A device receives network data associated with a network that includes network devices interconnected by links, and receives parameters associated with determining a network plan for the network. The device generates candidate links for each potential network plan of multiple potential network plans for the network, based on the parameters and based on a criterion associated with generating the candidate links. The device generates candidate paths for each potential network plan based on the parameters, and selects a portion of the candidate links and a portion of the candidate paths. The device generates each potential network plan based on the portion of the candidate links and the portion of the candidate paths, and identifies a potential network plan, of the multiple potential network plans, that reduces resource usage associated with operating the network. The device causes the potential network plan to be implemented in the network.

A packet transmission method, device, and system for network technologies are disclosed. A first network device receives, by using a first VPLS instance a packet to be sent to a user-side device connected to the second network device. The first network device forwards, based on an association relationship between the first VPLS instance and the first VPWS instance, the packet to a second VPWS instance in the second network device by using the first VPWS instance. A VPLS instance is associated with a VPWS instance in the first network device. A packet that is received by using the VPLS instance and that is to be sent to a user-side device can be forwarded by using the associated VPWS instance, so that pressure to learn a MAC address for packet transmission is reduced, and forwarding performance of the system is ensured.

A packet transmission method, device, and system for network technologies are disclosed. A first network device receives, by using a first VPLS instance a packet to be sent to a user-side device connected to the second network device. The first network device forwards, based on an association relationship between the first VPLS instance and the first VPWS instance, the packet to a second VPWS instance in the second network device by using the first VPWS instance. A VPLS instance is associated with a VPWS instance in the first network device. A packet that is received by using the VPLS instance and that is to be sent to a user-side device can be forwarded by using the associated VPWS instance, so that pressure to learn a MAC address for packet transmission is reduced, and forwarding performance of the system is ensured.

Disclosed herein are system, method, and computer program product aspects for multiple instance Intermediate System to Intermediate System (IS-IS or ISIS) for a multi-area fabric. A network area in a multi-area fabric includes one or more network nodes and a boundary node shared with an other network area of the multi-area fabric outside of the network area. The boundary node can include a first ISIS instance associated with the network area and a second ISIS instance associated with the other network area. The second ISIS instance can be configured to pass information associated with the other network area to the first ISIS instance.

Disclosed herein are system, method, and computer program product aspects for multiple instance Intermediate System to Intermediate System (IS-IS or ISIS) for a multi-area fabric. A network area in a multi-area fabric includes one or more network nodes and a boundary node shared with an other network area of the multi-area fabric outside of the network area. The boundary node can include a first ISIS instance associated with the network area and a second ISIS instance associated with the other network area. The second ISIS instance can be configured to pass information associated with the other network area to the first ISIS instance.

Embodiments of a method of communicating a packet by a network address translation (NAT) enabled router, are described. In an embodiment, the method includes receiving a return packet to be communicated to a destination. The destination is associated with a first source address in the context of a forward packet. The method further includes determining a return path to transmit the return packet to the destination based on security association data. The security association data is pre-recorded in a routing table of the NAT enabled router when the forward packet is received, prior to receiving the return packet, over a forward path established between the NAT enabled router and an enterprise node. The security association data uniquely identifies the forward path as the return path.

Embodiments of a method of communicating a packet by a network address translation (NAT) enabled router, are described. In an embodiment, the method includes receiving a return packet to be communicated to a destination. The destination is associated with a first source address in the context of a forward packet. The method further includes determining a return path to transmit the return packet to the destination based on security association data. The security association data is pre-recorded in a routing table of the NAT enabled router when the forward packet is received, prior to receiving the return packet, over a forward path established between the NAT enabled router and an enterprise node. The security association data uniquely identifies the forward path as the return path.

A method for offloading multicast replication from multiple tiers of edge nodes implemented by multiple host machines to a physical switch is provided. Each of the multiple host machines implements a provider edge node and a tenant edge node. One host machine among the multiple host machines receives a packet having an overlay multicast group identifier. The host machine maps the overlay multicast group identifier to an underlay multicast group identifier. The host machine encapsulates the packet with an encapsulation header that includes the underlay multicast group identifier to create an encapsulated packet. The host machine forwards the encapsulated packet to a physical switch of the network segment. The physical switch forwards copies of the encapsulated packet to tenant edge nodes at one or more ports that are determined to be interested in the underlay multicast group identifier.

A method may include determining, by a first network device, a type of control channel to open across a transport in a software-defined network (SDN). The method may also include establishing the control channel with a control device via a control plane that is separate from a data plane. The method may further include advertising first security association parameters to the control device via the control channel. The method may include receiving, from the control device via the control channel, second security association parameters associated with a second network device. The method may also include establishing a data plane connection with the second network device using the second security association parameters.

Embodiments of this application relate to the communication field, and disclose a method, a device, and a system for transmitting a node identifier, to reduce a limitation on delivery of an SR POLICY route and improve network performance The method includes: A forwarding device sends a node identifier to a controller. The forwarding device receives a first SR POLICY route from the controller, where a target attribute of the first SR POLICY route is the node identifier. The forwarding device determines that the node identifier matches the target attribute of the first SR POLICY route, and forwards a traffic packet according to the first SR POLICY route.