A discovery and routing service may generate a URL related to an application to be deployed to a cloud computing platforms, the URL providing access to an edge list containing one or more edge nodes. The discovery and routing service may connect at least one agent to the URL. The discovery and routing service may send authentication information to the agent, including an identifier related to the agent, and a set of agent labels. The discovery and routing service may insert, after authentication by the edge node, the authentication information into a routing mesh. The discovery and routing service may locate the agent, in response to a request, based on a comparison between the set of request labels and a set of agent labels. The discovery and routing service may connect the located agent with traffic to and from the routing mesh.

A method of controlling a packet stream generated by an application installed in a mobile terminal, the stream being intended to be sent by the terminal over a communications network managed by an operator. The method includes the following acts implemented in the terminal, for at least one packet generated by the application: obtaining a first packet having a first header and payload data; transmitting a request message to a security module installed in the terminal, the message including a parameter of the first header; receiving a response from the security module, which includes an instruction relating to transmission of a second packet, the response being based on the parameter and established according to a processing rule; preparing the second packet by modifying the first header into a second header, based on the instruction, the second packet including the second header and the payload data; and transmitting the second packet.

Managing storage systems that are synchronously replicating a dataset, including: detecting a change in membership to the set of storage systems synchronously replicating the dataset; and applying one or more membership protocols to determine a new set of storage systems to synchronously replicate the dataset, wherein the one or more membership protocols include a quorum protocol, an external management protocol, or a racing protocol, and wherein one or more I/O operations directed to the dataset are applied to a new set of storage systems.

A packet processing method includes receiving, by a forwarding plane device, a first packet transmitted by a user, where an identity of the user is comprised in the first packet, and a forwarding table is comprised in the forwarding plane device, determining, by the forwarding plane device, an identity of a service according to a corresponding relationship between the identity of the user and the identity of the service as well as the identity of the user in the first packet, generating, by the forwarding plane device, a second packet by encapsulating the first packet with the identity of the service, and transmitting the second packet to a network device to enable the network device to manage the service according to the identity of the service in the second packet.

A packet transmission method, including receiving, by a session management function network element, first access network tunnel information and second access network tunnel information that correspond to a first service, and sending a downlink forwarding rule to a user plane function network element, where the downlink forwarding rule includes the first access network tunnel information and the second access network tunnel information, and the downlink forwarding rule indicates the user plane function network element to replicate a received downlink packet of the first service, and send downlink packets of the first service through two paths respectively corresponding to the first access network tunnel information and the second access network tunnel information.

A method performed by a network controller for a mobile transport network. The method includes: obtaining traffic information for a plurality of demands for connectivity from client nodes through the mobile transport network, the traffic information for each demand identifying a client node for the demand, an egress node for the demand and an amount of traffic for the demand; calculating, for each demand, one or more paths from the client node, via an ingress node, to the egress node through the mobile transport network; mapping each path for a demand to a source port in the ingress node for the demand; providing the mapping to the ingress nodes to enable routing of traffic pertaining to the demands via the paths, based on the source port; and providing the source ports to the client nodes for inclusion in traffic pertaining to the demands.

A network system includes a communication apparatus, and a control apparatus configured to control the communication apparatus. The communication apparatus includes a memory configured to store program instructions, and a processor configured to execute the instructions to receive an address of a destination virtual machine from the control apparatus, receive a packet from a source virtual machine, identify, based on the address of the destination virtual machine corresponding to the received packet, an identifier of an edge node connected to the destination virtual machine, and add the identifier of the edge node to the received packet.

Embodiments of the present invention provide a packet processing method, a forwarding plane device and a network device, the method includes: receiving, by a forwarding plane device, a first packet transmitted by a user, where an identity of the user is comprised in the first packet, and a forwarding table is comprised in the forwarding plane device; determining, by the forwarding plane device, an identity of a service according to a corresponding relationship between the identity of the user and the identity of the service as well as the identity of the user in the first packet; generating, by the forwarding plane device, a second packet by encapsulating the first packet with the identity of the service; and transmitting the second packet to a network device, to enable the network device to manage the service according to the identity of the service in the second packet.

Systems, methods, and computer-readable media are provided for generating a unique ID for a sensor in a network. Once the sensor is installed on a component of the network, the sensor can send attributes of the sensor to a control server of the network. The attributes of the sensor can include at least one unique identifier of the sensor or the host component of the sensor. The control server can determine a hash value using a one-way hash function and a secret key, send the hash value to the sensor, and designate the hash value as a sensor ID of the sensor. In response to receiving the sensor ID, the sensor can incorporate the sensor ID in subsequent communication messages. Other components of the network can verify the validity of the sensor using a hash of the at least one unique identifier of the sensor and the secret key.

Some embodiments provide a novel way to insert a service (e.g., a third party service) in the path of a data message flow, between two machines (e.g., two VMs, two containers, etc.) in a public cloud environment. For a particular tenant of the public cloud, some embodiments create an overlay logical network with a logical overlay address space. To perform a service on data messages of a flow between two machines, the logical overlay network passes to the public cloud's underlay network the data messages with their destination address (e.g., destination IP addresses) defined in the logical overlay network. The underlay network (e.g., an underlay default downlink gateway) is configured to pass data messages with such destination addresses (e.g., with logical overlay destination addresses) to a set of one or more service machines. The underlay network (e.g., an underlay default uplink gateway) is also configured to pass to the particular tenant's public cloud gateway the processed data messages that are received from the service machine set and that are addressed to logical overlay destination addresses. The tenant's public cloud gateway is configured to forward such data messages to a logical forwarding element of the logical network, which then handles the forwarding of the data messages to the correct destination machine.