Embodiments of the present disclosure provide systems and methods for sharing encrypted organization data packets among network devices using service-oriented protocol. Method implemented at first network device associated with first autonomous system (AS) includes accessing organization packet (OP) routing information, data structure and service information relating to organization associated with first AS. OP routing information and the service information are being accessed based on organization identifier of the organization and the service information indicating service type associated with the organization. Method includes sending connection request including the data structure and the service information to second network device to establish linked network path. The method includes receiving acknowledgment from the second network device. Responsive to receiving the acknowledgment, the method includes encrypting organization data packet using the data structure and the organization identifier, and sending the encrypted organization data packet to the second network device, via the linked network path.

Data transfer for access points or switches in a cluster upon data tunnel failure is described. An example includes receiving uniform mapping information for a cluster including a bucket map mapping an active gateway and a standby gateway for each of multiple entries, the bucket map including mapping a first gateway node as a standby gateway and a second gateway node as an active gateway for an entry. Synchronized user information is received from the second gateway node including identification of a user indexed to the first entry. A message is received from a first AP or switch requesting activation of the user on the first gateway node as a standby gateway upon failure of a data tunnel between the first AP or switch and the second gateway node. The user is activated on the first gateway node.

Data transfer for access points or switches in a cluster upon data tunnel failure is described. An example includes receiving uniform mapping information for a cluster including a bucket map mapping an active gateway and a standby gateway for each of multiple entries, the bucket map including mapping a first gateway node as a standby gateway and a second gateway node as an active gateway for an entry. Synchronized user information is received from the second gateway node including identification of a user indexed to the first entry. A message is received from a first AP or switch requesting activation of the user on the first gateway node as a standby gateway upon failure of a data tunnel between the first AP or switch and the second gateway node. The user is activated on the first gateway node.

A load control system may include a network of devices configured to communicate with one another. The load control system may include control devices configured to operate as a leader device or another router device on the network. The control device may process advertisement messages from other router devices in the network. The control device may receive advertisement messages from non-leader router devices and compare the device identifier and the sequence number in the advertisement messages with the device identifier and the sequence number in previously-received advertisement messages from the non-leader router devices. The control device may process each advertisement message received with a different sequence identifier or a different device identifier than previously received advertisement messages from the non-leader router devices. The control device may ignore each advertisement message received with the same sequence identifier from the same non-leader router device as a previously received advertisement message.

A load control system may include a network of devices configured to communicate with one another. The load control system may include control devices configured to operate as a leader device or another router device on the network. The control device may process advertisement messages from other router devices in the network. The control device may receive advertisement messages from non-leader router devices and compare the device identifier and the sequence number in the advertisement messages with the device identifier and the sequence number in previously-received advertisement messages from the non-leader router devices. The control device may process each advertisement message received with a different sequence identifier or a different device identifier than previously received advertisement messages from the non-leader router devices. The control device may ignore each advertisement message received with the same sequence identifier from the same non-leader router device as a previously received advertisement message.

Virtual machine environments are provided in the switches that form a network, with the virtual machines executing network services previously performed by dedicated appliances. The virtual machines can be executed on a single multi-core processor in combination with normal switch functions or on dedicated services processor boards. Packet processors analyze incoming packets and add a services tag containing services entries to any packets. Each switch reviews the services tag and performs any network services resident on that switch. This allows services to be deployed at the optimal locations in the network. The network services may be deployed by use of drag and drop operations. A topology view is presented, along with network services that may be deployed. Services may be selected and dragged to a single switch or multiple switches. The management tool deploys the network services software, with virtual machines being instantiated on the switches as needed.

Virtual machine environments are provided in the switches that form a network, with the virtual machines executing network services previously performed by dedicated appliances. The virtual machines can be executed on a single multi-core processor in combination with normal switch functions or on dedicated services processor boards. Packet processors analyze incoming packets and add a services tag containing services entries to any packets. Each switch reviews the services tag and performs any network services resident on that switch. This allows services to be deployed at the optimal locations in the network. The network services may be deployed by use of drag and drop operations. A topology view is presented, along with network services that may be deployed. Services may be selected and dragged to a single switch or multiple switches. The management tool deploys the network services software, with virtual machines being instantiated on the switches as needed.

Embodiments provide techniques for providing return-link routing in a hybrid communications network that includes a number of different networks having different characteristics. User terminal routing systems (UTRSs) provide interfaces between local user networks and the multiple communications networks of the hybrid network. Each UTRS can include a routing table having stored mappings that are populated according to forward-link communications (implicitly or explicitly), each associating a respective one of a plurality of routing table entries with one of the communications networks. When a UTRS receives return-link data from its respective local user network, the received data indicates a destination node. The UTRS can determine which of the stored mappings corresponds to the destination node and can route the received return-link data over a selected one of the communications networks in accordance with the identified one of the mappings.

Embodiments provide techniques for providing return-link routing in a hybrid communications network that includes a number of different networks having different characteristics. User terminal routing systems (UTRSs) provide interfaces between local user networks and the multiple communications networks of the hybrid network. Each UTRS can include a routing table having stored mappings that are populated according to forward-link communications (implicitly or explicitly), each associating a respective one of a plurality of routing table entries with one of the communications networks. When a UTRS receives return-link data from its respective local user network, the received data indicates a destination node. The UTRS can determine which of the stored mappings corresponds to the destination node and can route the received return-link data over a selected one of the communications networks in accordance with the identified one of the mappings.

Techniques for routing in communications networks include determining a state of a destination node in a current routing table stored at a first node. A value for a reference cost to the destination node is determined based on a minimum cost to the destination in the current routing table. Based on the state, a request message is formed including a reference distance field to prevent loops, an originating node field, a destination field, and a previous hop field. The request message is sent to a different second node within range. A record that indicates the data in the request message is stored in a pending request table. A reply message is received in response to sending the request message. In response to receiving the reply message, the record in the pending request table is removed, and the current routing table is updated based on the reply message.