The present technology pertains to a group-based network policy using Segment Routing over an IPv6 dataplane (SRv6). After a source application sends a packet, an ingress node can receive the packet, and if the source node is capable, it can identify an application policy and apply it. The ingress node indicates that the policy has been applied by including policy bits in the packet encapsulation. When the packet is received by the egress node, it can determine whether the policy was already applied, and if so, the packet is forward to the destination application. If the egress node determines that the policy has not be applied the destination application can apply the policy. Both the ingress node and egress nodes can learn of source application groups, destination application groups, and applicable policies through communication with aspects of the segment routing fabric.

Packets are routed in a data network comprising a wireless mesh network and a controller providing IPv6 management traffic to nodes of the wireless network. A monitor function and a route table manager are used to generate a route table relating IPv6 addresses to each of the nodes via a respective one of a plurality of POP nodes, by accessing a pre-configured topology file, determining the reachability of each of the plurality of POP nodes from the controller by periodically sending test messages from the monitor function to each POP and detecting acknowledgement of the test messages. If a POP node is not reachable, the route table is updated to relate the IPv6 subnet of the POP that is not reachable to the address of a POP node that is reachable. A Layer 2 network is used to direct the IPv6 management traffic according to the amended route table.

Packets are routed in a data network comprising a wireless mesh network and a controller providing IPv6 management traffic to nodes of the wireless network. A monitor function and a route table manager are used to generate a route table relating IPv6 addresses to each of the nodes via a respective one of a plurality of POP nodes, by accessing a pre-configured topology file, determining the reachability of each of the plurality of POP nodes from the controller by periodically sending test messages from the monitor function to each POP and detecting acknowledgement of the test messages. If a POP node is not reachable, the route table is updated to relate the IPv6 subnet of the POP that is not reachable to the address of a POP node that is reachable. A Layer 2 network is used to direct the IPv6 management traffic according to the amended route table.

A route sending method and a device are provided. The method includes: A second network device receives a first route sent by a first network device, where the first route includes an IP address of a source network device and first identification information identifying that an IP address of the first network device belongs to a first type, and the first network device is a next-hop network device of the source network device. The second network device sends the first route, where the first route is a route determined by the second network device based on a first route group, and the first route group is determined based on the IP address of the source network device and the first type, so that routes having the same IP address of the source network device but different types of next-hop addresses can be allocated to different route groups.

A route sending method and a device are provided. The method includes: A second network device receives a first route sent by a first network device, where the first route includes an IP address of a source network device and first identification information identifying that an IP address of the first network device belongs to a first type, and the first network device is a next-hop network device of the source network device. The second network device sends the first route, where the first route is a route determined by the second network device based on a first route group, and the first route group is determined based on the IP address of the source network device and the first type, so that routes having the same IP address of the source network device but different types of next-hop addresses can be allocated to different route groups.

A method of processing packets propagated over a packet switched communications network having a control plane, user plane, and a plurality of probes, the method comprising: receiving at least one control plane packet associated with creating at least one user session in the network; selecting a set of user sessions from the at least one user session; determining at least one target feature that characterizes packets propagated over the network; and load balancing all packets sharing the at least one target feature that belong to a same user session of the set of user sessions to a same probe of the plurality of probes for processing by the probe.

A method of processing packets propagated over a packet switched communications network having a control plane, user plane, and a plurality of probes, the method comprising: receiving at least one control plane packet associated with creating at least one user session in the network; selecting a set of user sessions from the at least one user session; determining at least one target feature that characterizes packets propagated over the network; and load balancing all packets sharing the at least one target feature that belong to a same user session of the set of user sessions to a same probe of the plurality of probes for processing by the probe.

This application discloses a forwarding entry generation method, a packet sending method, a network device, and a system, so that a specified network device cannot use a backup forwarding path to forward a packet, thereby reducing, to some extent, a technical problem such as network resource waste or network congestion caused by a loop problem. The method includes: A first network device obtains routing information advertised by a second network device; and the first network device determines that the routing information advertised by the second network device matches a summary route stored in the first network device, and generates, based on a segment identifier of the second network device, a forwarding entry corresponding to the summary route. The forwarding entry includes the segment identifier of the second network device, and a forwarding path corresponding to the forwarding entry passes through the second network device.

This application discloses a forwarding entry generation method, a packet sending method, a network device, and a system, so that a specified network device cannot use a backup forwarding path to forward a packet, thereby reducing, to some extent, a technical problem such as network resource waste or network congestion caused by a loop problem. The method includes: A first network device obtains routing information advertised by a second network device; and the first network device determines that the routing information advertised by the second network device matches a summary route stored in the first network device, and generates, based on a segment identifier of the second network device, a forwarding entry corresponding to the summary route. The forwarding entry includes the segment identifier of the second network device, and a forwarding path corresponding to the forwarding entry passes through the second network device.

A system and network devices for packet processing, a network device including a processor and instructions for receiving a first packet sent by a second network node, the first packet including a format of a segment identifier of the second network node describing a length and a location of each field in the segment identifier, obtaining the format based on the first packet, the segment identifier having a first field, and including a determined value of the first field in the segment identifier in a second packet sent to the second network node, the value of the first field in the segment identifier being determined based on a segment routing policy and the format, and the determined value of the first field indicating to the second network node to process the second packet.