The present disclosure is directed to a method of detecting anomalous behaviors based on a temporal profile. The method can include collecting, by a control system comprising a processor and memory, a set of network data communicated by a plurality of network nodes over a network during a time duration. The method can include identifying, by the control system, one or more seasonalities from the set of network data. The method can include generating, by the control system, a temporal profile based on the one or more identified seasonalities. The method can include detecting, by the control system and based on the temporal profile, an anomalous behavior performed by one of the plurality of network nodes. The method can include identifying, by the control system and based on the temporal profile, a root cause for the anomalous behavior.

A host machine implementing a service host that implements a set of one or more tunnel-endpoints (TEPs) is provided a first connection from a first customer premise equipment (CPE) in a first on-premises data center of a first customer, the first connection terminating at a first TEP of the set of one or more TEPs. The first TEP receives a first packet over the first connection, and adds a first label to the first packet. The first packet with the first label is forwarded to a direct-attached virtual network interface card (DAV) associated with the service host. The DAV modifies a header of the first packet, and responsive to the modifying, switches the first packet to a virtual cloud network (VCN) of the first customer.

Various embodiments are directed to receiving, at a receiving device, a packet from a node in a first network. determining a version identifier for the packet, encoding the version identifier into the packet, and transmitting the packet containing the encoded version identifier to a load balancing device in a second network. The version identifier may be encoded into a destination port field of the packet. The receiving device may be a perimeter network address translation device. The packet is received at the load balancing device, where the version identifier is extracted and a hash of source address information is performed. The version and hash are used to select a back-end device in the second network. The packet is transmitted to the selected back-end device.

This application discloses an advertisement information processing method. The method includes a first node receives, in a first IGP process, first advertisement information that is sent by a second node and that includes a destination address of the second node and a first identifier indicating, in the first IGP process, a first flexible algorithm. The first node determines whether the first identifier indicates, in a second IGP process, a flexible algorithm the same as the first flexible algorithm. When the first identifier does not indicate, in the second IGP process, the flexible algorithm the same as the first flexible algorithm, the first node advertises, in the second IGP process, second advertisement information that includes the destination address and a second identifier indicating, in the second IGP process, a second flexible algorithm, or skips advertising third advertisement information that includes the destination address. In the method, the first flexible algorithm in the first IGP process is mapped to the second flexible algorithm in the second IGP process, to resolve a problem that advertisement information imported across processes cannot work normally when flexible algorithms deployed in different IGP processes are different.

A binding segment identifier processing method and a device are provided. The method includes a network device receives a message sent by a controller, where the message includes type information and a segment identifier, and the type information indicates that the segment identifier is a binding segment identifier BSID. The network device performs a processing action on the BSID based on the type information. According to embodiments of this application, the network device can identify the BSID, to resolve a technical problem that an incorrect processing result is caused when a segment identifier list of the network device includes the BSID.

A network device includes processing circuitry and multiple ports. The multiple ports are configured to connect to a communication network. The processing circuitry is configured to select a first port among the multiple ports to serve as an egress port for a packet, and to forward the packet to the first port, irrespective of whether or not the first port is usable as the egress port. The processing circuitry is further configured to, when the first port is usable as the egress port, transmit the packet to the communication network via the first port, and when the first port is unusable as the egress port, forward the packet from the first port to a second port among the multiple ports and transmit the packet to the communication network via the second port.

A first network device of a plurality of network devices is provided. The first network device is configured to receive a first data packet from a second site; search a flow table stored in the first network device for a target flow entry whose flow identifier is of a first data flow, each entry comprises a flow identifier and a corresponding outbound interface identifier, the target flow entry is created when the first site sends a second data flow to the second site, a source address of the second data flow is a destination address of the first data flow, and a destination address of the second data flow is a source address of the first data flow; and if the target flow entry is found, send the first data packet through an interface corresponding to an outbound interface identifier in the target flow entry.

A network device and a packet replication method are provided. The network device includes a classification engine, a forwarding engine, and a packet replication device. The packet replication device includes an interface circuit, a replication control circuit, and a storage unit. The interface circuit retrieves a packet of a flow from the forwarding engine and correspondingly outputs a replicated packet to the replication control circuit. The replication control circuit calculates a current rate corresponding to the replicated packet, checks a flow table for a cumulative number of replicated packets of the flow, and determines, according to the current rate and the cumulative number of replicated packets, to forward the replicated packet. The storage unit stores the flow table. The replication control circuit transmits the replicated packet to at least one application engine through at least one communication port for security inspection.

This application provides a method for forwarding a packet in an SRv6 service function chain, an SFF, and an SF device, and belongs to the field of communication technologies. In this application, an End.PT.SID is used to identify that the SFF forwards an SRv6 packet to the SF device without stripping an SRH. Based on the End.PT.SID, the SFF does not strip the SRH in the SRv6 packet, but sends the SRv6 packet to the SF device. In addition, the SFF includes a control flag in the SRv6 packet, so that the control flag is used to identify a scenario in which an IPv6 extension header needs to be offset. The SF device directly offsets the IPv6 extension header in the SRv6 packet based on the control flag, to skip the SRH for service processing.

A method including: determining whether the receiving terminal has received a second data packet when a first data packet in a plurality of data packets continuously sent by a sending terminal at an interval in a preset sending sequence is received, the second data packet comprises the data packet preceding the first data packet in the preset sending sequence; determining whether the second data packet is expired when the second data packet is not received; acquiring a consumption importance level of the second data packet when the second data packet is expired; and consuming the first data packet when the consumption importance level of the second data packet is a preset consumption importance level. Through the present disclosure, an application corresponding to the plurality of data packets is responded timely to avoid a delayed response to the applications. For example, the smoothness of the application is improved.