Embodiments of this application disclose a session establishment method and a network device. One example method includes: A first network device receives a first message from a second network device, where the first message includes configuration information corresponding to a first interface, the second network device is connected to the first network device through the first interface, and the configuration information corresponding to the first interface includes an internet protocol IP address of the first interface; and the first network device establishes a BGP session with the second network device based on the configuration information corresponding to the first interface.

A novel design of a gateway that handles traffic in and out of a network by using a datapath pipeline is provided. The datapath pipeline includes multiple stages for performing various data-plane packet-processing operations at the edge of the network. The processing stages include centralized routing stages and distributed routing stages. The processing stages can include service-providing stages such as NAT and firewall. The gateway caches the result previous packet operations and reapplies the result to subsequent packets that meet certain criteria. For packets that do not have applicable or valid result from previous packet processing operations, the gateway datapath daemon executes the pipelined packet processing stages and records a set of data from each stage of the pipeline and synthesizes those data into a cache entry for subsequent packets.

A novel design of a gateway that handles traffic in and out of a network by using a datapath pipeline is provided. The datapath pipeline includes multiple stages for performing various data-plane packet-processing operations at the edge of the network. The processing stages include centralized routing stages and distributed routing stages. The processing stages can include service-providing stages such as NAT and firewall. The gateway caches the result previous packet operations and reapplies the result to subsequent packets that meet certain criteria. For packets that do not have applicable or valid result from previous packet processing operations, the gateway datapath daemon executes the pipelined packet processing stages and records a set of data from each stage of the pipeline and synthesizes those data into a cache entry for subsequent packets.

A system and method for determining a network path through a network that is managed by a software defined network (TsSDN) controller incorporating time management are disclosed. In some embodiments, the SDN controller can determine that a data packet originating from a transmitting device and directed to a receiving device is associated with one of: time-sensitive, timeaware or best effort characteristic. The controller can then determine a network path for transport of the data packet from the transmitting device to the receiving device with a guaranteed end to end delay to satisfy the characteristic. The end to end delay considers latency through each layer the data packet transitions through after being conjured at an application layer of the transmitting device. The data packet is then transmitted from the transmitting device via the network path to the receiving device.

A system and method for determining a network path through a network that is managed by a software defined network (TsSDN) controller incorporating time management are disclosed. In some embodiments, the SDN controller can determine that a data packet originating from a transmitting device and directed to a receiving device is associated with one of: time-sensitive, timeaware or best effort characteristic. The controller can then determine a network path for transport of the data packet from the transmitting device to the receiving device with a guaranteed end to end delay to satisfy the characteristic. The end to end delay considers latency through each layer the data packet transitions through after being conjured at an application layer of the transmitting device. The data packet is then transmitted from the transmitting device via the network path to the receiving device.

The present application relates to traffic routing for overlay paths in a public cloud network. A path orchestrator receives a configuration of a set of overlay paths for a wide area network virtualization from a client, each overlay path including virtual routing nodes associated with respective geographic regions and at least one policy for a link between the virtual routing nodes. The path orchestrator is configured to instantiate a plurality of virtual routers on computing resources of the public cloud network located within the respective geographic regions based on the configuration, each virtual router configured to route traffic according to the policy for each link associated with the virtual routing node corresponding to the virtual router. The path orchestrator is configured to scale the plurality of virtual routers based on traffic for the client on the set of overlay paths.

The present application relates to traffic routing for overlay paths in a public cloud network. A path orchestrator receives a configuration of a set of overlay paths for a wide area network virtualization from a client, each overlay path including virtual routing nodes associated with respective geographic regions and at least one policy for a link between the virtual routing nodes. The path orchestrator is configured to instantiate a plurality of virtual routers on computing resources of the public cloud network located within the respective geographic regions based on the configuration, each virtual router configured to route traffic according to the policy for each link associated with the virtual routing node corresponding to the virtual router. The path orchestrator is configured to scale the plurality of virtual routers based on traffic for the client on the set of overlay paths.

A network switch having hardware thereon for transmitting probes to neighbor devices for exercising forwarding states (e.g., layer 2 and layer 3) on the switch. A light-weight agent resides on one or both of neighbor network devices and can be used to control the testing. Probe allocation can be managed locally on a source device based on a layer 3 routing table. One or more probes originating from the source network device (device A) from a local CPU are routed on the same network device A in hardware and sent out on a link towards a peer device (device B). Peer device B captures the probe using an Access Control List (ACL) hardware, and reflects the probe back to network device A on the ingress port. Network device A can then capture the reflected probe using ACL hardware and verifies the actual forwarding behavior applied on the probe packet.

A network switch having hardware thereon for transmitting probes to neighbor devices for exercising forwarding states (e.g., layer 2 and layer 3) on the switch. A light-weight agent resides on one or both of neighbor network devices and can be used to control the testing. Probe allocation can be managed locally on a source device based on a layer 3 routing table. One or more probes originating from the source network device (device A) from a local CPU are routed on the same network device A in hardware and sent out on a link towards a peer device (device B). Peer device B captures the probe using an Access Control List (ACL) hardware, and reflects the probe back to network device A on the ingress port. Network device A can then capture the reflected probe using ACL hardware and verifies the actual forwarding behavior applied on the probe packet.

A virtual network system for a computer network is provided. The system includes a first host executing a virtual network function manager. The system also includes a second host executing a management virtual machine. The management virtual machine is in communication with the virtual network function manager and with one or more virtual network function component instantiations. The management virtual machine is programmed to route messages between the one or more virtual network function component instantiations and the virtual network function manager.