There is provided a method of operating a Service Communication Proxy, SCP, node (608, 1000) in a communication network as a proxy network repository function, NRF, for a first network function, NF, producer node in the communication network. The first NF producer node (602, 1100) is to migrate from a direct communication mode with a first NF consumer node (606) to an indirect communication mode with the first NF consumer node (606) via the SCP node (608, 1000). The SCP node (608, 1000) discovers a NF profile for the first NF producer node (602, 1100), wherein the NF profile for the first NF producer node (602, 1100) is stored by a first network repository function, NRF, node (604) in the communication network, and the NF profile comprises a service address for the first NF producer node (602, 1100); receives a registration request from the first NF producer node (602, 1100), wherein the registration request is a request to register a NF profile for the first NF producer node (602, 1100) at a NRF node (604), wherein the registration request indicates the service address for the first NF producer node (602, 1100); and, in response to the received registration request, sends an update request to the first NRF node (604) to update the NF profile for the first NF producer node (602, 1100) stored by the first NRF node (604) to replace the service address of the first NF producer node (602, 1100) with a first service address of the SCP node (608, 1000) that is associated with the service address of the first NF producer node (602, 1100).

A system and method for managing a system topology of a distributed computing system comprising: providing a network of clusters with at least a first cluster and a second cluster; configuring the first cluster with an external gateway configuration of the second cluster; distributing the external gateway configuration across at least a subset of nodes of the first cluster; establishing a connection between all clusters from the network of clusters, which for the first and second cluster comprises: for each node of the first cluster, establishing a single outbound connection to a select node of the second cluster; and managing communication over the system topology comprising: at a receiver node of the second cluster, propagating a subscription interest, and at an origin node of the first cluster, transmitting communications over the connection according to the subscription interest.

A stream processing system in a first zone of a telecommunication network may obtain at least one policy for processing trace data of virtual network functions (VNFs) in the first zone, and obtain the trace data of the VNFs from a data distribution platform of the telecommunication network, where the trace data is published in accordance with a topic to the data distribution platform by the VNFs, and where the stream processing system comprises a subscriber to the topic. The first stream processing system may additionally forward at least a first portion of the trace data to a second stream processing system of the telecommunication network in accordance with the at least one policy, where the first portion comprises less than all of the trace data, and where the second stream processing system is for a region of the telecommunication network that includes the first zone and a second zone.

A method for providing cloud network reachability analysis includes receiving a reachability query requesting a reachability status of a target including a packet header associated with a data packet. The packet header includes a source IP address and a destination IP address. The method also includes generating one or more simulated forwarding paths for the data packet based on the packet header using a data plane model. Each simulated forwarding path includes corresponding network configuration information. The method includes determining the reachability status of the target based on the one or more simulated forwarding paths and providing the determined reachability status and the one or more simulated forwarding paths to a user device associated with the reachability query which causes the user device to present the network configuration information for each simulated forwarding path.

Some embodiments provide a method of replicating messages for a logical network. At a particular tunnel endpoint in a particular datacenter, the method receives a message to be replicated to members of a replication group. The method replicates the message to a set of tunnel endpoints of the replication group located in a same segment of the particular datacenter as the particular tunnel endpoint. The method replicates the message to a first set of proxy endpoints of the replication group, each of which is located in a different segment of the particular datacenter and for replicating the message to tunnel endpoints located in its respective segment of the particular datacenter. The method replicates the message to a second set of proxy endpoints of the replication group, each of which is located in a different datacenter and for replicating the message to tunnel endpoints located in its respective datacenter.

This application discloses a method for dynamically triggering instantiation of an edge application server, and an apparatus. The method includes: A first device receives first information, where the first information is for requesting information about an edge application server of a first application, or is for requesting information about a first edge enabler server, where the first edge enabler server is configured to provide information about an edge application server of a first application; and the first device requests, based on the first information, an edge application server management function entity to instantiate the edge application server of the first application. In embodiments of this application, the edge application server is instantiated based on a user requirement, so that dynamic scheduling and flexible use of a resource are improved, and quality of service experience of an edge application is improved.

A system includes an orchestrator for a software-defined network and configured to receive a request for operation of the software-defined network, a software-defined network controller in communication with the orchestrator through a northbound application programming interface, at least one network element in communication with the software defined network controller though a southbound application programming interface, and a mutable network element configured to receive the request and instantiate a virtual function within the mutable network element to test the at least one network element in accordance with the request.

Techniques for implementing rollback of infrastructure changes in an infrastructure orchestration service are described. In certain examples, an infrastructure orchestration service is disclosed that manages both provisioning and deploying of infrastructure assets within a cloud environment. The service receives a plan comprising a set of instructions associated with a set of infrastructure assets of an execution target and identifies a first state of the set of infrastructure assets. The service executes the set of instructions in the plan to achieve a second state for the set of infrastructure assets. Based in part on the executing, the service receives a trigger for rolling back the plan to restore the set of infrastructure assets in the plan to the first state and executes a rollback plan for the plan. The service then transmits a result associated with the execution of the rollback plan.

Some embodiments provide a set of one or more network controllers that communicates with a wide range of devices, ranging from switches to appliances such as firewalls, load balancers, etc. The set of network controllers communicates with such devices to connect them to its managed virtual networks. The set of network controllers can define each virtual network through software switches and/or software appliances. To extend the control beyond software network elements, some embodiments implement a database server on each dedicated hardware. The set of network controllers accesses the database server to send management data. The hardware then translates the management data to connect to a managed virtual network.

A method and an apparatus are provided for deploying a security access control policy in the field of network security. The method, executed by a cloud management platform, includes: determining, according to an application creation instruction, an application template used for an application that needs to be created and a security profile corresponding to the application template; instructing a virtualization platform to create, according to the application template, a corresponding virtual machine for each application component in the application, and obtaining an IP address of each virtual machine created by the virtualization platform; generating a group of security access control policies corresponding to the application according to the IP address of each virtual machine and by using the security profile; and delivering the group of security access control policies to a corresponding firewall. Therefore, a security access control policy is automatically deployed.