Mechanisms are provided for performing traffic load balancing on ingress traffic directed to a Link Aggregation Group (LAG). The mechanisms monitor a ingress traffic load across a plurality of links of the Link Aggregation Group (LAG). The mechanisms determine if the ingress traffic load across the plurality of links is unbalanced. Moreover, the mechanisms, in response to determining that the ingress traffic load across the plurality of links is unbalanced, send a message to a switch associated with the LAG requesting the switch to modify routing of ingress traffic to the LAG to perform ingress traffic load balancing.

Techniques are described for providing fast convergence in the event of a link failure in an all-active multi-homed Ethernet virtual private network. A provide edge (PE) network device may pre-configure an interface next hop and secondary next hops. The secondary next hops may be logical links to other PE network devices in the same Ethernet segment. In the event of a link failure in the interface next hop between the PE network device and a customer edge (CE) network device, the PE network device may be configured to forward data traffic to the CE network device using the secondary next hops. In the event of a link failure between the PE network device and a core network, the PE network device may be configured to send an out-of-service message to the CE network device that instructs the CE network device to stop sending traffic to the PE network device.

An electronic device may include a processor and a network interface that may include a first radio and a second radio. The processor may be configured to perform wireless communication jamming attack detection by occasionally performing clear channel verification utilizing the network interface to determine whether a threshold number of devices' channels are incapacitated in a wireless network within a threshold amount of time and/or by sending a heartbeat signal from the first radio and determining whether the second radio received the heartbeat signal.

An example method for facilitating conflict avoidant traffic routing in a network environment is provided and includes detecting, at a network element, an intent conflict at a peer network element in a network, and changing a forwarding decision at the network element to steer traffic around the conflicted peer network element. The intent conflict refers to an incompatibility between an asserted intent associated with the traffic and an implemented intent associated with the traffic. In specific embodiments, the detecting includes mounting rules from the peer network element into the network element, and analyzing the mounted rules to determine intent conflict. In some embodiments, a central controller in the network deploys one or more intentlets on a plurality of network elements in the network according to corresponding intent deployment parameters.

Exemplary methods performed by a first network device (ND) include generating first and second prefix entries associating incoming Internet Protocol (IP) traffic to first and second data structures (DSs), respectively. Generating the first DS includes generating a first proxy including forwarding information causing incoming IP traffic to be forwarded to a second ND, and generating a second proxy referencing a third DS. Generating the second DS includes generating a first proxy including forwarding information causing incoming IP traffic to be forwarded to the second ND, and generating a second proxy referencing the third DS. The methods include generating the third DS including forwarding information causing the incoming IP traffic to be forwarded to a third ND, the third DS further including first state information indicating whether the forwarding information included in the first proxies of the first and second DSs should be used for forwarding the incoming IP traffic.

A method for configuring a network device. The method includes writing a route for a destination IP prefix to the forwarding information base (FIB), and after writing the route, obtaining a set of routes and writing the set of routes to a routing information base (RIB). The method further includes, after writing the set of routes to the RIB and after the expiration of a timer: identifying, in the RIB, a set of ECMP routes from the plurality of routes for the destination IP prefix, processing the set of ECMP routes for the destination IP prefix, and updating the FIB of the network device based on set of processed ECMP routes.

An example technique may include controlling receiving a data unit and an associated first sequence number over a first protocol, assigning a second sequence number to the data unit, wherein the second sequence number is based upon the first sequence number, and controlling transmitting, over a second protocol, the data unit and the second sequence number.

Examples disclosed herein relate to restoring a flow path in response to a link failure in a software defined network (SDN). In an example, a backup flow path for a flow may be configured in a network device, on a primary flow path of the flow. In response to determination of a link failure in the primary flow path, the network device configured with the backup flow path may be identified. In an example, the network device may be identified by sending, from a detecting network device that detects the link failure on the primary flow path, a message packet successively to each network device preceding the detecting network device on the primary flow path until the network device configured with the backup flow path is identified. The backup flow path may be used to route packets of the flow.

Provided are methods, network devices, and computer-program products for detecting infiltration of an endpoint, and rerouting network traffic to and from the endpoint when infiltration is detected. In various implementations, a network device on a network can be configured to monitor access to the network device. The network device can further be configured to determine that a condition has occurred. The condition can indicate a suspect access to the network device has occurred. The network device can further be configured to determine a new access protocol for the network device. The network device can further be configured to use the new access protocol to cause communication between the network device and the network to be redirected to a high-interaction network. Redirecting the communication can disable communication between the network device and the network and enables communication between the network device and the high-interaction network.

The present invention relates to a redundancy system of routing paths and method thereof. By establishing corresponding routing paths from different ports of routers in a ring network to a terminal in advance and transmitting the identical packet to the terminal by the different ports in the different routing paths simultaneously, the time of reestablishing the routing paths may be saved when one of the routing paths is broken, so as to improve the routing efficiency.