Embodiments of the disclosed techniques include methods, apparatus, and instructions for split-horizon filtering in an Ethernet virtual private network (EVPN), where an EVPN instance includes a plurality of provider edges (PEs) that forward traffic for a plurality of customer edges (CEs). In one embodiment, a method includes advertising a set of single Broadcast, Unknown unicast, or Multicast (BUM) identifiers, each in an Inclusive Multicast Ethernet tag (IMET) route from a PE of the EVPN instance to one other PE within the plurality of PEs, where each PE that shares an Ethernet segment with the PE is advertised with one unique BUM identifier; and forwarding by the PE, BUM packets from another PE of the EVPN instance to one or more CEs coupled to the PE based on a single BUM identifier encapsulated within the BUM packets.

One aspect of the instant application provides a system and method for generating internal traffic for a switch. During operation, the system configures a replication list comprising a plurality of replication entries, with a respective replication entry corresponding to a destination port on the switch. The system generates a seed packet to be replicated for each replication entry in the replication list, with a destination address of a respective replicated packet corresponding to a replication entry. All replicated packets are associated with a virtual local-area network (VLAN) reserved for the internal traffic. The system then forwards the replicated packets along with external packets received by the switch to corresponding destination ports on the switch.

The system determines a first source MAC associated with a switch. The system updates a MAC address table by mapping the first source MAC to a first tag which indicates a source role corresponding to a network infrastructure. A processor associated with the switch generates a first packet which indicates the first source MAC. The system performs a first search in the MAC address table based on the indicated first source MAC to obtain the first tag, and performs a second search in a policy table based on the first tag for a policy which indicates an action to be applied to the first packet. If the second search is not successful, the system modifies a header of the first packet by adding the first tag. If the second search is successful, the system determines that the indicated action comprises allowing the first packet and transmits the first packet.

The present disclosure discloses a two-layer private line network system, a configuration method, and a device. The two-layer private line network system includes a system switch and a POP server connected to each other. The system switch is configured to receive a data packet from a customer service server, add an outer-layer virtual local area network (VLAN) identifier to the data packet, and send the data packet carrying the outer-layer VLAN identifier to the POP server. The POP server is configured to strip off the outer-layer VLAN identifier to restore the data packet sent by the customer service server, and send the restored data packet to another POP server through a two-layer tunnel.

An apparatus connected to a Time-Sensitive Networking (TSN) switch in a TSN network is provided. The apparatus includes a transceiver, a storage medium, and a controller. The storage medium stores a first mapping of a traffic class to a time slot, and a second mapping of a frame type of a TSN stream to the traffic class. The controller is coupled to the transceiver and the storage medium, and is configured to determine a routing path and a Gate Control List (GCL) corresponding to the TSN stream based on a network topology of the TSN network, the first mapping, and the second mapping, and deploy the GCL to each TSN switch in the routing path via the transceiver.

A data transmission method includes receiving, by a user plane function entity, a data packet from a first terminal through an uplink path corresponding to the first terminal, where the data packet carries addressing information of a second terminal; determining, by the user plane function entity based on information about the uplink path corresponding to the first terminal and the addressing information of the second terminal, a downlink path corresponding to the second terminal; and sending, by the user plane function entity, the data packet to the second terminal through the downlink path corresponding to the second terminal.

A technique is configured to utilize messages (e.g., frames) generated by a first layer of a protocol stack for a wireless network to configure network parameters associated with a second layer of the protocol stack for a wired network. The messages are illustratively beacon frames generated by a data link layer of a Transmission Control Protocol/Internet Protocol (TCP/IP) stack for a wireless network, and the network parameters are illustratively IP addresses associated with a network layer of the TCP/IP stack for a wired network. Notably, the beacon frames of the wireless network may be utilized for two-way communication exchange on a per node basis for each node in the wired network.

Examples disclosed herein relate to a method comprising receiving a data packet originating from a first device and intended for a second device, wherein the first device and the first access device belong to a first branch of a Wide Area Network (WAN) using a MPLS overlay and the second device belongs to a second branch of the WAN. The method includes encapsulating the data packet in VXLAN including a VXLAN label identifying a role type and transmitting the data packet to a first core device. The method includes determining an MPLS label corresponding to the role type and transmitting the data packet over the MPLS overlay to a second core device belonging to the second branch of the WAN. The method includes translating the MPLS label into the VXLAN label and transmitting the data packet including the VXLAN label to a second access device for an enforcement action.

Technologies for filtering network traffic on ingress include a network interface controller (NIC) configured to parse a header of a network packet received by the NIC to extract data from a plurality of header fields of the header. The NIC is additionally configured to determine an input set based on the field vector, retrieve a matching list from a plurality of matching lists, and compare the input set to each of the plurality of rules to identify a matching rule of the plurality of rules that matches a corresponding portion of the input set. The NIC is further configured to perform an action on the network packet based on an actionable instruction associated with the one of the plurality of rules that matches the corresponding portion of the input set. Other embodiments are described herein.

Provided are a port configuration method and device, a storage medium, and an electronic device. Said method comprises: receiving a target message, the target message being a message which is transmitted through a physical port of a data link layer and carries target identifier information; searching, in a plurality of access modes supported by the physical port, for a target access mode corresponding to the target identifier information; and configuring the current access mode of the physical port in the data link layer to be the target access mode.