Controller(s) in a software defined network (SDN) are able to determine a control path towards each network switch by performing a switch-originated discovery and using an in-band control network that is an overlay on the data network. A topology tree is maintained, where each controller being the root of the tree, and where messages from the root to any switch may pass through neighboring switches to reach that switch (and vice-versa). Each switch in the SDN attempts to connect to the controller when it does not have a readily configured control connection towards the controller. Once the controller learns about the presence of a new switch and at least one or more paths to reach that switch through a novel discovery process, it can select, adjust and even optimize the control path's route towards that switch.

Various embodiments described herein disclose an endpoint modeling and grouping management system that can collect data from endpoint computer devices in a network. In some embodiments, agents installed on the endpoints can collect real-time information at the kernel level providing the system with deep visibility. In some embodiments, the endpoint modeling and grouping management system can identify similarities in behavior in response to assessing the data collected by the agents. In some embodiments, the endpoint modeling and grouping management system can dynamically model groups such as logical groups, and cluster endpoints based on the similarities and/or differences in behavior of the endpoints. In some embodiments, the endpoint modeling and grouping management system transmits the behavioral models to the agents to allow the agents to identify anomalies and/or security threats autonomously.

There is provided a method of operating a Service Communication Proxy, SCP, node (608, 1000) in a communication network as a proxy network repository function, NRF, for a first network function, NF, producer node in the communication network. The first NF producer node (602, 1100) is to migrate from a direct communication mode with a first NF consumer node (606) to an indirect communication mode with the first NF consumer node (606) via the SCP node (608, 1000). The SCP node (608, 1000) discovers a NF profile for the first NF producer node (602, 1100), wherein the NF profile for the first NF producer node (602, 1100) is stored by a first network repository function, NRF, node (604) in the communication network, and the NF profile comprises a service address for the first NF producer node (602, 1100); receives a registration request from the first NF producer node (602, 1100), wherein the registration request is a request to register a NF profile for the first NF producer node (602, 1100) at a NRF node (604), wherein the registration request indicates the service address for the first NF producer node (602, 1100); and, in response to the received registration request, sends an update request to the first NRF node (604) to update the NF profile for the first NF producer node (602, 1100) stored by the first NRF node (604) to replace the service address of the first NF producer node (602, 1100) with a first service address of the SCP node (608, 1000) that is associated with the service address of the first NF producer node (602, 1100).

There is provided a method of operating a Service Communication Proxy, SCP, node (608, 1000) in a communication network as a proxy network repository function, NRF, for a first network function, NF, producer node in the communication network. The first NF producer node (602, 1100) is to migrate from a direct communication mode with a first NF consumer node (606) to an indirect communication mode with the first NF consumer node (606) via the SCP node (608, 1000). The SCP node (608, 1000) discovers a NF profile for the first NF producer node (602, 1100), wherein the NF profile for the first NF producer node (602, 1100) is stored by a first network repository function, NRF, node (604) in the communication network, and the NF profile comprises a service address for the first NF producer node (602, 1100); receives a registration request from the first NF producer node (602, 1100), wherein the registration request is a request to register a NF profile for the first NF producer node (602, 1100) at a NRF node (604), wherein the registration request indicates the service address for the first NF producer node (602, 1100); and, in response to the received registration request, sends an update request to the first NRF node (604) to update the NF profile for the first NF producer node (602, 1100) stored by the first NRF node (604) to replace the service address of the first NF producer node (602, 1100) with a first service address of the SCP node (608, 1000) that is associated with the service address of the first NF producer node (602, 1100).

A system and method for managing a system topology of a distributed computing system comprising: providing a network of clusters with at least a first cluster and a second cluster; configuring the first cluster with an external gateway configuration of the second cluster; distributing the external gateway configuration across at least a subset of nodes of the first cluster; establishing a connection between all clusters from the network of clusters, which for the first and second cluster comprises: for each node of the first cluster, establishing a single outbound connection to a select node of the second cluster; and managing communication over the system topology comprising: at a receiver node of the second cluster, propagating a subscription interest, and at an origin node of the first cluster, transmitting communications over the connection according to the subscription interest.

Techniques for implementing rollback of infrastructure changes in an infrastructure orchestration service are described. In certain examples, an infrastructure orchestration service is disclosed that manages both provisioning and deploying of infrastructure assets within a cloud environment. The service receives a plan comprising a set of instructions associated with a set of infrastructure assets of an execution target and identifies a first state of the set of infrastructure assets. The service executes the set of instructions in the plan to achieve a second state for the set of infrastructure assets. Based in part on the executing, the service receives a trigger for rolling back the plan to restore the set of infrastructure assets in the plan to the first state and executes a rollback plan for the plan. The service then transmits a result associated with the execution of the rollback plan.

The present application provides a device for providing control plane (CP) and/or user plane (UP) analytics. The device is configured to obtain information related to a resource and/or a change of a resource related to a CP and/or a UP; perform an analysis based on the obtained information; and generate data based on the analysis. This application also provides a management plane entity, for example, an operation, administration and management (OAM). The management plane entity is configured to provide information related to a resource, wherein the resource is related to a CP and/or a UP to the device for providing analytics.

Systems, methods, and computer-readable media for scaling a source network. A system may be configured to receive a network configuration for a source network, wherein the source network comprising a plurality of nodes, receive and a scale target for a scaled network, and identify, based on the scale target, one or more selected nodes in the plurality of nodes in the source network for implementing in the scaled network. The system may further be configured to reconfigure data plane parameters and control plane parameters for each node in the one or more selected nodes.

This application provides a VNF instantiation method and apparatus, applied to various NFV systems, to implement an existing VNFD model—defined VNF. The method includes: An NFVO obtains a VNFD, where the VNFD is for instantiating a VNF, the VNFD includes first indication information and resource requirement information of a first internal network, and the first indication information indicates that the resource requirement information of the first internal network is externally visible. Then, the NFVO sends an external network instantiation request to a VIM, where the external network instantiation request is used by the VIM to instantiate, based on the resource requirement information of the first internal network, an external network connected to the VNF. Then, the NFVO sends a VNF instantiation request to a VNFM. The VNF instantiation request is used by the VNFM to instantiate the VNF based on the VNFD.

This application provides a VNF instantiation method and apparatus, applied to various NFV systems, to implement an existing VNFD model—defined VNF. The method includes: An NFVO obtains a VNFD, where the VNFD is for instantiating a VNF, the VNFD includes first indication information and resource requirement information of a first internal network, and the first indication information indicates that the resource requirement information of the first internal network is externally visible. Then, the NFVO sends an external network instantiation request to a VIM, where the external network instantiation request is used by the VIM to instantiate, based on the resource requirement information of the first internal network, an external network connected to the VNF. Then, the NFVO sends a VNF instantiation request to a VNFM. The VNF instantiation request is used by the VNFM to instantiate the VNF based on the VNFD.