An electronic device and a method of improving a performance of a software-defined networking (SDN) of the electronic device are provided. The method includes: identifying at least one policy from a flow table of the software-defined networking; identifying performance index parameters based on information about the at least one policy; determining whether or not an improvement in the performance of the software-defined networking is required based on the performance index parameters and a target performance index; when the improvement in the performance of the software-defined networking is determined to be required, executing a predetermined algorithm based on information about the performance index parameters to check execution information about the at least one policy; and updating the at least one policy based on the execution information.

An electronic device and a method of improving a performance of a software-defined networking (SDN) of the electronic device are provided. The method includes: identifying at least one policy from a flow table of the software-defined networking; identifying performance index parameters based on information about the at least one policy; determining whether or not an improvement in the performance of the software-defined networking is required based on the performance index parameters and a target performance index; when the improvement in the performance of the software-defined networking is determined to be required, executing a predetermined algorithm based on information about the performance index parameters to check execution information about the at least one policy; and updating the at least one policy based on the execution information.

A media access control (MAC) address sending method, apparatus, and system, and a related device are provided. The method is implemented by a first network device connected to a first virtual machine and a second virtual machine. The first network device obtains a MAC address of the first virtual machine; and when the first virtual machine and the second virtual machine have a same MAC address and are located in different virtual local area networks, sends a route to a second network device, where the route includes route information, and the route information includes the MAC address, first virtual local area network information of the first virtual machine, and second virtual local area network information of the second virtual machine. In this method, information about virtual machines having a same MAC address in different virtual local area networks is aggregated to one route.

The present application relates to communications between a partner network and a wide area network (WAN) via the Internet. Although Internet service providers may act as autonomous systems, the WAN may control routing from the partner network by advertising unicast border gateway protocol (BGP) address prefixes for a plurality of front-end devices in the WAN. An agent in the partner network measures a plurality of paths to a service within the WAN. Each of the plurality of paths is associated with one of the plurality of front-end devices and a respective unicast BGP address prefix. The WAN selects a path within the WAN for the service. The WAN exports a routing rule to the agent. The agent forwards data packets for the service to the respective BGP address prefix via the Internet. The WAN receives data packets for the service of the partner network at the selected device.

Techniques are disclosed for redirecting network traffic of virtualized application workload to a host-based firewall. For example, a system comprises a software defined networking (SDN) controller of a multi-tenant virtualized data center configured to: receive a security policy expressed as one or more tags to redirect traffic of a virtualized application workload to a host-based firewall (HBF) of the multi-tenant virtualized data center; configure network connectivity to the HBF in accordance with the security policy; a security controller that manages the HBF configured to: obtain the one or more tags from the SDN controller; receive one or more firewall policies expressed in terms of the one or more tags, wherein each of the one or more firewall policies specifies a function of the HBF; and configure the function of the HBF in accordance with the one or more firewall policies.

Techniques are disclosed for redirecting network traffic of virtualized application workload to a host-based firewall. For example, a system comprises a software defined networking (SDN) controller of a multi-tenant virtualized data center configured to: receive a security policy expressed as one or more tags to redirect traffic of a virtualized application workload to a host-based firewall (HBF) of the multi-tenant virtualized data center; configure network connectivity to the HBF in accordance with the security policy; a security controller that manages the HBF configured to: obtain the one or more tags from the SDN controller; receive one or more firewall policies expressed in terms of the one or more tags, wherein each of the one or more firewall policies specifies a function of the HBF; and configure the function of the HBF in accordance with the one or more firewall policies.

A network control system for managing a plurality of switching elements that implement a plurality of logical datapath sets. The network control system includes first and second controllers for generating requests for modifications to first and second logical datapath sets. The first controller is further for determining whether to make modifications to the first logical datapath set. The second controller is further for determining whether to make modifications to the second logical datapath set. Each controller is further for receiving logical control plane data that specifies logical datapath sets and for converting the logical control plane data to physical control plane data for propagating to the switching elements.

A method performed by a network controller for a mobile transport network. The method includes: obtaining traffic information for a plurality of demands for connectivity from client nodes through the mobile transport network, the traffic information for each demand identifying a client node for the demand, an egress node for the demand and an amount of traffic for the demand; calculating, for each demand, one or more paths from the client node, via an ingress node, to the egress node through the mobile transport network; mapping each path for a demand to a source port in the ingress node for the demand; providing the mapping to the ingress nodes to enable routing of traffic pertaining to the demands via the paths, based on the source port; and providing the source ports to the client nodes for inclusion in traffic pertaining to the demands.

This disclosure describes techniques for improving speed of network convergence after node failure. In one example, a method includes storing, by SDN controller, an underlay routing table having routes for an underlay network of a data center and an overlay routing table having a set of routes for a virtual network of an overlay network for the data center, wherein the underlay network includes physical network switches, gateway routers, and a set of virtual routers executing on respective compute nodes of the data center; installing, within the underlay routing table, a route to a destination address assigned to a particular one of the virtual routers as an indicator of a reachability status to the particular virtual router in the underlay network. The SDN controller controls, based on presence or absence of the route within the underlay routing table, advertisement of the routes for the virtual network of the overlay network.

After receiving a packet, a programmable forwarding device determines whether a flow entry matching the packet exists in a local flow table of the programmable forwarding device. If the flow entry does not exist, the programmable forwarding device sends the packet to a computing device. After receiving the packet, a programmable network adapter in the computing device determines whether a flow entry matching the packet exists in a local flow table of the programmable network adapter. If the flow entry does not exist, the programmable network adapter sends the packet to a processor in the computing device, so that a gateway running on the processor processes the packet.