Methods and systems for managing authorized data flows using software defined networking include receiving flow criteria sent from a firewall and extracted from a first data packet, determining whether flow criteria of the first data packet matches an entry in a master data flow list, inserting the flow criteria from the first data packet into the master data flow list on a software defined networking controller, and sending the flow criteria of the first data packet to the router. The router may forward a second data packet associated with the data flow toward a destination based on the validation of the first data packet by the firewall. The flow criteria may not match an entry in a router data flow list on the router and may include at least two of: a source IP address, a destination IP address, a destination port, and a protocol of transmission.

A network control system that includes several controllers for managing several switching elements. In some embodiments, each switching element implements at least one logical switching element and has a master controller. In some embodiments, at least one controller is a master of at least two switching elements. The network control system accepts definitions of the logical switching elements and, in some embodiments, each logical switching element has a master controller. In some embodiments, at least one controller is a master for at least two logical switching elements.

Dynamic advertisement routing is disclosed. For example, a plurality of internet protocol (“IP”) addresses associated with respective plurality of target nodes is stored in a routing pool. Each IP address in the routing pool is pinged through each of first and second load balancer network interfaces. Network routes associated with target nodes are updated based on a first plurality of ping responses. Communications sessions are established with target nodes through respective network routes. IP addresses are pinged and respective latencies in a latency cache are updated based on a second plurality of ping responses. A first request directed to the plurality of target nodes is received and is determined to be sent to a first target node based on the latency cache forwarded to the first target node via the first network route.

A data transmission method includes: receiving, by the PNF SDN controller, a first packet and an access loop identifier that are sent by a first network device; generating, by the PNF SDN controller, a second packet based on the access loop identifier and the first packet; and sending, by the PNF SDN controller, the second packet to the virtualized network function software-defined networking VNF SDN controller, so that the VNF SDN controller sends the second packet to a second network device, where the second packet is used to request the second network device to assign an IP address or IP address prefix to user equipment.

A control apparatus connected to two or more first relay apparatuses which form a trunk with a first external relay apparatus and to a second relay apparatus(es) which is connected to at least one of the first relay apparatuses and which is arranged between a destination apparatus that performs a point-to-point communication and the first relay apparatuses. The control apparatus includes a first unit controlling the relay apparatuses; a second unit receiving a request for a configuration about a point-to-point communication, the request including endpoint information about the point-to-point communication; and a third unit determining, before the point-to-point communication occurs, a path(s) of the point-to-point communication, based on the endpoint information about the point-to-point communication and a packet allocation rule(s) of the first external relay apparatus, and setting a packet forwarding rule(s) for the point-to-point communication which uses the trunk in the relay apparatuses on the path(s).

This disclosure provides systems and methods for routing and topology management of computer networks with steerable beam antennas. A network controller can generate an input graph for a first time period. The input graph can have a plurality of vertices each representing a respective moving node and a plurality of edges each representing a possible link between a pair of moving nodes. The input graph also can include corresponding location information for each of the moving nodes during the first time period. A solver module can receive information corresponding to the input graph, a maximum degree for each vertex in the input graph, and a set of provisioned network flows. The solver module can determine a subgraph representing a network topology based on the input graph, the maximum degree for each vertex in the input graph, and the set of provisioned network flows, such that a number of edges associated with each vertex in the subgraph does not exceed the maximum degree for each vertex.

A control apparatus, includes a first unit configured to be capable of specifying an identification rule to identify a packet based on a user of a virtual network including a plurality of virtual nodes; and a second unit configured to be capable of sending an instruction to a physical node corresponding to each of the virtual nodes of the virtual network, wherein each of the virtual nodes includes a predetermined network function being capable of providing a first packet operation to the packet, wherein the instruction includes that the physical node provides a second packet operation to the packet so as to emulate the first packet operation.

A path computation element (PCE) central controller (PCECC) comprising a memory comprising executable instructions and a processor coupled to the memory and configured to execute the instructions. Executing the instructions causes the processor to receive a request to compute a path through a network, the request comprising a plurality of computational tasks, divide the computational tasks into a plurality of groups of computational tasks, transmit at least some of the plurality of groups of computational tasks to a plurality of path computation clients (PCCs) for computation by the PCCs, and receive, from the PCCs, computation results corresponding to the plurality of groups of computational tasks.

Disclosed is a method for processing downlink signalling of an SDN virtualization platform based on OpenFlow. The method comprises: after the preprocessing of downlink signalling is executed, further executing same, so as to judge whether more Match items also exist in a Match item list; if it is judged that more Match items also exist, acquiring an item from the Match item list; if it is judged that there are no more Match items, ending the processing; after completing the step of acquiring an item from the Match item list if it is judged that more Match items also exist, further judging whether more Action items also exist; if there are no more Action items, combining a new Action item list with the Match items to generate downlink signalling, and issuing same to a virtual network switch; and returning to the step to continue judging whether more Match items also exist; and if more Action items also exist, acquiring the next Action item.

A packet processing method for a virtual switch is carried out in a virtual switch under the SDN architecture. The method presets a signature pre-computation table including plural destination addresses and signatures corresponding to the destination addresses. With the installation of the signature pre-computation table, the destination addresses fall into packets of the signature pre-computation table without requiring computing the signature of the packet. The method simply obtains the corresponding signature according to the destination address of the packet destination address, and thus saves the time required for processing a packet and improves the throughput of the virtual switch.