Techniques are described for providing fast reroute for BUM traffic in EVPN. For example, a first provider edge (PE) device, elected as a designated forwarder (DF) of an Ethernet segment, configures a backup path using a label received from a second PE device of the Ethernet segment (e.g., backup DF) that identifies the second PE device as a “protector” of the Ethernet segment. For example, a routing component of the DF configures within a forwarding component a backup path to the second PE device, e.g., installing the label and operation(s) within the forwarding component to cause the forwarding component to add the label to BUM packets received from a core network. Therefore, when an access link to the local CE device has failed, the DF reroutes BUM packets from the core network via the backup path to the second PE device, which sends the BUM packets to the CE device.

A communication system includes multiple Point-of-Presence (POP) interfaces and one or more processors. The multiple POP interfaces are distributed in a Wide-Area Network (WAN) and are configured to communicate with at least a client and a server connected to the WAN. The one or more processors are coupled to the POP interfaces and are configured to (i) assign respective Internet Protocol (IP) addresses to the client and to the server, including embedding state information in the assigned IP addresses, and (ii) route traffic over the WAN between the client and the server, in a stateless manner, based on the state information embedded in the IP addresses.

An example embodiment may involve a network interface configured to transmit and receive frames. The embodiment may also involve a network protocol stack configured to: (i) perform encapsulation of outgoing messages into outgoing frames for transmission by way of the network interface, or (ii) perform decapsulation of incoming frames received by way of the network interface into incoming messages. The embodiment may also involve a parsing and validation module configured to: (i) receive representations of the incoming or the outgoing messages, and (ii) perform one or more validation checks on the representations, wherein the representations define transactions that are functionally equivalent to corresponding transactions that are defined by the messages, wherein the one or more validation checks are performed in parallel to performance of the encapsulation or decapsulation, and wherein a representation of a message failing the one or more validation checks causes the message to be discarded.

A packet is received via a first network interface of a first network device in an underlay network, the packet having been originated by a first endpoint device and including a first network address indicating a destination of the first packet. The first network device, without analyzing the first network address in the first packet, adds, to the first packet, a second network address corresponding to a cloud edge network device implemented at the cloud edge and information identifying the first network interface via which the first packet was received by the first network device. The first network device transmits the packet, via an overlay network layered over the underlay network, to the cloud edge network device to enable forwarding of the packet to the destination of the packet, based on the first network address included in the packet, by the cloud edge network device

A communication device includes: a first transmission-reception unit connected with a first optical line terminal; a second transmission-reception unit connected with a second optical line terminal; and a control unit, the first transmission-reception unit acquires a control signal having a destination at the second or third optical line terminal from the first optical line terminal, the control unit forwards the control signal toward the second transmission-reception unit connected with the second or third optical line terminal, and the second transmission-reception unit forwards the control signal to the second or third optical line terminal.

A network appliance or smart switch can include service devices as well as a switching device such as those used in high-speed switches having limited processing ability and are stateless with respect to sessions. Service devices can provide stateful and complex processing. A first exposed port of a switching device can receive network packets and can determine which network packets the service devices are to process to produce processed network packets. A network packet can be sent to a service device in a redirected packet. A processed network packet can be received from a service device in a reinjected packet that is used to recover a port identifier of the first exposed port. The port identifier can be used to determine a network destination of the processed network packet. The processed network packet can be sent from a second exposed port of the switching device toward the network destination.

Technologies include a network switch configured to perform packet replication. The network switch includes a network communicator, an entity manager, and a tag manager. The network communicator is to receive a data packet, and the entity manger is to identify an entity associated with the data packet and determine a tag associated with the entity. Additionally, the tag manager is to determine a packet replication configuration associated with the tag, and perform one or more per-port forwarding actions based on the packet replication configuration. The packet replication configuration includes one or more destination ports to be masked and a number of copies to be replicated to be sent out on of at least one destination port.

Systems and methods for provisioning and managing a network are disclosed. One method can comprise determining location information of one or more access points and selecting a routing device based upon the location information. Communication can be established between the one or more access points and the select routing device to define a mobility group comprising the one or more access points.

A set of remote Virtual Extensible LAN (VxLAN) tunnel endpoints (VTEPs) and an ingress VTEP associated different Ethernet Segments (ESs) elect amongst themselves designated forwarder (DF) for forwarding broadcast, unknown-unicast, and multicast traffic (BUM) traffic by triggering an RFC 7432 election mechanism on each of the VTEPs. In embodiments, DF election involves exchanging configuration information, such as Type-4 routes for ESs via Border Gateway Protocol (BGP), without being confined to a particular ES that is local to all VTEPs, i.e., irrespective of local ES and internet identifiers. This allows performing targeted forwarding of BUM traffic to intended VTEPs which avoiding unnecessary ingress replication of BUM traffic in the ingress VTEP, thereby, saving hardware buffer resources and avoiding unnecessary flooding of frames to a set of non-forwarding egress VTEPs, ultimately, reducing the load on the egress VTEP and freeing up packet processing resources.

A data processing method based on network slices comprises determining on a data plane a network slice to which a data flow belongs according to network slice resource information, an uplink port receiving the data flow, virtual local area network (VLAN) information carried by the data flow, and destination media access control (MAC) address of the data flow. The method further comprises processing and forwarding the data flow through the network slice to which the data flow belongs. In the network slice resource information, different network slices sharing a VLAN on a shared uplink port are configured with different three-layer interface MAC addresses.