A method implemented by a first node in a segment routing (SR) network domain includes receiving, from a second node of another network domain, a packet configured to pass through the SR network domain in accordance with segment identifiers (SIDs). The method also includes obtaining compressed SIDs corresponding to some of the SIDs. The method includes generating a segment routing header (SRH) having a list of segments. The method further includes adding the SRH to the packet and forwarding the packet with the SRH to a third node in the SR network domain.

A packet forwarding method is disclosed. The method includes: After an edge node in a trusted domain receives an SRv6 packet whose destination address is a BSID, the edge node may verify the packet based on a BSID in the packet and a destination field in an SRH of the packet. If the packet passes the verification, the edge node forwards the packet. If the packet fails the verification, the edge node discards the packet. Not only a node outside the trusted domain is required to access the trusted domain by using the BSID, but also the packet entering the trusted domain needs to be verified with reference to the target field in the segment routing header.

This application provides a packet processing method, a device, a system, and a storage medium. A first network device receives an original packet, generates an IPv6 packet based on the original packet and endpoint group (EPG) information, where the IPv6 packet comprises an IPv6 extension header and the original packet, and the IPv6 extension header comprises the EPG information, and sends the IPv6 packet. A second network device receives the IPv6 packet; obtains the EPG information from the IPv6 extension header, and processes the IPv6 packet according to a group based policy corresponding to the EPG information.

Embodiments of this application describe an in-situ flow detection-based packet processing method. After receiving a first packet encapsulated by using a first bearer protocol, a first node may obtain, based on the first packet, a second packet encapsulated by using a second bearer protocol. A first packet header of the first packet includes first in-situ flow detection information, and a packet header of the second packet also includes the first in-situ flow detection information. It can be learned that, when re-encapsulating the first packet by using the second bearer protocol, the first node does not remove the first in-situ flow detection information, but adds the first in-situ flow detection information to the packet encapsulated by using the second bearer protocol. Therefore, even if the first bearer protocol and the second bearer protocol are deployed in a detection domain, the first in-situ flow detection information is not removed due to re-encapsulation of the packet, and may be transmitted across the entire detection domain.

A packet transmission method includes that a host obtains a packet, and when a transmission path of the packet is to be pass through a wide area network, the host determines whether to perform optimization on the packet for transmission in the wide area network and performs optimization on the packet for transmission in the wide area network.

A method may include receiving, at a target, from a server, a command, information to identify data, and access information to perform a data transfer using a memory access protocol, and performing, based on the command, based on the access information, the data transfer between the target and a client using the memory access protocol. The information to identify the data may include an object key, and the object key and the access information may be encoded, at least partially, in an encoded object key. The method may further include sending, based on the data transfer, from the target to the server, a completion. The method may further include sending, based on the completion, from the server to the client, an indication of success. The method may further include reconstructing the data based on the parity data.

Examples described herein relate to a network interface device comprising: circuitry, when operational, to: in response to congestion related to a link, cause transmission of link event information to at least one sender of packets to the link, wherein the link event information is to identify congestion information of at least one link other than the link.

Rapid channel failure detection and recovery in wireless communication networks is needed in order to meet, among other things, carrier class Ethernet channel standards. Thus, resilient wireless packet communications is provided using a physical layer link aggregation protocol with a hardware-assisted rapid channel failure detection algorithm and load balancing, preferably in combination. This functionality may be implemented in a Gigabit Ethernet data access card with an engine configured accordingly. In networks with various topologies, these features may be provided in combination with their existing protocols.

Systems, methods, and computer-readable storage media are provided to populate databases with routing data for containers to eliminate the need for continuously accessing a global discovery service. An example method includes initiating, from a source container operating on a first machine in a first rack, a communication with a destination container operating on a second machine on a second rack, wherein a local database on the first machine does not know an address of the destination container. The method includes accessing a global discovery service to provide the address of the destination container, populating the local database on the first machine with the address of the destination container and routing a packet from the source container to the destination container according to the address of the destination container.

A system and method for provisionally authenticating a host moving from one router to another router in a network using border gateway protocol (BGP) is disclosed. A host is initially authenticated at a first BGP router, this discovery is advertised to a second BGP router pursuant to BGP with a new extended community indicating successful authentication (or pre-authentication) of the host at the first BGP router. An indication for re-authentication of the host at the second BGP router is then received, which blocks network traffic from the host to the second BGP router. Due to the notification of a previous authentication of the host, the second BGP router begins a provisional authentication session. In response to a successful completion of the provisional authentication session, the host is authorized to transmit network traffic on the second BGP router and subsequently blocked from doing the same at the first BGP router.