Abstract: An ingress network device may receive a core domain network segment identifier associated with a core domain network of the multi-domain network. The ingress network device may receive location data of an egress network device associated with a second leaf domain network of the multi-domain network, wherein the location data may include data identifying the core domain network segment identifier, a second leaf domain network segment identifier associated with the second leaf domain network, and an egress network device segment identifier associated with the egress network device. The ingress network device may store the core domain network segment identifier and the location data, and may utilize the core domain segment identifier and the location data to route traffic to the egress network device.

Abstract: In some implementations, an egress network device of a multiprotocol label switching (MPLS) network may exchange Internet key exchange (IKE) messages with an ingress network device of the MPLS network to establish a security association between the egress network device and the ingress network device. The egress network device may receive an MPLS packet that includes an MPLS header, a secure MPLS data header, and an MPLS payload. The egress network device may process the MPLS header to determine a label associated with a label-switched path (LSP) and a secure function indicator. The egress network device may decrypt, using a secure function identified based on the secure MPLS data header, the MPLS payload to generate a decrypted packet. The egress network device may transmit the decrypted packet towards a destination device.

Abstract: A ring node N belonging to a resilient MPLS ring (RMR) provisions and/or configures clockwise (CW) and anti-clockwise (AC) paths on the RMR by: (a) configuring two ring node segment identifiers (Ring-SIDs) on the ring node, wherein a first of the two Ring-SIDs (CW-Ring-SID) is to reach N in a clockwise direction on the ring and a second of the two Ring-SIDs (AC-Ring-SID) is to reach N in an anti-clockwise direction on the ring, and wherein the CW-Ring-SID and AC-Ring-SID are unique within a source packet routing in networking (SPRING) domain including the ring; (b) generating a message including the ring node's CW-Ring-SID and AC-Ring-SID; and (c) advertising the message, via an interior gateway protocol, for receipt by other ring nodes belonging to the ring such that (1) a clockwise multipoint-to-point path (CWP) is defined such that every other one of the ring nodes belonging to the ring can be an ingress for the CWP and such that only the node is an egress for the CWP, and (2) an anti-clockwise multipoint-

Abstract: A device may receive first topology information from a first network device of a network, and may receive second topology information from a second network device of the network. The device may assign a first BGP-LS identifier to the first network device, and may associate the first topology information with the first BGP-LS identifier. The device may assign a second BGP-LS identifier to the second network device, and may associate the second topology information with the second BGP-LS identifier. The device may store the first topology information, as a first route, based on the first BGP-LS identifier, and may store the second topology information, as a second route, based on the second BGP-LS identifier. The device may select the first route or the second route as a primary route, and may utilize the primary route to control routing of traffic through the network.

Abstract: In some implementations, an ingress network device of a multiprotocol label switching (MPLS) network may receive a packet destined for a destination network device. The ingress network device may determine, based on the packet, a secure function to secure the packet and a label associated with a label-switched path (LSP) from the ingress network device to an egress network device of the MPLS network that is associated with the destination network device. The ingress network device may encrypt, using the secure function, the packet to generate an encrypted packet. The ingress network device may generate an MPLS packet comprising: an MPLS header that includes the label and a secure function indicator, a secure MPLS data header that includes information identifying the secure function, and an MPLS payload that includes the encrypted packet. The ingress network device may forward, based on the label, the MPLS packet.

Abstract: An example network element includes one or more interfaces and a control unit, the control unit includes one or more processors configured to determine an egress network domain identifier (ID) and determine an abstracted interdomain network topology. The one or more processors are also configured to determine one or more interdomain paths from an abstracted ingress domain node to an abstracted egress domain node and determine whether an abstracted domain node is on the one or more interdomain paths. The one or more processors are configured to, based on the abstracted domain node being on the one or more interdomain paths, include one or more resources within a network domain in a filtered traffic engineering database (TED) and compute a path from an ingress node within the ingress network domain to an egress node within the egress network domain based on the filtered TED.

