The present disclosure provides a method and device for forwarding a priority tag across network segments. The method includes the following steps: performing networking by using a Virtual Local Area Network (VLAN) interface to form a network; enabling a VLAN Class Of Service (COS) and differentiated service code point in a priority tag of a message transmitted in the network to correspond to each other; in response to layer-3 forwarding of the message, using the differentiated service code point priority tag for the message, and copying a VLAN COS value of the message at an entry of a switch to a VLAN COS value of the message at an exit; and in response to subsequent layer-2 forwarding of the message, using the VLAN COS priority tag for the message to distinguish a priority of the message.

Techniques are described for extending a cellular quality of service bearer through an enterprise fabric network. In one example, a method obtaining, by a first switch of a network, a packet to be delivered to a client connected to the network via a cellular access point; identifying quality of service (QoS) bearer information associated with the packet, wherein the QoS bearer information is associated with a radio access bearer for the client and the QoS bearer information comprises a bearer indicator and a QoS class identifier; providing a fabric tunnel encapsulation for the packet, wherein the bearer indicator and the QoS class identifier are included within the fabric tunnel encapsulation of the packet; and forwarding the packet within the fabric tunnel encapsulation toward a second switch of the network via a fabric tunnel, wherein the cellular access point is connected to the network via the second switch.

Provided are an information transmission method and apparatus, an information processing method and apparatus, a terminal, a network element, and a storage medium. The information transmission method includes encapsulating non-access stratum (NAS) information and access resource (AS) parameter information in a vendor-specific protocol (VSP) packet, where the NAS information includes NAS system information and NAS customization information, and the AS parameter information is used for wired side resource negotiation; encapsulating establishment signaling of a wired access network control plane channel in a vendor-specific network control protocol (VSNCP) packet; and transmitting, through the VSP packet and the VSNCP packet, the NAS information and the AS parameter information.

A hybrid state for a virtual machine (VM) in a cloud computing system enables a VM to communicate with other VMs that belong to a virtual network (VNET VMs) while maintaining connectivity with other VMs that do not belong to the virtual network (non-VNET VMs). A non-VNET VM can be transitioned to a hybrid VM that operates in a hybrid state. The hybrid VM can be assigned a private virtual IP address (VNET address) for communication with other VNET VMs. The hybrid VM can continue to use a physical IP address to communicate with other non-VNET VMs. In this way, the hybrid VM is able to maintain connectivity with other non-VNET VMs during and after migration to the VNET. A network stack can be configured to process data packets that are destined for non-VNET VMs differently from data packets that are destined for VNET VMs.

An information handling system includes multiple data ports, a memory, and a processor. Each of the data ports enables a separate communication link of a plurality of communication links for the information handling system. The memory stores data to indicate whether the information handling system supports bridge assurance on each of the communication links. In response to the bridge assurance being supported in the information handling system, the processor provides a message across a first link of the communication links. The message indicates that bridge assurance is supported in the information handling system. The processor also determines whether an acknowledgement message has been received. In response to the acknowledgement message being received, the processor enables the bridge assurance on the first link.

A software-defined wide area network (SD-WAN) environment that leverages network virtualization management deployment is provided. Edge security services managed by the network virtualization management deployment are made available in the SD-WAN environment. Cloud gateways forward SD-WAN traffic to managed service nodes to apply security services. Network traffic is encapsulated with corresponding metadata to ensure that services can be performed according to the desired policy. Point-to-point tunnels are established between cloud gateways and the managed service nodes to transport the metadata to the managed service nodes using an overlay logical network. Virtual network identifiers (VNIs) in the metadata are used by the managed service nodes to identify tenants/policies. A managed service node receiving a packet uses provider service routers (T0-SR) and tenant service routers (T1-SRs) based on the VNI to apply the prescribed services for the tenant, and the resulting traffic is returned to the cloud gateway that originated the traffic.

Methods, systems and computer readable media are disclosed for providing scalable and secured connectivity per Internet Protocol Security (IPSEC) tunnel. In one embodiment a method includes spreading Encapsulating Security Payload (ESP) encryption for a same IPSEC tunnel across multiple backend application servers; and processing application flows using decrypted packets by embedding the Application Server instance-id in ESP and application packets for correlation with application packet flows.

A system for multicast packet management in a first switch in an overlay tunnel fabric is provided. The system can operate the first switch as part of a virtual switch in conjunction with a second switch of the fabric. The virtual switch can operate as a gateway for the fabric. During operation, the system can receive a join request for a multicast group. The system can then determine whether to forward the join request to the second switch based on a type of a first ingress connection of the join request. Upon receiving a data packet for the multicast group, the system can determine how to forward the data packet based on respective types of a second ingress connection and an egress connection of the data packet. The type of a respective connection can indicate whether the connection includes an overlay tunnel.

A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The tunnel device is selected based on an attribute, such as IP Geolocation. A tunnel bank server stores a list of available tunnels that may be used, associated with values of various attribute types. The tunnel devices initiate communication with the tunnel bank server, and stays connected to it, for allowing a communication session initiated by the tunnel bank server. Upon receiving a request from a client to a content and for specific attribute types and values, a tunnel is selected by the tunnel bank server, and is used as a tunnel for retrieving the required content from the web server, using standard protocol such as SOCKS, WebSocket or HTTP Proxy. The client only communicates with a super proxy server that manages the content fetching scheme.

Described herein are systems, methods, and software to manage the selection of an edge gateway or edge for processing a packet. In one implementation, a first edge may receive a packet and hash addressing information in the packet to select a second edge to process the packet. The first edge may further forward the packet to the second edge, permitting the second edge to process the packet. Once processed, the second edge may forward the packet to a destination host computing system and notify the host computing system to use the second edge for response packets directed at a source internet protocol (IP) address in the packet.