Some embodiments provide a method of performing stateful services that keeps track of changes to states of service nodes to update connection tracker records when necessary. At least one global state value indicating a state of the service nodes is maintained at the edge device. The method generates a record in a connection tracker storage including the current global state value as a flow state value for a first data message in a data message flow. Each time a data message is received for the data message flow, the stored state value (i.e., a flow state value) is compared to the relevant global state value to determine if the stored action may have been updated. After a change in the global state value relevant to the flow the method examines a flow programming table to determine if the flow has been affected by a flow programming instruction(s) that caused the global state value to change.

A route processing method, implemented by a first device, includes: receiving a first route sent by a second network device, where the first route includes a first identifier; allocating, based on the first identifier, a second identifier corresponding to the first route; and sending a second route to a third network device based on the first route, where the second route includes the second identifier. The second network device is located in a first network domain, and the third network device is located in a second network domain.

This invention presents a method to create tunnel portals for exchange of information between client and server partitions by using protected messages. Tunnel portals replace function call APIs in order to achieve full isolation between client and server portals for security. They are capable of performing efficient multiblock data transfers as well as exchanging commands and responses. Client access to tunnel portals is limited at run time and can be priority-based. Servers can have multiple tunnel portals to access multiple subservers.

Techniques are disclosed for an Ethernet Virtual Private Network (EVPN) Virtual Private Wire Service (VPWS) network with service interface-aware forwarding. In one example, a first network device signals to a second network device, using EVPN route advertisements, a multi-service service tunnel to transport network packets for a plurality of services. The services are identifiable by virtual local area network (VLAN) identifiers in the packets. The first network device is configured with a single transport interface for the service tunnel and the single transport interface is configured with respective service interfaces for the services. The first network device detects failure of a failed service interface of the service interfaces and outputs, in response to the failure, an EVPN route withdrawal message for the service tunnel that identifies the service corresponding to the failed service interface.

A method for processing data packets in a communication network includes establishing a path for a flow of the data packets through the communication network. At a node along the path having a plurality of aggregated ports, a port is selected from among the plurality to serve as part of the path. A label is chosen responsively to the selected port. The label is attached to the data packets in the flow at a point on the path upstream from the node. Upon receiving the data packets at the node, the data packets are switched through the selected port responsively to the label.

A Cable Modem Termination System (CMTS) having a gateway configured to output signals on over data tunnels for transfer over a cable network to Customer Premises Equipment (CPE). Each data tunnel is preferably characterized as a one-way data stream of out-of-band (OOB) messaging signals.

Systems and methods for providing multi-perimeter firewalls via a virtual global network are disclosed. In one embodiment the network system may comprise an egress ingress point in communication with a first access point server, a second access point server in communication with the first access point server, an endpoint device in communication with the second access point server, a first firewall in communication with the first access point server, and a second firewall in communication with the second access point server. The first and second firewalls may prevent traffic from passing through their respective access point servers. The first and second may be in communication with each other and exchange threat information.

This application describes a tunnel establishment method. The method may include receiving, by a first network device, a first request message sent by a previous-hop network device, where the first request message is used to request to obtain an RSVP-TE label of the first network device, the first network device supports RSVP-TE and SR-TE, and the previous-hop network device supports RSVP-TE. The method may also include that when the first network device determines that at least one network device in downstream network devices of the first network device on a path of a to-be-established tunnel supports SR-TE, establishing an SR-TE tunnel from the first network device to a second network device in the at least one network device, and generating a tunnel identifier used to identify the SR-TE tunnel. Furthermore, the method may include sending, by the first network device, a first response message to the previous-hop network device, where the first response message includes the tunnel identifier.

Aspects of the subject disclosure may include, for example, storing, in a database, subscriber information associated with a plurality of subscribers of a wireless carrier, the subscriber information comprising first subscriber information associated with a first subscriber of the wireless carrier, the first subscriber information comprising first configuration data for a first router of the first subscriber, the first router being located at a first physical location; wirelessly receiving from a second router of the first subscriber, via a wireless service of the wireless carrier, a first registration request made by the second router, the second router being located at a second physical location; responsive to receiving the first registration request, generating first provisioning information, the first provisioning information being based at least in part upon the first configuration data for the first router that is stored in the database; and wirelessly sending to the second router, via the wireless service of the wireless carrier, the first provisioning information, the first provisioning information enabling the first router and the second router to communicate with one another via the wireless service through a first tunnel mechanism. Other embodiments are disclosed.

Various embodiments provide a packet transmission method and an apparatus. In those embodiments, a first device supports a first protocol layer, and replicates a packet at the first protocol layer. A second device supports a second protocol layer, and deduplicates the packet at the second protocol layer. When receiving a first packet, a first access device converts a sequence number of the first protocol layer in the first packet into a sequence number of the second protocol layer, and then sends, to the second device, a second packet that carries the sequence number of the second protocol layer and a data packet of the first packet. For example, if the first access network device receives two packets having same data packets, the first access network device separately coverts sequence numbers in the two packets without performing operations of first deduplicating and then replicating the packet.