Apparatuses and methods enable connecting tunnels channeling data flow from a user terminal and to a mobile network through a virtual switch in a network device which is configured to provide a service by processing data in the data flow. A method performed by a device having one or more processors includes establishing a first tunnel between the device and a node of the mobile network, and a second tunnel between the device and another network device of the mobile network, the first tunnel and the second tunnel operating according to Internet protocols. The method further includes connecting the first tunnel to the second tunnel using a virtual switch running on the device, and connecting a virtual machine running on the device to the virtual switch, the virtual machine being configured to provide a service by processing data in the data flow.

A cloud extension agent can be provided on a customer premise for interfacing, via an outbound secure connection, cloud based services.

Many hybrid cloud topologies require virtual machines in a public cloud to use a router in a private cloud, even when the virtual machine is transmitting to another virtual machine in the public cloud. Routing data through an enterprise router on the private cloud via the internet is generally inefficient. This problem can be overcome by placing a router within the public cloud that mirrors much of the routing functionality of the enterprise router. A switch configured to intercept address resolution protocol (ARP) request for the enterprise router's address and fabricate a response using the MAC address of the router in the public cloud.

Systems and methods for managing a global virtual network connection between an endpoint device and an access point server are disclosed. In one embodiment the network system may include an endpoint device, an access point server, and a control server. The endpoint device and the access point server may be connected with a first tunnel. The access point server and the control server may be connected with a second tunnel.

Described embodiments provide systems and apparatuses for enhanced quality of service, steering and policy enforcement for https traffic via intelligent in-line path discovery of a TLS terminating node. The system may include a first network device having a secure connection traversing through the first network device, and in communication with a second network device. The first network device and the second network device may be intermediary to a client device and a server. The first network device may determine that the second network device terminates the secure connection. The first network device may receive key generation information of the secure connection from the second network device following determining the second network device terminates the secure connection. The first network device may decipher packet(s) of the secure connection destined for the device or the server using the received key generation information, to regulate network traffic of the secure connection at the first network device.

This application discloses a packet processing method and an LSR. The method includes: receiving, by an Ingress LSR of a first MPLS tunnel, a first notification packet that is based on an IGP, where the first notification packet includes an ELC flag, which is used to indicate that the first Egress LSR has ELC; after learning from the first notification packet that the first Egress LSR has ELC, inserting a label into a first packet, to generate a second packet, where the label forms an MPLS label stack, which includes, from bottom to top, a first EL, a first ELI, and a first TL; and sending the second packet to the first Egress LSR through the first MPLS tunnel.

Apparatuses and methods enable connecting tunnels channeling data flow from a user terminal and to a mobile network through a virtual switch in a network device which is configured to provide a service by processing data in the data flow. A method performed by a device having one or more processors includes establishing a first tunnel between the device and a node of the mobile network, and a second tunnel between the device and another network device of the mobile network, the first tunnel and the second tunnel operating according to Internet protocols. The method further includes connecting the first tunnel to the second tunnel using a virtual switch running on the device, and connecting a virtual machine running on the device to the virtual switch, the virtual machine being configured to provide a service by processing data in the data flow.

A method includes allocating an identifier to each of a plurality of policies each comprising a network-isolation identifier associated with a VXWAN directive and transmitting each of the plurality of policies to one or more devices in a network.

Systems and methods, in a Label Edge Router (LER) which includes one or more ports and a switching fabric therebetween, include, responsive to a request for a Label Switched Path (LSP) tunnel with a specified DiffServ Traffic Engineering (DSTE) Class Type, signaling a PATH message via a port for the LSP tunnel in a Multiprotocol Label Switching (MPLS) network; incorporating a FAST_REROUTE object in the PATH message which indicates Facility Bypass is desired; and incorporating the DSTE Class Type in the FAST_REROUTE object of the PATH message for a Point of Local Repair (PLR) node in the MPLS network to ensure a Facility Bypass tunnel used for the LSP tunnel supports the specified DSTE Class Type.

In one embodiment, a method includes: obtaining a multi-protocol schedule, wherein the multi-protocol schedule includes scheduling information characterizing packets associated with a plurality of wireless protocols, wherein each of the plurality of wireless protocols is associated with a respective virtual gateway of a plurality of virtual gateways; detecting, by a wireless transceiver, a first packet related to a first wireless protocol of the plurality of wireless protocols based on the multi-protocol schedule; and transmitting, by the wireless transceiver, the first packet related to the first wireless protocol to a first virtual gateway of the plurality of virtual gateways. According to some embodiments, the method is performed by a device (e.g., a MAC preprocessor) that includes a wireless transceiver, one or more processors, and non-transitory memory.