Some embodiments provide a method for configuring a logical middlebox in a hosting system that includes a set of nodes. The logical middlebox is part of a logical network that includes a set of logical forwarding elements that connect a set of end machines. The method receives a set of configuration data for the logical middlebox. The method uses a stored set of tables describing physical locations of the end machines to identify a set of nodes at which to implement the logical middlebox. The method provides the logical middlebox configuration for distribution to the identified nodes.

Various systems and methods are provided in which a replication process is initiated between a primary site and a recovery site, each having plurality of gateway appliances. Replication loads are evaluated for each given gateway appliance of the plurality of gateway appliances. If a determination is made that at least one gateway appliance of the plurality of gateway appliances is not overloaded, the plurality of gateway appliances are sorted based on replication loads respectively associated with each gateway appliance, and a determination is made as to whether a relative difference in replication loads between a gateway appliance having a highest replication load and a gateway appliance having a lowest replication load exceeds a difference threshold to determine whether the replication workloads between the gateway appliances should be rebalanced.

A method provides an information centric network with a software defined network based on an information centric networking protocol on top of a physical network based on an internet protocol. A controller in the software defined network receives a first packet of an object request in the information centric network. The controller encodes a message ID indicating an object source of the object request into a header of the first packet. The controller installs forwarding rules on forwarding elements in the physical network such that further packets of the object request are forwarded according to the installed forwarding rules by the forwarding elements rewriting headers of the further packets.

A method and apparatus is disclosed herein for use of a connectivity manager and a network infrastructure including the same. In one embodiment, the network infrastructure comprises one or more physical devices communicably coupled into a physical network infrastructure or via the overlay provided by the physical servers; and a virtual network domain containing a virtual network infrastructure executing on the physical network infrastructure. In one embodiment, the virtual network domain comprises one or more virtual network functions connected together through one or more links and executing on the one or more physical devices, and one or more interfaces coupled to one or more network functions via one or more links to communicate data between the virtual network domain and at least one of the one or more physical devices of the physical network infrastructure while the virtual network domain is isolated from other virtual infrastructures executing on the physical network infrastructure.

The disclosure relates in some aspects to establishing connectivity with a network using a first set of credentials and determining whether additional connectivity needs to be established (e.g., using a second set of credentials) to communicate data. The disclosure relates in some aspects to the use of multiple credentials for access and service connectivity. For example, traffic generated by a device may be authorized based on a different set of credentials than the set of credentials used to access the network (e.g., to connect to an LTE network for a PDN connection). In this way, traffic belonging to a specific service or application can be charged and policed based on service specific needs. The disclosure thus relates in some aspects to the use of access credentials and service credentials. These different types of credentials can be used to enable traffic differentiation and policing based on the credentials in use.

Network equipment for processing a request from a terminal configured to be connected to a network to which the network equipment can be connected is described. The network equipment includes a receiver configured to receive, from the terminal, a message part of the processing request, a relay agent configured to provide a network identification information into the received message, and a load balancer configured to forward the received message to one of a plurality of processing units of the network equipment, depending on workload information associated with the processing units. The processing units are further configured to retrieve, based on the network identification information extracted from the received message, context information from a database unit shared between the processing units and to process the received message according to a state of the processing request, the processing request state being retrieved from the context information.

In general, in an aspect, a method for providing an outbound gateway protection includes provisioning one or more worker gateways located in a first gateway virtual private cloud, the one or more worker gateways sharing configuration data with the controller gateway, provisioning one or more load balancer gateways in one or more client virtual clouds, the one or more client virtual clouds each comprising one or more clients, the one or more load balancer gateways distributing client requests among the worker gateways, assigning groups of the one or more clients to one of the one or more load balancer gateways based on requests from a majority of the worker gateways, and communicating outbound network traffic from the clients via the assigned load balancer gateways.

Embodiments of the present disclosure provide a method and an apparatus for performing communication in software-defined networking, and a communications system. The method includes: receiving a message sent by a network device, where the message includes a signaling message; determining, according to a control policy, a matching condition that matches the message, where the control policy includes a matching condition and operation information corresponding to the matching condition; processing the message according to the operation information corresponding to the matching condition that matches the message; and sending the processed message to the network device. According to the method and the apparatus for performing communication in software-defined networking, and the communications system in the present disclosure, a problem in the prior art that a control device serving as a network control center cannot communicate with a base station is resolved.

A control apparatus, includes a first unit configured to be capable of specifying an identification rule to identify a packet based on a user of a virtual network including a plurality of virtual nodes; and a second unit configured to be capable of sending an instruction to a physical node corresponding to each of the virtual nodes of the virtual network, wherein each of the virtual nodes includes a predetermined network function being capable of providing a first packet operation to the packet, wherein the instruction includes that the physical node provides a second packet operation to the packet so as to emulate the first packet operation.

The present invention discloses a method and an apparatus for establishing a link between virtualized network functions. The method includes obtaining an internet protocol (IP) address of a connection point (CP) of a first virtualized network function (VNF) and identification information of the CP. The method also includes determining identification information of a second VNF corresponding to the identification information of the CP of the first VNF, sending the IP address of the CP of the first VNF and the identification information of the CP to the second VNF corresponding to the identification information of the second VNF. Additionally, the method includes starting a link connection establishment process between a CP of the second VNF and the CP of the first VNF.