Embodiments of the present disclosure provide methods and apparatuses for service discovery. The method comprises determining to initiate an authentication of a user equipment (UE); and sending an authentication request message including an encrypted or unencrypted identity of a subscriber of the UE, a serving network name and routing information of a data management node to an authentication server.

System and method for isolating network traffic of multiple users across a network of a computing platform. For example, a method includes receiving data at a networking device of a computing platform. The networking device includes a plurality of routing tables. Each routing table of the plurality of routing tables is associated with a different user of multiple users of the computing platform. A user of the multiple users is identified based at least in part on the received data. In response to identifying the user of the multiple users based at least in part on the received data, a routing table of the plurality of routing tables is identified based at least in part on the identified user. A route from the identified routing table is determined based at least in part on the received data. The received data is sent across a network of the computing platform according to the determined route. The method is performed using one or more processors.

Some embodiments provide novel methods for performing services for machines operating in one or more datacenters. For instance, for a group of related guest machines (e.g., a group of tenant machines), some embodiments define two different forwarding planes: (1) a guest forwarding plane and (2) a service forwarding plane. The guest forwarding plane connects to the machines in the group and performs L2 and/or L3 forwarding for these machines. The service forwarding plane (1) connects to the service nodes that perform services on data messages sent to and from these machines, and (2) forwards these data messages to the service nodes. In some embodiments, the guest machines do not connect directly with the service forwarding plane. For instance, in some embodiments, each forwarding plane connects to a machine or service node through a port that receives data messages from, or supplies data messages to, the machine or service node. In such embodiments, the service forwarding plane does not have a port that directly receives data messages from, or supplies data messages to, any guest machine. Instead, in some such embodiments, data associated with a guest machine is routed to a port proxy module executing on the same host computer, and this other module has a service plane port. This port proxy module in some embodiments indirectly can connect more than one guest machine on the same host to the service plane (i.e., can serve as the port proxy module for more than one guest machine on the same host).

A service packet transmission method includes: A control device delivers respective attribute information of at least two transmission paths to a first forwarding device. In this way, after obtaining traffic requirement information, the first forwarding device may determine, based on the traffic requirement information and the respective attribute information of the transmission paths, a first transmission path that meets a traffic requirement. Then, the first transmission path sends a received service packet to a second forwarding device through the first transmission path.

In one embodiment, a method includes determining, by a first router, service level agreement (SLA) requirements for an application and generating, by the first router, first SLA characteristics for the first router. The first router is in an active mode within a network. The method also includes comparing, by the first router, the first SLA characteristics for the first router to the SLA requirements and determining, by the first router, second SLA characteristics for a second router. The second router is in a standby mode within the network. The method further includes comparing, by the first router, the second SLA characteristics for the second router to the SLA requirements and determining, by the first router, whether to lower a first hop redundancy protocol (FHRP) priority of the first router.

A system and method are disclosed for using segment routing (SR) in native IP networks. The method involves receiving a packet. The packet is an IP packet and includes an IP header. The method also involves updating the packet. Updating the packet involves writing information, including a segment routing segment identifier, to the destination address of the packet.

Techniques for enhanced Software-Defined Wide Area Network (SD-WAN) path quality measurement and selection are disclosed. In some embodiments, a system/method/computer program product for enhanced SD-WAN path quality measurement and selection includes periodically performing a network path measurement for each of a plurality of network paths at a Software-Defined Wide Area Network (SD-WAN) interface; updating a version if the network path measurement exceeds a threshold for one or more of the plurality of network paths; and selecting one of the plurality of network paths for a session based on the version according to an application policy.

A network device has an input configured to receive a message relating to a given device attempting to forward one or more packets across a computer network. The message has given device information relating to the given device. In addition, the routing device also has a selector, operatively coupled with the input, configured to select (after receiving the given data) a given group routing policy from a plurality of group routing policies. Preferably, the selector is configured to select the given group routing policy as a function of the given device information. The routing device also has an output operatively coupled with the selector. The output is configured to cause routing of device communication across the network using link-layer routes specified by the given group routing policy.

A method may include receiving a domain name system (DNS) query at a network device, where the DNS query may be associated with a traffic flow identified for rerouting through an alternative path utilizing an alternative network device instead of a default path. The method may also include rewriting the DNS query such that the DNS query is routed through the alternative network device along the alternative path and to a DNS server associated with the alternative path. The method may additionally include receiving a DNS response from the DNS server, where a resource identified in the DNS response may be based on the DNS query coming through the alternative network device.

System and method for isolating network traffic of multiple users across a network of a computing platform. For example, a method includes receiving data at a networking device of a computing platform. The networking device includes a plurality of routing tables. Each routing table of the plurality of routing tables is associated with a different user of multiple users of the computing platform. A user of the multiple users is identified based at least in part on the received data. In response to identifying the user of the multiple users based at least in part on the received data, a routing table of the plurality of routing tables is identified based at least in part on the identified user. A route from the identified routing table is determined based at least in part on the received data. The received data is sent across a network of the computing platform according to the determined route. The method is performed using one or more processors.