A packet processing method, including receiving a first packet from a first switch, where the first packet belongs to a service flow that flows from a first device to a second device, determining a service chain through which the service flow passes, determining a forwarding path of the service flow according to the service chain through which the service flow passes, modifying the first packet to obtain a second packet, where the second packet belongs to the service flow, and a valid payload of the second packet includes a valid payload of the first packet and forwarding path indication information, generating a first flow table according to the forwarding path of the service flow, controlling a communications interface to send the first flow table to the first switch, and sending the second packet to the first switch.

A disclosed method may include (1) receiving, at a local gateway device included in a network, a query message that initiates a topology discovery process from a remote gateway device included in the network, (2) identifying, within the query message, at least one characteristic of a first interface included on the remote gateway device, (3) selecting, for the first interface, a second interface included on the local gateway device based at least in part on the characteristic of the first interface identified within the query message, and then (4) sending, to the remote gateway device, a response message that (A) includes at least one characteristic of the second interface included on the local gateway device and (B) enables the remote gateway device to map the first interface to the second interface in connection with the topology discovery process. Various other apparatuses, systems, and methods are also disclosed.

Systems and techniques are described for creating a software-defined wide-area-network (SD-WAN) enabled network fabric for containers. Embodiments can configure one or more virtual networks on a network node, wherein the one or more virtual networks are used for creating the SD-WAN enabled network fabric for containers. Next, the embodiments can deploy a virtual gateway on the network node by executing the virtual gateway image. The embodiments can then create a container network interface configuration based on network address information of the one or more virtual networks and the virtual gateway, and execute the container network interface configuration, thereby enabling containers on the network node to communicate via the SD-WAN enabled network fabric.

A method includes: a controller node receiving, via a message sent on a first segment of a control session path, identity information of at least one specific network termination node, or of an access node port of a specific line termination node used by the at least one specific network termination node; upon a lookup request message being sent to at least one repository node or repository functionality by the controller node, a lookup response message being sent by the at least one repository node or repository functionality, based on the identity information, the lookup response message comprising an indication of a specific external service edge node; and based on the indication of the specific external service edge node, set up or establishment of a second segment of the control session path towards the specific external service edge node being performed.

Systems and methods are disclosed for configuring a communications network. In disclosed embodiments, a set of permissible service link decompositions and a set of basic service links may be obtained for the communications network. A spanning subset of service links for the communications may be generated. Generation of the spanning subset may include selecting a decomposition of a first service link from a set of permissible service link decompositions; updating the set of permissible service link decompositions based on the selected decomposition; and updating the set of basic service links using the updated set of permissible service link decompositions. In some embodiments, obtaining the set of permissible service link decompositions can include generating a set of permissible service link decompositions by traversing decomposition graphs generated for each of the service links. In some embodiments, the communications network can be configured to satisfy network demands using the spanning subset.

A method includes: a controller node receiving, via a message sent on a first segment of a control session path, identity information of at least one specific network termination node, or of an access node port of a specific line termination node used by the at least one specific network termination node; upon a lookup request message being sent to at least one repository node or repository functionality by the controller node, a lookup response message being sent by the at least one repository node or repository functionality, based on the identity information, the lookup response message comprising an indication of a specific external service edge node; and based on the indication of the specific external service edge node, set up or establishment of a second segment of the control session path towards the specific external service edge node being performed.

Aspects of the embodiments are directed to systems, apparatuses and methods performed at a network element. Embodiments include receiving a packet; identifying a hop number for the network element; identifying a unique identifier for the network element; determining a path identifier based on the hop number and the unique identifier; augmenting the packet metadata with the path identifier; and transmitting the packet to a next network element.

A Self-Describing Packet block (SDPB) is defined that allows concurrent processing of various fixed headers in a packet block defined to take advantage of multiple cores in a networking node forwarding path architecture. SPDB allows concurrent processing of various pieces of header data, metadata, and conditional commands carried in the same data packet by checking a serialization flag set upon creation of the data packet, without needing to serialize the processing or even parsing of the packet. When one or h more commands in one or more sub-blocks may be processed concurrently, the one or more commands are distributed to multiple processing resources for processing the commands in parallel. This architecture allows multiple unique functionalities each with their own separate outcome (execution of commands, doing service chaining, performing telemetry, allows virtualization and path steering) to be performed concurrently with simplified packet architecture without incurring additional encapsulation overhead.

A method for dynamic routing in a network of connected objects is proposed comprising at least two connection gateways to at least one data transport network. In particular, the method which makes possible for each connection gateway of a network of connected objects to recognize, in real-time, changes in its environment, and to select the message transmission path from one connected object to another that is associated with an optimal level of (transmission) performance.

Systems and methods for establishing a secure connection are described. A server receives a plurality of routing tokens for establishing a service connection between a service node and the server along a network path through a plurality of network devices. The routing tokens can be validated by a corresponding network device. The server transmits a packet including the routing tokens to a first network device. The first network device validates a first routing token associated therewith, then directs the packet along the network path to a second network device, and so forth, until each of the network device receives and validates their routing token. The server establishes a cryptographic context between the service node and server for establishing a secure channel between the service node and the server. The server transmits a service node routing token to the service node via the secure channel for validation.