A packet transmission method, device, and system are disclosed, and pertain to the field of network technologies. The system includes a first network device in a VPLS network and a second network device in a VPWS network. The first network device determines, based on a destination address carried in a received first packet, a virtual port corresponding to the destination address in a VPLS instance of the first network device, and sends the first packet to a second VPWS instance in the second network device based on the virtual port, where the virtual port is used to indicate a first VPWS instance in the first network device, and the second VPWS instance and the first VPWS instance are VPWS instances used to bear a same service.

Methods and apparatus to cross configure network resources of software defined data centers are disclosed. Example instructions cause one or more processors to monitor a component of a network for a probe packet sent to the component. The example instructions cause the one or more processors to, in response to detecting the probe packet, determine whether the probe packet includes a unique source media access control (MAC) address that is included in a probe access control list (ACL), the unique source MAC address included in the probe ACL set by a decision engine. The example instructions cause the one or more processors to, in response to determining that the probe packet does not include the unique source MAC address, record probe packet receipt information indicating that the probe packet did not pass through a network port of the component and transmit the probe packet receipt information to the decision engine.

This application disclose a link configuration method, to configure a DSVPN tunnel interface parameter. A controller obtains a first link profile for a first site and a second link profile for a second site from a link profile library, where the link profile library includes a plurality of link profiles. The controller obtains preconfigured global configuration information, where the global configuration information includes an address pool. The controller generates a first link configuration parameter of the first site and a second link configuration parameter of the second site based on the address pool, the first link profile, and the second link profile and according to a preset link configuration rule. The controller sends the first link configuration parameter to the first site and sends the second link configuration parameter to the second site.

Generally discussed herein are devices, systems, and methods for cloud resource security. A method can include receiving, at a monitor device and from a first cloud resource of cloud resources hosted by a cloud provider, a request for a token that uniquely identifies the first cloud resource, the request indicating a destination that is a metadata server. The method can include comparing, based on entries in an application programming interface (API) access log, the cloud provider associated with the first cloud resource and a cloud provider associated with the metadata server. The method can include responsive to the cloud provider of the first cloud resource being different from the cloud provider of the metadata server performing a security mitigation action.

Techniques are described for communications in an L2 virtual network. In an example, the L2 virtual network includes a plurality of L2 compute instances hosted on a set of host machines and a plurality of L2 virtual network interfaces and L2 virtual switches hosted on a set of network virtualization devices. An L2 virtual network interface emulates an L2 port of the L2 virtual network. Access control list (ACL) information applicable to the L2 port is sent to a network virtualization device that hosts the L2 virtual network interface.

A communication method, a device, and a system are disclosed. An SF device adds a first location identifier including an identifier of the SF device and an identifier of a first physical port to a received first packet sent by first user equipment, and sends a second packet to which the first location identifier is added to a first UP device. The first UP device sends a third packet to a CP device, and the CP device sends the third packet to a USF device. The USF device interacts with an SDN controller, to enable the SDN controller to deliver a configuration instruction to the corresponding SF device. The first packet may be a DHCP packet or a PPPoE packet, and OPTION82/OPTION18 is added to carry the first location identifier.

An apparatus includes a first set of processing element nodes, the first set of processing element nodes defining a first hierarchy of processing element nodes, the first set of processing element nodes comprising a source node, a first look-up table (LUT), and a first forwarder node, the source node to communicate with the first forwarder node by a first virtual channel. The apparatus includes a second set of processing element nodes, the second set of processing element nodes defining a second hierarchy of processing element nodes, the second set of processing element nodes comprising a second forwarder node, a second LUT, the second LUT comprising an indication of a direction of the first forwarder node in the first hierarchy, and a target node logically coupled to the second forwarder node by the first virtual channel. The first LUT comprises a direction of the second forwarder node in the second hierarchy.

Some embodiments provide a method for a set of central controllers that manages forwarding elements operating in a plurality of datacenters. The method receives a configuration for a bridge between (i) a logical L2 network that spans at least two datacenters and (ii) a physical L2 network. The configuration specifies a particular one of the datacenters for implementation of the bridge. The method identifies multiple managed forwarding elements that implement the logical L2 network and are operating in the particular datacenter. The method selects one of the identified managed forwarding elements to implement the bridge. The method distributes bridge configuration data to the selected managed forwarding element.

A client device includes a memory and a processor cooperating therewith to boot the client device and connect to a provisioning server via a network. The processor receives a streaming virtual disk image from the provisioning server based on a virtual disk configuration, receives a virtual disk change notification from the provisioning server, and determines changes to the virtual disk configuration based on the virtual disk change notification. The memory and the processor cooperate with the provisioning server to change the streaming virtual disk image based on the determined changes to the virtual disk configuration and without rebooting the client device.

Template-driven locally calculated policy updates for virtualized machines in a datacenter environment are described. A central control and monitoring node calculates and pushes down policy templates to local control and monitoring nodes. The templates provide boundaries and/or a pool of networking resources, from which the local control and monitoring node is enabled to calculate policy updates for locally instantiated virtual machines and containers.