A method and apparatus for implementing a virtual local area network. The method includes determining a global virtual local area network for transmitting a data frame in response to receiving the data frame at a first switch, encapsulating the data frame based at least in part on said determination and transmitting it to at least one second switch over the determined global virtual local area network. The data frame is received at the second switch and an identifier of the global virtual local area network is obtained according to the data frame. Based at least in part on the identifier of the global virtual local area network, it is determined that which local virtual local area network served by the second switch the de-capsulated data frame can be sent to.

Methods and systems are described for assigning the proper internet protocol (IP) address to a client device following authentication of the client device on a network. In particular, at commencement of an authentication procedure of the client device, a role is associated with the client device that denies all DHCP renews/requests. By assigning a role to the client device 103 with a “deny DHCP renew/request” rule at the commencement of an authentication procedure, the systems and methods described herein ensure that a race condition does not allow the client device to renew an IP address in an old segment of the network. Accordingly, the client device may avoid a possibly improper IP address in a segment of the network system in which the client device is no longer associated with or operating on.

In one embodiment, an apparatus includes a processor and logic configured to designate one of a plurality of endpoint virtual network identifiers (EPVNIDs) for each endpoint device in a network, wherein each EPVNID is configured to be shared by one or more endpoint devices, designate a common waypoint virtual network identifier (WPVNID) for all transparent waypoint devices in the network which perform a same function, designate a unique WPVNID for each routed waypoint device in the network, designate a common virtual network identifier (VNID) for all virtual switches in a single virtual network, wherein a different VNID is designated for each virtual network, and create a service chain table comprising each VNID, WPVNID, and EPVNID designated in the network individually correlated with at least a pair of VNIDs: a source VNID and a destination VNID, based on one or more policies affecting application of services to packets in the network.

A service interruption time of a client terminal is shortened.

A communication system (100) includes a plurality of servers 10 (10a and 10b) each functioning as an active system or a standby system and a relay device (20) that relays communication between a server of the active system and one or more client terminals (30) operated by clients. Each of the servers includes a priority level determining unit that determines a priority level of each of the clients, a virtual port creating unit that creates, in the server, a virtual port corresponding to a virtual LAN assigned to each of the client terminals, and a communication processing unit that instructs the relay device to change a destination of communication performed between the client terminal and the server to the virtual port. The communication processing unit gives an instruction of change of the destination of the communication in order of highest to lowest priority level of the client when a malfunction occurs in another server of the active system.

A Software Defined Wide Area Network (SD-WAN) edge node is disclosed. The SD-WAN edge node includes edge node SD-WAN ports coupled to untrusted underlay networks. The SD-WAN edge node transmits a first Border Gateway Protocol (BGP) update message advertising WAN (Wide Area Network) properties of the edge node SD-WAN ports to a local controller via an encrypted channel over the untrusted underlay network. The SD-WAN edge node receives a second BGP update message from the local controller, the second BGP update message advertising WAN properties of peer node SD-WAN ports of a peer node. The SD-WAN edge node establishes a security association with the peer node over the untrusted underlay networks based on the WAN properties of the edge node SD-WAN ports and the WAN properties of the peer node SD-WAN ports.

Methods and apparatus to cross configure network resources of software defined data centers are disclosed. An example method includes detecting a first configuration change for a first component of a first one of a virtual network or a physical network, the virtual network to provide networking for a virtual computing system, and the physical network to implement the virtual network, identifying, by executing an instruction with a processor, a second component of a second different one of the virtual network or the physical network corresponding to the first component, and making a second configuration change to the second component corresponding to the first configuration change.

A system and method are disclosed for enabling interoperability between asymmetric and symmetric Integrated Routing and Bridging (IRB) modes. A system is configured to receive a route advertisement, examine the label fields of the route advertisement, and determine whether Layer 2 or Layer 3 information is conveyed. The system is further configured to build a route advertisement to advertise to a second device based on whether Layer 2 or Layer 3 information is conveyed in the first route advertisement.

A logical router includes disaggregated network elements that function as a single router and that are not coupled to a common backplane. The logical router includes spine elements and leaf elements implementing a network fabric with front panel ports being defined by leaf elements. Control plane elements program the spine units and leaf to function a logical router. The control plane may define operating system interfaces mapped to front panel ports of the leaf elements and referenced by tags associated with packets traversing the logical router. Redundancy and checkpoints may be implemented for a route database implemented by the control plane elements. The logical router may include a standalone fabric and may implement label tables that are used to label packets according to egress port and path through the fabric.

A VXLAN multi-tenant inter-networking device packet forwarding system includes a first aggregated networking device coupled to a first host device and a second aggregated networking device that is coupled to second host devices. The first aggregated networking device receives a data packet from the first host device and, in response, identifies a virtual network associated with the first host device. Based on a first and second portion of a virtual network identifier that identifies the virtual network, the first aggregated networking device generates respective first and second packet forwarding identifiers. The first aggregated networking device then provides the first and second packet forwarding identifiers in the data packet, and forwards the data packet to the second aggregated networking device. The second aggregated networking device may then forward the data packet to one of the second host devices based on the first and second packet forwarding identifiers in the data packet.

A network system is connected to a first physical network comprising: a first data transmission node that transmits data used for a first service and a second data transmission node that transmits data used for a second service and to a second physical network including at least one apparatus for receiving data from the first and the second data transmission nodes, and constructs a virtual network for each service between the first and the second physical networks.