In one embodiment, a method includes determining a secure path through a first plurality of network nodes within a network and determining an alternate secure path through a second plurality of network nodes within the network. The method also includes routing network traffic through the first plurality of network nodes of the secure path and detecting a failure in the secure path using single-hop BFD authentication. The method further includes rerouting the network traffic through the second plurality of network nodes of the alternate secure path.

[Problem] Change the distribution logic flexibly. [Solution] A control apparatus includes a communication unit (NIC20) configured to receive a packet from a network, a plurality of first control units (3a, 3b, 3c, 3d) configured to function as a plurality of virtual control units (VM1a, 1b, 1c, . . . ), a distribution circuit (Balancer 10a) configured to distribute the received packet to a plurality of dispatchers, a plurality of second control units (Dispatcher 4a, 4b, 4c, and 4d) configured to distribute the packet distributed by the distribution circuit to the plurality of virtual control units (VM1a, 1b, 1c, . . . ), in which the distribution circuit is configured by a PLD.

[Problem] Change the distribution logic flexibly. [Solution] A control apparatus includes a communication unit (NIC20) configured to receive a packet from a network, a plurality of first control units (3a, 3b, 3c, 3d) configured to function as a plurality of virtual control units (VM1a, 1b, 1c, . . . ), a distribution circuit (Balancer 10a) configured to distribute the received packet to a plurality of dispatchers, a plurality of second control units (Dispatcher 4a, 4b, 4c, and 4d) configured to distribute the packet distributed by the distribution circuit to the plurality of virtual control units (VM1a, 1b, 1c, . . . ), in which the distribution circuit is configured by a PLD.

System and techniques for a hierarchical resource constrained networks are described herein. Device participating in the network are divided into groups. These groups correspond to vertices in a routing graph. A leader is selected amongst the devices in each group to function as a routing node connecting to other vertices of the routing graph. Client devices attach to leaf vertices in the routing graph. To reduce overhead in placing devices into the routing pools, a distributed hash table (DHT) can be used. Here, the routing pools can be given DHT IDs based on, for example, a structure of the routing graph. Device DHT IDs are used to assign them to the routing pools based on a distance metric. Routing, in this arrangement, can use the DHT IDs to efficiently compute routing pool hops when routing messages. This arrangement works well for publication-subscription (pub-sub) services.

System and techniques for a hierarchical resource constrained networks are described herein. Device participating in the network are divided into groups. These groups correspond to vertices in a routing graph. A leader is selected amongst the devices in each group to function as a routing node connecting to other vertices of the routing graph. Client devices attach to leaf vertices in the routing graph. To reduce overhead in placing devices into the routing pools, a distributed hash table (DHT) can be used. Here, the routing pools can be given DHT IDs based on, for example, a structure of the routing graph. Device DHT IDs are used to assign them to the routing pools based on a distance metric. Routing, in this arrangement, can use the DHT IDs to efficiently compute routing pool hops when routing messages. This arrangement works well for publication-subscription (pub-sub) services.

A terminal function device and a proxy transfer agent device generate, on mutually-connecting physical lines, logical paths to be correlated with physical port transmitting/receiving units. In a case of receiving a signal received at one of the physical port transmitting/receiving units, the terminal function device sends the signal out to a logical path corresponding to the physical port transmitting/receiving unit that received this signal. In a case of receiving a signal through the logical path, the proxy transfer agent device correlates the signal with information identifying the physical port transmitting/receiving unit corresponding to the logical path that received this signal, and transfers the information along with the signal. Ina case of sending out a signal to the logical path, the proxy transfer agent device sends out the signal to the logical path corresponding to the physical port transmitting/receiving unit specified as a transfer destination of the signal. In a case of receiving a signal through the logical path, the terminal function device sends out the signal from the physical port transmitting/receiving unit corresponding to the logical path that received the signal.

The system disclosed herein implements an improved end-to-end network performance for data transmissions that span multiple networks operated by different organizations. The improvements are achieved as a result of exchanging routing information. For instance, the exchanged routing information can be representative of network performance factors. When different operators of different networks agree to exchange routing information, an optimal end-to-end path between two endpoint devices can be identified and selected for data transmission. This benefits both network operators as the users served by the networks are more likely to be satisfied with the user experience (e.g., faster download and upload of data).

The system disclosed herein implements an improved end-to-end network performance for data transmissions that span multiple networks operated by different organizations. The improvements are achieved as a result of exchanging routing information. For instance, the exchanged routing information can be representative of network performance factors. When different operators of different networks agree to exchange routing information, an optimal end-to-end path between two endpoint devices can be identified and selected for data transmission. This benefits both network operators as the users served by the networks are more likely to be satisfied with the user experience (e.g., faster download and upload of data).

A multicast packet detection method, to improve detection deployment efficiency, reduce occupation of management bandwidth resources, and improve network management performance, includes: obtaining, by a network device, a first bit index explicit replication (BIER) packet, where the first BIER packet includes a first identifier, and the first identifier is used to instruct the network device to detect the first BIER packet; detecting, by the network device, the first BIER packet based on the first identifier, to obtain detection data; and sending, by the network device, the detection data to a controller.

A label management method includes allocating, by a controller, a source label to a data stream, sending, by the controller, a first Border Gateway Protocol (BGP) update packet to an ingress network device on a label switching path (LSP) of the data stream, and sending a second BGP update packet to an egress network device on the LSP of the data stream, where the first BGP update packet includes a stream identifier of the data stream and the source label, and the second BGP update packet includes a mapping relationship between the source label and a source object of the data stream.