Some embodiments provide a method of performing stateful services that keeps track of changes to states of service nodes to update connection tracker records when necessary. At least one global state value indicating a state of the service nodes is maintained at the edge device. The method generates a record in a connection tracker storage including the current global state value as a flow state value for a first data message in a data message flow. Each time a data message is received for the data message flow, the stored state value (i.e., a flow state value) is compared to the relevant global state value to determine if the stored action may have been updated. After a change in the global state value relevant to the flow the method examines a flow programming table to determine if the flow has been affected by a flow programming instruction(s) that caused the global state value to change.

An information processing apparatus includes a processor configured to acquire information regarding multiple transient states of a network including multiple nodes when the network undergoes clustering in which the multiple nodes are classified into multiple clusters. The multiple transient states each represent a transient state of the network on a way to a final result of the clustering. The processor is also configured to determine a common node by using the information regarding the acquired multiple transient states. The common node is used in the clustering in the multiple transient states.

This disclosure describes various methods, systems, and devices related to dynamic service node discovery in a network. In an example method, a service node generates a discover message including a discovery field. The discovery field indicates an identifier of the service node. The service node further transmits the discovery message to an intermediary node.

Protocol and associated system for data transfer between two nodes of partially connected limited network. In a data network, a hybrid solution is proposed that allows isolated clients to communicate via a dynamically configured group of connected clients. In some cases, this solution makes it possible to substantially reduce the number of isolated clients.

Respective destination groups are provided to routing intermediaries associated with a packet processing application. The destination group comprises a set of fast-path packet processing nodes of a packet processing service to which the routing intermediaries are to transmit packets to be processed. After a determination is made that the set of fast-path nodes to be included in the destination groups has changed, the destination groups are modified gradually during an update propagation interval.

Technologies directed to determining a role of a network device, configuring the network device according to the role, and provisioning the network device to a network are described. In one method, the hardware configuration information and external connection information are stored by the network device. The network device determines a role using the hardware configuration information and the external connection information without any manual intervention or manual configuration. The role can be any one of a Router Node, a Storage Node, a Base Station Node, a Relay Node, a Gateway Node, or a Customer Premises Equipment (CPE) Node. After recognizing the role, the network device can be configured and provisioned to the network without any manual intervention or manual configuration.

Systems and methods for establishing a secure connection are described. A server receives a plurality of routing tokens for establishing a service connection between a service node and the server along a network path through a plurality of network devices. The routing tokens can be validated by a corresponding network device. The server transmits a packet including the routing tokens to a first network device. The first network device validates a first routing token associated therewith, then directs the packet along the network path to a second network device, and so forth, until each of the network device receives and validates their routing token. The server establishes a cryptographic context between the service node and server for establishing a secure channel between the service node and the server. The server transmits a service node routing token to the service node via the secure channel for validation.

Some embodiments provide a method of performing stateful services that keeps track of changes to states of service nodes to update connection tracker records when necessary. At least one global state value indicating a state of the service nodes is maintained at the edge device. The method generates a record in a connection tracker storage including the current global state value as a flow state value for a first data message in a data message flow. Each time a data message is received for the data message flow, the stored state value (i.e., a flow state value) is compared to the relevant global state value to determine if the stored action may have been updated. After a change in the global state value relevant to the flow the method examines a flow programming table to determine if the flow has been affected by a flow programming instruction(s) that caused the global state value to change.

Some embodiments configure an edge forwarding element to perform service insertion operations to identify stateful services to perform for data messages received for forwarding by the edge forwarding element at multiple virtual interfaces of the edge forwarding element. The service insertion operation, in some embodiments, includes applying a set of service insertion rules. The service insertion rules (1) specify a set of criteria and a corresponding action to take for data messages matching the criteria and (2) are associated with a set of interfaces to which the service insertion rules are applied. In some embodiments, the action is specified using a universally unique identifier (UUID) that is then used as a matching criteria for a subsequent policy lookup that identifies a type of service insertion and a set of next hop data.

Some embodiments provide stateful services in a chain of services identified for some data messages. The edge forwarding element receives a data message at a particular interface of the edge forwarding element that is traversing the edge forwarding element in a forward direction between two machines. The edge forwarding element identifies (1) a set of stateful services for the received data message and (2) a next hop associated with the identified set of stateful services in the forward direction and a next hop associated with the identified set of stateful services in the reverse direction. Based on the identified set of services and the next hops for the forward and reverse directions, the edge forwarding element generates and stores first and second connection tracking records for the forward and reverse data message flows, respectively used to forward data messages received subsequently for the flow.