A label management method includes allocating, by a controller, a source label to a data stream, sending, by the controller, a first Border Gateway Protocol (BGP) update packet to an ingress network device on a label switching path (LSP) of the data stream, and sending a second BGP update packet to an egress network device on the LSP of the data stream, where the first BGP update packet includes a stream identifier of the data stream and the source label, and the second BGP update packet includes a mapping relationship between the source label and a source object of the data stream.

A node, in a first network, includes circuitry configured to add a label stack to a packet associated with one of a Layer 2 Virtual Private Network (L2VPN) and a Layer 3 Virtual Private Network (L3VPN), wherein the packet is destined for a second network having at least a pair of Border Gateway Protocol-Label Unicast (BGP-LU) Route Reflector (RR) nodes interconnecting the first network, and wherein the label stack includes an anycast Segment Identifier (SID) for the RR nodes, in Segment Routing, and transmit the packet to the second network. The label stack also includes a BGP-LU label for a destination in the second network. Responsive to isolation of one of the RR nodes, a Point of Local Repair (PLR) node in the first network is configured to implement Topology-Independent Loop-Free Alternate (TI-LFA) for the anycast SID.

A cell site gateway comprises a first interface, a second interface, and a third interface. The first interface is configured to communicate with a cellular base station. The second interface is configured to communicate with a network gateway. The third interface is configured to receive, from a control server, control information for a forwarding layer and comprising a first label and a second label. The forwarding layer is configured to: remove the first label from first packets received from the network gateway via the second interface; attach the second label to second packets received from the cellular base station; and transmit the second packets to the network gateway via the second interface.

In general, various aspects of the techniques are described in this disclosure for distributed label assignment for labeled routes. In one example, a method includes obtaining, by a first thread of a plurality of execution threads for at least one routing protocol process executing on processing circuitry of a network device, an allocation of first labels drawn from a label space for a network service; adding, by the first thread, the first labels to a first local label pool for the first thread; generating, by the first thread, after obtaining the allocation of the first labels, a labeled route comprising a route for the network service and a label assigned by the first thread from the first local label pool; and outputting, by the network device, the labeled route.

This disclosure generally relate to a method and system for network policy simulation in a distributed computing system. The present technology relates techniques that enable simulation of a new network policy with regard to its effects on the network data flow. By enabling a simulation data flow that is parallel and independent from the regular data flow, the present technology can provide optimized network security management with improved efficiency.

Various example embodiments for supporting multicast are presented. Various example embodiments for supporting multicast are configured to support multicast, on a multicast tree for a multicast group, based on use of penultimate hop popping (PHP) on the multicast tree. Various example embodiments for supporting multicast are configured to support multicast, on a multicast tree for a multicast group, based on use of PHP on the multicast tree where the multicast tree is Point-to-Multipoint (P2MP) Multiprotocol Label Switching (MPLS) tree that is formed based on a TREE-SID multicast solution (although it will be appreciated that PHP may be applied on other types of multicast trees (e.g., other than P2MP MPLS multicast trees), on multicast trees formed based on other multicast solutions (e.g., other than TREE-SID), or the like, as well as various combinations thereof).

Provided is a virtual circuit-based data packet processing method, which includes that: identification information of a next-hop Provider Edge (PE) node of a routing packet and identification information of an Original PE (OPE) node of the routing packet are determined according to the routing packet corresponding to a Virtual Private Network (VPN) service instance; a context virtual circuit is determined, wherein nodes at both ends of the context virtual circuit are respectively the current PE node and the OPE node; a virtual circuit label of the context virtual circuit is determined; a final data packet to be forwarded is obtained by carrying a VPN label of the routing packet and the virtual circuit label with an initial data packet of the VPN service instance; and the final data packet to be forwarded is forwarded to the next-hop PE node.

A multicast data transmission method includes: determining, by a first BFIR in a first BIER domain, a BIFT-id and a bitstring that correspond to multicast data in a second BIER domain, where the BIFT-id is determined based on at least an SI to which a BFR-id of a first BFER belongs and a BSL supported by the first BFER, and the first BFER is a BFER in the second BFER domain that is used to receive the multicast data; encapsulating the multicast data into a BIER data packet, where a BIER header of the BIER data packet includes the BIFT-id and the bitstring that correspond to the multicast data in the second BIER domain; and finally sending the labeled BIER data packet to a second BFIR, where the label is a label corresponding to a prefix of the second BFIR.

This disclosure describes techniques for performing application-based tagging. An example method is performed by a virtual socket of a device. The method includes receiving non-packetized data from an application, generating a label based on the application, and providing the non-packetized data and the label to a kernel of the device.

Provided is a method for creating an inter-domain bidirectional tunnel. The method includes: receiving, by a node, a path creation message sent by a path computation element, the path creation message including mapping path information for creating an inter-domain label switched path (LSP), and bidirectional tunnel instruction information, and obtaining, by the node, an actual transmission path, which is used for data transmission between intra-domain or inter-domain nodes, based on the mapping path information and the bidirectional tunnel instruction information. The present disclosure further provides a communication method, a communication device, and a computer-readable storage medium.