Some embodiments provide a novel method for deploying different virtual networks over several public cloud datacenters for different entities. For each entity, the method (1) identifies a set of public cloud datacenters of one or more public cloud providers to connect a set of machines of the entity, (2) deploys managed forwarding nodes (MFNs) for the entity in the identified set of public cloud datacenters, and then (3) configures the MFNs to implement a virtual network that connects the entity's set of machines across its identified set of public cloud datacenters. In some embodiments, the method identifies the set of public cloud datacenters for an entity by receiving input from the entity's network administrator. In some embodiments, this input specifies the public cloud providers to use and/or the public cloud regions in which the virtual network should be defined. Conjunctively, or alternatively, this input in some embodiments specifies actual public cloud datacenters to use.

A data processing method based on network slices comprises determining on a data plane a network slice to which a data flow belongs according to network slice resource information, an uplink port receiving the data flow, virtual local area network (VLAN) information carried by the data flow, and destination media access control (MAC) address of the data flow. The method further comprises processing and forwarding the data flow through the network slice to which the data flow belongs. In the network slice resource information, different network slices sharing a VLAN on a shared uplink port are configured with different three-layer interface MAC addresses.

The disclosure relates to content delivery systems such as gateways for use in locations where the services of many end user devices are provided by a common management entity, such as hospitality, dormitory, healthcare, or other enterprise settings. The disclosure includes methods of initializing a gateway configuration and operating a gateway by ingesting content from a variety of signals (satellite, broadcast, cable, and IP), processing the content to have additional desired features, and reassembling content in various forms for delivery to individual end user devices.

Some embodiments provide a method for configuring a logical router that interfaces with an external network. The method receives a configuration for a logical network that includes a logical router with several interfaces that connect to at least one physical router external to the logical network. The method selects a separate host machine to host a centralized routing component for each of the interfaces. The method selects a particular one of the host machines for operating a dynamic routing protocol control plane that receives routing protocol data from each of the centralized routing components and updates routing tables of each of the centralized routing components.

Methods and systems for bridging network packets transmitted over heterogeneous media channels are provided. According to one embodiment, a network device maintains translation data structures defining translations among multiple framing media formats used for transmitting or receiving network packets via multiple supported media transmission channels, including (i) between a first framing media format and an intermediate format and (ii) between the intermediate format and a second framing media format. A virtual bridging application representing a single bridging domain for bridging all network traffic traversing the network device translates ingress network packets from the first framing media format to egress network packets of the second framing media format based the translation data structures.

Disclosed are various examples for segregating virtual private network (VPN) traffic based on the originating client application. A network gateway receives network traffic from a tunnel endpoint of an application-specific virtual private network tunnel. The network traffic originates from a client application executed in a client device. The network gateway identifies a particular virtual local area network through which the network traffic is received. The network gateway determines, using an identifier of the particular virtual local area network and a mapping of virtual local area network identifiers, characteristics of the client application or the client device from a set of mobile device management attributes. The network gateway determines whether to route the network traffic to a destination based at least in part on the characteristics.

A network apparatus comprising a trunk end point associated with an Ethernet-tree (E-Tree) service in a network domain and configured to forward a frame that comprises a tag according to the tag in the frame, wherein the tag in the frame is a root tag that indicates a root source of the frame or a leaf tag that indicates a leaf source of the frame, and wherein the trunk end point is coupled to a second end point associated with the E-tree service outside the network domain.

Disclosed methods define VLAN time slots for one or more VLANs within an HCI environment. A management resource may control virtual application access to each VLAN in accordance with the VLAN time slots wherein only one virtual application may connect to the VLAN during a VLAN time slot. Disclosed methods may define VLAN time slots for each of the plurality of virtual applications. The VLAN time slots may be defined dynamically, wherein durations of the VLAN time slots may be re-calculated each VLAN cycle. A duration of the VLAN time slot for a particular virtual application may be determined based on the number of packets transmitted by the virtual application during a previous VLAN cycle. Each VLAN time slot may include an active interval, for transmitting packets, and an inactive interval. Each active interval may include a fixed duration base interval and a variable duration dynamic interval.

Disclosed methods define VLAN time slots for one or more VLANs within an HCI environment. A management resource may control virtual application access to each VLAN in accordance with the VLAN time slots wherein only one virtual application may connect to the VLAN during a VLAN time slot. Disclosed methods may define VLAN time slots for each of the plurality of virtual applications. The VLAN time slots may be defined dynamically, wherein durations of the VLAN time slots may be re-calculated each VLAN cycle. A duration of the VLAN time slot for a particular virtual application may be determined based on the number of packets transmitted by the virtual application during a previous VLAN cycle. Each VLAN time slot may include an active interval, for transmitting packets, and an inactive interval. Each active interval may include a fixed duration base interval and a variable duration dynamic interval.

The communication node includes an entry memory adapted to store a preset number of the control information entries, each stipulating the processing applied to a packet received, in association with the user information, and a packet processor that references the entry memory to process the packet received. The communication node also includes an entry management section that exercises control so that, on the basis of a preset reference, the proportion of the number of the control information entries for one user stored in the entry memory to the number of the control information entries storable in the entry memory will not surpass a preset value.