A control apparatus, includes a first unit configured to be capable of specifying an identification rule to identify a packet based on a user of a virtual network including a plurality of virtual nodes; and a second unit configured to be capable of sending an instruction to a physical node corresponding to each of the virtual nodes of the virtual network, wherein each of the virtual nodes includes a predetermined network function being capable of providing a first packet operation to the packet, wherein the instruction includes that the physical node provides a second packet operation to the packet so as to emulate the first packet operation.

Modular industrial automation device and method for configuring a modular industrial automation device, wherein in order to configure the modular industrial automation device which includes a central unit and at least one communication module which each comprise a router module and a routing configuration unit, the routing configuration units transmit routing information stored in their routing table to routing configuration units of other router modules, and the routing configuration units update their respective routing table based on routing information which is received from routing configuration units of other router modules and relates to routes to IPv4 subnetworks assigned to other router modules, a default gateway and a connection between the associated router module and a backplane bus system.

A User Equipment (UE) processing method and device is provided. The method includes that: a forwarding device receives an indication message for managing a UE sent by a controller; and the forwarding device manages the UE according to the received indication message.

A multicast group allocation method, a centralized control point, and a multicast router are provided. A centralized control point determines a correspondence between at least two multicast groups and at least two RPs in a rendezvous point set according to information about the at least two multicast groups and information about the at least two RPs, where in the correspondence between the at least two multicast groups and the at least two RPs, each RP is corresponding to a same quantity of multicast groups; the centralized control point evenly allocates the at least two multicast groups to the at least two RPs according to the correspondence between the at least two multicast groups and the at least two RPs and diffuses the correspondence between the at least two multicast groups and the at least two RPs to all multicast routers on a PIM network.

Some embodiments provide a method for presenting a visualization of a data message flow within a logical network that is implemented across multiple sites. The method receives flow tracing data regarding the data message flow from a source endpoint in a first site to a second endpoint in a second site. The data message flow is processed according to logical forwarding elements (LFEs) implemented in at least the first and second sites. For each of the sites through which the data message flow passes, the method identifies the LFEs that process the data message flow in the site. The method presents a visualization for the data message flow. The visualization includes a separate section for each site through which the data message flow passes. Each section indicates at least a subset of the LFEs that process the data message flow in the corresponding site for the section.

Some embodiments provide a method for presenting a visualization of a data message flow within a logical network that is implemented across multiple sites. The method receives flow tracing data regarding the data message flow from a source endpoint in a first site to a second endpoint in a second site. The data message flow is processed according to logical forwarding elements (LFEs) implemented in at least the first and second sites. For each of the sites through which the data message flow passes, the method identifies the LFEs that process the data message flow in the site. The method presents a visualization for the data message flow. The visualization includes a separate section for each site through which the data message flow passes. Each section indicates at least a subset of the LFEs that process the data message flow in the corresponding site for the section.

A Software Defined Wide Area Network (SD-WAN) edge node is disclosed. The SD-WAN edge node includes edge node SD-WAN ports coupled to untrusted underlay networks. The SD-WAN edge node transmits a first Border Gateway Protocol (BGP) update message advertising WAN (Wide Area Network) properties of the edge node SD-WAN ports to a local controller via an encrypted channel over the untrusted underlay network. The SD-WAN edge node receives a second BGP update message from the local controller, the second BGP update message advertising WAN properties of peer node SD-WAN ports of a peer node. The SD-WAN edge node establishes a security association with the peer node over the untrusted underlay networks based on the WAN properties of the edge node SD-WAN ports and the WAN properties of the peer node SD-WAN ports.

The disclosure provides an approach for pre-filtering traffic in a logical network. One method includes receiving, by a hypervisor, a packet from a virtual computing instance (VCI) and determining a service path for the packet based on a service table. The method further includes setting, by the hypervisor, a pre-filter component as a next hop for the packet based on the service path. The method further includes receiving, by the pre-filter component, the packet. The method further includes making a determination, by the pre-filter component, of whether the packet requires processing by the security component. The method further includes performing, by the pre-filter component, based on the determination, one of: forwarding the packet to its destination and bypassing the security component; or forwarding the packet to the security component.

The disclosure provides an approach for pre-filtering traffic in a logical network. One method includes receiving, by a hypervisor, a packet from a virtual computing instance (VCI) and determining a service path for the packet based on a service table. The method further includes setting, by the hypervisor, a pre-filter component as a next hop for the packet based on the service path. The method further includes receiving, by the pre-filter component, the packet. The method further includes making a determination, by the pre-filter component, of whether the packet requires processing by the security component. The method further includes performing, by the pre-filter component, based on the determination, one of: forwarding the packet to its destination and bypassing the security component; or forwarding the packet to the security component.

A network node device and method of determining a communication route to one or more other network nodes through a network. The method includes sending current routing information to a network management server (NMS), and receiving new or supplemental routing information from the NMS, this supplemental routing information determined by the NMS based on the current routing information of the network node and the other network node(s). The supplemental routing information may include lateral route information identifying designated routing nodes that form lateral band(s) of nodes that span the network. Each lateral band may include gate node(s) as entrances/exits to the lateral band. The method further includes determining, based on the supplemental routing information, a route to one or more of the other network nodes, which may include an optimal path and/or alternate path(s) from the network node to one or more of the other network nodes.