A method includes allocating an identifier to each of a plurality of policies each comprising a network-isolation identifier associated with a VXWAN directive and transmitting each of the plurality of policies to one or more devices in a network.

Method and system for Internet Protocol (IP) provisioning over a cable network. The method and system including a plurality of embedded settop boxes (eSTBs) of at least two different vendors requesting IP provisioning according to a first protocol. The method and system further including a network provisioning unit (NPU) in communication with the eSTBs over the network for responding to the eSTB IP provisioning requests with IP provisioning data, wherein the eSTB IP provisioning data is outputted according to the first protocol such that provisioning of the eSTBs is standard for each vendor in so far as each eSTB utilizes the first protocol for provisioning.

Some embodiments of the invention provide a method for adding routable subnets to a logical network that connects multiple machines and is implemented by a software defined network (SDN). The method receives an intent-based API that includes a request to add a routable subnet to the logical network. The method defines (i) a VLAN (virtual local area network) tag associated with the routable subnet, (ii) a first identifier associated with a first logical switch to which at least a first machine in the multiple machines that executes a set of containers belonging to the routable subnet attaches, and (iii) a second identifier associated with a second logical switch designated for the routable subnet. The method generates an API call that maps the VLAN tag and the first identifier to the second identifier. The method provides the API call to a management and control cluster of the SDN to direct the management and control cluster to implement the routable subnet.

A system described herein may provide for the separation of functions associated with a User Plane Function (“UPF”) in a wireless network (e.g., a Fifth Generation (“5G”) network), such that routing devices associated with the wireless network may perform functionality that would otherwise be performed by virtualized hosts or other configurable resources. For example, routing components which form a backhaul or other portion of the network may process traffic according to a suitable set of policies (e.g., Quality of Service (“QoS”) policies, content filtering policies, queueing policies, and/or other policies) instead of transmitting such traffic to a UPF associated with the network core for processing.

Technologies for network interface controllers (NICs) include a compute sled and an accelerator sled in communication over a network. The accelerator sled configures a virtual switch endpoint associated with a remote direct memory access (RDMA) server instance that is associated with a field-programmable gate array (FPGA) of the accelerator sled. The accelerator sled updates local software defined networking (SDN) tables with a virtual tunnel associated with the virtual switch endpoint and a remote compute sled. A virtual switch of the accelerator sled switches virtual tunnel traffic from the remote compute sled to the RDMA server instance, which transfers data to or from the FPGA. The compute sled also updates a local SDN table with the virtual tunnel, and a virtual switch of the compute sled switches virtual tunnel traffic to or from the accelerator sled. Other embodiments are described and claimed.

A method for asynchronous side channel cipher renegotiation includes: establishing, by a first computing device, a first communication channel and a second communication channel with a second computing device, where the first communication channel is an encrypted tunnel and packages exchanged using the encrypted tunnel are encrypted using a first cipher; receiving, by a receiver of the first computing device, a renegotiation request from the second computing device using the second communication channel, where the renegotiation request includes at least a password value and a relative time; generating, by a processor of the first computing device, a second cipher using at least an encryption protocol and the password value; receiving, by the receiver of the first computing device, a new encrypted packet from the second computing device using the first communication channel; and decrypting, by the processor of the first computing device, the new encrypted packet using the second cipher.

A cell site gateway comprises a first interface, a second interface, and a third interface. The first interface is configured to communicate with a cellular base station. The second interface is configured to communicate with a network gateway. The third interface is configured to receive, from a control server, control information for a forwarding layer and comprising a first label and a second label. The forwarding layer is configured to: remove the first label from first packets received from the network gateway via the second interface; attach the second label to second packets received from the cellular base station; and transmit the second packets to the network gateway via the second interface.

A Point of Local Repair (PLR) network element includes one or more ports and circuitry connected thereto for forwarding and control, wherein the circuitry is configured to receive a PATH message for a Label Switched Path (LSP) tunnel in a Multiprotocol Label Switching (MPLS) network with a specified DiffSery Traffic Engineering (DSTE) Class Type, determine the DSTE Class Type based on the PATH message, and store the DSTE Class Type for the LSP tunnel to ensure a Facility Bypass tunnel used for the LSP tunnel supports the specified DSTE Class Type. The circuitry can be further configured to, responsive to a failure of the LSP tunnel, select the Facility Bypass tunnel for the LSP tunnel such that the Facility Bypass tunnel supports the specified DSTE Class Type.

A node in a Segment Routing network includes a plurality of ports and a switching fabric between the plurality of ports, wherein, for an Ethernet Tree (E-tree) service, a port is configured to transmit a packet with a plurality of Segment Identifiers (SID) including a first SID, a second SID, and a third SID, wherein the first SID identifies one of multicast, ingress replication for broadcast, and a destination node including any of a node SID and an anycast SID, wherein the second SID identifies a service including the E-tree service, and wherein the third SID identifies a source of the packet. A second port of the node is connected to a customer edge, and wherein the third SID is based on whether the customer edge is a leaf node or a root node in the E-tree service.

This application discloses a communication method, and relates to the communications field. In the method, a fixed mobile interworking function (FMIF) receives an access request message that carries first authentication information of a fixed network device and that is sent by a broadband network gateway (BNG), where the first authentication information is generated by the BNG based on a dial-up packet sent by the fixed network device, and the first authentication information includes an identifier of the fixed network device. The FMIF encapsulates the first authentication message in a message format supported by a control plane interface between the FMIF and a core network device, to obtain a second authentication message; and the FMIF sends the second authentication message to the core network device through the control plane interface. The core network device performs authentication on the fixed network device based on the second authentication message.