A method, apparatus and computer program product are provided in accordance with example embodiments in order to provide for the efficient, dynamic distribution of traffic in a hybrid network environment based at least in part on reliability probabilities associated with individual subflows within the network. In some example implementations, a traffic distribution entity provides for control over the determination of combined reliability probabilities of multiple potential traffic distribution modes and the selection of a traffic distribution mode that is capable of meeting performance targets, such as those associated with mission-critical operations of cyber-physical systems.

In one aspect, a computerized method includes the step of providing process monitor in a Gateway. The method includes the step of, with the process monitor, launching a Gateway Daemon (GWD). The GWD runs a GWD process that implements a Network Address Translation (NAT) process. The NAT process includes receiving a set of data packets from one or more Edge devices and forwarding the set of data packets to a public Internet. The method includes the step of receiving another set of data packets from the public Internet and forwarding the other set of data packets to the one or more Edge devices. The method includes the step of launching a Network Address Translation daemon (NATD). The method includes the step of detecting that the GWD process is interrupted; moving the NAT process to the NATD.

A system and network devices for packet processing, a network device including a processor and instructions for receiving a first packet sent by a second network node, the first packet including a format of a segment identifier of the second network node describing a length and a location of each field in the segment identifier, obtaining the format based on the first packet, the segment identifier having a first field, and including a determined value of the first field in the segment identifier in a second packet sent to the second network node, the value of the first field in the segment identifier being determined based on a segment routing policy and the format, and the determined value of the first field indicating to the second network node to process the second packet.

A method for configuring performance measurement indication information and a related device. The method includes: a control node determines performance measurement indication information and sends a first advertisement packet in the communication network based on the BGP, where the first advertisement packet carries the performance measurement indication information, so that a plurality of forwarding nodes configure the performance measurement indication information on the plurality of forwarding nodes. In this way, when a data flow on which performance measurement is to be performed is transmitted between a plurality of different ASs, each forwarding node in the different ASs may obtain the performance measurement indication information from the first advertisement packet.

A system includes reception of an instruction to send a message to a computer server, determination of a plurality of segments of the message, determination, for each of the plurality of segments, of a network path from a plurality of network paths to the computer server based on performance-related characteristics of the plurality of network paths, and assignment, for each of the plurality of segments, of the segment to a transmission queue associated with the network path determined for the segment.

A method and an apparatus for controlling a network traffic path are provided. The method includes: receiving routing advertisement information from a first network to a second network; determining all routing nodes included in a path through which data pass when flowing from the second network to the first network according to the routing advertisement information; and configuring a next hop routing node for each determined routing node, where the next hop routing node is a node in all the routing nodes included in the path and is adjacent to the routing node for which the next hop routing node is configured, and the routing node for which the next hop routing node is configured does not include a routing node of the first network or a routing node of the second network.

This application provides a path switching method and a related apparatus. In the path switching process, an ECMP table includes a first ECMP index of a first path group and a second ECMP index of a second path group; when all paths in the first path group have failed, a path group identifier corresponding to the first ECMP index may be changed from valid to invalid in the ECMP table, indicating that all paths in the first path group are unavailable. In this case, a path group identifier corresponding to the second ECMP index is valid, indicating that the second path group includes an available path, thereby completing switching between an active path and a standby path. In this process, only an identifier corresponding to the ECMP index needs to be updated, and therefore, the time consumed is relatively short, and the path switching delay can be effectively reduced.

After receiving a packet, a programmable forwarding device determines whether a flow entry matching the packet exists in a local flow table of the programmable forwarding device. If the flow entry does not exist, the programmable forwarding device sends the packet to a computing device. After receiving the packet, a programmable network adapter in the computing device determines whether a flow entry matching the packet exists in a local flow table of the programmable network adapter. If the flow entry does not exist, the programmable network adapter sends the packet to a processor in the computing device, so that a gateway running on the processor processes the packet.

Some embodiments provide a method that establishes multiple active uplinks for a VPN session with a VPN peer using a first uplink interface to access a first set of paths and a second uplink interface to access a second set of paths. The method selects a path from a pool of paths by using a hash value derived from data to be transmitted to a peer in the VPN session. The paths in the pool are identified from the first and second sets of paths based on performance metrics. When the selected path is accessible by the first uplink interface, the method transmits the data as an IPsec packet over the first uplink interface. When the selected path is accessible by the second uplink interface, the method transmits the data as an IPsec packet over the second uplink interface, wherein the data is encrypted according to a security association.

Some embodiments provide a method that collects metrics for one or more paths of a first tunnel implementing a first security association (SA) and for one or more paths of a second tunnel implementing a second SA. The method selects a path based on the collected metrics of the paths of the first and second tunnels. When the selected path belongs to the first tunnel, the method encrypts data transmitted as encrypted payload of the first SA and transmits the encrypted payload in the first tunnel. When the selected path belongs to the second tunnel, the method encrypts data to be transmitted as encrypted payload of the second SA and transmits the encrypted payload in the second tunnel.