This application relates to a distributed software-defined network (“DSDN”) for dynamically configuring and managing a wireless communication network. A plurality of DSDN nodes are connected to each other via a plurality of communication paths. Each communication path directly connects two DSDN nodes. Each DSDN node can provide DSDN configurations across diverse and disparate networks by normalizing its data plane network traffic through translation and packet encapsulation. Furthermore, the DSDN node can provide an architecture tolerant of network interruptions and network system fluctuations. For example, in the case of any one of the DSDN node's network interruptions from other DSDN nodes, the DSDN can provide network reconfiguration using network configuration rules stored in a control plane of each DSDN node. Therefore, various embodiments can increase network reliability by the multiple nodes within a software-defined network independently managing its control plane in response to changed network conditions.

In a route management method, a configuration distribution device may create a route processing unit in at least one route processing device when there is a route management requirement, determine a route processing unit corresponding to each to-be-processed target private network, and then send configuration information of each target private network to a corresponding route processing unit, so that the route processing unit processes a route of a corresponding target private network. The at least one route processing device is created in real time based on the route management requirement, and each route processing unit can independently complete route receiving and sending and route selection of a corresponding target private network.

In a route management method, a configuration distribution device may create a route processing unit in at least one route processing device when there is a route management requirement, determine a route processing unit corresponding to each to-be-processed target private network, and then send configuration information of each target private network to a corresponding route processing unit, so that the route processing unit processes a route of a corresponding target private network. The at least one route processing device is created in real time based on the route management requirement, and each route processing unit can independently complete route receiving and sending and route selection of a corresponding target private network.

Some examples relate to controlling network traffic pertaining to a domain name based on a Domain Name System-Internet Protocol address (DNS-IP) mapping, An example includes receiving, in a cloud computing system, a local DNS-IP mapping for a domain name from respective Access Points (APs) in a virtual local area network (VLAN) along with geographical information of respective APs; generating a global DNS-IP mapping database comprising the local DNS-IP mapping for the domain name received from respective APs in the VLAN along with geographical information of respective APs, in the cloud computing system; and determining appropriate APs to distribute the global DNS-IP mapping, based on location information of respective APs.

In general, this disclosure describes techniques for leveraging a containerized routing protocol process to implement virtual private networks using routing protocols. In an example, a system comprises a container orchestration system for a cluster of computing devices, the cluster of computing devices including a computing device, wherein the container orchestration system is configured to: deploy a containerized application to a compute node; and in response to deploying the containerized application to the compute node, configure in the compute node a virtual routing and forwarding (VRF) instance to implement a virtual private network (VPN) for the containerized application.

In general, this disclosure describes techniques for leveraging a containerized routing protocol process to implement virtual private networks using routing protocols. In an example, a system comprises a container orchestration system for a cluster of computing devices, the cluster of computing devices including a computing device, wherein the container orchestration system is configured to: deploy a containerized application to a compute node; and in response to deploying the containerized application to the compute node, configure in the compute node a virtual routing and forwarding (VRF) instance to implement a virtual private network (VPN) for the containerized application.

A method, system and apparatus for forwarding data in a virtual network, an electronic device, a storage medium and a computer program product are provided. The method includes: determining, in a process of managing virtual private cloud networks through a central control node, all forwarding rules for nodes in the virtual private cloud networks; synchronizing the forwarding rules in a virtual routing cluster, and determining target forwarding rules corresponding to each virtual private cloud network from the forwarding rules; and through a virtual switch in each virtual private cloud network, learning the target forwarding rules corresponding to the virtual private cloud network to which the virtual switch belongs, and performing data forwarding based on the learned target forwarding rules.

A method, system and apparatus for forwarding data in a virtual network, an electronic device, a storage medium and a computer program product are provided. The method includes: determining, in a process of managing virtual private cloud networks through a central control node, all forwarding rules for nodes in the virtual private cloud networks; synchronizing the forwarding rules in a virtual routing cluster, and determining target forwarding rules corresponding to each virtual private cloud network from the forwarding rules; and through a virtual switch in each virtual private cloud network, learning the target forwarding rules corresponding to the virtual private cloud network to which the virtual switch belongs, and performing data forwarding based on the learned target forwarding rules.

A packet processing method is disclosed. According to the method, a first network device receives a first packet sent by a second network device, where the first packet includes a first group identifier corresponding to a VPN on the second network device, a first source device corresponding to the first packet belongs to the VPN, and the first source device is connected to the second network device. The first network device obtains a second group identifier based on a destination address of the first packet, where the second group identifier corresponds to the VPN on a third network device, a first destination device corresponding to the destination address of the first packet belongs to the VPN, and the first destination device is connected to the third network device. The first network device processes the first packet based on the first group identifier and the second group identifier.

A packet processing method is disclosed. According to the method, a first network device receives a first packet sent by a second network device, where the first packet includes a first group identifier corresponding to a VPN on the second network device, a first source device corresponding to the first packet belongs to the VPN, and the first source device is connected to the second network device. The first network device obtains a second group identifier based on a destination address of the first packet, where the second group identifier corresponds to the VPN on a third network device, a first destination device corresponding to the destination address of the first packet belongs to the VPN, and the first destination device is connected to the third network device. The first network device processes the first packet based on the first group identifier and the second group identifier.