Some embodiments provide a method for a network controller that manages multiple logical networks implemented by multiple managed forwarding elements (MFEs) operating on multiple host machines. The method receives a notification from a particular MFE that an interface corresponding to a logical port of a logical forwarding element has connected to the particular MFE and has a particular logical network address. The method assigns a unique physical network address to the interface. Each of multiple interfaces connected to the particular MFE is assigned a different physical network address. The method provides the assigned unique physical network address to the particular MFE for the particular MFE to convert data messages sent from the particular logical network address to have the unique physical network address.

A method for a hypervisor to implement flow-based local egress in a multisite datacenter is disclosed. The method comprises: determining whether a first data packet of a first data flow has been received. If the first data packet has been received, then the hypervisor determines a MAC address of a first local gateway in a first site of a multisite datacenter that communicated the first data packet, and stores the MAC address of the first local gateway and a 5-tuple for the first data flow. Upon determining that a response for the first data flow has been received, the hypervisor determines whether the response includes the MAC address of the first local gateway. If the response includes a MAC address of another local gateway, then the hypervisor replaces, in the response, the MAC address of another local gateway with the MAC address of the first local gateway.

An apparatus comprising means for performing: receiving, from a first client, a call request comprising address information for calling at least one second client, the address information comprising a Functional Alias, wherein the Functional Alias is activated by the at least one second client; in response to receiving the call request at the apparatus, sending, to a server, a request to re-solve the Functional Alias to at least one Mission Critical Push to Talk Identifier of the at least one second client that has activated the Functional Alias; receiving, at the apparatus from the server, the at least one Mission Critical Push to Talk Identifier of the at least one second client; sending, from the apparatus, a call request to the at least one second client using the at least one Mission Critical Push to Talk Identifier of the at least one second client.

A system and method for configuring components added to a network is disclosed. The method includes detecting, by a first hypervisor of a first host machine, that a second host machine having a second hypervisor is being added to a cluster of host machines comprising the first host machine, and identifying a plurality of network connections of the first hypervisor, each network connection being associated with one of a plurality of networks connecting hypervisors on host machines in the cluster, each network connection of the first hypervisor having a set of configuration settings. The method also includes generating, for each network connection, a message including a set of configuration settings of a corresponding network connection of the first hypervisor, and transmitting the message on a respective network to a second hypervisor to facilitate configuration of a corresponding network connection of the second hypervisor.

This application provides a key distribution method, an apparatus, and a system, includes: determining, by an identity management server based on AAA authentication information, whether AAA authentication on the terminal succeeds; if the AAA authentication succeeds, sending the ID of the terminal to a key management server; and generating, by the key management server, a private key of the terminal and returning the private key to the management server. After negotiating with the terminal to generate a first key, the identity management server encrypts the ID and the private key of the terminal, and sends an encrypted ID and an encrypted private key to the terminal. The terminal obtains the ID and the private key of the terminal. According to the key distribution method, apparatus, and system provided in this application, communication security performance of the terminal during ID-based registration authentication is improved.

A method, apparatus and system for providing process-level forensics for a plurality of application containers includes for each of the plurality of application containers; monitoring forensics information of the application container, encoding the monitored forensics information using an encoder of a predetermined encoder/decoder pair to determine a forensics model, decoding the forensics model to determine a reconstructed representation of the forensics information, comparing the reconstructed representation of the forensics information to the monitored forensics information to determine an error and comparing the error to a threshold to determine if an error above the threshold exists. If the error is below the threshold, the forensics model is communicated to a higher-level manager to be used for higher-level management. If the error is above the threshold, the monitored forensics information of the application container is also communicated to the higher-level manager. The predetermined encoder/decoder pair is determined using an autoencoding process.

Techniques are described for managing communications between multiple computing nodes, such as for computing nodes that are part of managed virtual computer networks provided on behalf of users or other entities. In some situations, one or more of the computing nodes of a managed virtual computer network is configured to perform actions to extend capabilities of the managed virtual computer network to other computing nodes that are not part of the managed virtual computer network, such as by forwarding communications between computing nodes of the managed virtual computer network and the other external computing nodes so as to enable the other external computing nodes to participate in the managed virtual computer network. In some situations, the computing nodes may include virtual machine nodes hosted on one or more physical computing machines or systems, such as by or on behalf of one or more users.

Techniques are described for managing communications between multiple computing nodes, such as for computing nodes that are part of managed virtual computer networks provided on behalf of users or other entities. In some situations, one or more of the computing nodes of a managed virtual computer network is configured to perform actions to extend capabilities of the managed virtual computer network to other computing nodes that are not part of the managed virtual computer network, such as by forwarding communications between computing nodes of the managed virtual computer network and the other external computing nodes so as to enable the other external computing nodes to participate in the managed virtual computer network. In some situations, the computing nodes may include virtual machine nodes hosted on one or more physical computing machines or systems, such as by or on behalf of one or more users.

It is presented a method for configuring a network path. The method is performed in a routing control device of a software defined network and comprises the steps of: receiving a first node packet originating from a first node of the software defined network, the first node packet forming part of an ARP exchange between an ARP requester and an ARP responder, the first node packet comprising a request for network properties encoded in a first address; determining a network path through the software defined network; changing a source address of a packet to the ARP requester to be a second address; configuring all switches forming part of the network path, to route packets in accordance with the network path; and configuring an edge switch to replace, for all packets having a destination address being equal to the second address, the destination address with an address of the ARP responder.

It is presented a method for configuring a network path. The method is performed in a routing control device of a software defined network and comprises the steps of: receiving a first node packet originating from a first node of the software defined network, the first node packet forming part of an ARP exchange between an ARP requester and an ARP responder, the first node packet comprising a request for network properties encoded in a first address; determining a network path through the software defined network; changing a source address of a packet to the ARP requester to be a second address; configuring all switches forming part of the network path, to route packets in accordance with the network path; and configuring an edge switch to replace, for all packets having a destination address being equal to the second address, the destination address with an address of the ARP responder.