Abstract: A method for servicing network traffic in a wide area network (WAN) comprising a plurality of network devices is provided. The method is executed by a network device among the plurality of network devices and comprises: receiving a request to transmit the network traffic to a destination network device where the request specifies that the network traffic is to be serviced by a network service; determining, based on the request and using a service-aware virtual topology (SAVT) routing table, a path through the WAN for reaching the network service and a service instance identifier (ID) of the network service; configuring the network traffic to include a service bit indicating whether service is to be performed and instructions specifying the path for reaching the network service; and transmitting, after configuring the network traffic, the network traffic toward the destination device through the at least one network service.

Abstract: A validating service of a plurality of services that compose an application receives a security token that identifies an entity that has submitted a transaction to the application, the security token indicating that the entity is authorized to submit the transaction to the application. The validating service obtains a transaction identifier that uniquely identifies the transaction. The validating service sends, to a collector service, the transaction identifier and data derived from the security token that identifies the entity. A downstream service receives input data associated with the transaction, the input data including the transaction identifier. The downstream service accesses an information source to obtain information. The downstream service sends, to the collector service, the transaction identifier and metadata about the information.

Abstract: A method for transmitting network traffic across a wide area network (WAN) from a first site to a second site is provided. The method is executed by a first edge network device at the first site that further includes a second edge network device, and the method includes: receiving the network traffic from a client device at the first site; determining, using ipath characteristics and a classification of the network traffic, that the network traffic should be transmitted by the second edge network device to the second site; forwarding in response to the determination, the network traffic to the second edge network device using a local tunnel over a local area network (LAN) of the first site such that the network traffic is transmitted to the second site by the second edge network device.

Abstract: In general, embodiments relates to a method for creating an on-demand tunnel (ODT) in a network between a first network device and a second network device, the method comprising: storing by the first network device, a a potentially suboptimal path to the second network device, determining that a trigger condition to create the ODT between the first network device and the second network device is satisfied, in response to the determination: transmitting, by the first network device, an ODT signaling packet to the second network device via the potentially suboptimal path, receiving, from the second network device and in response to transmitting the ODT signaling packet, an ODT keepalive by first network device via the ODT, and transmitting, after receiving the ODT keepalive, a second packet to the second network device via the ODT.

Abstract: A method for servicing network traffic in a wide area network (WAN) comprising a plurality of network devices is provided. The method is executed by a network device among the plurality of network devices and comprises: receiving a request to transmit the network traffic to a destination network device where the request specifies that the network traffic is to be serviced by a network service; determining, based on the request and using a service-aware virtual topology (SAVT) routing table, a path through the WAN for reaching the network service and a service instance identifier (ID) of the network service; configuring the network traffic to include a service bit indicating whether service is to be performed and instructions specifying the path for reaching the network service; and transmitting, after configuring the network traffic, the network traffic toward the destination device through the at least one network service.

Abstract: A method for remotely configuring a network device using a user device and a network management service is provided. The user device includes a first communication interface and a second communication interface, and the method includes: initiating, by the user device, a communication channel with the network device using the second communication interface; after the communication channel is established: obtaining, by the user device via the first communication interface, configuration information for the network device from the network management service; and sending, by the user device, the configuration information to the network device via the communication channel. The user device is in communication with the network management service via the first communication interface, and the user device is configured as a pass-through device that relays the configuration information from the network management service to the network device.

Abstract: Packets in a network may be dropped from time to time. Although network devices are able to provide counters specifying the number of dropped packets, these network devices are unable to provide additional context about the dropped packets. However, users of a network wish to know more about dropped packets; such as why the packets were dropped. Therefore, methods for capturing and storing the dropped packets are provided. This way, users can analyze the dropped packets to determine why these packets were dropped.

Abstract: A method for generating an application-aware virtual topology (AAVT) routing table for a network device among network devices connected via a wide area network is provided. The method is executed by a network controller connected to the network and includes: receiving, from the network devices, path information of the network devices; generating, using the path information, an underlay graph specifying a path topology of the network device; generating, based on the path topology specified in the underlay graph, the AAVT routing table for the network device where the AAVT routing table includes a set of paths; and transmitting, in response to generating the AAVT routing table, the AAVT routing table to the network device to cause the network device to program the set of paths.

Abstract: Systems and methods for load balancing in a network are disclosed. An illustrative method includes receiving network telemetry data corresponding to network paths of a plurality of coexisting multipaths, performing an adaptive load balancing process by determining whether a network path from the plurality of coexisting multipaths is an adequate network path based on the network telemetry data, and in response to determining the network path is an adequate network path, selecting the network path for a network flow.

Abstract: Systems and methods for load balancing in a network are disclosed. An illustrative method includes receiving network telemetry data corresponding to network paths of a plurality of coexisting multipaths, performing an adaptive load balancing process by determining whether a network path from the plurality of coexisting multipaths is an adequate network path based on the network telemetry data, and in response to determining the network path is an adequate network path, selecting the network path for a network flow.

