A method and a system for creating Internet Protocol address based network policies (IPPs) by using domain name based network policies (DNNTPs) is disclosed. The DNNTPs are stored in a second device, and are used for enforcing IPPs at a first device. The first device retrieves one or more DNNTPs from the second device and monitors network traffic for Domain Name System (DNS) look-up reply. When a network device receives a record Domain Name System look-up reply, the network device identifies one or more Internet Protocol addresses of one or more host names specified in the address record Domain Name System look-up reply, then determine whether the one or more host names contain a domain name used in one or more DNNTPs and create one or more IPPs.

A CB device receives a first packet sent from another device through a stacking port. In response to determining, based on source port information carried in the first packet, that the first packet entered the stacking system from a PE device and the first packet is a non-unicast packet, the switch module performs mirroring processing to the first packet to obtain a mirrored packet, and transmits the first packet and the mirrored packet to a packet buffering module of the CB device. In response to determining that a second packet from the packet buffering module entered the stacking system from the PE device and the second packet is the non-unicast packet, the second packet is forbidden from being forwarded through a first-level stacking port of the CB device.

A method in a cloud-based security system includes operating a Domain Name System (DNS) resolution service, proxy, or monitor in the cloud-based security system; receiving DNS records with time-to-live (TTL) parameters; checking the TTL parameters for indication of a fast flux technique; and detecting domains performing the fast flux technique based on the DNS records. A cloud-based security system includes a plurality of nodes communicatively coupled to one or more users; and a Domain Name System (DNS) service providing a resolution service, proxy, or monitor in the cloud-based security system; wherein the DNS service is configured to receive DNS records with time-to-live (TTL) parameters; check the TTL parameters for indication of a fast flux technique; and detect domains performing the fast flux technique based on the DNS records.

A method of transmitting data between network devices over a non-deterministic network with a multiple channel access method, wherein it is not possible to determine, whether a network device can access the non-deterministic network, wherein the non-deterministic network comprises a plurality of network devices. The method includes the steps of: synchronising clocks of individual network devices of the plurality of network devices with each other, dividing time available for transmitting the data into timeslots, designating respective pairs of consecutive timeslots to the individual network devices of the plurality of network devices, wherein an individual network device transfers data only during the respective pairs of timeslots designated to it and evaluating, whether a network device of the plurality of network devices shall retransmit data, which it has already transmitted during a first timeslot of a pair timeslot, within the second timeslot of the pair of timeslots.

Methods and systems for generating a model of a transit autonomous system (AS) network. The method comprises analyzing the routing information base for each border gateway protocol (BGP) node in the AS and storing, for each BGP router, (i) a routing table; and, (ii) a prioritized list of next hops for each prefix based on the appropriate best path algorithm. The model can be used to (a) determine how traffic will be routed through the transit AS in steady state and failure scenarios (e.g. when one or more links or nodes/routers have failed); and/or (b) determine how traffic should be routed through the transit AS (e.g. determine the best routes) in steady state and failure scenarios. The optimal routing of the traffic in a particular steady state or failure scenario (as determined by the model) can be compared to the actual routing of the traffic in the steady state or failure scenario (as determined by the model) to determine what changes to make to the transit AS to achieve the optimum routing.

A method of path computation in a segment routing network, the network comprising a set of nodes. The method comprises receiving a request for computation of a path between end nodes in the network, the request including a constraint. The method further comprises determining a segment identifier-optimised path defined by a stack of one or more segment identifiers, wherein the segment identifier-optimised path meets the constraint. The determining of the segment identifier-optimised path comprises analyzing a topology of the network comprising: at least a sub-set of the nodes, links between adjacent nodes indicative of possible paths between the nodes, and virtual links between pairs of nodes indicative of possible paths between the pairs of nodes. The method further comprises outputting at least one segment identifier which defines the determined path.

The breadth-first search (BFS) starts with a root node. In the first stage, all neighbors of the root node are discovered and added to the nodes frontier. In the following stages, unvisited nodes from the neighbors of the frontier nodes are discovered and added to the frontier. To improve the parallelization of the BFS, the bottom-up search iterates over all unvisited nodes, where each unvisited node searches for its visited neighbors. Communication between nodes and clusters is pipelined with the execution of the BFS.

In one embodiment, a side source device receives an original packet on a transmission control protocol (TCP) connection from an original source device to an original destination device, the original packet having original data and one or more forwarding properties specific to the original packet, and forwards the original packet from the side source device on a path toward the original destination device. The side source device also generates a side packet with side data different from the original data, the side packet having the same one or more forwarding properties specific to the original packet, and forwards the side packet on the path toward the original destination device, the side packet intended for reception and processing of the side data by a side destination device that is on the path toward the original destination device. In another embodiment, the side destination device receives, processes, and drops the side packet.

The disclosed system may include (1) a cache module, stored in memory, that stores a neighbor cache entry that specifies whether a neighbor of a network node is reachable according to a detection mechanism, (2) a timeout module, stored in memory, that specifies a timing interval in which to select a reachable time threshold, (3) a reception module, stored in memory, that receives event information about whether the neighbor is active, (4) a biasing module, stored in memory, that biases, based on the received event information about whether the neighbor is active, a selection of the reachable time threshold within the timing interval, and (5) a determination module, stored in memory, that determines whether the neighbor is reachable based at least in part on a determination of whether the selected reachable time threshold has been satisfied. Various other systems and methods are also disclosed.

In one embodiment, an indication of a plurality of network nodes and load balancing criteria is received. A plurality of forwarding entries are created, wherein a forwarding entry of the plurality of forwarding entries is based upon the load balancing criteria and corresponds to a network node of the plurality of network nodes. A network element applies the plurality of forwarding entries to data packets to load balance the data packets among the plurality of network nodes. A plurality of counts are tracked, wherein each count corresponds to at least one forwarding entry of the plurality of forwarding entries and represents the number of times the corresponding at least one forwarding entry is used to redirect a data packet.