Systems, methods, and computer-readable media for communicating policy changes in a Locator/ID Separation Protocol (LISP) based network deployment include receiving, at a first routing device, a first notification from a map server, the first notification indicating a change in a policy for LISP based communication between at least a first endpoint device and at least a second endpoint device, the first endpoint device being connected to a network fabric through the first routing device and the second endpoint device being connected to the network fabric through a second routing device. The first routing device forwards a second notification to the second routing device if one or more entries of a first map cache implemented by the first routing device are affected by the policy change, the second notification indicating a set of one or more endpoints connected to the second routing device that are affected by the policy change.

The present disclosure discloses an electric border gateway device which adopts the blockchain technology to implement communication authentication and data transmission encryption at the gateway. As a device for sinking and processing local information, the border gateway device may build not only a local blockchain network with a variety of local electric sensing terminal devices, but also a regional blockchain network with other border gateways and electric management platforms. As a critical node of these two types of blockchain, the border gateway may enable the authentication of identity legality between electric sensing terminal devices, the critical data storage in the blockchain ledger, the deployment and implementation of blockchain transaction by control and coordinated functions, and the safe and reliable data interaction. The present disclosure also discloses a method for chaining and storage of sensing data based on the electric border gateway device.

The application discloses a packet transmission method, an apparatus, and a network device. In an embodiment, a first network device obtains identification information corresponding to a service flow, and reserves a forwarding resource based on the identification information. The forwarding resource is used by the first network device to forward the service flow to a second network device. The first network device further sends a packet including the identification information to the second network device, and the second network device reserves a corresponding forwarding resource based on the identification information in the packet. Network devices perform resource reservation hop by hop by sending the packet including the identification information, and do not need to perform resource reservation based on a transmission path that is pre-calculated and planned, so that load of the network device or a controller is reduced, and resource reservation flexibility is improved.

A network system is provided between at least a first client site and a second client site. A client site network component is implemented at least at the first client site, the client site network component aggregating one or more diverse network connections so as to configure an aggregated connection that has increased throughput. At least one network server component may be configured to connect to the client site network component using the aggregated connection. A cloud network controller may be configured to manage the data traffic and a virtual edge providing transparent lower-link encryption for the aggregated connection between the client site network component and the network server component. The network server component includes a virtual control plane interface configured to establish a unicast path between the network server component and each of a plurality of remote network server components.

The present application relates to communications between a partner network and a wide area network (WAN) via the Internet. Although Internet service providers may act as autonomous systems, the WAN may control routing from the partner network by advertising unicast border gateway protocol (BGP) address prefixes for a plurality of front-end devices in the WAN. An agent in the partner network measures a plurality of paths to a service within the WAN. Each of the plurality of paths is associated with one of the plurality of front-end devices and a respective unicast BGP address prefix. The WAN selects a path within the WAN for the service. The WAN exports a routing rule to the agent. The agent forwards data packets for the service to the respective BGP address prefix via the Internet. The WAN receives data packets for the service of the partner network at the selected device.

The present application relates to communications between a partner network and a wide area network (WAN) via the Internet. The WAN advertises unicast border gateway protocol (BGP) address prefixes for a plurality of front-end devices in the WAN. An agent in the partner network measures a plurality of paths to a service within the WAN. Each of the plurality of paths is associated with one of the plurality of front-end devices and a respective unicast BGP address prefix. The agent provides measurements of the plurality of paths to the WAN. The WAN selects a path within the WAN for the service. The agent receives a routing rule specifying a unicast address prefix for a selected device of the plurality of front-end devices of the WAN. The agent forwards data packets for the service to the respective border gateway protocol address prefix of the selected device via the Internet.

The present application relates to communications between a partner network and a wide area network (WAN). The partner network and WAN may exchange representations of the respective networks including a delay profile for the partner network. The WAN receives a network delay profile for multiple virtual network entities within the partner network. The multiple virtual network entities include at least a plurality of peering locations with the WAN. The WAN determines a path from the partner network through the WAN via a selected peering location of the plurality of peering locations with the WAN to a destination based on at least the network delay profile. The WAN deploys a policy for an agent within the partner network. The policy identifies traffic for the destination to route through the WAN via the selected peering location. The WAN routes traffic from the selected peering location to the destination along the path.

Techniques are described herein for service chaining in fabric networks such that hardware resources can be preserved without service nodes needing additional capabilities. The techniques may include storing a first configuration associated with a first VRF instance of a service forwarding node that is connected to a first service of a service chain sequence. The first configuration may indicate an identifier and a type associated with a second service of the service chain sequence where traffic is to be sent after the first service. Additionally, the techniques may also include storing a second configuration associated with a second VRF instance of the service forwarding node that is connected to the second service. The second configuration may indicate that the second service is a last service of the service chain sequence. When traffic is received at the service forwarding node, the service forwarding node can determine whether the traffic is pre-service traffic or post-service traffic.

Improved network traffic flow processing techniques are described. In a network device providing multiple processing planes, each processing plane comprising multiple processing units, techniques are described that take advantage of flow affinity/locality principles such that the same processing component of a processing plane, which previously performed processing for a network flow, is used for performing subsequent processing for the same network flow. This enables faster processing of network traffic flows by the network device. In certain implementations, the techniques described herein can be implemented in a network virtualization device (NVD) that is configured to perform network virtualization functions.

Technology is disclosed for bridging clouds of computing devices for compute and data storage. The technology can receive a virtual routing table (VRT), wherein the VRT indicates an association with a virtual local area network (VLAN) and defines neighbors for each route wherein at least one neighbor is defined for each of the two different cloud service providers, wherein the route definition creates a private transitive network between the neighbors; receive from a first node a first message destined for a second node; determine that the first message employs the route specified by the VRT; forward the first message to the second node; receive from a third node a second message destined for the second node; determine that the second message does not employ the route specified by the VRT; and fail to forward the second message to the second node.