Disclosed are a method, device, and computer storage medium for implementing IP address advertisement. An advertisement for controlling LSA11 and an advertisement control switch for flooding are added into a router. The router performs, according to a state indicated by the advertisement control switch, IP address advertisement or flooding for LSA11 encapsulated with an IP address.

In one embodiment, a method comprises: identifying, by a low power and lossy network (LLN) device in a low power and lossy network, a minimum distance value and a distance limit value for limiting multicast propagation, initiated at the LLN device, of a multicast data message in the LLN; and multicast transmitting, by the LLN device, the multicast data message with a current distance field specifying the minimum distance value and a distance limit field specifying the distance limit value, the multicast transmitting causing a receiving LLN device having a corresponding rank in the LLN to respond to the multicast data message by: (1) determining an updated distance based on adding to the current distance field a rank difference between the receiving LLN device and the LLN device, and (2) selectively retransmitting the multicast data message if the updated distance is less than the distance limit value.

Systems and methods of configuring, managing and ensuring security compliance of Virtual Network Slices that transit through physical networks, virtual networks (SDN), cloud networks, radio access networks, service provider networks, and enterprise networks are identified. The methods include user side security validation methods while attempting to use a network slice for a specific service, and security validation of physical or virtual networks and the associated transit network elements. The methods disclose enriching the Security Certificates with policy parameters and the associated procedures that transit elements are required to assure for security compliance. Additionally, methods for incorporating a mobile native security platform in Wireless Mobile Network (4G/5G) that supports generating X.509 Certificates enhanced with policy requirements, validating allowed/disallowed list of transit network vendor devices, virtual network appliances are identified.

Methods and techniques for flooding packets on a per-virtual-network basis are described. Some embodiments provide a method (e.g., a switch) which determines an internal virtual network identifier based on one or more fields in a packet's header. Next, the method performs a forwarding lookup operation based on the internal virtual network identifier. If the forwarding lookup operation succeeds, the method can process and forward the packet accordingly. However, if the forwarding lookup operation fails, the method can determine a set of egress ports based on the internal virtual network identifier. Next, for each egress port in the set of egress ports, the method can flood the packet if a virtual network identifier in the packet's header is associated with the egress port. Flooding packets on a per-virtual-network basis can substantially reduce the amount of resources required to flood the packet when a forwarding lookup operation fails.

Disclosed is a mechanism for implementing link state flooding reduction (LSFR) in an Interior Gateway Protocol (IGP) network. The mechanism includes receiving data indicating connectivity of a plurality of nodes in the network. A flooding topology is built based on the connectivity. This includes selecting one of the nodes as a root node, and building a tree of links connecting the root node to the nodes in the network. The flooding topology is stored in a memory. The flooding topology may not be to the remaining nodes in the network. Link state messages may then be flooded over the flooding topology.

Systems, methods, and computer-readable media are provided for enforcing policy for upstream (e.g., traffic from an endpoint to the physical network layer or hardware fabric of a data center) flood traffic (e.g., broadcast, unknown unicast, or multicast traffic) originating from a virtual endpoint via a network fabric. In one embodiment, upstream flood traffic can be transmitted using a special multicast group to which only elements of the data center fabric (e.g., physical switches, routers) are subscribed. That is, upstream flood traffic is assigned to the special multicast group, resulting in unintended endpoints not receiving the flood traffic. However, the hardware fabric receives the flood traffic and will then enforce applicable policies to route the packets to intended endpoints.

Systems, methods, and computer-readable storage media for executing a copy service. A copy service engine can monitoring network data flow in a network, detect packet data containing a contract defining copy parameters for the execution of a copy service, and determine, based on the contract, when the particular data flow hits a particular network node specified in the contract parameters. When the data flow hits the specified node, the copy service engine can execute the copy service which copies the particular data flow, determines one or more endpoints for sending the copied data flow, and deploys the copies to the one or more endpoints.

In one embodiment, a method includes obtaining, at a first provider edge (PE) included a plurality of PEs multi-homed to a first customer edge (CE), traffic intended for the first CE, wherein the traffic includes a first indication, the first indication being configured to identify the traffic as flood traffic. A forwarding PE included in the plurality of PEs suitable to use to forward the traffic to the first CE is identified based on identifying traffic as the flood traffic. The method also includes determining whether the first PE is the forwarding PE, and providing the traffic to the first CE using the first PE when it is determined that the first PE is the forwarding PE. When it is determined that the first PE is not the forwarding PE, the traffic is filtered using the first PE.

Disclosed is a method for processing downlink signalling of an SDN virtualization platform based on OpenFlow. The method comprises: after the preprocessing of downlink signalling is executed, further executing same, so as to judge whether more Match items also exist in a Match item list; if it is judged that more Match items also exist, acquiring an item from the Match item list; if it is judged that there are no more Match items, ending the processing; after completing the step of acquiring an item from the Match item list if it is judged that more Match items also exist, further judging whether more Action items also exist; if there are no more Action items, combining a new Action item list with the Match items to generate downlink signalling, and issuing same to a virtual network switch; and returning to the step to continue judging whether more Match items also exist; and if more Action items also exist, acquiring the next Action item.

A node operable in a mesh communication network and a method performed thereby for routing a received packet towards a destination are provided. The method includes receiving a packet addressed to a destination node in the mesh network, the packet including information related to address of source node, last hop address, address of destination node, and a hop counter. The method further includes determining whether the destination address is included in a routing table of the node in the mesh communication network. When the destination address is included in a routing table, the received packet is forwarded according to the routing table; or when the destination address is not included in a routing table, the received packet is flooded by broadcasting it in the mesh communication network.