The present disclosure discloses a method and system for partitioning WLAN in order to separate network traffic from different WLANs. Specifically, a network device receives a packet from a client connected to a first network device on an access network. The network device then determines that the received packet is associated with a VLAN that is pre-configured on the first network device based on the access network to which the client is connected. Furthermore, the network device transmits the packet to a MAC layer switching device, which is not configured with the VLAN that is pre-configured on the network device. The packet includes one of a DHCP discovery message, an ARP request message, a unicast message, a multicast message, and a broadcast message. The unicast message will be transmitted to the second network device on the pre-configured VLAN prior to being transmitted to another network device outside the pre-configured VLAN.

A method includes a second provider edge (PE) device sending, to a first PE device, a media access control (MAC) route learned from a customer edge (CE) device, wherein the first PE device generates a MAC forwarding entry based on the MAC route, wherein the first PE device may forward, based on the MAC forwarding entry using the CE device, a packet whose destination MAC address is the CE device or a MAC address of a terminal device accessing the CE device, and wherein an outbound interface identifier included in the MAC forwarding entry is an identifier of an interface connected to the CE device.

The present invention discloses a data forwarding unit based on a Handle identifier, comprising a dynamic configuration module, a Handle identifier data identification module and a matching-forwarding module. The system of the present invention is applied to network devices such as switches and routers, and supports dynamic configuration of data packet analysis, matching and forwarding rules through data interaction with network systems such as SDN managers, so that the network devices can identify data packets based on the Handle identifier and perform the specified operation on the designated data packets with the Handle identifier according to the rules of dynamic configuration.

Techniques are described for providing fast reroute for BUM traffic in EVPN. For example, a first provider edge (PE) device, elected as a designated forwarder (DF) of an Ethernet segment, configures a backup path using a label received from a second PE device of the Ethernet segment (e.g., backup DF) that identifies the second PE device as a “protector” of the Ethernet segment. For example, a routing component of the DF configures within a forwarding component a backup path to the second PE device, e.g., installing the label and operation(s) within the forwarding component to cause the forwarding component to add the label to BUM packets received from a core network. Therefore, when an access link to the local CE device has failed, the DF reroutes BUM packets from the core network via the backup path to the second PE device, which sends the BUM packets to the CE device.

In some embodiments, a non-transitory processor-readable medium stores code representing instructions configured to cause a processor to receive, from an access switch, a first signal including forwarding state information associated with a first peripheral processing device from a set of peripheral processing devices. The code can further represent instructions configured to cause the processor to receive, from the first peripheral processing device, a second signal including a data packet. The code can further represent instructions configured to cause the processor to send, to a replication engine associated with the set of peripheral processing devices, a third signal such that the replication engine (1) defines a copy of the data packet, which is included within the third signal, and (2) sends, to a second peripheral processing device from the set of peripheral processing devices, a fourth signal including the copy of the data packet.

A method and apparatus for implementing a virtual local area network. The method includes determining a global virtual local area network for transmitting a broadcast data frame in response to receiving the broadcast data frame at a first switch, encapsulating the broadcast data frame based at least in part on said determination and transmitting it to at least one second switch over the determined global virtual local area network. The broadcast data frame is received at the second switch and an identifier of the global virtual local area network is obtained according to the broadcast data frame. Based at least in part on the identifier of the global virtual local area network, it is determined that which local virtual local area network served by the second switch the de-capsulated broadcast data frame can be sent to.

A method for forwarding a packet in a network. The network includes a first network node, a second network node, and a third network node. The method is applied to the first network node, and the method includes: generating a correspondence between a first segment identifier (SID) and a second SID, where the first SID is an identifier that corresponds to the private network, and the second SID is an SID of the third network node; receiving a first packet whose destination address is the first SID; and when it is determined that the second network node is unreachable, pushing the second SID into the first packet to generate a packet, and sending the packet to the third network node.

Virtual network identifiers are extracted from route advertisements. A table associates virtual network identifiers with provider edge devices. When a virtual network identifier extracted from a route advertisement matches a virtual network identifier in the table, the route advertisement is propagated to the provider edge devices associated with that virtual network identifier in the table. The route advertisement is not propagated to provider edge devices not associated with that virtual network identifier in the table.

Methods and apparatus to cross configure network resources of software defined data centers are disclosed. Example instructions cause one or more processors to monitor a component of a network for a probe packet sent to the component. The example instructions cause the one or more processors to, in response to detecting the probe packet, determine whether the probe packet includes a unique source media access control (MAC) address that is included in a probe access control list (ACL), the unique source MAC address included in the probe ACL set by a decision engine. The example instructions cause the one or more processors to, in response to determining that the probe packet does not include the unique source MAC address, record probe packet receipt information indicating that the probe packet did not pass through a network port of the component and transmit the probe packet receipt information to the decision engine.

Provided in embodiments of the present disclosure are a method and a device for bearing a multicast virtual private network. The method includes: assigning, by a BFIR accessing a VRF, a global VPN identifier to a multicast VRF, and carrying the global VPN identifier to notify a route to a BFER accessing the multicast VRF; after receiving a packet of the multicast VRF, encapsulating, by the BFIR, the packet with a BIER header and forwarding the packet, the forwarded packet carrying the global VPN identifier.