In some embodiments, a method receives a packet for a flow from a first application in a first workload to a second application in a second workload. The packet includes an inner header that includes layer 4 information for the first application. The method determines if a setting indicates an outer source port in an outer header should be generated using layer 4 information from the inner header. The setting is based on an analysis of packet types in the flow to determine if fragmented packets are sent. When the setting indicates the outer source port in the outer header should be generated using layer 4 information from the inner header, the method generates the outer source port using the layer 4 information for the first application from the inner header. The packet is encapsulated using the outer header, wherein the outer header includes the outer source port.

A network device may receive, from a timing source of a network, timing information. The network device may identify a client device to which the timing information is to be provided, wherein the network device provides an interface between the client device and the network. The network device may select a virtual network address to associate with a timing agent of the network device, wherein the virtual network address is within an address range that is reachable by the client device. The network device may provide to the client device, and via a network layer communication, a timing control packet comprising the timing information, wherein the timing control packet identifies the virtual network address as a source network address of the timing control packet, and wherein the timing information is to be used by the client device to update a clock of the client device.

Packet transmission rate and packet drop rate for discrete network devices in a network are used to estimate end-to-end traffic demand and loss in the network. Data regarding the packet transmission rate and drop rate are passively collected for each network device and transmitted to a network monitoring unit. The network monitoring unit compiles the data and generates a series of simultaneous equations that represent traffic demand and loss between the discrete network devices along the paths connecting respective source-destination pairs. By determining an optimal solution to the simultaneous equations, an estimate of end-to-end traffic loss and corresponding traffic demand, which takes into account packet loss at each network device, can be generated for each source-destination pair. The optimal solution can be formed as a traffic matrix, which aggregates source-to-destination traffic demands, and a loss matrix, which aggregates source-to-destination traffic losses.

A first edge server of multiple edge servers of a distributed edge computing network receives a request from a client device regarding a resource hosted at an origin server according to an anycast implementation. The first edge server modifies the request to include identifying information for the first edge server prior to sending the request to the origin server. The origin server responds with a response packet that includes the identifying information of the first edge server. Instead of routing the response packet to the client device directly, one of the multiple edge servers receives the response packet due to the edge servers each having the same anycast address. If the edge server that receives the response packet is not the first edge server, that edge server transmits the response packet to the first edge server, who processes the response packet and transmits the response packet to the client device.

In one implementation, a communications apparatus includes a communications circuit including a first communications system configured to communicate with a first communications network over a first communications medium; a second communications system configured to communicate with the first communications network over a second communications medium; and a communications port configured to communicate with a second communications network. The communications apparatus can further include a power circuit that includes a first power system configured to power the communications apparatus with a first power source; and a second power system configured to power the communications apparatus with a second power source. The communications apparatus can further include a processing system configured to be powered by the power circuit and selectively control communications flows between the communications port and at least one of the first communications system and the second communications system.

In one example, a system comprises a plurality of non-last-hop routers (non-LHRs) of a network, the non-LHRs configured with a multicast distribution tree for a multicast group to transport first multicast packets of a multicast flow toward one or more LHRs, wherein a router of the non-LHR routers is configured to receive unicast packets for an application session associated with the multicast group, encapsulate the unicast packets in a multicast header to generate the first multicast packets for distribution using the multicast distribution tree, and output the first multicast packets; and the one or more LHRs, wherein the one or more LHRs are interested receivers of the multicast group, and wherein the one or more LHRs are configured to receive the first multicast packets of the multicast flow, extract the unicast packets for the application session, and send the unicast packets to one or more clients of the application session.

Techniques are disclosed for session-based routing within Open Systems Interconnection (OSI) Model Layer-2 (L2) networks extended over Layer-3 (L3) networks. In one example, L2 networks connect a first client device to a first router and a second client device to a second router. An L3 network connects the first and second routers. The first router receives, from the first client device, an non-session-based L2 frame destined for the second client device. The first router forms an L3 packet comprising an L3 header specifying L3 addresses of the first and second routers and a protocol selected based on an L3 service for the L2 frame, a payload comprising the L2 frame, and metadata comprising a session identifier distinctly identifying the L2 frame, and forwards the L3 packet to the second router. The second router recovers the L2 frame from the payload and forwards the L2 frame to the second client device.

A disclosed method is performed at a first boundary node bordering a BIER domain. The method includes receiving a message associated with a source and group for multicast from outside the BIER domain. The method further includes generating an encapsulated message based on the message, a metric, and a first proxy address of the first boundary node. The method also includes forwarding the encapsulated message through the BIER domain to at least one second boundary node bordering the BIER domain and connectable to the first boundary node. The first boundary node additionally triggers the at least one second boundary node to decapsulate the encapsulated message for forwarding out of the first domain and store a record including the source, the group, the metric representing the cost of the first boundary node to the source, and the first proxy address on the at least one second boundary node.

Systems and methods for establishing a secure connection are described. A server receives a plurality of routing tokens for establishing a service connection between a service node and the server along a network path through a plurality of network devices. The routing tokens can be validated by a corresponding network device. The server transmits a packet including the routing tokens to a first network device. The first network device validates a first routing token associated therewith, then directs the packet along the network path to a second network device, and so forth, until each of the network device receives and validates their routing token. The server establishes a cryptographic context between the service node and server for establishing a secure channel between the service node and the server. The server transmits a service node routing token to the service node via the secure channel for validation.

This application provides a packet sending method. The method includes: receiving, by a first network device, a data packet, and encapsulating the data packet to obtain a first packet, where the first packet includes an IPv6 header, a bit index explicit replication BIER header, and the data packet, and some bits of a source IPv6 address field in the IPv6 header include identification information of a first tenant; and sending, by the first network device, the first packet to a second network device, where the identification information of the first tenant is used by the second network device to determine to send the data packet to an interface, corresponding to the first tenant, of the second network device.