The present disclosure generally relates to a device, method, or system for time sensitive networking. In an example, the device can include a time-sensitive networking controller and a scheduler. The device also includes an enhanced gate control list maintained on the time-sensitive networking controller to include a direct memory access address, a launch time, and a pre-fetch time for a data packet. The device may also include a transmitter of the time-sensitive networking controller to transmit the data packet retrieved using the direct memory access address at the launch time identified by the scheduler.

A packet processing method and a network device is disclosed. The method includes a first network device obtains a packet. The first network device adds first indication information and second indication information to the packet, to obtain an updated packet, where the first indication information and the second indication information are located in a multi-protocol label switching MPLS packet header of the updated packet, the first indication information indicates a network slice corresponding to the packet, and the second indication information indicates a forwarding path of the packet. The first network device sends the updated packet to a second network device. A network slice corresponding to a packet and a forwarding path of the packet are respectively indicated in an MPLS packet header via different indication information.

A switch device includes: a plurality of communication ports; a switch unit configured to relay a frame, which has been transmitted from a function unit and to which information including an ID of a VLAN and priority information is added, to another function unit via a communication port, according to the priority information; and a duplication unit configured to, when the diagnosis device is connected to another switch device, duplicate the frame to be relayed via a designated communication port, thereby generating a duplicate frame for diagnosis. The duplication unit is able to set the priority information to be added to the duplicate frame for diagnosis, separately from the priority information to be added to the frame as an original. The switch unit outputs the duplicate frame for diagnosis, from a communication port corresponding to the other switch device, according to the priority information set by the duplication unit.

A switch device includes a plurality of communication ports; a switch unit configured to relay a frame, which has been transmitted from a function unit and to which information including an ID of a VLAN is added, to another function unit via a communication port; and a duplication unit configured to, when the diagnosis device is connected to another switch device, duplicate the frame to be relayed via a designated communication port among the plurality of communication ports, and generate a duplicate frame for diagnosis that is a frame obtained by adding, to a duplicate frame obtained through the duplication, specific information indicating that the duplicate frame for diagnosis should be transmitted to the diagnosis device. The switch unit outputs the duplicate frame for diagnosis generated by the duplication unit from a communication port corresponding to the other switch device.

Systems and methods for enabling access to dedicated resources in a virtual network using top of rack switches are disclosed. A method includes a virtual filtering platform encapsulating at least one packet, received from a virtual machine, to generate at least one encapsulated packet comprising a virtual network identifier (VNI). The method further includes a TOR switch: (1) receiving the at least one encapsulated packet and decapsulating the at least one encapsulated packet to create at least one decapsulated packet, (2) using the VNI to identify a virtual routing and forwarding artifact to determine a virtual local area network interface associated with the dedicated hardware portion, and (3) transmitting the at least one decapsulated packet to the dedicated hardware portion based on at least one policy provided by a controller, where the at least one policy comprises information related to a customer of the service provider.

This disclosure describes methods to distribute intrusion detection in a network across multiple devices in the network, such as across routing/switching or other infrastructure devices. For example, as a packet is routed through a network infrastructure, an overlay mechanism may be utilized to indicate which of a total set of intrusion detection rules have been applied to the packet. Each infrastructure device may evaluate which rules have already been applied to the packet, using a result of the evaluation to determine where to route the packet in the network infrastructure for application of additional intrusion detection rules. Additionally, each infrastructure device may record a result of its application of the portion of intrusion detection rules directly into the packet.

A data transmission method includes receiving, by a user plane function entity, a data packet from a first terminal through an uplink path corresponding to the first terminal, where the data packet carries addressing information of a second terminal; determining, by the user plane function entity based on information about the uplink path corresponding to the first terminal and the addressing information of the second terminal, a downlink path corresponding to the second terminal; and sending, by the user plane function entity, the data packet to the second terminal through the downlink path corresponding to the second terminal.

The subject technology addresses a need for improving utilization of network bandwidth in a multicast network environment. More specifically, the disclosed technology provides solutions for extending multipathing to tenant multicast traffic in an overlay network, which enables greater bandwidth utilization for multicast traffic. In some aspects, nodes in the overlay network can be connected by virtual or logical links, each of which corresponds to a path, perhaps through many physical links, in the underlying network.

During operation, a computer system may receive, from an electronic device, a VNI assignment message, where the VNI assignment message specifies a range of VNIs for VXLANs and one or more associated data planes. In response, the computer system may compute whether one or more VNIs in the range of VNIs are available. For example, the computer system may communicate with the VXLANs and/or may perform a look-up operation in a data structure in memory with information about VNIs (such as available VNIs and/or unavailable VNIs). When the one or more VNIs are unavailable, the computer system may provide, to the electronic device, an error message. Alternatively, when the one or more VNIs in the range of VNIs are available, the computer system may: modify the one or more data planes that implement the VXLANs with the range of VNIs; and provide, to the electronic device, an acknowledgment message.

Systems and methods for isolating applications associated with multiple tenants within a computing platform receive a request from a client associated with a tenant for running an application on a computing platform. Hosts connected to the platform are associated with a network address and configured to run applications associated with multiple tenants. A host is identified based at least in part on the request. One or more broadcast domain(s) including the identified hosts are generated. The broadcast domains are isolated in the network at a data link layer. A unique tenant identification number corresponding to the tenant is assigned to the broadcast domains. In response to launching the application on the host: the unique tenant identification number is assigned to the launched application and is added to the network address of the host; and the network address of the host is sent to the client associated with the tenant.