Cloud delivered access may be provided. A network device may provide a client device with a pre-authentication virtual network and a pre-authentication address. Next, a policy may be received in response to the client device authenticating. The client device may then be moved to a post-authentication virtual network based on the policy. A post-authentication address may then be obtained for the client device in response to moving the client device to a post-authentication virtual network. Traffic for the client device may then be translated to the post-authentication address.

A method for operating a network that includes network functions that have a data-plane separated from a control-plane is provided. The network function of the network functions include network function components. The network function components include a control plane function and data plane functions. During runtime and in case of a predefined state of a first data plane function of the data plane functions, an existing subscription context of the first data plane function and associated data-plane traffic are offloaded to a second data plane function of the data plane functions.

Example methods and computer systems for packet handling for active-active stateful service insertion are disclosed. One example may involve in response to detecting a first packet from a first active logical service router (SR), a computer system generating and storing state information that associates (a) the first active logical SR and (b) first tuple information specified by the first packet. The first active logical SR and a second active logical SR may be both associated with the service endpoint address and configured to operate in an active-active mode. In response to detecting the second packet from a destination responsive to the first packet, the computer system may select the first active logical SR over the second active logical SR based on the state information and second tuple information specified by the second packet; and send the second packet towards the first active logical SR for processing according to a stateful service.

A system and method are disclosed for enabling interoperability between asymmetric and symmetric Integrated Routing and Bridging (IRB) modes. A system is configured to receive a route advertisement, examine the label fields of the route advertisement, and determine whether Layer 2 or Layer 3 information is conveyed. The system is further configured to build a route advertisement to advertise to a second device based on whether Layer 2 or Layer 3 information is conveyed in the first route advertisement.

A packet processing method, a device, and a system are disclosed. In the method, a first provider edge (PE) device receives a first virtual extensible local area network (VXLAN) packet through a first point-to-point (P2P) VXLAN tunnel between the first PE device and a third PE device A customer edge (CE) device is dual-homed to the first PE device and a second PE device respectively through a first Ethernet link and a second Ethernet link. The first PE device forwards the first VXLAN packet to the second PE device through a third P2P VXLAN tunnel from the first PE device to the second PE device when there is a fault on the first Ethernet link. The first Ethernet link connected to the first PE device and a link formed by the third P2P VXLAN tunnel and the second Ethernet link have a primary/secondary relationship.

Techniques described herein provide for fast updating of a forwarding table in a single active multihoming configuration. A first network device that is not connected to an ethernet segment (ES), receives a plurality of ES routes (e.g., EVPN type-4 routes) from a plurality of network devices that are connected to a host via the ES. When connectivity is lost to a designated forwarded for the ES, the first network device performs a designated forwarding election algorithm based on the plurality of received ES routes, to identify that a second network device of the plurality of network devices is designated as a new forwarding device. The first network device modifies an entry in a forwarding table to indicate that the host is now reachable via the second network device.

A broadband connection method includes a virtual broadband network gateway (vBNG)-control plane (CP) that receives first indication information from a user plane selection function (USF), where the first indication information indicates a second vBNG-user plane (UP) that replaces a first vBNG-UP when the first vBNG-UP is faulty. The vBNG-CP sends a user entry to the second vBNG-UP based on the first indication information, where the user entry is used by the second vBNG-UP to enable a user to access a network based on the user entry when the first vBNG-UP is faulty such that when a user plane is faulty, broadband access of a user is not interrupted, and the user can continue to access a network.

A method for identifying VLANs associated with a network includes gathering actual network element configuration data from a plurality of network elements in the network, wherein the actual network element configuration data identifies one or more VLANs that at least some of the plurality of network elements are actually allocated to; correlating the actual network element configuration data with administrative VLAN data; and determining one or more VLANs that are not commonly identified in both the actual network element configuration data and the administrative VLAN data. A system includes a network monitoring system operable to gather actual network element configuration data from a plurality of network elements at one or more logical network sites, wherein the actual network element configuration data identifies one or more VLANs that at least some of the plurality of network elements are actually allocated to; and a VLAN services module operable to correlate the actual network element configuration data with administrative VLAN data, and further operable to determine one or more VLANs that are not commonly identified in both the actual network element configuration data and the administrative VLAN data.

This disclosure describes techniques for improved port mirroring over Ethernet Virtual Private Network (EVPN) Virtual eXtensible Local Area Network (VXLAN). For example, a method includes receiving, by a first network device of a plurality of network devices of a leaf and spine network configured with an Ethernet Virtual Private Network and from a second network device of the plurality of network devices, an extended routing message including information indicating the second network device is connected to an analyzer, and wherein the plurality of network devices is configured with a Virtual Local Area Network (VLAN) for which the analyzer is configured to analyze packets. The method also includes configuring, within forwarding information of the first network device and in response to receiving the extended routing message advertised by the second network device, a next hop that specifies packets associated with the VLAN are to be forwarded to the second network device.

Implementations of the present disclosure relate to packet fragmentation in Generic Routing Encapsulation (GRE). A method comprises in accordance with a determination that the target packet is to be fragmented, generating at least two packets from the target packet. The at least two packets comprise an Internet Protocol (IP) header, a GRE header and a fragment of the payload of the target packet, respectively. The GRE header comprises a fragment indication indicating that the respective packet comprises a respective fragment of the payload of the target packet. The method further comprises transmitting the at least two packets to a second network device. In this way, the packet fragment dropping due to security policies will be avoided.