Abstract: A method is performed by a first provider edge (PE) of a redundancy group including provider edges configured with an Ethernet virtual private network (EVPN) segment identifier (EVI) and an Ethernet segment identifier (ESI) and that are multi-homed to a customer edge (CE). The method includes, upon receiving from the CE a join request including a group address for a multicast stream, electing a designated forwarder (DF) for the multicast stream. The electing includes: computing for each PE a respective affinity for the DF as a function of a respective address of the PE, the EVI, and the group address; and determining which PE has a largest affinity. The method further includes, if the first PE has the largest affinity or does not have the largest affinity, configuring the first PE as the designated forwarder or not configuring the first PE as the designated forwarder for the multicast stream, respectively.

Abstract: A pseudo-active/active firewall configuration handles firewall switchover events without traffic disruption. A passive firewall is set to an active state, and an active firewall is switched to a pseudo-active state wherein it continues to process ingress and egress traffic according to traffic handling protocols for its active state. An Internet protocol address binding linking the now pseudo-active firewall to an Internet gateway that forwards traffic to the firewalls is updated in a network address translation (NAT) table to route traffic to the newly active firewall. Once a pseudo-active timer expires and the binding is successfully updated to route traffic to the newly active firewall, the pseudo-active firewall is set to a passive state.

Abstract: A pseudo-active/active firewall configuration handles firewall switchover events without traffic disruption. A passive firewall is set to an active state, and an active firewall is switched to a pseudo-active state wherein it continues to process ingress and egress traffic according to traffic handling protocols for its active state. An Internet protocol address binding linking the now pseudo-active firewall to an Internet gateway that forwards traffic to the firewalls is updated in a network address translation (NAT) table to route traffic to the newly active firewall. Once a pseudo-active timer expires and the binding is successfully updated to route traffic to the newly active firewall, the pseudo-active firewall is set to a passive state.

Abstract: A pseudo-active/active firewall configuration handles firewall switchover events with minimized session disconnection. A passive firewall is set to an active state, and an active firewall is switched to a pseudo-active state wherein it continues to process ingress and egress traffic according to traffic handling protocols for its active state. During updating of a corresponding Network Address Translation (NAT) table to route traffic to the now-active firewall, the pseudo-active firewall enters a forwarding state wherein it forwards ingress network sessions to the now-active firewall and processes the ingress network sessions according to its active state. The now-active firewall receives the ingress network sessions and records session states prior to discarding them. After updating the NAT table, when traffic is routed to the now-active firewall, the recorded session states are used to maintain active sessions.

Abstract: This disclosure describes techniques to compile source code corresponding to a portion of a software program. The techniques include generating first object code by processing the source code. Based at least in part on processing the source code, generating second object code, wherein the second object code, when executed by one or more processors, causes the one or more processors to perform an operation unconditionally bound to a unique identifier of the operation. The described techniques further include generating an indication of a mapping of the unique identifier to the portion of the software program.

Abstract: A method is performed by a first provider edge (PE) of a redundancy group including provider edges configured with an Ethernet virtual private network (EVPN) segment identifier (EVI) and an Ethernet segment identifier (ESI) and that are multi-homed to a customer edge (CE). The method includes, upon receiving from the CE a join request including a group address for a multicast stream, electing a designated forwarder (DF) for the multicast stream. The electing includes: computing for each PE a respective affinity for the DF as a function of a respective address of the PE, the EVI, and the group address; and determining which PE has a largest affinity. The method further includes, if the first PE has the largest affinity or does not have the largest affinity, configuring the first PE as the designated forwarder or not configuring the first PE as the designated forwarder for the multicast stream, respectively.

Abstract: Techniques for routing traffic across different virtual local area networks (VLANs) within a single bridge domain are described. One technique includes receiving at a first network device a packet from a second network device on a first interface of multiple interfaces within a bridge domain at the first network device. Attachment circuit information associated with the packet is determined. An information element that includes an indication of the attachment circuit information is generated. The information element is transmitted to the third network device.