Abstract: In some implementations, an ingress network device of a multiprotocol label switching (MPLS) network may receive a packet destined for a destination network device. The ingress network device may determine, based on the packet, a secure function to secure the packet and a label associated with a label-switched path (LSP) from the ingress network device to an egress network device of the MPLS network that is associated with the destination network device. The ingress network device may encrypt, using the secure function, the packet to generate an encrypted packet. The ingress network device may generate an MPLS packet comprising: an MPLS header that includes the label and a secure function indicator, a secure MPLS data header that includes information identifying the secure function, and an MPLS payload that includes the encrypted packet. The ingress network device may forward, based on the label, the MPLS packet.

Abstract: A disclosed method may include (1) receiving, at a network node within a network, a packet from another network node within the network, (2) identifying, within the packet, a slice label that indicates a network slice that has been logically partitioned on the network, (3) determining a QoS policy that corresponds to the network slice indicated by the slice label, (4) applying the QoS policy to the packet, and then upon applying the QoS policy to the packet, (5) forwarding the packet to an additional network node within the network. Various other apparatuses, systems, and methods are also disclosed.

Abstract: In general, techniques are described for signaling IP path tunnels for traffic engineering using constraints in an IP network. For example, network devices, e.g., routers, of an IP network may compute an IP path using constraint information and establish the IP path using, for example, Resource Reservation Protocol, to signal the IP path without using MPLS. As one example, the egress router generates a path reservation signaling message that includes an egress IP address that is assigned for use by the routers on the IP path to send traffic of the data flow by encapsulating the traffic with the egress IP address and forwarding toward the egress router. As each router in the IP path receives the path reservation signaling message, the router configures a forwarding state to forward traffic encapsulated with the egress IP address to a next hop along the IP path toward the egress router.

Abstract: In general, techniques are described for signaling IP path tunnels for traffic engineering using constraints in an IP network. For example, network devices, e.g., routers, of an IP network may compute an IP path using constraint information and establish the IP path using, for example, Resource Reservation Protocol, to signal the IP path without using MPLS. As one example, the egress router generates a path reservation signaling message that includes an egress IP address that is assigned for use by the routers on the IP path to send traffic of the data flow by encapsulating the traffic with the egress IP address and forwarding toward the egress router. As each router in the IP path receives the path reservation signaling message, the router configures a forwarding state to forward traffic encapsulated with the egress IP address to a next hop along the IP path toward the egress router.

Abstract: A network device may receive an MPLS packet destined for a destination via a label-switched path (LSP), and may determine whether to apply a first special purpose label (SPL) option or a second SPL option for a label stack of the MPLS packet. The network device may apply, when the first SPL option is determined to be applied, one of a first type of the first SPL option for the label stack via a policy data indicator (PDI) and policy data (PD), or a second type of the first SPL option for the label stack via the PDI and the PD. The network device may forward the MPLS packet to a hop of the LSP based on the first type of the first SPL option or the second type of the first SPL option applied to the MPLS packet.

Abstract: An ingress network device may receive a core domain network segment identifier associated with a core domain network of the multi-domain network. The ingress network device may receive location data of an egress network device associated with a second leaf domain network of the multi-domain network, wherein the location data may include data identifying the core domain network segment identifier, a second leaf domain network segment identifier associated with the second leaf domain network, and an egress network device segment identifier associated with the egress network device. The ingress network device may store the core domain network segment identifier and the location data, and may utilize the core domain segment identifier and the location data to route traffic to the egress network device.

Abstract: In general, techniques are described for signaling IP path tunnels for traffic engineering using constraints in an IP network. For example, network devices, e.g., routers, of an IP network may compute an IP path using constraint information and establish the IP path using, for example, Resource Reservation Protocol, to signal the IP path without using MPLS. As one example, the egress router generates a path reservation signaling message that includes an egress IP address that is assigned for use by the routers on the IP path to send traffic of the data flow by encapsulating the traffic with the egress IP address and forwarding toward the egress router. As each router in the IP path receives the path reservation signaling message, the router configures a forwarding state to forward traffic encapsulated with the egress IP address to a next hop along the IP path toward the egress router.

