A set of remote Virtual Extensible LAN (VxLAN) tunnel endpoints (VTEPs) and an ingress VTEP associated different Ethernet Segments (ESs) elect amongst themselves designated forwarder (DF) for forwarding broadcast, unknown-unicast, and multicast traffic (BUM) traffic by triggering an RFC 7432 election mechanism on each of the VTEPs. In embodiments, DF election involves exchanging configuration information, such as Type-4 routes for ESs via Border Gateway Protocol (BGP), without being confined to a particular ES that is local to all VTEPs, i.e., irrespective of local ES and internet identifiers. This allows performing targeted forwarding of BUM traffic to intended VTEPs which avoiding unnecessary ingress replication of BUM traffic in the ingress VTEP, thereby, saving hardware buffer resources and avoiding unnecessary flooding of frames to a set of non-forwarding egress VTEPs, ultimately, reducing the load on the egress VTEP and freeing up packet processing resources.

An approach includes providing support multi-tenancy support on a DHCP protocol. The approach includes receiving a dynamic host configuration protocol (DHCP) packet, inserting a tenant-specific option information within the DHCP packet, and transmitting the DHCP packet with the tenant-specific option information.

Embodiments of this application disclose a communication method, and a communications apparatus, device, and system. When customer premise equipment has an overlay virtual network instance, a loopback interface is established in the overlay virtual network instance, and an IP address is allocated to the loopback interface. In addition, the customer premise equipment establishes a transmission path to a server side based on the overlay virtual network instance, and sends a packet to the server side by using the transmission path. The packet includes the IP address of the loopback interface, to register with a server by using the IP address, so that the server can identify the customer premise equipment based on the IP address. In the method, when the customer premise equipment sends the packet by using the transmission path, a source address of the sent packet is the IP address of the loopback interface in the overlay virtual network instance. Therefore, the customer premise equipment can register with the server by using the same IP address, so that the server can uniquely identify the customer premise equipment.

A method for enabling secure communication. The method includes providing a first virtual network function (“VNF”) at a first network location and providing a second VNF at a second network location. A first Layer 3 virtual private network (“L3 VPN”) tunnel is constructed by the first VNF and the second VNF between the first network location and the second network location, and a first local area network (“LAN”) at the first network location and a second LAN at the second network location are connected by the first L3 VPN tunnel. Further provided is a method for establishing a secure communication environment.

A transmit device may generate a first part and a second part that are used to advertise a plurality of pieces of network layer reachable information (NLRI) of pieces of destination end information. The first part includes a common information field corresponding to the pieces of NLRI, the common information field includes same information in the pieces of NLRI, the second part includes private information fields corresponding to the plurality of pieces of NLRI, and each of the private information fields includes information other than the same information in NLRI corresponding to each private information field. The first part and the second part may be carried in an advertisement packet, to implement compression and sending of information used to advertise the pieces of NLRI, thereby improving efficiency of advertising a route by the transmit device without affecting normal running of a service.

Aspects of the subject disclosure may include, for example, instantiating a virtual provider edge router (VPE) of a network operator on a layer 3 public cloud network operated by a cloud operator, establishing a virtual layer 2 bridging domain over the layer 3 public cloud network between a core network of the network operator and the VPE, wherein the virtual layer 2 bridging domain shields infrastructure addressing of the core network of the network operator, and establishing an Interior Gateway Protocol (IGP) of the network operator on top of the virtual layer 2 bridging domain for layer 2 communication between the core network of the network operator and the VPE over the layer 3 public cloud network. Other embodiments are disclosed.

In one embodiment, associated differential processing of decapsulated packets is performed using Service Function Instances (SFIs) identified by Service Function Values (SFVs) derived from their encapsulating transport packets. By using different SFVs associated with different processing policies within a same processing context, one embodiment performs differential processing of streams of packets (arriving in transport packets) as identified by the particular SFV obtained from each particular transport packet. In other words, the processing policy identifies processing performed on the corresponding decapsulated original packet, not processing of the transport packet. Thus, if the original packet is an Internet Protocol (IP) packet, the SFI identifies Layer 3 processing that is performed on the original IP packet. Additionally, one embodiment uses a route advertising protocol (e.g., Border Gateway Protocol) to distribute associations between different SFVs and different addresses in a processing context (e.g., VRF).

Systems and methods include determining one or more Layer 3 Virtual Private Networks (L3VPNs) supported at the router; and advertising the one or more L3 VPNs to one or more routers in the Segment Routing network with each advertisement including a service Segment Identifier (SID) for each of the one or more L3VPNs and one of a node SID for the router or an Anycast SID when the router is connected to a Multi-Home site. The steps can further include transmitting a Layer 3 (L3) packet for an L3 VPN of the one or more L3 VPNs with a destination SID and a service SID of the L3VPN. The advertisement can include encapsulation as an IPv6 prefix containing both the node SID for the router and the service SID, and wherein prefixes are treated as attributes of a route.

Example methods and computer systems for packet handling for active-active stateful service insertion are disclosed. One example may involve a computer system detecting a packet addressed from a source address to a service endpoint address. Based on configuration information associated with the service endpoint address, the computer system may identify a first active logical service router (SR) and a second active logical SR that are both associated with the service endpoint address and configured to operate in an active-active mode. The first active logical SR may be selected over the second active logical SR by mapping tuple information to the first active logical SR. The computer system may generate an encapsulated packet by encapsulating the packet with an outer header addressed to an outer destination address associated with the first active logical SR and send the encapsulated packet towards the first active logical SR for processing according to a stateful service.

Systems, methods, and devices for improved routing operations in a network computing environment. A system includes a virtual customer edge router and a host routed overlay comprising a plurality of host virtual machines. The system includes a routed uplink from the virtual customer edge router to one or more of the plurality of leaf nodes. The system is such that the virtual customer edge router is configured to provide localized integrated routing and bridging (TRB) service for the plurality of host virtual machines of the host routed overlay.