Systems and methods provide for synergistic domain name system DNS security updates for an enterprise network operating under a Software Defined Wide Area Network (SD-WAN). A system may be configured to collect positive and/or negative unified threat defense (UTD) results, deploy a rules-based model that, when a threat or clearance is detected across several SD-WAN edge network devices, triggers an update to a local security blacklist/whitelist, wherein the update comprises a signature, and push the update to other devices that have not yet seen the threat or clearance.

A reduced-latency method for updating an application includes sourcing first data representing to a first portion of an application update from a local storage location, sourcing second data representing a remaining second portion of the application update from a remote storage location, and overwriting a currently-stored version of the application with the first data and the second data.

Methods and structures are disclosed for self-automating a process of determining a device's location based on its network address. A computing device includes a network interface configured to communicate with a physical port of a network switch and a memory configured to store a plurality of different initialization protocols each associated with a corresponding network address of a plurality of network addresses. Each of the initialization protocols may be associated with a different physical location. The computing device also includes a processor configured to attempt to connect to the network switch via the network interface using a network address from the stored plurality of network addresses. In response to connecting with the network switch using the network address, the processor identifies a corresponding initialization protocol associated with the network address and executes the corresponding initialized procedure.

A node includes one or more line cards interconnected to one another via a switching fabric and configured to implement a data plane; and a first router processor and a second router processor communicatively coupled to the one or more line cards, and each configured to implement a separate control plane, such that the node appears in a link-state database as two separate nodes. Responsive to an in-service software upgrade, the first router processor is upgraded and down while the second router processor is active, thereby preserving routing and forwarding. The one or more line cards include a first Virtual Local Area Networking (VLAN) for the first router processor and a second VLAN for the second router processor, and the first VLAN and the second VLAN are associated with a same physical interface on the one or more line cards.

Approaches for updating a firmware file in a network having multiple transceiver nodes and being capable of receiving and transmitting the firmware file include dividing the firmware file into multiple of chunks, each chunk being able to be included in a single data packet transmitted between two of the transceiver nodes; transmitting each of the chunks from the first one of the transceiver nodes to the second one of the transceiver nodes; transmitting a request message from the first one of the transceiver nodes to the second one of the transceiver nodes, the request message including information associated with the chunks that have been transmitted in step (b); and transmitting a responding message from the second one of the transceiver nodes to the first one of the transceiver nodes, the responding message including information associated with one or more chunks that are included in the request message but not received by the second one of the transceiver nodes.

Approaches for updating a firmware file in a network having multiple transceiver nodes and being capable of receiving and transmitting the firmware file include dividing the firmware file into multiple of chunks, each chunk being able to be included in a single data packet transmitted between two of the transceiver nodes; transmitting each of the chunks from the first one of the transceiver nodes to the second one of the transceiver nodes; transmitting a request message from the first one of the transceiver nodes to the second one of the transceiver nodes, the request message including information associated with the chunks that have been transmitted in step (b); and transmitting a responding message from the second one of the transceiver nodes to the first one of the transceiver nodes, the responding message including information associated with one or more chunks that are included in the request message but not received by the second one of the transceiver nodes.

A routing system can provide containerized router processes. The routing system can execute one or more router processes, e.g., the Border Gateway Protocol, the Access Control List, etc., in containers. Thus, the router processes can be upgraded, fail, etc. without affecting other router processes or the overall function of the router. When a router process is unavailable, requesting services may send messages to the container but may receive no response. To determine the availability of the router process, the requesting service may then request the status of the router process from a state database (statedb). The statedb can be a data store and interface that stores and reports the status of containers within the router. The statedb can reply to the requesting service as to whether the router process is available and/or with other information.

A topology design device for an optical transmission network includes a memory; and a processor to determine a bypass target area as an area to which a bypass route is to be added in the network, the area indicating a region surrounded by nodes and edges, based on an area demand, namely a total value of a demand for communication to be performed via an edge, by referencing a topology management database storing information regarding nodes, edges, and areas in the network, and a demand management database storing demands in the network; and exclude a node from nodes constituting the bypass target area and determining a bypass route from the nodes from which the node has been excluded, based on a node demand, namely a total value of a demand for which each node serves as a start or end point of the demand, by referencing the databases.

Embodiments of the present disclosure are directed to protocol state transition and/or resource state transition tracker configured to monitor, e.g., via filters, for certain protocol state transitions/changes or host hardware resource transitions/changes when a host processor in the control plane that performs such monitoring functions is unavailable or overloaded. The filters, in some embodiments, are pre-computed/computed by the host processor and transmitted to the protocol state transition and/or resource state transition tracker. The protocol state transition and/or resource state transition tracker may be used to implement a fast upgrade operation as well as load sharing and or load balancing operation with control plane associated components.

Methods and structures are disclosed for self-automating a process of determining a device's location based on its network address. A computing device includes a network interface configured to communicate with a physical port of a network switch and a memory configured to store a plurality of different initialization protocols each associated with a corresponding network address of a plurality of network addresses. Each of the initialization protocols may be associated with a different physical location. The computing device also includes a processor configured to attempt to connect to the network switch via the network interface using a network address from the stored plurality of network addresses. In response to connecting with the network switch using the network address, the processor identifies a corresponding initialization protocol associated with the network address and executes the corresponding initialized procedure.