Abstract: A method is performed by a first provider edge (PE) of a redundancy group including provider edges configured with an Ethernet virtual private network (EVPN) segment identifier (EVI) and an Ethernet segment identifier (ESI) and that are multi-homed to a customer edge (CE). The method includes, upon receiving from the CE a join request including a group address for a multicast stream, electing a designated forwarder (DF) for the multicast stream. The electing includes: computing for each PE a respective affinity for the DF as a function of a respective address of the PE, the EVI, and the group address; and determining which PE has a largest affinity. The method further includes, if the first PE has the largest affinity or does not have the largest affinity, configuring the first PE as the designated forwarder or not configuring the first PE as the designated forwarder for the multicast stream, respectively.

Abstract: Techniques are described for avoiding traffic black-holing in a multi-homed Ethernet virtual private networks (EVPNs) in which a customer device (CE) is multi-homed to a plurality of multi-homing provider edge devices (PEs) via respective links of an Ethernet segment. An overlay network is created over the Ethernet segment, and the multi-homing PEs of the EVPN are configured with a common anycast IP address for respective virtual network interfaces. Upon election as active designated forwarder (DF) for the EVPN, the DF PE of the multi-homing PEs advertises toward the customer network an IGP metric for the anycast IP address that is lower than the IGP metric(s) advertised by any of the non-DF standby PE routers segment to direct the CE to forward network packets from the customer network to the DF PE over the respective link of the Ethernet segment.

Abstract: Techniques for routing traffic across different virtual local area networks (VLANs) within a single bridge domain are described. One technique includes receiving at a first network device a packet from a second network device on a first interface of multiple interfaces within a bridge domain at the first network device. Attachment circuit information associated with the packet is determined. An information element that includes an indication of the attachment circuit information is generated. The information element is transmitted to the third network device.

Abstract: A method and network device to execute an Ethernet Virtual Private Network (EVPN) protocol to configure the network device to participate as one of a plurality of customer edge (CE) routers that provide an active-active configuration for an Ethernet segment coupling the CE routers to a plurality of provider edge (PE) routers, wherein the processor is configured to determine whether a packet that is to be forwarded is an operations, administration, and management (OAM) packet; in response to determining that the packet comprises an OAM packet, replicate the OAM packet for one or more interface links of an Ethernet segment associated with the CE router; configure forwarding instructions to the one or more interface links of the Ethernet segment associated with the CE router; and forward the OAM packet and the replicated OAM packets to the PE routers.

Abstract: Techniques are described for avoiding traffic black-holing in a multi-homed Ethernet virtual private networks (EVPNs) in which a customer device (CE) is multi-homed to a plurality of multi-homing provider edge devices (PEs) via respective links of an Ethernet segment. An overlay network is created over the Ethernet segment, and the multi-homing PEs of the EVPN are configured with a common anycast IP address for respective virtual network interfaces. Upon election as active designated forwarder (DF) for the EVPN, the DF PE of the multi-homing PEs advertises toward the customer network an IGP metric for the anycast IP address that is lower than the IGP metric(s) advertised by any of the non-DF standby PE routers segment to direct the CE to forward network packets from the customer network to the DF PE over the respective link of the Ethernet segment.

Abstract: A method is performed by a first provider edge (PE) of a redundancy group including provider edges configured with an Ethernet virtual private network (EVPN) segment identifier (EVI) and an Ethernet segment identifier (ESI) and that are multi-homed to a customer edge (CE). The method includes, upon receiving from the CE a join request including a group address for a multicast stream, electing a designated forwarder (DF) for the multicast stream. The electing includes: computing for each PE a respective affinity for the DF as a function of a respective address of the PE, the EVI, and the group address; and determining which PE has a largest affinity. The method further includes, if the first PE has the largest affinity or does not have the largest affinity, configuring the first PE as the designated forwarder or not configuring the first PE as the designated forwarder for the multicast stream, respectively.

Abstract: A method is performed by a first provider edge (PE) of a redundancy group including provider edges configured with an Ethernet virtual private network (EVPN) segment identifier (EVI) and an Ethernet segment identifier (ESI) and that are multi-homed to a customer edge (CE). The method includes, upon receiving from the CE a join request including a group address for a multicast stream, electing a designated forwarder (DF) for the multicast stream. The electing includes: computing for each PE a respective affinity for the DF as a function of a respective address of the PE, the EVI, and the group address; and determining which PE has a largest affinity. The method further includes, if the first PE has the largest affinity or does not have the largest affinity, configuring the first PE as the designated forwarder or not configuring the first PE as the designated forwarder for the multicast stream, respectively.

