Some embodiments provide a network forwarding element with a data-plane forwarding circuit that has a parameter collecting circuit to store and distribute parameter values computed by several machines in a network. In some embodiments, the machines perform distributed computing operations, and the parameter values that compute are parameter values associated with the distributed computing operations. The parameter collecting circuit of the data-plane forwarding circuit (data plane) in some embodiments (1) stores a set of parameter values computed and sent by a first set of machines, and (2) distributes the collected parameter values to a second set of machines once it has collected the set of parameter values from all the machines in the first set. The first and second sets of machines are the same set of machines in some embodiments, while they are different sets of machines (e.g., one set has at least one machine that is not in the other set) in other embodiments. In some embodiments, the parameter collecting circuit performs computations on the parameter values that it collects and distributes the result of the computations once it has processed all the parameter values distributed by the first set of machines. The computations are aggregating operations (e.g., adding, averaging, etc.) that combine corresponding subset of parameter values distributed by the first set of machines.

Some embodiments provide a network forwarding element with a data-plane forwarding circuit that has a parameter collecting circuit to store and distribute parameter values computed by several machines in a network. In some embodiments, the machines perform distributed computing operations, and the parameter values that compute are parameter values associated with the distributed computing operations. The parameter collecting circuit of the data-plane forwarding circuit (data plane) in some embodiments (1) stores a set of parameter values computed and sent by a first set of machines, and (2) distributes the collected parameter values to a second set of machines once it has collected the set of parameter values from all the machines in the first set. The first and second sets of machines are the same set of machines in some embodiments, while they are different sets of machines (e.g., one set has at least one machine that is not in the other set) in other embodiments. In some embodiments, the parameter collecting circuit performs computations on the parameter values that it collects and distributes the result of the computations once it has processed all the parameter values distributed by the first set of machines. The computations are aggregating operations (e.g., adding, averaging, etc.) that combine corresponding subset of parameter values distributed by the first set of machines.

An information processing apparatus includes: a memory that stores association information associating a first address of a first container assigned beforehand with a second address of a second container assigned beforehand; and a processor coupled to the memory. The processor detects first information from one of containers; sets, when the address in the first information matches the first or second address, the container including the matching address and a port of a virtual machine specified by the first information in association with each other in the association information; duplicates second information passing through a first port associated with the first container by referring to the association information; and forwards the duplicated second information destined for a second port associated with the second container.

This application provides an artificial intelligence (AI)-based network security protection method and apparatus, an electronic device, and a computer-readable storage medium. The method includes obtaining access traffic that needs to be verified and to be transmitted to a target network address; extracting a data statistical feature of each of a plurality of sessions included in the access traffic that needs to be verified; invoking a neural network model, and based on the data statistical feature of each session, to classify each session as normal or abnormal; identifying a session classified as abnormal in the access traffic that needs to be verified as attack access traffic; and obtaining a source address of the attack access traffic, and screening attack access traffic to be transmitted to the target network address from the source address.

The present invention relates to a switch including a plurality of input ports, a plurality of output ports, at least one output port, called observation port, being connected to an observation module able to analyze the traffic of the frames passing through via the switch, and a conveying component configured to convey each frame. The switch is configured to transmit, to the observation modules via the observation port, only frames according to a first observation condition and a second observation condition. The compliance of a frame with the first observation condition is determined as a function of an observation field and the compliance with the second observation condition is determined as a function of the identifier and/or of an input and/or output port associated with this frame.

Disclosed are an apparatus and method of monitoring Ethernet communication for a vehicle and a vehicle including the same. The apparatus includes a traffic statistics data acquisition unit configured to acquire traffic from each of ports of an Ethernet switch, a database (DB) configured to store communication information between controllers connected to the Ethernet switch, a switching path check unit configured to check a switching path of the Ethernet switch, and a monitoring unit configured to calculate a reference value of normal traffic for each port, between ports, and for each traffic flow of the Ethernet switch based on communication information between the controllers and a switching path, to compare the calculated reference value of the normal traffic with traffic acquired from each port of the Ethernet switch, and to monitor whether a communication state of the Ethernet switch is abnormal.

Systems and methods of configuring, managing and ensuring security compliance of Virtual Network Slices that transit through physical networks, virtual networks (SDN), cloud networks, radio access networks, service provider networks, and enterprise networks are identified. The methods include user side security validation methods while attempting to use a network slice for a specific service, and security validation of physical or virtual networks and the associated transit network elements. The methods disclose enriching the Security Certificates with policy parameters and the associated procedures that transit elements are required to assure for security compliance. Additionally, methods for incorporating a mobile native security platform in Wireless Mobile Network (4G/5G) that supports generating X.509 Certificates enhanced with policy requirements, validating allowed/disallowed list of transit network vendor devices, virtual network appliances are identified.

Systems and methods for restoring lost or corrupted data in packets that traverse a packet-switched network. In some embodiments, a device at the edge of a packet switched network may restore data that was originally inserted in a packet header by a sender, but overwritten or bleached during transport over a network by identifying an associated packet, and transferring a value from the associated packet to the packet.

Example methods are provided for port mirroring based on remote direct memory access (RDMA) in a software-defined networking (SDN) environment. One example method may comprise obtaining configuration information associated with a port mirroring session between a source logical port supported by a source host and a destination logical port supported by a destination host, and establishing an RDMA-based connection between the source and destination hosts. The method may also comprise: in response to detecting a packet passing through the source logical port, generating a mirrored packet based on the detected packet, and storing, in source memory associated with the source host, the mirrored packet in association with destination information identifying the destination logical port or destination host. The method may further comprise transferring the mirrored packet from the source memory to destination memory associated with the destination host via the RDMA-based connection.

Systems, computer-readable media, and methods are disclosed for parallel data processing for service function chains with network functions spanning multiple servers. An example system includes a first server hosting a first network function of a service function chain, a second server hosting a second network function of the service function chain, a mirror function deployed in a first switch to replicate a plurality of packets received by the system and to send respective copies of the plurality of packets to the first network function and to at least one of the second network function and a third network function of the service function chain, and a merge function deployed in a second switch to merge respective outputs of the first network function and the at least one of the second network function and the third network function.