Some embodiments of the invention provide a method of facilitating routing through a software-defined wide area network (SD-WAN) defined for an entity. A first edge forwarding node located at a first multi-machine site of the entity, the first multi-machine site at a first physical location and including a first set of machines, serves as an edge forwarding node for the first set of machines by forwarding packets between the first set of machines and other machines associated with the entity via other forwarding nodes in the SD-WAN. The first edge forwarding node receives configuration data specifying for the first edge forwarding node to serve as a hub forwarding node for forwarding a set of packets from a second set of machines associated with the entity and operating at a second multi-machine site at a second physical location to a third set of machines associated with the entity and operating at a third multi-machine site at a third physical location. The first edge forwarding node serves as a hub forwarding node to forward the set of packets from the second set of machines to the third set of machines.

A packet forwarding method is disclosed. The method includes: After an edge node in a trusted domain receives an SRv6 packet whose destination address is a BSID, the edge node may verify the packet based on a BSID in the packet and a destination field in an SRH of the packet. If the packet passes the verification, the edge node forwards the packet. If the packet fails the verification, the edge node discards the packet. Not only a node outside the trusted domain is required to access the trusted domain by using the BSID, but also the packet entering the trusted domain needs to be verified with reference to the target field in the segment routing header.

A packet forwarding method is disclosed. The method includes: After an edge node in a trusted domain receives an SRv6 packet whose destination address is a BSID, the edge node may verify the packet based on a BSID in the packet and a destination field in an SRH of the packet. If the packet passes the verification, the edge node forwards the packet. If the packet fails the verification, the edge node discards the packet. Not only a node outside the trusted domain is required to access the trusted domain by using the BSID, but also the packet entering the trusted domain needs to be verified with reference to the target field in the segment routing header.

A packet transmission method includes that a host obtains a packet, and when a transmission path of the packet is to be pass through a wide area network, the host determines whether to perform optimization on the packet for transmission in the wide area network and performs optimization on the packet for transmission in the wide area network.

A packet transmission method includes that a host obtains a packet, and when a transmission path of the packet is to be pass through a wide area network, the host determines whether to perform optimization on the packet for transmission in the wide area network and performs optimization on the packet for transmission in the wide area network.

A first network device receives an association relationship sent by a second network device, where the association relationship includes an association relationship between a first path and a second path. The first network device generates first routing information between the first network device and a target network device based on the association relationship, where the first routing information is used by the first network device to send a packet to the target network device through the first path, and when a cross-slice condition is met, the first routing information is used by the first network device to send a packet to the target network device through the second path.

A first network device receives an association relationship sent by a second network device, where the association relationship includes an association relationship between a first path and a second path. The first network device generates first routing information between the first network device and a target network device based on the association relationship, where the first routing information is used by the first network device to send a packet to the target network device through the first path, and when a cross-slice condition is met, the first routing information is used by the first network device to send a packet to the target network device through the second path.

The present application relates to traffic routing for overlay paths in a public cloud network. A path orchestrator receives a configuration of a set of overlay paths for a wide area network virtualization from a client, each overlay path including virtual routing nodes associated with respective geographic regions and at least one policy for a link between the virtual routing nodes. The path orchestrator is configured to instantiate a plurality of virtual routers on computing resources of the public cloud network located within the respective geographic regions based on the configuration, each virtual router configured to route traffic according to the policy for each link associated with the virtual routing node corresponding to the virtual router. The path orchestrator is configured to scale the plurality of virtual routers based on traffic for the client on the set of overlay paths.

The present application relates to egressing traffic from a public cloud network. An egress traffic manager configures routing at hosts and edge routers within the public cloud network. The egress traffic manager determines, for an edge router, a plurality of current border gateway protocol (BGP) sessions with external networks. The egress traffic manager configures a virtual router hosted on the edge router to route a portion of egress traffic to a selected one of the external networks via one of the BGP sessions. A host is configured to route the portion of egress traffic within the public cloud network to the edge router. An edge router configured to route, by the virtual router, the portion of egress traffic from the edge router to the selected one of the external networks.

A method may include receiving, at a target, from a server, a command, information to identify data, and access information to perform a data transfer using a memory access protocol, and performing, based on the command, based on the access information, the data transfer between the target and a client using the memory access protocol. The information to identify the data may include an object key, and the object key and the access information may be encoded, at least partially, in an encoded object key. The method may further include sending, based on the data transfer, from the target to the server, a completion. The method may further include sending, based on the completion, from the server to the client, an indication of success. The method may further include reconstructing the data based on the parity data.