwarding protocol. The first forwarding domain includes a first path node and a particular border node. The second forwarding domain includes a second path node and the particular border node. The particular border node performs Segment Routing or other protocol interworking between the different data plane forwarding domains, such as for transporting packets through a different forwarding domain or translating a packet to use a different data forwarding protocol. These forwarding domains typically include Segment Routing (SR) and SR-Multiprotocol Label Switching (SR-MPLS). Paths through the network are determined by a Path Computation Engine and/or based on route advertisements such associated with Binding Segment Identifiers (BSIDs) (e.g.

Abstract: A computer network efficiently provides a multicast network flow to a multicast recipient across a multihomed network element. The multihomed network element includes network devices that receive multicast data from a source of a multicast network flow. Each particular network device that received the multicast data publishes a notification indicating that the multicast network flow is available from the particular network device. The computer network receives a subscription to the multicast network flow from a multicast recipient, and determines whether to bridge the multicast data across the multihomed network element based on a multicast configuration of the computer network. The multihomed network element provides the multicast data to the multicast recipient from at least one of the particular network devices that received the multicast data from the source of the multicast network flow.

Abstract: A computer network efficiently provides a multicast network flow to a multicast recipient across a multihomed network element. The multihomed network element includes network devices that receive multicast data from a source of a multicast network flow. Each particular network device that received the multicast data publishes a notification indicating that the multicast network flow is available from the particular network device. The computer network receives a subscription to the multicast network flow from a multicast recipient, and determines whether to bridge the multicast data across the multihomed network element based on a multicast configuration of the computer network. The multihomed network element provides the multicast data to the multicast recipient from at least one of the particular network devices that received the multicast data from the source of the multicast network flow.

Abstract: Disclosed are systems, apparatuses, methods, and computer-readable media for secure network routing. A method includes: receiving, at a network node, an advertisement message for a network route including an IP address prefix; receiving, at the network node, a route origin authorization associated with the IP address prefix, the route origin authorization including a digital signature and a security requirement of a route to a destination that corresponds to the IP address prefix; determining, by the network node, one or more network nodes satisfies the security requirement to yield a determination; and determining, by the network node, to route network traffic to the IP address prefix based on the determination. In one example, the method can include, when the one or more network nodes satisfies the security requirement, advertising the route to the one or more network nodes that satisfies the security requirement.

Abstract: In one embodiment, method includes receiving, by a first network apparatus, a first multicast message from a second network apparatus. The first multicast message includes attestation-capability information associated with the second network apparatus and an attestation token. The attestation token is for proving that the second network apparatus is in a known safe state. The method also includes determining, by the first network apparatus, that the attestation-capability information satisfies a pre-determined attestation capability requirement and determining, by the first network apparatus, that the attestation token is valid for the second network apparatus at a current time. The method further includes establishing, by the first network apparatus, an adjacency to the second network apparatus.

Abstract: A computer network efficiently provides a multicast network flow to a multicast recipient across a multihomed network element. The multihomed network element includes network devices that receive multicast data from a source of a multicast network flow. Each particular network device that received the multicast data publishes a notification indicating that the multicast network flow is available from the particular network device. The computer network receives a subscription to the multicast network flow from a multicast recipient, and determines whether to bridge the multicast data across the multihomed network element based on a multicast configuration of the computer network. The multihomed network element provides the multicast data to the multicast recipient from at least one of the particular network devices that received the multicast data from the source of the multicast network flow.

Abstract: This disclosure describes techniques for managing path counts at a router. The techniques include monitoring available storage space at a router for storing per prefix routes. In an instance where the available storage space at the router may be inadequate to support continued, stable network operations, the techniques include reducing an amount of per prefix routes that are advertised to the router. The techniques may also include withdrawing previously advertised per prefix routes from the router. As such, path count management concepts may help prevent overload of storage space at a router.

Abstract: In one embodiment, a network comprises a first forwarding domain using a first data plane forwarding protocol and a second forwarding domain using a second data plane forwarding protocol different than the first data forwarding plane forwarding protocol. The first forwarding domain includes a first path node and a particular border node. The second forwarding domain includes a second path node and the particular border node. The particular border node performs Segment Routing or other protocol interworking between the different data plane forwarding domains, such as for transporting packets through a different forwarding domain or translating a packet to use a different data forwarding protocol. These forwarding domains typically include Segment Routing (SR) and SR-Multiprotocol Label Switching (SR-MPLS). Paths through the network are determined by a Path Computation Engine and/or based on route advertisements such associated with Binding Segment Identifiers (BSIDs) (e.g.

