After receiving a packet, a programmable forwarding device determines whether a flow entry matching the packet exists in a local flow table of the programmable forwarding device. If the flow entry does not exist, the programmable forwarding device sends the packet to a computing device. After receiving the packet, a programmable network adapter in the computing device determines whether a flow entry matching the packet exists in a local flow table of the programmable network adapter. If the flow entry does not exist, the programmable network adapter sends the packet to a processor in the computing device, so that a gateway running on the processor processes the packet.

A programmable network technology-based multi-homed network routing and forwarding method includes a data packet performing address-to-port matching a forwarding flow table address matching method; classifying addresses to matched ports corresponding to a destination address group; selecting a link information table and a port selection function, an appropriate port and a corresponding destination address group; cropping destination address groups of the remaining ports using an address filtering function and previous hop information carried in data to further crop the remaining destination address groups and addresses in the destination address group, a single destination address can be determined using a single address selection method, taking the single destination address using a universal routing and forwarding method to forward a packet to the destination address; otherwise, packaging the destination address group, and using a single address selection method to determine the single destination address hop by hop until the destination address is reached.

A stitching label sending method, receiving method, and a device, the sending method including receiving, by a controller, first label range information sent by an intermediate device, where the first label range information indicates a first label range in a plurality of label ranges of the intermediate device, selecting, by the controller, a label from the first label range as a stitching label, and sending, by the controller, to the intermediate device, the stitching label and a first label stack corresponding to the stitching label, where the first label stack indicates a first label switched path starting from the intermediate device.

A method for processing network communications, the method including receiving a network packet at a network device and performing at least one lookup for the packet in one or more first lookup tables in which the one or more first lookup tables are programmed to include at least one of an exact match or longest prefix match (LPM) table entry. The method includes obtaining a security source segment and a security destination segment based upon the result of the at least one lookup for the packet in the one or more first lookup tables. The method further includes performing a lookup in a second lookup table based upon the security source segment and security destination segment in which the second lookup table is programmed in a content addressable memory. Based upon the result of the lookup in the second lookup table, processing a forwarding decision for the packet according to the security source segment and security destination segment.

Examples described herein relate to a network interface that includes an initiator device to determine a storage node associated with an access command based on an association between an address in the command and a storage node. The network interface can include a redirector to update the association based on messages from one or more remote storage nodes. The association can be based on a look-up table associating a namespace identifier with prefix string and object size. In some examples, the access command is compatible with NVMe over Fabrics. The initiator device can determine a remote direct memory access (RDMA) queue-pair (QP) lookup for use to perform the access command.

Systems and methods include obtaining a table having a plurality of addresses each having a plurality of attributes and classifications; responsive to a requirement to reduce a size of the table, reducing a number of the plurality of addresses based on one or more reduction approaches that use any of the plurality of attributes and classifications; and obtaining an output table having some or all of the plurality of addresses for a table receiver. The table can be obtained via control plane components including one or more of Interior Gateway Protocol (IGP) and Border Gateway Protocol (BGP). The requirement to reduce the size is based on a size of the table and a size of memory associated with the table receiver.

Disclosed are systems, apparatuses, methods, and computer-readable media for secure network routing. A method includes: receiving, at a network node, an advertisement message for a network route including an IP address prefix; receiving, at the network node, a route origin authorization associated with the IP address prefix, the route origin authorization including a digital signature and a security requirement of a route to a destination that corresponds to the IP address prefix; determining, by the network node, one or more network nodes satisfies the security requirement to yield a determination; and determining, by the network node, to route network traffic to the IP address prefix based on the determination. In one example, the method can include, when the one or more network nodes satisfies the security requirement, advertising the route to the one or more network nodes that satisfies the security requirement.

Systems and methods of network packet switching use a table representation of a trie data structure to identify a timestamp (TS) range (or time range) for a received packet based on the packet timestamp (TS). The trie data structure is programmed with a plurality of predetermined time ranges. Each node in the trie data structure corresponds to a TS prefix and is associated with a corresponding predetermined time range. A search engine in the network switch can use the packet TS as a key to traverse the trie data structure and thereby matching the packet TS to a predetermined time range according to a Longest Prefix Match (LPM) process. Provided with the TS ranges of the incoming packets, various applications and logic engines in the network switch can accordingly process the packets, such as determining a new destination IP address and performing channel switch accordingly.

Provided are a method and device for packet forwarding. The method comprises: interface direction information and a routing table issued by a control plane are received, where a route in the routing table carries a routing direction identifier; when a packet is received from an interface, a forwarding plane determines the interface direction of an incoming interface of the packet according to the interface direction information, and determines a routing direction of the packet according to the routing direction identifier; if the interface direction of the incoming interface matches the routing direction, then the packet is forwarded; and if not, then the packet is discarded.

A packet transmission method includes a first virtual extensible local area network tunnel endpoint (VTEP) receiving a first packet from a first host and sending a second packet to a third VTEP based on a first IP address corresponding to the first host, where the second packet is obtained by the first VTEP by encapsulating the first packet, where the first host is multi-homed to a second VTEP and the first VTEP, where the second VTEP is configured to send a packet from the first host to the third VTEP based on a second Internet Protocol (IP) address corresponding to the first host, and where the first IP address is the same as the second IP address.