The present disclosure provides a method, apparatus and system for switching a virtual IP, relates to the field of artificial intelligence and particularly to cloud computing and cloud network technologies, and can be applied to intelligent cloud scenarios. A detailed implementation comprises: receiving a free ARP packet sent by a virtual machine to which a high-availability virtual IP is successfully switched; generating a first forwarding table of the high-availability virtual IP according to the free ARP packet; encapsulating the first forwarding table in a first UDP packet by VXLAN; and synchronizing the first UDP packet to another virtual router.

In one embodiment, Ethernet Virtual Private Network (EVPN) is implemented using Internet Protocol Version 6 (IPv6) Segment Routing (SRv6) underlay network and SRv6-enhanced Border Gateway Protocol (BGP) signaling. A particular route associated with a particular Internet Protocol Version 6 (IPv6) Segment Routing (SRv6) Segment Identifier (SID) is advertised in a particular route advertisement message of a routing protocol (e.g., BGP). The SID includes encoding representing a particular Ethernet Virtual Private Network (EVPN) Layer 2 (L2) flooding Segment Routing end function of the particular router and a particular Ethernet Segment Identifier (ESI), with the particular SID including a routable prefix to the particular router. The particular router receives a particular packet including the particular SID; and in response, the particular router performs the particular EVPN end function on the particular packet.

The present disclosure relates to systems, methods, and computer-readable media for facilitating the transparent insertion of network virtual appliances into a cloud computing system. For example, a transparent network virtual appliance system can dynamically, seamlessly, and quickly add one or more network virtual appliances utilizing a chained gateway load balancer. In particular, the transparent network virtual appliance system can provide additional services to an application virtual network within a cloud computing system without disrupting or modifying the existing architecture of the cloud computing system.

In general, techniques are described for steering data traffic for a subscriber session from a network interface of a wireless access gateway to an anchoring one of a plurality of forwarding units of the wireless access gateway using a layer 2 (L2) address of the data traffic. For example, a wireless access gateway for a wireless local area network (WLAN) access network is described as having a decentralized data plane that includes multiple forwarding units for implementing subscriber sessions. Each forwarding unit may present a network interface for sending and receiving network packets and includes packet processing capabilities to enable subscriber data packet processing to perform the functionality of the wireless access gateway. The techniques enable steering data traffic for a given subscriber session to a particular one of the forwarding units of the wireless access gateway using an L2 address of the data traffic.

The subject technology addresses a need for improving utilization of network bandwidth in a multicast network environment. More specifically, the disclosed technology provides solutions for extending multipathing to tenant multicast traffic in an overlay network, which enables greater bandwidth utilization for multicast traffic. In some aspects, nodes in the overlay network can be connected by virtual or logical links, each of which corresponds to a path, perhaps through many physical links, in the underlying network.

The present invention discloses methods and systems for transmitting and receiving packets through a plurality of logical connections based on priority levels. When an encapsulating packets is received from a second network device via a logical network connection, priority level of a packet encapsulated in the encapsulating packet is determined, and the encapsulating packet is stored in a queue or transmitted to a host based on GSEQ, PSEQ, TSEQ, and the priority level. When a packet is received from a host via a LAN connection, the packet is retrieved from a priority queue based on the priority level a first logical network connection is selected for transmitting the packet. The packet is encapsulated in an encapsulating packet, and the payload of the encapsulating packet comprises the packet, GSEQ, TSEQ, PSEQ, and priority level of the packet. The encapsulating packet is then sent through the first logical network connection.

In one embodiment, associated differential processing of decapsulated packets is performed using Service Function Instances (SFIs) identified by Service Function Values (SFVs) derived from their encapsulating transport packets. By using different SFVs associated with different processing policies within a same processing context, one embodiment performs differential processing of streams of packets (arriving in transport packets) as identified by the particular SFV obtained from each particular transport packet. In other words, the processing policy identifies processing performed on the corresponding decapsulated original packet, not processing of the transport packet. Thus, if the original packet is an Internet Protocol (IP) packet, the SFI identifies Layer 3 processing that is performed on the original IP packet. Additionally, one embodiment uses a route advertising protocol (e.g., Border Gateway Protocol) to distribute associations between different SFVs and different addresses in a processing context (e.g., VRF).

There is provided a method of wireless transmission of protocol data units over one or more radio link modules, the method comprising: splitting a service data unit, received from an upper layer, into a plurality of data packets; obtaining combined data packets, by applying a Network Coding to the data packets, wherein padding is added, if necessary, to the service data unit or to data packets to have data packets of equal length to which is applied the Network Coding; encapsulating the combined data packets into at least one protocol data unit, wherein each protocol data unit comprises a header and wherein the header contains a padding indication for indicating whether padding has been added or not, and transmitting the at least one protocol data unit over the one or more radio link modules.

A data sending method and apparatus and a data receiving method and apparatus for resisting network communication monitoring, wherein the data sending method comprises: acquiring a target packet; adding an encapsulation header into the target packet and encrypting application data in the target packet to obtain a to-be-sent packet; constructing a confusing packet, the header of the confusing packet being different from the header of the to-be-sent packet at a preset position; and sending a mixed packet of the to-be-sent packet and the confusing packet. In the present disclosure, a communication source hides a data packet to confuses probes, adds an encapsulation header on the basis of the data packet, hides the data packet in a large number of similar packets in a network, and makes an encryption in combination with a mature encryption technology, thereby effectively resisting malicious network communication monitoring and preventing eavesdropping of network communications.

Example methods and computer systems for packet handling for active-active stateful service insertion are disclosed. One example may involve a computer system detecting a packet addressed from a source address to a service endpoint address. Based on configuration information associated with the service endpoint address, the computer system may identify a first active logical service router (SR) and a second active logical SR that are both associated with the service endpoint address and configured to operate in an active-active mode. The first active logical SR may be selected over the second active logical SR by mapping tuple information to the first active logical SR. The computer system may generate an encapsulated packet by encapsulating the packet with an outer header addressed to an outer destination address associated with the first active logical SR and send the encapsulated packet towards the first active logical SR for processing according to a stateful service.