A Proxy Forwarding node configured to advertise Segment Routing (SR) proxy forwarding capability of the Proxy Forwarding node for neighboring nodes of the Proxy Forwarding node using extensions to interior gateway protocol (IGP) for Proxy Forwarding for enabling an ingress node to the SR Traffic Engineering (SR-TE) path to continue to forward the traffic without modifying a segment list of the SR-TE path that includes a node segment identifier (SID) of a failed neighboring node of the Proxy Forwarding node. When the Proxy Forwarding node receives traffic targeting the failed neighboring node, the Proxy Forwarding node performs SR proxy forwarding for the failed neighboring node by forwarding the traffic towards a destination of the traffic in a direction that avoids the failed neighboring node for a period of time after the IGP has converged.

A configuration method includes: receiving, by a first device of a network, a first control message having configuration elements for activating a dynamic routing protocol in the network; configuring by the first device setup parameters for establishing sessions according to the protocol used by the first device on the basis of configuration elements included in the first message; if the configuration elements in the message include a management instruction for handling sessions according to the protocol in the network, executing by the first device the at least one management instruction; and if the configuration elements in the message include a setting for directing propagation of the configuration elements in the network, dispatching by the first device in accordance with the propagation setting at least one second control message to at least one second device of the network, which includes all or some of the configuration elements.

A method, an apparatus, and a system for collecting an access control list (ACL), where a second network device receives a first link-state advertisement (LSA) packet flooded by a first network device, where the first LSA packet includes a first network device identifier and first ACL information, and the first network device and the second network device belong to a same Interior Gateway Protocol (IGP) area, and sends an extended first Border Gateway Protocol-Link State (BGP-LS) packet to a controller, where the extended first BGP-LS packet includes the first network device identifier and the first ACL information such that the controller can collect ACL information of the first network device and manage the ACL information of the first network device.

Techniques are described for providing end-to-end segment routing paths across metropolitan area networks. For example, a method comprises receiving, by an area border router (ABR) connected to one or more metropolitan area networks and a core network, a packet including a segment routing label stack including at least a label of the ABR, a context label associated with a routing instance of the ABR, and a subsequent label identifying a device in the segment routing path, determining, from a lookup of the context label in the metro routing table, a table next hop to the core routing table (or metro routing table); in response to determining the table next hop, determining, from a lookup of the subsequent label in the core routing table (or metro routing table), a next hop in the segment routing path; and sending, by the ABR, the packet toward the device in the segment routing path.

Presented herein are systems, and methods thereof, that is configured to enter a maintenance mode to isolate itself from its neighbor and to gracefully cause neighbor devices to isolate themselves from the system, as to cause minimal or “zero” service disruption with its neighbors. The system broadcasts a maintenance-related message, via a standard transport layer, over routing protocols, to counter parts protocols at the neighbor device and waits for an acknowledgement message from the neighbor network devices. The broadcast and acknowledgement, through standard transport layer messaging, ensures that traffic generated by such protocols at the neighbor devices, regardless of manufacturer, are redirected before the system fully enters into the maintenance mode.

A method implemented by a network element (NE) in a network, comprising receiving, by the NE, preferred path route (PPR) information describing a PPR graph, the PPR graph representing a plurality of PPRs between an ingress NE and an egress NE in the network, and updating, by the NE, a forwarding database to include a forwarding entry for the egress NE in response to identifying the NE in the plurality of PPR-PDEs, the forwarding entry indicating a next hop by which to forward a data packet comprising the PPR-ID.

A forwarding entry generation method includes sending, by a controller, a plurality of resource allocation request messages to a plurality of network devices in a network slice, to trigger the plurality of network devices to allocate resources, where the resource allocation request message includes an identifier of the network slice and a resource that needs to be allocated by a corresponding network device to the network slice; receiving, by the controller, a plurality of resource allocation response messages including the identifier of the network slice and a segment identifier of a corresponding network device, and a resource allocated by each device belongs to the network slice; and generating, by the controller, a forwarding table corresponding to the network slice, where the forwarding table includes a forwarding entry for arriving at a network device in the network slice.

Systems and methods for establishing routing information between software containers or other virtualized environments within a network, and providing inter-container routing between the software services operating on the network, are disclosed herein. The system utilizes an existing routing protocol such as Open Shortest Path First (OSPF) and establishes an overlay network that provides end-to-end connectivity between services of a customer operating in an Infrastructure as a Service (IaaS) network, while maintaining isolation from the traffic of other customers of the IaaS network. The system uses OSPF to learn aspects of the routes between containers in the network, and further builds a customer-specific overlay network based on IP-to-IP encapsulation of the OSPF messages.

Systems and methods for establishing a secure connection are described. A server receives a plurality of routing tokens for establishing a service connection between a service node and the server along a network path through a plurality of network devices. The routing tokens can be validated by a corresponding network device. The server transmits a packet including the routing tokens to a first network device. The first network device validates a first routing token associated therewith, then directs the packet along the network path to a second network device, and so forth, until each of the network device receives and validates their routing token. The server establishes a cryptographic context between the service node and server for establishing a secure channel between the service node and the server. The server transmits a service node routing token to the service node via the secure channel for validation.

A first Bit Index Explicit Replication Traffic Engineering (BIER-TE) node of a network includes a first interface to a second BIER-TE node in the network. The first node includes a configuration topology and an operational topology. The configuration topology represents the configuration of the network and the operational topology represents usable and consistent links in the network topology. The first node receives first network topology information and updates the configuration topology with the first network topology information. The first node also verifies the first network topology information and updates the operational topology with the first network topology information responsive to the verification. The first node receives a packet including a routing bitstring having a set bit at a first bit index corresponding to the first interface and routes the packet to the second node responsive to the routing bitstring and the operational topology.