Abstract: In general, techniques are described for signaling IP path tunnels for traffic engineering using constraints in an IP network. For example, network devices, e.g., routers, of an IP network may compute an IP path using constraint information and establish the IP path using, for example, Resource Reservation Protocol, to signal the IP path without using MPLS. As one example, the egress router generates a path reservation signaling message that includes an egress IP address that is assigned for use by the routers on the IP path to send traffic of the data flow by encapsulating the traffic with the egress IP address and forwarding toward the egress router. As each router in the IP path receives the path reservation signaling message, the router configures a forwarding state to forward traffic encapsulated with the egress IP address to a next hop along the IP path toward the egress router.

Abstract: An ingress network device may receive a core domain network segment identifier associated with a core domain network of the multi-domain network. The ingress network device may receive location data of an egress network device associated with a second leaf domain network of the multi-domain network, wherein the location data may include data identifying the core domain network segment identifier, a second leaf domain network segment identifier associated with the second leaf domain network, and an egress network device segment identifier associated with the egress network device. The ingress network device may store the core domain network segment identifier and the location data, and may utilize the core domain segment identifier and the location data to route traffic to the egress network device.

Abstract: In general, techniques are described for signaling IP path tunnels for traffic engineering using constraints in an IP network. For example, network devices, e.g., routers, of an IP network may compute an IP path using constraint information and establish the IP path using, for example, Resource Reservation Protocol, to signal the IP path without using MPLS. As one example, the egress router generates a path reservation signaling message that includes an egress IP address that is assigned for use by the routers on the IP path to send traffic of the data flow by encapsulating the traffic with the egress IP address and forwarding toward the egress router. As each router in the IP path receives the path reservation signaling message, the router configures a forwarding state to forward traffic encapsulated with the egress IP address to a next hop along the IP path toward the egress router.

Abstract: A tactical solution to network congestion is provided by a data forwarding device having (1) a first interface with a first link to a downstream data forwarding device and (2) second interface with a second link to a downstream data forwarding device, and executing a method comprising: (a) configuring the second interface as part of a loop-free alternate (LFA) path to a destination device, wherein the first interface is part of a shortest/preferred path to the destination device; (b) monitoring congestion at the first interface to determine whether or not the congestion exceeds a first threshold; and (c) responsive to a determination that the congestion exceeds the first threshold, forwarding at least some data addressed to the destination device, over the LFA path via the second interface instead of over the shortest/preferred path via the first interface, thereby alleviating congestion at the first interface, and otherwise, responsive to a determination that the congestion does not exceed the first threshol

Abstract: Support is provided for flexible algorithms, used by the border gateway protocol (BGP) route selection process, in the context of segment routing (SR) Prefix segment identifiers (SIDS) advertised using BGP.

Abstract: In some implementations, a network device may identify a segment routing traffic engineering (SR-TE) algorithm supported by the network device. The network device may determine, based on identifying the SR-TE algorithm, an identification value associated with the network device. The network device may generate an advertisement packet that includes the identification value and information identifying the SR-TE algorithm. The network device may send the advertisement packet to another network device to cause the other network device to update a data structure to indicate that the network device supports the SR-TE algorithm and that the network device is associated with the identification value. The other network device may determine, using the SR-TE algorithm, a forwarding path for a data packet that indicates the network device as a hop in the forwarding path.

Abstract: In some implementations, a network device may identify a segment routing traffic engineering (SR-TE) algorithm supported by the network device. The network device may determine, based on identifying the SR-TE algorithm, an identification value associated with the network device. The network device may generate an advertisement packet that includes the identification value and information identifying the SR-TE algorithm. The network device may send the advertisement packet to another network device to cause the other network device to update a data structure to indicate that the network device supports the SR-TE algorithm and that the network device is associated with the identification value. The other network device may determine, using the SR-TE algorithm, a forwarding path for a data packet that indicates the network device as a hop in the forwarding path.