Some embodiments provide novel methods for providing different types of services for a logical network associated with an edge forwarding element acting between the logical network and an external network. The edge forwarding element receives data messages for forwarding and performs a service classification operation to select a set of services of a particular type for the data message. The particular type of service is one of multiple different types of services that use different transport mechanisms to forward the data to a set of service nodes (e.g., service virtual machines, or service appliances, etc.) that provide the service. The edge forwarding element then receives the data message after the selected set of services has been performed and performs a forwarding operation to forward the data message. In some embodiments, the method is also performed by edge forwarding elements that are at the edges of logical network segments within the logical network.

Some embodiments facilitate the provision of a service reachable at a virtual internet protocol (VIP) address. The VIP address is used by clients to access a set of service nodes in the logical network. Facilitating the provision of the service, in some embodiments, includes returning a serviced data message to a load balancer that selected a service node to provide the service for the load balancer to track the state of the connection using the service logical forwarding element. To use the service logical forwarding element, some embodiments configure an egress datapath of the service nodes to intercept the serviced data message before being forwarded to a logical forwarding element in the datapath from the client to the service node, and determine if the serviced data message requires routing by the routing service provided as a service by the edge forwarding element.

For traffic exiting a logical network through a particular VTI, some embodiments perform a service classification operation for different data messages to identify different VTIs that connect the edge forwarding element to a service node to provide services required by the data messages. Each data message, in some embodiments, is then forwarded to the identified VTI to receive the required service. The identified VTI does not perform a service classification operation. The service node then returns the serviced data message to the edge forwarding element. In some embodiments, the identified VTI is not configured to perform the service classification operation and is instead configured to mark all traffic directed to the edge forwarding element as having been serviced. The marked serviced data message is received at the edge forwarding element and forwarded to a destination of the data message through the particular VTI.

Some embodiments provide novel methods for providing a set of services for a logical network associated with an edge forwarding element acting between a logical network and an external network. In some embodiments, the services are provided using a logical service forwarding plane that connects the edge forwarding element to a set of service nodes that each provide a service in the set of services. The service classification operation of some embodiments identifies a chain of multiple service operations that has to be performed on the data message. In some embodiments, identifying the chain of service operations includes selecting a service path to provide the multiple services. After selecting the service path, the data message is sent along the selected service path to have the services provided. The data message is returned to the edge forwarding element by a last service node in the service path that performs the last service operation and the edge forwarding element performs next hop forwarding on the data message.

This disclosure describes various methods, systems, and devices related to dynamic service node discovery in a network. In an example method, an intermediary node receives a Link Layer Discovery Protocol (LLDP) message from a first node. The LLDP message includes a discovery Type-Length-Value (TLV) that indicates a location of a service node in the network. The method further includes forwarding the LLDP message to a second node.

A method for dynamic routing in a network of connected objects is proposed comprising at least two connection gateways to at least one data transport network. In particular, the method which makes possible for each connection gateway of a network of connected objects to recognize, in real-time, changes in its environment, and to select the message transmission path from one connected object to another that is associated with an optimal level of (transmission) performance.

Systems and methods for establishing a secure connection are described. A server receives a plurality of routing tokens for establishing a service connection between a service node and the server along a network path through a plurality of network devices. The routing tokens can be validated by a corresponding network device. The server transmits a packet including the routing tokens to a first network device. The first network device validates a first routing token associated therewith, then directs the packet along the network path to a second network device, and so forth, until each of the network device receives and validates their routing token. The server establishes a cryptographic context between the service node and server for establishing a secure channel between the service node and the server. The server transmits a service node routing token to the service node via the secure channel for validation.

In one embodiment, an apparatus can include a switch fabric. The apparatus can also include a first edge device operatively coupled to an edge of the switch fabric and having a plurality of ports. The apparatus can also include a second edge device operatively coupled to the edge of the switch fabric and having a plurality of ports, the switch fabric defining a plurality of single-hop paths between the first edge device and the second edge device. The first edge device configured to send to a peripheral processing device operatively coupled to the first edge device a representation of a mapping of a portion of the plurality of ports of the first edge device and a portion of the plurality of ports of the second edge device to a plurality of ports included in a non-edge device represented within a virtual multi-hop network topology.

A method for distributing network function (NF) topology information among proxy nodes and for using the NF topology information for inter-proxy node message routing includes configuring a first proxy node as a leader service communications proxy (SCP). The method further includes configuring a plurality of second proxy nodes as worker proxy nodes. The method further includes registering the worker proxy nodes with the leader SCP. The method further includes subscribing, by the worker proxy nodes and with the leader SCP, to receive NF topology information from the leader SCP. The method further includes, at the leader SCP, receiving NF topology information from the worker proxy nodes and communicating the NF topology information to the worker proxy nodes subscribed to receive the NF topology information. The method further includes, at the worker proxy nodes, using the NF topology information to route messages to proxy nodes serving destination NFs.

A mechanism is disclosed for implementing conditional commands carried by network data packets. A data flow including a data packet is received. The data packet includes a conditional command. A condition and a command are obtained from the conditional command. The mechanism determines that the condition is satisfied. Based on the determination that the condition is satisfied, the command is executed to alter handling of the data flow, alter handling of the data packet, or alter a context for the data flow.