Methods and systems of a disaggregated optical transport network (OTN) switching system that include using plug-in universal (PIU) modules each having multiple ports for OTN to Ethernet transceiving and an Ethernet fabric as a switching core are disclosed. An OTN over Ethernet module in each of the PIU modules may enable various OTN functionality to be realized using the Ethernet fabric which may include multiple Ethernet switches. An ith port of the multiple ports of each PIU module may be connected to the ith Ethernet switch of each of the Ethernet switches. A PIU module may be associated with a respective sequential order of the Ethernet switches. The PIU module may transmit an Ethernet packet from an ith port of the PIU module corresponding to the ith Ethernet switch, where the ith port is selected based on the respective sequential order of the Ethernet switches.

A network switch for network communications includes an embedded programmable state machine to monitor data flows through the switch. The programmable state machine is configured to retain selectable states of selectable data packet fields. Programmable switch logic operative with the programmable state machine is configured to output one or more potential actions to be taken based on a selectable computation of detected selectable states. The programmable state machine can be implemented with either table lookups or flexible logic.

A software-defined network (SDN) system, device and method comprise one or more input ports, a programmable parser, a plurality of programmable lookup and decision engines (LDEs), programmable lookup memories, programmable counters, a programmable rewrite block and one or more output ports. The programmability of the parser, LDEs, lookup memories, counters and rewrite block enable a user to customize each microchip within the system to particular packet environments, data analysis needs, packet processing functions, and other functions as desired. Further, the same microchip is able to be reprogrammed for other purposes and/or optimizations dynamically.

Techniques for configuring shared routing tables for network devices are provided. In some embodiments, a shared routing context is configured to include common routes across several local routing contexts. When a first packet is received at a first local routing context that is to be routed using one of the common routes, NAT operations may be performed on the first packet and then the shared routing context is used to process the first packet. Similarly, when a second packet is received at a second local routing context that is to be routed using the same common route, NAT operations may be performed on the second packet and then the shared routing context is used to process the second packet.

Disclosed is a load balancing method, the method comprising: for an exchange device at every level, before transmitting each cell, querying a unicast forwarding table according to the ID number of a target access device so as to obtain all links accessing the target access device; and in the all links, polling the cell transmitted to the corresponding target access device. Also disclosed are a load balancing device and storage medium.

Some embodiments provide a method for processing a packet received by a managed forwarding element. The method performs a series of packet classification operations based on header values of the received packet. The packet classifications operations determine a next destination of the received packet. When the series of packet classification operations specifies to send the packet to a network service that performs payload transformations on the packet, the method (1) assigns a service operation identifier to the packet that identifies the service operations for the network service to perform on the packet, (2) sends the packet to the network service with the service operation identifier, and (3) stores a cache entry for processing subsequent packets without the series of packet classification operations. The cache entry includes the assigned service operation identifier. The network service uses the assigned service operation identifier to process packets without performing its own classification operations.

Mechanisms are provided for performing an operation on a received data packet. A data packet is received and a hash operation on a header field value of a header of the data packet is performed to generate a hash value. A lookup operation is performed in a hash table associated with a type of the header field value to identify a hash table entry. A bit string associated with the hash table entry is retrieved, where each bit in the bit string corresponds to a class of rules of a rule set of a firewall. A matching operation of the header field value to rules in classes of rules corresponding to bits set in the bit string is performed to select one or more search trees. Operations are performed based on rules in the classes of rules being matched by header field value of the data packet.

A SCI (Split, Compression and Intersection) packet classifier, wherein the SCI packet classifier comprises a construction module to generate rule ID array, N pairs of ISG and three binary search trees, and a lookup engine to look up the binary search trees and ISGs to find the highest priority rule matching the incoming packet and to output a corresponding rule ID.

Systems and methods for processing inbound and outbound secure packet traffic are provided herein. A first lookup operation can be performed to identify a security association corresponding to a received packet. A second lookup operation can be performed to determine a security parameters index associated with the packet and the identified security association. The packet can be processed in accordance with the security association and the security parameters index.

Aspects of the embodiments include receiving a packet at a network element of a packet-switched network; identifying a presence of a shared service destination address in a header of the packet; identifying a shared service destination address for the packet based, at least in part, on a destination internet protocol (IP) address stored in a forward information base; and forwarding the packet to the shared service destination address.