This disclosure describes techniques for software-defined service insertion. The techniques include a method of configuring a network for service insertion. The techniques include processing a master policy correlating an endpoint group pair, of source endpoint group and destination endpoint group, to a service graph. The service graph indicates a template service chain, and the template service chain indicates an ordering of a plurality of services. Processing the master policy includes disaggregating the master policy into at least one location specific policy, each of the at least one location specific policy corresponding to a separate location in the network and including traffic steering directives corresponding to a portion of the plurality of services associated with the separate location. The techniques further include causing each of the at least one location specific policy to be stored in association with the separate location to which that location specific policy corresponds.

The embodiments described herein provide mechanism that allows an embedded router software image and an application to run in the user application memory space of a general purpose computer. A connection is established with an operating system device configured to route packets between the application and the software router and route, by the software router, network traffic to and from the application by way of the connection. The application may be connected to other applications in the user application memory space or connected to applications that are external to the general purpose computer.

The apparatus (SW) has a plurality of input/output ports (P1, P2, P3, P4, P5) for receiving and transmitting data packets, and comprises a data packets handling circuitry (DPL) arranged to forward data packets between the input/output ports (P1, P2, P3, P4, P5) and an internal apparatus controller (CPL) arranged to control the data packet handling circuitry (DPL); the apparatus (SW) has a control port (PC) for communication between the internal apparatus controller (CPL) and an external network controller (NWC); the apparatus controller (CPL) is arranged to store (MEM) at least one state transition table (TT) to be used for controlling the forwarding of data packets by the data packets handling circuitry (DPL); the apparatus controller (DPL) is arranged to use said at least one state transition table (TT) for implementing at least one finite state machine (FSM); the apparatus controller (DPL) is arranged to use said at least one state transition table (TT) for handling separately distinct incoming data packets flows through corresponding distinct instances of finite state machine; the apparatus controller (DPL) is arranged to receive said at least one state transition table (TT) through the control port (PC).

Some embodiments provide a method for a network controller that manages a flow-based managed forwarding element (MFE). The method receives multiple service rules for implementation by the MFE. Each service rule matches over a set of network addresses. At least one network address is in the set of network addresses for at least two service rules. The method groups the network addresses into non-overlapping groups of network addresses, each of which addresses that are all matched by only a same set of service rules. The method generates flow entries that match over the groups of network addresses for the MFE to use to implement the service rules.

Methods, apparatus and articles of manufacture (e.g., physical storage media) to perform centralized route determination in communication networks (e.g., such as software defined networks) are disclosed. Example methods for route determination disclosed herein include accessing, with a controller of a software defined network, a first set of constraints specifying whether route splitting is permissible for respective ones of a set of flows in the software defined network. Such disclosed example methods also include accessing, with the controller, a second set of constraints specifying respective bandwidth demands for the respective ones of the set of flows in the software defined network. Such disclosed example methods further include determining, with a linear programming model implemented by the controller, a set of routes based on the first and second sets of constraints, wherein the set of routes is to route the set of flows in the software defined network.

A forwarding flow table request sent by a host device when the host device fails to find a matching forwarding flow table entry for a data packet to be forwarded is received, when a destination MAC address of the data packet is the global virtual MAC address, a forwarding flow table entry is generated according to the global port table; the forwarding flow table entry includes an operation indication of replacing the destination MAC address of the data packet with the matching MAC address found in the global port table; and the forwarding flow table entry is sent to the host device, so that the host device may forward a data packet matching the forwarding flow table entry.

Methods and apparatus for processing data packets in a computer network are described. One general method includes receiving a data packet; examining the data packet to classify the data packet including classifying the data packet as a L2 or L3 packet and including determining at least one zone associated with the packet; processing the packet in accordance with one or more policies associated with the zone; determining forwarding information associated with the data packet; and if one or more policies permit, forwarding the data packet toward an intended destination using the forwarding information.

The present invention relates to computer implemented processes affected through a set of computer operations stored in a memory device and executed using a hardware processor. The embodiments disclosed herein comprise methods as well a computer hardware system comprising a hardware processor capable of executing the method steps. The computer operations facilitate processes for (1) automating the creation of encoders or decoders integral to a protocol wrapper within a wireless network configured to transmit and receive Diameter based protocol data; and (2) transmitting agnostic Diameter based protocol data in a wireless network.

The disclosure relates to technology for supporting a virtual switch to change data plane providers on a framework supporting multiple data plane providers. A processing device receives a request to change a first data plane provider, where the virtual switch is configured with a topology on the first data plane provider to use a flow management protocol. The virtual switch includes network interfaces connected to ports to enable communication among entities attached to the network interfaces by forwarding data packets within a first datapath of the first data plane. In response to the change, the network interfaces are disconnected, the first datapath is removed and a second datapath is created. The virtual switch is then configured to operate with the second datapath while retaining the flow management protocol and the topology, such that the entities communicate by forwarding data packets within the second datapath on the second data plane.

A method of dynamically adding a communication service function to a communication session comprises receiving a communication during a communication session on an active connection, detecting a communication service trigger in the communication, determining a second communication service function based on the communication service trigger, sending a message to a network function virtualization (NFV) catalog, receiving a response from the NFV catalog, providing the routing information to a software defined network (SDN) controller, routing the communication from the first communication service function to the second communication service function, processing the communication with the second communication service function, and routing the communication to an output. The message to the NFV server can include an identity of the second communication service function. The SDN controller can set the session routing protocol to include the second communication service function in a communication flow for the communication session.