Abstract: First and second egress nodes are each multi-homed to a customer edge (CE) that participates in virtual routing and forwarding (VRF). First forwarding information is configured on the first egress node. The first information includes VRF labels and defines forwarding of traffic based on the VRF labels and a status of a primary path to the CE. The VRF labels include a per-VRF label for the VRF and a per-CE label for the CE. Second forwarding information is configured on the second egress node. The second forwarding information includes the per-VRF label and the per-CE label, and defines traffic forwarding based on the VRF labels. Upon receiving traffic for the CE that carries the per-VRF label, the first egress node determines the status of the primary path, and forwards the traffic to either the CE over the primary path or to the second egress node, depending on the status.

Abstract: First and second egress nodes are each multi-homed to a customer edge (CE) that participates in virtual routing and forwarding (VRF). First forwarding information is configured on the first egress node. The first information includes VRF labels and defines forwarding of traffic based on the VRF labels and a status of a primary path to the CE. The VRF labels include a per-VRF label for the VRF and a per-CE label for the CE. Second forwarding information is configured on the second egress node. The second forwarding information includes the per-VRF label and the per-CE label, and defines traffic forwarding based on the VRF labels. Upon receiving traffic for the CE that carries the per-VRF label, the first egress node determines the status of the primary path, and forwards the traffic to either the CE over the primary path or to the second egress node, depending on the status.

Abstract: This disclosure describes techniques for managing path counts at a router. The techniques include monitoring available storage space at a router for storing per prefix routes. In an instance where the available storage space at the router may be inadequate to support continued, stable network operations, the techniques include reducing an amount of per prefix routes that are advertised to the router. The techniques may also include withdrawing previously advertised per prefix routes from the router. As such, path count management concepts may help prevent overload of storage space at a router.

Abstract: In one embodiment, a first computer networking device executes an election algorithm to determine whether at least the first computer networking device or a second computer networking device is responsible for forwarding, to at least one receiving device, communications addressed to a specified group of computing devices. The first computer networking device may further store first data indicating that the first computer networking device is responsible for forwarding the communications. However, in response to the first computer networking device determining that it is no longer receiving the communications, it may store second data indicating that the first computer networking device is no longer responsible for forwarding the communications and may send, to the second computer networking device, third data indicating that the first computer networking device is not receiving the communications.

Abstract: In one embodiment, method includes receiving, by a first network apparatus, a first multicast message from a second network apparatus. The first multicast message includes attestation-capability information associated with the second network apparatus and an attestation token. The attestation token is for proving that the second network apparatus is in a known safe state. The method also includes determining, by the first network apparatus, that the attestation-capability information satisfies a pre-determined attestation capability requirement and determining, by the first network apparatus, that the attestation token is valid for the second network apparatus at a current time. The method further includes establishing, by the first network apparatus, an adjacency to the second network apparatus.

Abstract: In one embodiment, a network comprises a first forwarding domain using a first data plane forwarding protocol and a second forwarding domain using a second data plane forwarding protocol different than the first data forwarding plane forwarding protocol. The first forwarding domain includes a first path node and a particular border node. The second forwarding domain includes a second path node and the particular border node. The particular border node performs Segment Routing or other protocol interworking between the different data plane forwarding domains, such as for transporting packets through a different forwarding domain or translating a packet to use a different data forwarding protocol. These forwarding domains typically include Segment Routing (SR) and SR-Multiprotocol Label Switching (SR-MPLS). Paths through the network are determined by a Path Computation Engine and/or based on route advertisements such associated with Binding Segment Identifiers (BSIDs) (e.g.

Abstract: A computer network efficiently provides a multicast network flow to a multicast recipient across a multihomed network element. The multihomed network element includes network devices that receive multicast data from a source of a multicast network flow. Each particular network device that received the multicast data publishes a notification indicating that the multicast network flow is available from the particular network device. The computer network receives a subscription to the multicast network flow from a multicast recipient, and determines whether to bridge the multicast data across the multihomed network element based on a multicast configuration of the computer network. The multihomed network element provides the multicast data to the multicast recipient from at least one of the particular network devices that received the multicast data from the source of the multicast network flow.

Abstract: Network interworking with no cross-domain state may be provided. First, an edge node may receive a packet from an intermediate node in a first domain. The edge node may be between the first domain and a second domain. Next, the edge node may pop, in response to a first Service Identifier (SID) in the packet, headers corresponding to the first domain from the packet. The edge node may then push, in response to the first SID, a label stack corresponding to the second domain onto the packet. The first SID may include data corresponding to the label stack. Then the edge node may route the packet to the second domain destine to an end node in the second domain.

Abstract: In one embodiment, a first computer networking device executes an election algorithm to determine whether at least the first computer networking device or a second computer networking device is responsible for forwarding, to at least one receiving device, communications addressed to a specified group of computing devices. The first computer networking device may further store first data indicating that the first computer networking device is responsible for forwarding the communications. However, in response to the first computer networking device determining that it is no longer receiving the communications, it may store second data indicating that the first computer networking device is no longer responsible for forwarding the communications and may send, to the second computer networking device, third data indicating that the first computer networking device is not receiving the communications.