Disclosed is a system and method of providing a segment routing as a service application. The method includes receiving a configuration of an internet protocol environment. The configuration can be a layer 3 configuration of a single cloud environment or even across multiple cloud environments. The configuration defines routing, forwarding, and paths in the environment between different entities such as virtual machines. The method includes receiving a parameter associated with a workload of a tenant. The parameter can be a service level agreement (i.e., a best bandwidth available), a pathway requirement, a parameter associated with specific workload, and so forth. Based on the configuration and the parameter, the method includes generating tenant-defined layer 3 overlay segment routing rules that define how the workload of the tenant will route data in the internet protocol environment using segment routing.

This application discloses a route information storage method. The method is applied to a wireless mesh network, the wireless mesh network includes a first node, a second node, and at least two stations STAs, the first node is an upper-level node of the second node, the at least two STAs include a first STA and a second STA, and the first STA and the second STA are connected to the second node. In the method, the first node receives a routing request for access requested by the first STA, and if it is determined that a first route entry corresponding to the second STA already exists, the first node no longer generates a new route entry for the first STA, but reuses the first route entry.

This application discloses a route information storage method. The method is applied to a wireless mesh network, the wireless mesh network includes a first node, a second node, and at least two stations STAs, the first node is an upper-level node of the second node, the at least two STAs include a first STA and a second STA, and the first STA and the second STA are connected to the second node. In the method, the first node receives a routing request for access requested by the first STA, and if it is determined that a first route entry corresponding to the second STA already exists, the first node no longer generates a new route entry for the first STA, but reuses the first route entry.

A software-defined wide area network (SD-WAN) environment that leverages network virtualization management deployment is provided. Edge security services managed by the network virtualization management deployment are made available in the SD-WAN environment. Cloud gateways forward SD-WAN traffic to managed service nodes to apply security services. Network traffic is encapsulated with corresponding metadata to ensure that services can be performed according to the desired policy. Point-to-point tunnels are established between cloud gateways and the managed service nodes to transport the metadata to the managed service nodes using an overlay logical network. Virtual network identifiers (VNIs) in the metadata are used by the managed service nodes to identify tenants/policies. A managed service node receiving a packet uses provider service routers (T0-SR) and tenant service routers (T1-SRs) based on the VNI to apply the prescribed services for the tenant, and the resulting traffic is returned to the cloud gateway that originated the traffic.

A software-defined wide area network (SD-WAN) environment that leverages network virtualization management deployment is provided. Edge security services managed by the network virtualization management deployment are made available in the SD-WAN environment. Cloud gateways forward SD-WAN traffic to managed service nodes to apply security services. Network traffic is encapsulated with corresponding metadata to ensure that services can be performed according to the desired policy. Point-to-point tunnels are established between cloud gateways and the managed service nodes to transport the metadata to the managed service nodes using an overlay logical network. Virtual network identifiers (VNIs) in the metadata are used by the managed service nodes to identify tenants/policies. A managed service node receiving a packet uses provider service routers (T0-SR) and tenant service routers (T1-SRs) based on the VNI to apply the prescribed services for the tenant, and the resulting traffic is returned to the cloud gateway that originated the traffic.

Some embodiments provide a method for presenting a visualization of a data message flow within a logical network that is implemented across multiple sites. The method receives flow tracing data regarding the data message flow from a source endpoint in a first site to a second endpoint in a second site. The data message flow is processed according to logical forwarding elements (LFEs) implemented in at least the first and second sites. For each of the sites through which the data message flow passes, the method identifies the LFEs that process the data message flow in the site. The method presents a visualization for the data message flow. The visualization includes a separate section for each site through which the data message flow passes. Each section indicates at least a subset of the LFEs that process the data message flow in the corresponding site for the section.

Some embodiments provide a method for presenting a visualization of a data message flow within a logical network that is implemented across multiple sites. The method receives flow tracing data regarding the data message flow from a source endpoint in a first site to a second endpoint in a second site. The data message flow is processed according to logical forwarding elements (LFEs) implemented in at least the first and second sites. For each of the sites through which the data message flow passes, the method identifies the LFEs that process the data message flow in the site. The method presents a visualization for the data message flow. The visualization includes a separate section for each site through which the data message flow passes. Each section indicates at least a subset of the LFEs that process the data message flow in the corresponding site for the section.

A software-defined wide area network (SD-WAN) environment that leverages network virtualization management deployment is provided. Edge security services managed by the network virtualization management deployment are made available in the SD-WAN environment. Cloud gateways forward SD-WAN traffic to managed service nodes to apply security services. Network traffic is encapsulated with corresponding metadata to ensure that services can be performed according to the desired policy. Point-to-point tunnels are established between cloud gateways and the managed service nodes to transport the metadata to the managed service nodes using an overlay logical network. Virtual network identifiers (VNIs) in the metadata are used by the managed service nodes to identify tenants/policies. A managed service node receiving a packet uses provider service routers (T0-SR) and tenant service routers (T1-SRs) based on the VNI to apply the prescribed services for the tenant, and the resulting traffic is returned to the cloud gateway that originated the traffic.

In one embodiment, a device obtains path metrics for a network path used to convey application traffic for an online application. The device discretizes the path metrics into labeled states. The device generates state transition visualization data that represents the labeled states as nodes and transitions between the labeled states as edges connecting the nodes. The device provides the state transition visualization data for display.

Embodiments of this application disclose a session establishment method and a network device. One example method includes: A first network device receives a first message from a second network device, where the first message includes configuration information corresponding to a first interface, the second network device is connected to the first network device through the first interface, and the configuration information corresponding to the first interface includes an internet protocol IP address of the first interface; and the first network device establishes a BGP session with the second network device based on the configuration information corresponding to the first interface.