Disclosed in the embodiments of the present disclosure are a packet forwarding method, apparatus and system, a network device and a storage medium. The method includes: carrying, according to Deterministic Networking (DetNet) requirements for a multicast packet based on Bit Index Explicit Replication (BIER), corresponding DetNet configuration information in BIER header information of the multicast packet; and sending the multicast packet carrying the BIER header information.

A network device may create an encrypted packet and may duplicate the encrypted packet to create a plurality of encrypted packets that includes a first set of encrypted packets that is associated with a first receiving network device and a second set of encrypted packets that is to be associated with a second receiving network device. The network device may modify the second set of encrypted packets by replacing a first virtual destination address in the second set of the plurality of encrypted packets with a second virtual destination address that identifies a virtual tunnel endpoint of the second receiving network device. The network device may encapsulate and may send, based on the first virtual destination address and the second virtual destination address, individual encapsulated encrypted packets to the first receiving network device or the second receiving network device.

A network device may create an encrypted packet and may duplicate the encrypted packet to create a plurality of encrypted packets that includes a first set of encrypted packets that is associated with a first receiving network device and a second set of encrypted packets that is to be associated with a second receiving network device. The network device may modify the second set of encrypted packets by replacing a first virtual destination address in the second set of the plurality of encrypted packets with a second virtual destination address that identifies a virtual tunnel endpoint of the second receiving network device. The network device may encapsulate and may send, based on the first virtual destination address and the second virtual destination address, individual encapsulated encrypted packets to the first receiving network device or the second receiving network device.

A method performed by a wireless device functioning as a beamformee station in a wireless network to perform a sounding procedure. The method includes wirelessly receiving a null data packet (NDP) announcement frame from a beamformer station, wherein the NDP announcement frame includes an indication of whether the beamformee station should acknowledge the NDP announcement frame and responsive to determining that the NDP announcement frame includes an indication that the beamformee station should acknowledge the NDP announcement frame, wirelessly transmitting an acknowledgement frame for the NDP announcement frame to the beamformer station.

A method performed by a wireless device functioning as a beamformee station in a wireless network to perform a sounding procedure. The method includes wirelessly receiving a null data packet (NDP) announcement frame from a beamformer station, wherein the NDP announcement frame includes an indication of whether the beamformee station should acknowledge the NDP announcement frame and responsive to determining that the NDP announcement frame includes an indication that the beamformee station should acknowledge the NDP announcement frame, wirelessly transmitting an acknowledgement frame for the NDP announcement frame to the beamformer station.

An IPsec tunnel request for establishing an IPsec tunnel from a customer router to an anycast IP address of a distributed cloud computing network is received. The same anycast IP address is shared among compute servers of the distributed cloud computing network. A handshake is performed with the customer router from a first compute server including generating security associations for encrypting and decrypting IPsec traffic. The security associations are propagated to each compute server and are used for encrypting and decrypting traffic.

Distributed computing systems, devices, and associated methods of packet processing are disclosed herein. One example method includes receiving a packet having a header with a protocol field, a source address field, a source port field, a destination address field, and a destination port field individually containing a corresponding value. The method also includes extracting the values of the protocol field, the source address field, the source port field, the destination field, and the destination port field, determining whether a first match action table (“MAT”) contains an entry indexed to the extracted values, and in response to determining that the first MAT does not contain an entry indexed to the extracted values, using a subset of the extracted values to identify an entry in a second MAT.

Techniques are disclosed for the identification of applications from communication sessions of network traffic between client devices and the generation of application-specific metrics for network traffic associated with the applications. In one example, a router obtains metrics for a plurality of packets. The router determines a session of a plurality of sessions associated with each packet. For each determined session, the router generates metrics for the session from the metrics of the packets associated with the session and determines an application of a plurality of applications associated with the session. For each determined application, the router generates metrics for the application from the metrics of the sessions associated with the application and transmits, to a device, the metrics for the application. In some examples, the router generates the metrics for each application on a per-client, per-next-hop, or per-traffic class basis.

Some embodiments provide a method for a gateway datapath that executes on a gateway device to implement logical routers for a set of logical networks and process traffic between the logical networks and an external network. The method receives a data message at the gateway device. To process the data message, the method executes a set of processing stages that includes a processing stage for a particular logical router. As part of the processing stage for the particular logical router, the method (i) uses an access control list (ACL) table to determine whether the data message is subject to rate limiting controls defined for the particular logical router and (ii) only when the data message is subject to rate limiting controls, determines whether to allow the data message according to a rate limiting mechanism for the particular logical router.

Some embodiments provide a method for a gateway datapath that executes on a gateway device to implement logical routers for a set of logical networks and process traffic between the logical networks and an external network. The method receives a data message at the gateway device. To process the data message, the method executes a set of processing stages that includes a processing stage for a particular logical router. As part of the processing stage for the particular logical router, the method (i) uses an access control list (ACL) table to determine whether the data message is subject to rate limiting controls defined for the particular logical router and (ii) only when the data message is subject to rate limiting controls, determines whether to allow the data message according to a rate limiting mechanism for the particular logical router.