Example methods and systems are provided a network device to perform tunnel-based service insertion in a public cloud environment. An example method may comprise establishing a tunnel between the network device and a service path. The method may also comprise: in response to receiving a first encapsulated packet, identifying the service path specified by a service insertion rule; generating and sending a second encapsulated packet over the tunnel to cause the service path to process an inner packet according to one or more services. The method may further comprise: in response to receiving, from the service path via the tunnel, a third encapsulated packet that includes the inner packet processed by the service path, sending the inner packet processed by the service path, or a fourth encapsulated packet, towards a destination address of the inner packet.

A reduced-complexity optical packet switch which can provide a deterministic guaranteed rate of service to individual traffic flows is described. The switch contains N input ports, M output ports and N*M Virtual Output Queues (VOQs). Packets are associated with a flow f, which arrive an input port and depart on an output port, according to a predetermined routing for the flow. These packets are buffered in a VOQ. The switch can be configured to store several deterministic periodic schedules, which can be managed by an SDN control-plane. A scheduling frame is defined as a set of F consecutive time-slots, where data can be transmitted over connections between input ports and output ports in each time-slot. Each input port can be assigned a first deterministic periodic transmission schedule, which determines which VOQ is selected to transmit, for every time-slot in the scheduling frame. Each input port can be assigned a second deterministic periodic schedule, which determines which traffic flow within a VOQ is selected to transmit. Each input port can be assigned a third deterministic periodic schedule, which specifies to which VOQ an arriving packet (if any) is destined, for each time-slot in a scheduling frame. Each input port can be assigned a fourth deterministic periodic schedule, which specifies to which Flow-VOQ within a VOQ an arriving packet (if any) is destined. In this manner, each traffic flow can receive a deterministic guaranteed-rate of transmission through the switch.

An information handling system includes multiple data ports, a memory, and a processor. Each of the data ports enables a separate communication link of a plurality of communication links for the information handling system. The memory stores data to indicate whether the information handling system supports bridge assurance on each of the communication links. In response to the bridge assurance being supported in the information handling system, the processor provides a message across a first link of the communication links. The message indicates that bridge assurance is supported in the information handling system. The processor also determines whether an acknowledgement message has been received. In response to the acknowledgement message being received, the processor enables the bridge assurance on the first link.

A system for multicast packet management in a first switch in an overlay tunnel fabric is provided. The system can operate the first switch as part of a virtual switch in conjunction with a second switch of the fabric. The virtual switch can operate as a gateway for the fabric. During operation, the system can receive a join request for a multicast group. The system can then determine whether to forward the join request to the second switch based on a type of a first ingress connection of the join request. Upon receiving a data packet for the multicast group, the system can determine how to forward the data packet based on respective types of a second ingress connection and an egress connection of the data packet. The type of a respective connection can indicate whether the connection includes an overlay tunnel.

The subject technology relates to the management of a shared buffer memory in a network switch. Systems, methods, and machine readable media are provided for receiving a data packet at a first network queue from among a plurality of network queues, determining if a fill level of a queue in a shared buffer of the network switch exceeds a dynamic queue threshold, and in an event that the fill level of the shared buffer exceeds the dynamic queue threshold, determining if a fill level of the first network queue is less than a static queue minimum threshold.

A method can include receiving network packets including forwarding plane packets; evaluating header information of the network packets to map network packets to any of a plurality of destinations on the module, each destination corresponding to any of a plurality of services executed by offload processors of the module; configuring operations of the offload processors; and in response to forwarding plane packets, executing operations on the forwarding plane packets; wherein the receiving, evaluation and processing of the forwarding plane packets are performed independent of the host processor. Corresponding systems and methods are also disclosed.

A network appliance can have an input port that can receive network packets at line rate, two or more ingress queues, a line rate classification circuit that can place the network packets on the ingress queues at the line rate, a packet buffer that can store the network packets, and a sub line rate packet processing circuit that can process the network packets that are stored in the packet buffer. The line rate classification circuit can place a network packet on one of the ingress queues based on the network packet's packet contents. A buffer scheduler can select network packets for processing by a sub line rate packet processing circuit based on the priority levels of the ingress to queues.

Systems, methods, and computer-readable media for requesting a cellular IP address by initiating a call with a modem, establishing data packet network connectivity with the cellular IP address, assigning the cellular IP address to a virtual L2-bridge interface, wherein the virtual L2-bridge interface includes a MAC address, mapping a MAC address of a virtual machine with the MAC address of the virtual L2-bridge interface, detecting a change in the cellular IP address, and updating the virtual L2-bridge interface with a different cellular IP address while maintaining the data packet network connectivity.

A router includes a memory configured to store a plurality of label spaces for each label space type used in a communication system. The plurality of label spaces store labels that identify virtual links between nodes of the communication system. The router also includes a processor configured to allocate a plurality of label space identifiers to the plurality of label spaces and to route packets based on labels and label space identifiers included in the packets. The router further includes a transceiver configured to transmit or receive the packets including the labels and the label space identifiers.

A novel design of a gateway that handles traffic in and out of a network by using a datapath pipeline is provided. The datapath pipeline includes multiple stages for performing various data-plane packet-processing operations at the edge of the network. The processing stages include centralized routing stages and distributed routing stages. The processing stages can include service-providing stages such as NAT and firewall. The gateway caches the result previous packet operations and reapplies the result to subsequent packets that meet certain criteria. For packets that do not have applicable or valid result from previous packet processing operations, the gateway datapath daemon executes the pipelined packet processing stages and records a set of data from each stage of the pipeline and synthesizes those data into a cache entry for subsequent packets.