Abstract: Systems and methods for a path selection by a network router are disclosed. The router receives a data packet destined to travel a current path, as identified by a packet header, to a destination router. The router determines whether the current path is the best path of a set of network paths for the data packet to travel to reach the destination router based on telemetry characteristics of a set of network paths. The telemetry characteristics include a bandwidth availability estimate that is a function of one or both of a corresponding path throughput and a corresponding path packet loss rate. In response to determining the current path is not the best path, the router chooses a best path based on the telemetry characteristics of the set of paths and replaces the current path with the best path for travel by the data packet to the destination router.

Abstract: A method for transmitting packets in a network is provided. The method includes determining that a first packet will be encrypted prior to transmitting the first packet to a network device. The first packet includes a first source address for the first packet. The method also includes generating a routing value based on the first source address. The routing value allows the network device to determine which of a plurality of processing cores will be used to process the first packet. The method further includes encrypting the first packet to generate an encrypted first packet. The method further includes encapsulating the encrypted first packet within a second packet. A payload of the second packet comprises the encrypted first packet and a packet header of the second packet includes the routing value. The method further includes transmitting the second packet to the network device.

Abstract: A method and apparatus of a device that simulates a plurality of network elements is described. In an exemplary embodiment, the device receives network topology information for the plurality of simulated network elements. The device further instantiates a container for each of the plurality of simulated network elements. The device additionally configures a set of processes for each of the plurality of containers, where each of the set of processes simulates at least one of the plurality of simulated network elements. The plurality of set of processes further implements a network topology represented by the network topology information. The device performs a test of the network topology and saves the results of the test.

Abstract: A method and apparatus of a network element that installs a device driver used to manage hardware of the network element is described. In an exemplary embodiment, the network element detects, with a functionality of a network element operating system, the hardware of a data plane of the network element, where at least one component of the network element operating system is executing in a first container as a first set of processes. The network element further determines a device driver for the hardware and installs the device driver in a kernel of the host operating system. The network element additionally manages the data, with the network element operating system, using the device driver.

Abstract: A method and apparatus of a network element that dynamically establishes a first virtual private network (VPN) tunnel is described. In an exemplary embodiment, the network element detects data destined for a first private subnet. In response to the detecting, the network element determines that a next hop for the data does not have an established VPN tunnel that allows access to the first private subnet. The network element further establishes the VPN tunnel and sends the data using the VPN tunnel.

Abstract: A method and apparatus of a network element that hitlessly upgrades a network element operating system of a network element is described. In an exemplary embodiment, the network element hitlessly upgrades the network element operating system by instantiating a second container and starts a second set of processes using a second image of the network element operating system in the second container. In addition, the network element executes a first image of the network element operating system as a first set of processes in a first container. The network element additionally synchronizes state data between the first set of processes and the second set of processes. Furthermore, the network element sets the second set of processes as managing a plurality of hardware tables, and stops the first set of processes within the first container.

Abstract: A method for transmitting packets in a network is provided. The method includes determining that a first packet will be encrypted prior to transmitting the first packet to a network device. The first packet includes a first source address for the first packet. The method also includes generating a routing value based on the first source address. The routing value allows the network device to determine which of a plurality of processing cores will be used to process the first packet. The method further includes encrypting the first packet to generate an encrypted first packet. The method further includes encapsulating the encrypted first packet within a second packet. A payload of the second packet comprises the encrypted first packet and a packet header of the second packet includes the routing value. The method further includes transmitting the second packet to the network device.

Abstract: A method and apparatus of a network element that processes control plane data in a network element is described. In an exemplary embodiment, the device receives control plane data with a network element operating system, where at least a functionality of the network element operating system is executing in a container of the network element. In addition, the network element includes a data plane with a plurality of hardware tables and the host operating system. Furthermore, the network element processes the control plane data with the network element operating system. The network element additionally updates at least one of the plurality of hardware tables with the process control plane data using the network element operating system.

Abstract: A method and apparatus of a device that simulates a plurality of network elements is described. In an exemplary embodiment, the device receives network topology information for the plurality of simulated network elements. The device further instantiates a container for each of the plurality of simulated network elements. The device additionally configures a set of processes for each of the plurality of containers, where each of the set of processes simulates at least one of the plurality of simulated network elements. The plurality of set of processes further implements a network topology represented by the network topology information. The device performs a test of the network topology and saves the results of the test.

Abstract: A method and apparatus of a network element that installs a device driver used to manage hardware of the network element is described. In an exemplary embodiment, the network element detects, with a functionality of a network element operating system, the hardware of a data plane of the network element, where at least one component of the network element operating system is executing in a first container as a first set of processes. The network element further determines a device driver for the hardware and installs the device driver in a kernel of the host operating system. The network element additionally manages the data, with the network element operating system, using the device driver.