A security system that provides for secure communication from a remote system operating on an unsecure network without the need for encrypting the packets related to the communication. The packets for the communications are sent over the network in clear text, which are readable by any systems on the network, however, only the systems that are authorized are able to determine what packets are the correct packets and what packets are the imitation packets. Moreover, a remote secure network may be utilized such that any system operating on an unsecure network may send packets through the remote secure network in a randomized routing in order to aid in hiding the systems sending and receiving the packets and the relays through which the packets are being sent.

The disclosure describes examples where a first data center includes a first gateway router, a first set of computing devices, and a second set of computing devices. The first set of computing devices is configured to execute a software defined networking (SDN) controller cluster to facilitate operation of one or more virtual networks within the first data center. The second set of computing devices is configured to execute one or more control nodes to exchange route information, between the first gateway router and a second gateway router of a second data center different than the first data center, for a virtual network between computing devices within the second data center, and to communicate control information for the second data center to the second set of computing devices, wherein the one or more control nodes form a subcluster of the SDN controller cluster.

A system and method for provisionally authenticating a host moving from one router to another router in a network using border gateway protocol (BGP) is disclosed. A host is initially authenticated at a first BGP router, this discovery is advertised to a second BGP router pursuant to BGP with a new extended community indicating successful authentication (or pre-authentication) of the host at the first BGP router. An indication for re-authentication of the host at the second BGP router is then received, which blocks network traffic from the host to the second BGP router. Due to the notification of a previous authentication of the host, the second BGP router begins a provisional authentication session. In response to a successful completion of the provisional authentication session, the host is authorized to transmit network traffic on the second BGP router and subsequently blocked from doing the same at the first BGP router.

A system and method for provisionally authenticating a host moving from one router to another router in a network using border gateway protocol (BGP) is disclosed. A host is initially authenticated at a first BGP router, this discovery is advertised to a second BGP router pursuant to BGP with a new extended community indicating successful authentication (or pre-authentication) of the host at the first BGP router. An indication for re-authentication of the host at the second BGP router is then received, which blocks network traffic from the host to the second BGP router. Due to the notification of a previous authentication of the host, the second BGP router begins a provisional authentication session. In response to a successful completion of the provisional authentication session, the host is authorized to transmit network traffic on the second BGP router and subsequently blocked from doing the same at the first BGP router.

A method for managing traffic in a computerized system that may include routers and at least one edge device, the method may include performing traffic management operations for controlling traffic related to the routers while executing a first traffic management operations by the at least one edge device, and executing second traffic management operations by the routers.

A method for managing traffic in a computerized system that may include routers and at least one edge device, the method may include performing traffic management operations for controlling traffic related to the routers while executing a first traffic management operations by the at least one edge device, and executing second traffic management operations by the routers.

A service provider network implements seamless scaling via proxy replay of session state. Upon a trigger, such as a determination to scale a server, a scaled server may be spun up and an identifier of the scaled server provided to a first (existing) server. The first server sends the identification of the second server, and session state information for each of the connections between the first server and the request router, to the request router. For each of the connections, the request router establishes a new connection between the request router and the second (scaled) server, and replays the session state information for the connection to the second server. The request router then routes traffic between each existing client connection (e.g., the same existing client connection which carried traffic delivered to the first server) and the corresponding new connection to the second server.

A service provider network implements seamless scaling via proxy replay of session state. Upon a trigger, such as a determination to scale a server, a scaled server may be spun up and an identifier of the scaled server provided to a first (existing) server. The first server sends the identification of the second server, and session state information for each of the connections between the first server and the request router, to the request router. For each of the connections, the request router establishes a new connection between the request router and the second (scaled) server, and replays the session state information for the connection to the second server. The request router then routes traffic between each existing client connection (e.g., the same existing client connection which carried traffic delivered to the first server) and the corresponding new connection to the second server.

Systems and methods for creating loopback packets for transmission through a section of a network for the purpose of testing the operability of links and nodes in this section of the network are provided. A method, according to one implementation, includes a step of obtaining information, by a Network Element (NE), about the topology of the network related to at least the nodes in direct communication with a peer node. The method also includes a step of generating one or more loopback packets, where each loopback packet includes at least a header having a path list including one or more nodes of the plurality of nodes in the network. Each path list defines an order of nodes through which the respective loopback packet is to be transmitted.

Systems and methods for creating loopback packets for transmission through a section of a network for the purpose of testing the operability of links and nodes in this section of the network are provided. A method, according to one implementation, includes a step of obtaining information, by a Network Element (NE), about the topology of the network related to at least the nodes in direct communication with a peer node. The method also includes a step of generating one or more loopback packets, where each loopback packet includes at least a header having a path list including one or more nodes of the plurality of nodes in the network. Each path list defines an order of nodes through which the respective loopback packet is to be transmitted.