A system, method, and computer-readable medium for performing a traffic routing operation. The traffic routing operation includes: establishing a plurality of virtual private network (VPN) connections within an information handling system; obtaining a configuration policy for each of the plurality of VPN connections, the configuration policy for each of the plurality of VPN connections comprising an indication of at least one type of supported link of a plurality of links; configuring a plurality of queues for packets being communicated via the plurality of virtual private network connections, the plurality of queues being greater than the plurality of VPN connections; creating a tunnel indication for each of the plurality of VPN connections; mapping the tunnel indication for each of the plurality of VP connections to a respective queue of the plurality of queues; and, mapping each queue of the plurality of queues to a link of a particular VPN connection.

Disclosed are systems, methods, and computer-readable media for assuring tenant forwarding in a network environment. Network assurance can be determined in layer 1, layer 2 and layer 3 of the networked environment including, internal-internal (e.g., inter-fabric) forwarding and internal-external (e.g., outside the fabric) forwarding in the networked environment. The network assurance can be performed using logical configurations, software configurations and/or hardware configurations.

Some embodiments provide a method for configuring a logical middlebox in a hosting system that includes a set of nodes. The logical middlebox is part of a logical network that includes a set of logical forwarding elements that connect a set of end machines. The method receives a set of configuration data for the logical middlebox. The method uses a stored set of tables describing physical locations of the end machines to identify a set of nodes at which to implement the logical middlebox. The method provides the logical middlebox configuration for distribution to the identified nodes.

The invention relates to a method, by a policy controller 100, for generating policy rules for data packet flows in a communications network. The policy controller 100 has access to a policy database 130 and stores a service level agreement. The service level agreement contains a plurality of different service level identifiers, each service level identifier being associated with a set of conditions that govern the policy rules to be applied to the data packet flows in the communications network. The method comprises the following steps: An authorization request is received for a data packet flow, the authorization request comprising service information for a service and a service level identifier. The policy database 130 is accessed and the set of conditions associated with the received service level identifier is determined. Further, based on the determined set of conditions, a policy rule to be applied to the data packet flow is generated. Policy controller 100 is configured to generate policy rules based on a third party or company profile, with the third party company being able to influence which policy rule should be selected by the policy controller. The authorization request may be received directly from an application function, AF 200. An input unit 230 is provided via which the third party can define and agree upon the service level agreement with an operator of the communications network. A policy control enforcing function PCEF 51 can interact with the PCRF 100 in order to enforce the policy rules.

The disclosure relates in some aspects to establishing connectivity with a network using a first set of credentials and determining whether additional connectivity needs to be established (e.g., using a second set of credentials) to communicate data. The disclosure relates in some aspects to the use of multiple credentials for access and service connectivity. For example, traffic generated by a device may be authorized based on a different set of credentials than the set of credentials used to access the network (e.g., to connect to an LTE network for a PDN connection). In this way, traffic belonging to a specific service or application can be charged and policed based on service specific needs. The disclosure thus relates in some aspects to the use of access credentials and service credentials. These different types of credentials can be used to enable traffic differentiation and policing based on the credentials in use.

The present system relates to a server for providing data connectivity in a packet mode communication network. The server has a processor arranged to receive, via a first brokerage control unit, a charging rule request to allow one or more communication devices in the communication network to exchange with an application server data charged under operator specific billing. The server determines availability of the operator specific billing based on network parameters and the charging rule request, and updates the database of a Policy and Charging Rules Function (PCRF) entity in the communication network based on available operator specific billing and an identifier for the application server, for subsequent charging of data exchanged with the application server at said available operator specific billing.

In general, in an aspect, a method for providing an outbound gateway protection includes provisioning one or more worker gateways located in a first gateway virtual private cloud, the one or more worker gateways sharing configuration data with the controller gateway, provisioning one or more load balancer gateways in one or more client virtual clouds, the one or more client virtual clouds each comprising one or more clients, the one or more load balancer gateways distributing client requests among the worker gateways, assigning groups of the one or more clients to one of the one or more load balancer gateways based on requests from a majority of the worker gateways, and communicating outbound network traffic from the clients via the assigned load balancer gateways.

A troubleshooting method based on network function virtualization is provided, where the troubleshooting method may include: obtaining, by a first function management entity, fault information of a function entity; triggering, by the first function management entity, fault correlation processing according to the fault information, and formulating a troubleshooting policy according to a result of the fault correlation processing; and if the troubleshooting policy is formulated when troubleshooting time arrives, processing, by the first function management entity, a fault according to the troubleshooting policy; or if the troubleshooting policy is not formulated, processing, by the first function management entity, a fault according to a preset troubleshooting policy, where the preset troubleshooting policy is a policy formulated for a fault generated due to a reason of the function entity, so as to ensure that a service is not interrupted in a troubleshooting process, so that user experience is improved.

Embodiments of the present disclosure provide a method and an apparatus for performing communication in software-defined networking, and a communications system. The method includes: receiving a message sent by a network device, where the message includes a signaling message; determining, according to a control policy, a matching condition that matches the message, where the control policy includes a matching condition and operation information corresponding to the matching condition; processing the message according to the operation information corresponding to the matching condition that matches the message; and sending the processed message to the network device. According to the method and the apparatus for performing communication in software-defined networking, and the communications system in the present disclosure, a problem in the prior art that a control device serving as a network control center cannot communicate with a base station is resolved.

A device may identify a plurality of first values associated with network traffic of a label-switched path of a plurality of label-switched paths. The device may determine an adjustment policy based on the plurality of first values. The adjustment policy may include one or more factors associated with a plurality of second values. The plurality of second values may be determined based on the plurality of first values. The device may implement the adjustment policy in association with the label-switched path. A bandwidth reservation of the label-switched path may be adjusted based on the adjustment policy. The adjustment policy may be implemented for fewer than all of the plurality of label-switched paths.