The present technology is directed to controlling and managing resources both in Software-Defined Cloud Interconnect (SDCI) providers and cloud service providers via a single network controller and further connecting virtual networks in a branch site to virtual networks in the cloud service providers. A network controller can establish a network gateway in an SDCI provider, establish a cross-connectivity between the network gateway in the SDCI provider and one or more clouds, group one or more virtual networks in the one or more clouds and one or more virtual networks in a branch site into a tag, and establish a connection between the one or more virtual networks in the one or more clouds and the one or more virtual networks in the branch site using the tag.

One or more configuration parameters for an object gateway instance are received at an interface to a provider network, the parameters including an identifier of a first object store of the provider network for which to cache objects in a first object cache of the object gateway instance and an indication of a data transfer mode that controls when objects written to the first object cache are written to the first object store. The one or more configuration parameters are stored in a data store of the provider network and sent to the object gateway instance. A read request that includes the identifier of the first object store and a first object identifier is received from the object gateway instance, and a first object associated with the first object identifier and stored in the first object store is sent to the object gateway instance.

In a method for configuring and managing a Time Sensitive Networking (TSN) network, a network packet is regularly captured and parameters are extracted. The parameters are submitted to a distributed learning model for matching an application according to the parameters, and a network requirement of the application is obtained. Such obtained network requirements are uploaded to a centralized network configuration (CNC) through a message transmission protocol, and a configuration of the network requirement is calculated through the CNC. The configuration calculated by the CNC is received and delivered to a TSN switch, causing the TSN switch to dynamically update the network configuration accordingly.

Techniques for configuring a logical network switch in label-switched networks are provided. In some embodiments, a first network device in a label-switched network is configured with a network address. A second network device in the label-switched network is configured with the same network address. The first network device is configured to use a set of labels for a set of virtual local area networks (VLANs). The second network device is configured to use the same set of labels for the same set of VLANs. The configured first and second network devices appear as a logical network device from the perspective of other network devices in the label-switched network.

Disclosed are a method and a system for EVPN message forwarding, a non-transitory computer-readable storage medium and a terminal device. The method includes: reading an Ethernet segment identifier (ESI) label from a message if the message contains the ESI label after receiving the message from an upstream device, and obtaining a port for an Ethernet segment (ES) corresponding to the ESI label according to the ESI label; reading an egress port for the message; and discarding the message if the port for the ES corresponding to the ESI label obtained according to the ESI label is the same as the egress port for the message.

Some embodiments of the invention provide novel methods for providing a stateful service at a network edge device (e.g., an NSX edge) that has a plurality of north-facing interfaces (e.g., interfaces to an external network) and a plurality of corresponding south-facing interfaces (e.g., interfaces to a logical network). In some embodiments, each interface associated with a different bridge calls a service engine based on identifiers included in data messages received at the interface. Each data message flow is associated with a particular identifier that is associated with a particular service engine instance that provides the stateful service. In some embodiments, the interface that receives a data message identifies a service engine to provide the stateful service and provides the data message to the identified service engine. After processing the data message, the service engine provides the data message to the egress interface associated with the ingress interface.

Synchronization of clocks among computing devices in a network includes determining master/slave relations among the computing devices. Some computing devices (e.g., switches) include trunk ports configured to carry traffic for several logical networks; e.g., virtual local area networks, VLANs. A trunk port can be associated with a master/slave setting for each logical network that it is configured for. Synchronization of clocks among the computing devices further includes running a synchronization sequence between a trunk port and each computing device on each of the logical networks configured on the trunk port.

Synchronization of clocks among computing devices in a network includes determining master/slave relations among the computing devices. Some computing devices (e.g., switches) include trunk ports configured to carry traffic for several logical networks; e.g., virtual local area networks, VLANs. A trunk port can be associated with a master/slave setting for each logical network that it is configured for. Synchronization of clocks among the computing devices further includes running a synchronization sequence between a trunk port and each computing device on each of the logical networks configured on the trunk port.

This disclosure describes techniques that include collecting flow data associated with communications between network devices, and determining, based on the flow data, one or more virtual networks over which the communications are taking place. In one example, this disclosure describes a system configured to perform operations comprising: storing virtual network configuration information associated with a first virtual network and a second virtual network established within a network; collecting underlay flow data associated with communications between a first server and a second server, wherein each of the first server and the second server are implemented as bare metal servers; determining, based on the underlay flow data and the stored virtual network configuration information, that the first server and the second server have communicated over the first virtual network; and generating a user interface.

Some embodiments of the invention provide a method for micro-segmenting traffic flows in a software defined wide area network (SD-WAN). At a first edge forwarding node of a first multi-machine site in the SD-WAN, the method receives, from a particular forwarding element, a first packet of a packet flow originating from a second multi-machine site that is external to the SD-WAN, the packet flow destined for a particular machine at the first multi-machine site. The method uses deep packet inspection (DPI) on the first packet to identify contextual information not provided by the particular forwarding element about the first packet and the packet flow. Based on the identified contextual information, the method applies one or more policies to the first packet before forwarding the first packet to the particular machine.