Malformed VLAN packets can be detected by programming suitable rules in a TCAM in the packet processing pipeline. In some deployments, for example, the TCAM rule(s) can match on the parsed EtherType metadata. More specifically, the match can be based on the EtherType metadata being set to a value equal to known VLAN TPIDs, such as 0x8100, 0x88a8, rather than being set to a standard EtherType.

Malformed VLAN packets can be detected by programming suitable rules in a TCAM in the packet processing pipeline. In some deployments, for example, the TCAM rule(s) can match on the parsed EtherType metadata. More specifically, the match can be based on the EtherType metadata being set to a value equal to known VLAN TPIDs, such as 0x8100, 0x88a8, rather than being set to a standard EtherType.

Packet-switching operations in a network device are managed based on the detection of excessive-rate traffic flows. A network device receives a data unit, determines the traffic flow to which the data unit belongs, and updates flow tracking information for that flow. The network device utilizes the tracking information to determine when a rate at which the network device is receiving data belonging to the flow exceeds an excessive-rate threshold and is thus an excessive-rate flow. The network device may enable one or more excessive-rate policies on an excessive-rate traffic flow. Such a policy may include any number of features that affect how the device handles data units belonging to the flow, such as excessive-rate notification, differentiated discard, differentiated congestion notification, and reprioritization. Memory and other resource optimizations for such flow tracking and management are also described.

In one embodiment, a device in a first network receives traffic flow information regarding a plurality of traffic flows in the first network. The device labels the traffic flow information by associating classifier labels to the traffic flow information. The device receives a generic traffic classifier that was trained using a training data set that comprises labeled traffic flow information for a plurality of other networks and excludes the traffic flow information regarding the plurality of traffic flows in the first network. The device acclimates the generic traffic classifier to the first network using the labeled traffic flow information regarding the plurality of traffic flows in the first network.

In one embodiment, a device in a network receives traffic data regarding one or more traffic flows in the network. The device applies a machine learning classifier to the traffic data. The device determines a priority for the traffic data based in part on an output of the machine learning classifier. The output of the machine learning classifier comprises a probability of the traffic data belonging to a particular class. The device stores the traffic data for a period of time that is a function of the determined priority for the traffic data.

A data transfer method and a virtual switch, where when receiving a data packet, the virtual switch extracts characteristic information of the data packet, and determines, based on the extracted characteristic information of the data packet, whether an expedited forwarding rule is configured for a data stream to which the data packet belongs. If the expedited forwarding rule is configured for the data stream to which the data packet belongs, the virtual switch bypasses a LINUX bridge to directly send the data packet to a receive end, thereby reducing times of data packet switching between a kernel mode and a user mode, and improving data packet forwarding efficiency.

A data transfer method and a virtual switch, where when receiving a data packet, the virtual switch extracts characteristic information of the data packet, and determines, based on the extracted characteristic information of the data packet, whether an expedited forwarding rule is configured for a data stream to which the data packet belongs. If the expedited forwarding rule is configured for the data stream to which the data packet belongs, the virtual switch bypasses a LINUX bridge to directly send the data packet to a receive end, thereby reducing times of data packet switching between a kernel mode and a user mode, and improving data packet forwarding efficiency.

Examples described herein identify a flow that is considered heavy or high in transmit or receive rate. A filter rule can be assigned to the flow such that packets of the heavy flow are allocated to a queue and core for processing. Various queues and cores can be dedicated to processing received or transmitted packets of heavy flows and various queues and cores can be dedicated to process received or transmitted packets of non-heavy flows. An application acceleration layer can be used to migrate an application to a core that is to process received or transmitted packets of a heavy flow.

Examples described herein identify a flow that is considered heavy or high in transmit or receive rate. A filter rule can be assigned to the flow such that packets of the heavy flow are allocated to a queue and core for processing. Various queues and cores can be dedicated to processing received or transmitted packets of heavy flows and various queues and cores can be dedicated to process received or transmitted packets of non-heavy flows. An application acceleration layer can be used to migrate an application to a core that is to process received or transmitted packets of a heavy flow.

A gateway apparatus connected to another different network. The gateway apparatus includes: extraction unit that extracts first information set in a first packet(s) that has been received from a relay apparatus relaying a packet(s) between the gateway apparatus and a terminal or from a node arranged in the different network; setting unit that sets, based on the first information, second information in a second packet(s) in a protocol(s) in a layer(s) different from a layer(s) of a protocol(s) of the first packet(s); and forwarding unit that forwards the second packet(s) in which the second information is set to the node or to the relay apparatus.