This application provides a packet verification method, and the method includes: A first network device receives a BIER packet, where packet header information of the BIER packet includes a first keyed-hash message authentication code HMAC, and the first HMAC is used to verify whether the BIER packet is a valid BIER packet; determines a second HMAC based on a first key and first information in the packet header information, where the first information is used to indicate forwarding information of the BIER packet; determines whether the first HMAC is the same as the second HMAC; and when determining that the first HMAC is different from the second HMAC, determines that the BIER packet is an invalid BIER packet.

Various example embodiments relate generally to supporting flow-specific fast rerouting of source routed packets in communication networks. Various example embodiments for supporting flow-specific fast rerouting of source routed packets may be configured to support flow-specific fast rerouting of source routed packets based on use of various source routing protocols which may be based on various underlying communication protocols. Various example embodiments for supporting flow-specific fast rerouting of source routed packets in communication networks may be configured to support flow-specific fast rerouting of source routed packets by supporting use of a source routed packet including a payload and a header where the header encodes a set of hops of a primary path for the source routed packet and where the header also encodes a set of hops of a protection path configured to protect one of the hops of the primary path for the source routed packet.

Various example embodiments relate generally to supporting flow-specific fast rerouting of source routed packets in communication networks. Various example embodiments for supporting flow-specific fast rerouting of source routed packets may be configured to support flow-specific fast rerouting of source routed packets based on use of various source routing protocols which may be based on various underlying communication protocols. Various example embodiments for supporting flow-specific fast rerouting of source routed packets in communication networks may be configured to support flow-specific fast rerouting of source routed packets by supporting use of a source routed packet including a payload and a header where the header encodes a set of hops of a primary path for the source routed packet and where the header also encodes a set of hops of a protection path configured to protect one of the hops of the primary path for the source routed packet.

Some embodiments of the invention provide novel methods for facilitating a distributed SNAT (dSNAT) middlebox service operation for a first network at a host computer in the first network on which the dSNAT middlebox service operation is performed and a gateway device between the first network and a second network. The novel methods enable dSNAT that provides stateful SNAT at multiple host computers, thus avoiding the bottleneck problem associated with providing stateful SNAT at gateways and also significantly reduces the need to redirect packets received at the wrong host by using a capacity of off-the-shelf gateway devices to perform IPv6 encapsulation for IPv4 packets and assigning locally unique IPv6 addresses to each host executing a dSNAT middlebox service instance that are used by the gateway device.

Some embodiments of the invention provide novel methods for facilitating a distributed SNAT (dSNAT) middlebox service operation for a first network at a host computer in the first network on which the dSNAT middlebox service operation is performed and a gateway device between the first network and a second network. The novel methods enable dSNAT that provides stateful SNAT at multiple host computers, thus avoiding the bottleneck problem associated with providing stateful SNAT at gateways and also significantly reduces the need to redirect packets received at the wrong host by using a capacity of off-the-shelf gateway devices to perform IPv6 encapsulation for IPv4 packets and assigning locally unique IPv6 addresses to each host executing a dSNAT middlebox service instance that are used by the gateway device.

An electronic device includes an address generator module that generates a source address for each traffic class to be sent using a network interface. The source address includes a Unique Local Address (ULA) prefix and an interface identifier having a traffic class identifier as one or more most significant bits and a randomly generated remainder. The address generator module generates a destination address having the ULA prefix and the traffic class identifier. When a processor of the electronic device is selecting a source address for the traffic class according to rules of a network layer protocol (e.g., IPv6), including a rule that a longest matching address of possible source addresses to the given destination is selected as the source address, the generated source address is selected due to the one or more most significant bits of the interface identifier matching with the traffic class identifier of the destination address.

An electronic device includes an address generator module that generates a source address for each traffic class to be sent using a network interface. The source address includes a Unique Local Address (ULA) prefix and an interface identifier having a traffic class identifier as one or more most significant bits and a randomly generated remainder. The address generator module generates a destination address having the ULA prefix and the traffic class identifier. When a processor of the electronic device is selecting a source address for the traffic class according to rules of a network layer protocol (e.g., IPv6), including a rule that a longest matching address of possible source addresses to the given destination is selected as the source address, the generated source address is selected due to the one or more most significant bits of the interface identifier matching with the traffic class identifier of the destination address.

A bit index explicit replication (BIER) operations, administration, and maintenance (OAM) detection method includes a bit forwarding ingress router (BFIR) obtaining a detection request packet based on a first BIER OAM packet, and sending the detection request packet to at least one bit forwarding egress router BFER. The detection request packet includes a first packet and a first packet header. The first packet is a packet obtained by encapsulating the first BIER OAM packet. The first packet header includes a bit string, and the bit string indicates the at least one bit forwarding egress router BFER that is to be measured.

In one embodiment, Ethernet Virtual Private Network (EVPN) is implemented using Internet Protocol Version 6 (IPv6) Segment Routing (SRv6) underlay network and SRv6-enhanced Border Gateway Protocol (BGP) signaling. A particular route associated with a particular Internet Protocol Version 6 (IPv6) Segment Routing (SRv6) Segment Identifier (SID) is advertised in a particular route advertisement message of a routing protocol (e.g., BGP). The SID includes encoding representing a particular Ethernet Virtual Private Network (EVPN) Layer 2 (L2) flooding Segment Routing end function of the particular router and a particular Ethernet Segment Identifier (ESI), with the particular SID including a routable prefix to the particular router. The particular router receives a particular packet including the particular SID; and in response, the particular router performs the particular EVPN end function on the particular packet.

In one embodiment, Ethernet Virtual Private Network (EVPN) is implemented using Internet Protocol Version 6 (IPv6) Segment Routing (SRv6) underlay network and SRv6-enhanced Border Gateway Protocol (BGP) signaling. A particular route associated with a particular Internet Protocol Version 6 (IPv6) Segment Routing (SRv6) Segment Identifier (SID) is advertised in a particular route advertisement message of a routing protocol (e.g., BGP). The SID includes encoding representing a particular Ethernet Virtual Private Network (EVPN) Layer 2 (L2) flooding Segment Routing end function of the particular router and a particular Ethernet Segment Identifier (ESI), with the particular SID including a routable prefix to the particular router. The particular router receives a particular packet including the particular SID; and in response, the particular router performs the particular EVPN end function on the particular packet.