Abstract: Techniques are described for avoiding traffic black-holing in a multi-homed Ethernet virtual private networks (EVPNs) in which a customer device (CE) is multi-homed to a plurality of multi-homing provider edge devices (PEs) via respective links of an Ethernet segment. An overlay network is created over the Ethernet segment, and the multi-homing PEs of the EVPN are configured with a common anycast IP address for respective virtual network interfaces. Upon election as active designated forwarder (DF) for the EVPN, the DF PE of the multi-homing PEs advertises toward the customer network an IGP metric for the anycast IP address that is lower than the IGP metric(s) advertised by any of the non-DF standby PE routers segment to direct the CE to forward network packets from the customer network to the DF PE over the respective link of the Ethernet segment.

Abstract: In general, techniques are described for reducing forwarding loops for layer (L2) traffic that traverses an EVPN or PBB-EVPN instance (EVI) by deterministically determining an access-facing logical interface to block from respective access-facing logical interfaces of PE devices that switch the L2 traffic using the EVI. A provider edge (PE) network device may detect an L2 forwarding loop on an L2 forwarding path that includes the access-facing logical interface. In response to detecting an L2 forwarding loop and based at least on comparing an identifier for the local PE device and an identifier for a remote PE device that implements the EVPN instance, the PE device may block the access-facing logical interface to block L2 traffic from the local customer network.

Abstract: A method and network device to execute an Ethernet Virtual Private Network (EVPN) protocol to configure the network device to participate as one of a plurality of customer edge (CE) routers that provide an active-active configuration for an Ethernet segment coupling the CE routers to a plurality of provider edge (PE) routers, wherein the processor is configured to determine whether a packet that is to be forwarded is an operations, administration, and management (OAM) packet; in response to determining that the packet comprises an OAM packet, replicate the OAM packet for one or more interface links of an Ethernet segment associated with the CE router; configure forwarding instructions to the one or more interface links of the Ethernet segment associated with the CE router; and forward the OAM packet and the replicated OAM packets to the PE routers.

Abstract: A method is performed by a first provider edge (PE) of a redundancy group including provider edges configured with an Ethernet virtual private network (EVPN) segment identifier (EVI) and an Ethernet segment identifier (ESI) and that are multi-homed to a customer edge (CE). The method includes, upon receiving from the CE a join request including a group address for a multicast stream, electing a designated forwarder (DF) for the multicast stream. The electing includes: computing for each PE a respective affinity for the DF as a function of a respective address of the PE, the EVI, and the group address; and determining which PE has a largest affinity. The method further includes, if the first PE has the largest affinity or does not have the largest affinity, configuring the first PE as the designated forwarder or not configuring the first PE as the designated forwarder for the multicast stream, respectively.

Abstract: A method and network device to execute an Ethernet Virtual Private Network (EVPN) protocol to configure the network device to participate as one of a plurality of customer edge (CE) routers that provide an active-active configuration for an Ethernet segment coupling the CE routers to a plurality of provider edge (PE) routers, wherein the processor is configured to determine whether a packet that is to be forwarded is an operations, administration, and management (OAM) packet; in response to determining that the packet comprises an OAM packet, replicate the OAM packet for one or more interface links of an Ethernet segment associated with the CE router; configure forwarding instructions to the one or more interface links of the Ethernet segment associated with the CE router; and forward the OAM packet and the replicated OAM packets to the PE routers.

Abstract: Techniques are described to provide split-horizon packet forwarding so as to ensure that packets from the customer network that are injected into the provider backbone bridging Ethernet Virtual Private Network (PBB-EVPN) by one of the provider edge (PE) devices of the multi-homed Ethernet segment are not forwarded back toward the customer network by a different PE device connected to the same multi-homed Ethernet segment. For example, a method may comprise receiving a packet via a core-facing interface of a first PE device, determining the Ethernet segment associated with the PE devices by a lookup operation based on keys of the packet; in response to determining the Ethernet segment, supplanting the core-facing interface of the first PE device with a virtual interface associated with the keys, and forwarding the packet to a second CE device without forwarding the received packet back to the Ethernet segment associated with the first PE device.