A system and method can support partition-aware routing in a multi-tenant cluster environment. An exemplary method can support one or more tenants within the multi-tenant cluster environment. The method can associate each of the one or more tenants with a partition of a plurality of partitions. The method can then associate each of the plurality of partitions with one or more nodes of a plurality of nodes, each of the plurality of nodes being associated with a leaf switch of a plurality of switches, the plurality of switches comprising a plurality of leaf switches and a plurality of root switches. Finally, the method can generate one or more linear forwarding tables, the one or more linear forwarding tables providing isolation between the plurality of partitions, wherein each of the plurality of nodes is associated with a partitioning order.

Systems, methods, and computer-readable media are provided for enforcing policy for upstream (e.g., traffic from an endpoint to the physical network layer or hardware fabric of a data center) flood traffic (e.g., broadcast, unknown unicast, or multicast traffic) originating from a virtual endpoint via a network fabric. In one embodiment, upstream flood traffic can be transmitted using a special multicast group to which only elements of the data center fabric (e.g., physical switches, routers) are subscribed. That is, upstream flood traffic is assigned to the special multicast group, resulting in unintended endpoints not receiving the flood traffic. However, the hardware fabric receives the flood traffic and will then enforce applicable policies to route the packets to intended endpoints.

In one embodiment, a method includes determining, by a first router, service level agreement (SLA) requirements for an application and generating, by the first router, first SLA characteristics for the first router. The first router is in an active mode within a network. The method also includes comparing, by the first router, the first SLA characteristics for the first router to the SLA requirements and determining, by the first router, second SLA characteristics for a second router. The second router is in a standby mode within the network. The method further includes comparing, by the first router, the second SLA characteristics for the second router to the SLA requirements and determining, by the first router, whether to lower a first hop redundancy protocol (FHRP) priority of the first router.

The method of establishing a multicast data channel in a network virtualization system includes: creating, on a controller, a virtual remote logical interface for an external interface of a remote node; generating, a multicast tree tunnel that uses a core node as a root, and obtaining a multicast protocol packet sent by a device outside the network virtualization system; acquiring, a multicast source address and a multicast group address from the multicast protocol packet, and generating a multicast forwarding table; searching, the multicast forwarding table for an external interface of the core node, searching for an outbound interface of the multicast tree tunnel on the core node according to the multicast tree tunnel, and generating a P2MP PW forwarding table of the core node, and sending the P2MP PW forwarding table of the core node to the core node. The method implements a multicast service in a virtual cluster router.

According to some embodiments, a method performed by a first software defined wide area network (SD-WAN) edge router communicably coupled to a public network comprises: receiving a transport location (TLOC)-extension configuration for a known interface of the first edge router; detecting a second edge router attempting to connect to the known interface of the first edge router; and transmitting, to the second edge router, configuration information for the second edge router so that the second edge router is able to communicate with the public network through a TLOC-extension with the first edge router. In some embodiments, the second edge router receives device configuration information (e.g., PnP, ZTP, etc.) from the public network via the TLOC-extension.

An example network device includes a primary node and a standby node. The primary node engages in a routing session with a peer network device via a connected socket. The standby node includes one or more processors implemented in circuitry and configured to execute a backup replication module to receive, from the primary node, data to be written to a backup socket for the connected socket, and, in response to a switchover, to send a representation of the data to the peer network device via the backup socket.

An example network device includes a primary node and a standby node. The primary node engages in a routing session with a peer network device via a connected socket. The standby node includes one or more processors implemented in circuitry and configured to execute a backup replication module to receive, from the primary node, data to be written to a backup socket for the connected socket, and, in response to a switchover, to send a representation of the data to the peer network device via the backup socket.

A Storage Area Network (SAN) access includes a first aggregated switch device that is coupled to a host device, a Local Area Network (LAN), and a SAN, and a second aggregated switch device that is coupled to the host device, the LAN, and the SAN. The second aggregated switch device is connected to the first aggregated switch device via an Inter-Chassis Link (ICL). The second aggregated switch device detect that the ICL has become unavailable and, in response, prevents Internet Protocol traffic between the host device and the LAN while transmitting storage traffic between the host device and the SAN.

A device receives packets of a traffic flow, and inspects one or more of the packets of the traffic flow. The device determines, based on the inspection of the one or more packets, a service graph of feature peers for the packets of the traffic flow. The feature peers are associated with a network, and the service graph includes an ordered set of the feature peers. The device configures network devices of the network with the service graph, and the network devices forward the packets of the traffic flow to the feature peers based on the service graph and without changing the traffic flow.

Technologies are generally described for systems, devices and methods effective to compare network element instructions and network control instructions. In some examples, first instructions may be identified and may be related to flow of network traffic. The first instructions may be stored in a data structure of a memory of a network element. The network element may generate a first network instruction signature based on the first instructions. A network controller device may identify second instructions. In some examples, the second instructions may be related to control of the network traffic, and may be stored in a memory of the network controller device. The network controller device may generate a second network instruction signature based on the second instructions. The network controller device may compare the first network instruction signature to the second network instruction signature to produce a comparison between the first instructions and the second instructions.