Techniques for migrating a plurality of communications services in a data communication network are disclosed. Aspects include accessing a migration map for the plurality of communications services in the data communication network; identifying a communications dependency between a first service and a second service in the plurality of communications services, wherein according to the migration map the first service is configured to migrate from a first route to a second route, the second service is configured to migrate from a third route to a fourth route, and the third route overlaps with the second route; determining, based on the identified communications dependency, a migration sequence for migrating the plurality of communications services in the data communication network; and migrating the plurality of communications services from a first plurality of configurations to a second plurality of configurations according to the migration sequence.

Techniques for migrating a plurality of communications services in a data communication network are disclosed. Aspects include accessing a migration map for the plurality of communications services in the data communication network; identifying a communications dependency between a first service and a second service in the plurality of communications services, wherein according to the migration map the first service is configured to migrate from a first route to a second route, the second service is configured to migrate from a third route to a fourth route, and the third route overlaps with the second route; determining, based on the identified communications dependency, a migration sequence for migrating the plurality of communications services in the data communication network; and migrating the plurality of communications services from a first plurality of configurations to a second plurality of configurations according to the migration sequence.

A method for establishing a fully private, information theoretically secure interconnection between a source and a destination over a data network with at least a portion of a public infrastructure. The method comprising at the source creating n shares of a source data according to a predetermined secret sharing scheme, and encrypting the n shares using (n,k) secret sharing. Further, defining for at least one node v.sub.i a directed edge (v.sub.i1, v.sub.i2) that has a k1 capacity. All outgoing links of v.sub.i are connected to v.sub.i2. Additionally, using a maximum flow algorithm to define the maximum number of shares outgoing from v.sub.i2, and therefore from v.sub.i, on each outgoing link. The number of shares forwarded by node v.sub.i does not exceed the number of maximum shares that were defined by the maximum flow algorithm.

A method for acquiring a cross-domain separation path includes: when receiving a cross-domain separation path computation request, acquiring K pairs of candidate separation domain sequences according to a cross-domain network abstraction topology; traversing the K pairs of sequences, generating corresponding intra-domain path computation requests for various domains through which candidate separation domain sequences in the network pass to transmit; when receiving at least one pair of intra-domain paths for the request, configuring each of the at least one pair of intra-domain paths to a corresponding position in the K pairs of sequences, to form K pairs of candidate cross-domain separation paths; and determining one pair of cross-domain separation paths from the K pairs of paths as a computation result of the cross-domain separation path computation request to transmit. There are also disclosed another method for acquiring a cross-domain separation path, a path computation element, and a computer storage medium.

Techniques for migrating a plurality of communications services in a data communication network are disclosed. Aspects include accessing a migration map for the plurality of communications services in the data communication network; identifying a communications dependency between a first service and a second service in the plurality of communications services, wherein according to the migration map the first service is configured to migrate from a first route to a second route, the second service is configured to migrate from a third route to a fourth route, and the third route overlaps with the second route; determining, based on the identified communications dependency, a migration sequence for migrating the plurality of communications services in the data communication network; and migrating the plurality of communications services from a first plurality of configurations to a second plurality of configurations according to the migration sequence.

A method for establishing a fully private, information theoretically secure interconnection between a source and a destination, over an unmanaged data network with at least a portion of a public infrastructure. Accordingly, n shares of the source data are created at the source according to a predetermined secret sharing scheme and the shares are sent to the data network, while encrypting the sent data using (n,k) secret sharing. A plurality of intermediating nodes are deployed in different locations over the network, to create a plurality of fully and/or partially independent paths in different directions on the path from the source to the destination, and with sufficient data separation. Then, the shares are sent over the plurality of fully and/or partially independent paths while forcing shares' carrying packets to pass through selected intermediate nodes, such that no router at any intermediating nodes intercepts k or more shares.

Networks comprising multiple non-overlapping communication topologies are presented. The networks can include a fabric of interconnected network nodes capable of providing multiple communication paths among edge devices. A topology manager constructs communication topologies according to restriction criteria based on required security levels (e.g., top secret, secret, unclassified, etc.). Established topologies do not have overlapping networking infrastructure to within the bounds of the restriction criteria as allowed by the security levels.

Networks comprising multiple non-overlapping communication topologies are presented. The networks can include a fabric of interconnected network nodes capable of providing multiple communication paths among edge devices. A topology manager constructs communication topologies according to restriction criteria based on required security levels (e.g., top secret, secret, unclassified, etc.). Established topologies do not have overlapping networking infrastructure to within the bounds of the restriction criteria as allowed by the security levels.

A method for acquiring a cross-domain separation path includes: when receiving a cross-domain separation path computation request, acquiring K pairs of candidate separation domain sequences according to a cross-domain network abstraction topology; traversing the K pairs of sequences, generating corresponding intra-domain path computation requests for various domains through which candidate separation domain sequences in the network pass to transmit; when receiving at least one pair of intra-domain paths for the request, configuring each of the at least one pair of intra-domain paths to a corresponding position in the K pairs of sequences, to form K pairs of candidate cross-domain separation paths; and determining one pair of cross-domain separation paths from the K pairs of paths as a computation result of the cross-domain separation path computation request to transmit. There are also disclosed another method for acquiring a cross-domain separation path, a path computation element, and a computer storage medium.

There is provided mechanisms for routing packets between a terminal device and a control system node via intermediate nodes on wireless paths in a wireless network. A method includes obtaining information on disturbances of wireless paths used for communicating packets of a traffic flow between the intermediate nodes in the wireless network. The method includes determining, based on the information on disturbances, mutual correlation between the disturbances of the wireless paths. The method includes routing the packets of the traffic flow between the terminal device and the control system node via some of the intermediate nodes and along disjoint wireless paths, whereby the packets are transmitted in parallel on the disjoint wireless paths, and wherein the disjoint wireless paths have mutual correlation not higher than a threshold correlation value.