Systems are methods are described which allow for “zero-touch” provisioning (ZTP) to be used to seamlessly bring up devices such as Gateways/Access Points/Switches or any other networking devices connected over different uplink types such as aggregated links (Static LAG, LACP), trunk ports, and the like. Provisioning is adapted specifically for trunk and/or LACP ports in order to maintain the automation and optimization benefits typically provided by ZTP. A method can include transmitting a discover message, and receiving a response message based on the discover message. Then, determining whether a pre-defined extension is included in the response message that indicates a port type and a virtual local area network (VLAN) configuration. Automatic configuration of one or more ports and a VLAN can be performed as indicated by the pre-defined extension. Thus, ZTP can be restarted in accordance with the configuration of the network device.

Some embodiments described herein provide a combination of a layer 3 (L3) hop with layer 2 (L2) bypass/fail-to-wire in a network device. Specifically, some embodiments place the network device between two routers, thereby becoming a L3 hop between the two routers. The existing route between the two routers is preserved by using L2 bypass through the network device. If the network device fails, then the physical fail-to-wire will be engaged, removing its L3 hop, but preserving the L2 bypass.

A network device supporting TRILL protocol includes a memory, a processor, and a communication interface. The memory includes a lookup table stored therein. The processor is coupled to the memory. The communication interface is coupled to the processor. The communication interface includes a trunk port and an access port and is configured to receive a first packet. When the processor determines that an output port corresponding to a destination address of the first packet is the trunk port, and determines that there is a lack of nickname information corresponding to the destination address according to the look up table, a second packet is transmitted through the trunk port of the communication interface. The second packet includes an enable local bit. The second packet and the first packet include the same payload information.

Systems are methods are described which allow for zero-touch provisioning (ZTP) to be used to seamlessly bring up devices such as Gateways/Access Points/Switches or any other networking devices connected over different uplink types such as aggregated links (Static LAG, LACP), trunk ports, and the like. Provisioning is adapted specifically for trunk and/or LACP ports in order to maintain the automation and optimization benefits typically provided by ZTP. A method can include transmitting a discover message, and receiving a response message based on the discover message. Then, determining whether a pre-defined extension is included in the response message that indicates a port type and a virtual local area network (VLAN) configuration. Automatic configuration of one or more ports and a VLAN can be performed as indicated by the pre-defined extension. Thus, ZTP can be restarted in accordance with the configuration of the network device.

A network device supporting TRILL protocol includes a memory, a processor, and a communication interface. The memory includes a lookup table stored therein. The processor is coupled to the memory. The communication interface is coupled to the processor. The communication interface includes a trunk port and an access port and is configured to receive a first packet. When the processor determines that an output port corresponding to a destination address of the first packet is the trunk port, and determines that there is a lack of nickname information corresponding to the destination address according to the look up table, a second packet is transmitted through the trunk port of the communication interface. The second packet includes an enable local bit. The second packet and the first packet include the same payload information.

Various embodiments establish a virtual private network (VPN) between a remote network and a private network. In one embodiment, a first system in the remote network establishes a connection with a central system through a public network. The central system is situated between the first system and a second system in the private network. The first system receives, from the central system and based on establishing the connection, a set of VPN information associated with at least the second system. The first system disconnects from the central system and establishes a VPN directly with the second system through the public network based on the set of VPN information.

Identifying a component within an application executed in a network includes obtaining a traffic matrix, the traffic matrix defining a rate for which packets of data are exchanged between VMs corresponding to an application, analyzing the traffic matrix to identify VMs within a component, modifying the traffic matrix to create a modified traffic matrix, and defining, for the application, a tenant application graph (TAG) model based on the modified traffic matrix.

In one embodiment, a method includes detecting a change in network topology and broadcasting a transient unconditional unpruning message to multiple nodes in the network. The message is configured to instruct each of the nodes receiving the message to start a phase timer in response to the broadcast message; unprune its operational ports; and, upon expiration of the phase timer, prune its ports in accordance with the results of a pruning protocol.

Various embodiments establish a virtual private network (VPN) between a remote network and a private network. In one embodiment, a first system in the remote network establishes a connection with a central system through a public network. The central system is situated between the first system and a second system in the private network. The first system receives, from the central system and based on establishing the connection, a set of VPN information associated with at least the second system. The first system disconnects from the central system and establishes a VPN directly with the second system through the public network based on the set of VPN information.

Various embodiments establish a virtual private network (VPN) between a remote network and a private network. In one embodiment, a first system in the remote network establishes a connection with a central system through a public network. The central system is situated between the first system and a second system in the private network. The first system receives, from the central system and based on establishing the connection, a set of VPN information associated with at least the second system. The first system disconnects from the central system and establishes a VPN directly with the second system through the public network based on the set of VPN information.