A Self-Describing Packet block (SDPB) is defined that allows concurrent processing of various fixed headers in a packet block defined to take advantage of multiple cores in a networking node forwarding path architecture. SPDB allows concurrent processing of various pieces of header data, metadata, and conditional commands carried in the same data packet by checking a serialization flag set upon creation of the data packet, without needing to serialize the processing or even parsing of the packet. When one or h more commands in one or more sub-blocks may be processed concurrently, the one or more commands are distributed to multiple processing resources for processing the commands in parallel. This architecture allows multiple unique functionalities each with their own separate outcome (execution of commands, doing service chaining, performing telemetry, allows virtualization and path steering) to be performed concurrently with simplified packet architecture without incurring additional encapsulation overhead.

A Kubernetes-based dynamic network service chaining configuration method includes: generating a virtual first provider network connected with an internal network and implemented to receive a network flow; generating a virtual second provider network connected with an external network and implemented to deliver the network flow; configuring a plurality of service chains including at least one security application between the first and second provider networks and each being independently implemented; and routing the network flow to any one of the plurality of service chains according to a predefined flow classification rule when the network flow is received through the first provider network.

A Kubernetes-based dynamic network service chaining configuration method includes: generating a virtual first provider network connected with an internal network and implemented to receive a network flow; generating a virtual second provider network connected with an external network and implemented to deliver the network flow; configuring a plurality of service chains including at least one security application between the first and second provider networks and each being independently implemented; and routing the network flow to any one of the plurality of service chains according to a predefined flow classification rule when the network flow is received through the first provider network.

A service invocation method and a network device are provided. The method applied to a service provider side includes: receiving a service request for a first service by a provider of the first service, the service request being sent by a service consumer; sending a service response for the first service by the provider of the first service to the service consumer, wherein the service response for the first service includes service invocation information or a service invocation result of at least one second service associated with the first service, the service invocation information is configured to instruct the service consumer to invoke the second service.

In general, the disclosure describes techniques for measuring edge-based quality of experience (QoE) metrics. For instance, a network device may construct a topological representation of a network, including indications of nodes and links connecting the nodes within the network. For each of the links, the network device may select a node device of the two node devices connected by the respective link to measure one or more QoE metrics for the respective link, with the non-selected node device not measuring the QoE metrics. In response to selecting the selected node device, the network device may receive a set of one or more QoE metrics for the respective link for data flows flowing from the selected node device to the non-selected node device. The network device may store the QoE metrics and determine counter QoE metrics for data flows flowing from the non-selected node device to the selected node device.

A method for synchronizing topology information in a service function chain (SFC) network, where the SFC network includes at least one classifier (CF) and at least one service function forwarder (SFF). The method includes that a first network element in the at least two routing network elements establishes a Border Gateway Protocol (BGP) connection to at least one second network element other than the first network element in the at least two routing network elements, where the first network element is any one of the at least two routing network elements, and the first network element sends a first BGP update message to the at least one second network element, where the first BGP update message includes topology information of the first network element such that the at least one second network element obtains the topology information of the first network element.

A method for synchronizing topology information in a service function chain (SFC) network, where the SFC network includes at least one classifier (CF) and at least one service function forwarder (SFF). The method includes that a first network element in the at least two routing network elements establishes a Border Gateway Protocol (BGP) connection to at least one second network element other than the first network element in the at least two routing network elements, where the first network element is any one of the at least two routing network elements, and the first network element sends a first BGP update message to the at least one second network element, where the first BGP update message includes topology information of the first network element such that the at least one second network element obtains the topology information of the first network element.

This application provides a service chain fault protection method, an apparatus, a device, a service chain fault protection system, and a storage medium, and relates to the field of communications technologies. In this application, in an SRV6 static service chain scenario, when a link between an SF network element and an SFF accessed by the SF network element is faulty, a secondary SID is introduced to update a destination address field of a packet header of a packet to the secondary SID, so that the packet is bypassed, based on the secondary SID, to another SFF accessed by the SF network element, thereby implementing fault protection in the link between the SFF and the SF network element.

Techniques are described in which a centralized controller, such as a software defined networking (SDN) controller, constructs a service chain that includes a physical network function (PNF) between a bare metal server (BMS) and a virtual execution element (e.g., virtual machine or container), or in some instances a remote BMS, or vice-versa. In accordance with the techniques disclosed herein, the controller may construct an inter-network service chain that includes PNFs, or a combination of PNFs and virtualized network functions (VNFs). The controller may construct an inter-network service chain to steer traffic between a BMS and a virtual execution element or remote BMS through an inter-network service chain using Virtual Extensible Local Area Network (VXLAN) as an underlying transport technology through the service chain.

Techniques are described for capturing dropped packets and creating modified dropped packets with drop information associated with the dropped packets to provide greater details of the dropped packets for further analysis and/or serviceability. For example, a computing device comprises an internal communication channel, a process executing in user space, and a virtual router. The virtual router comprises, for example, processing circuitry and a drop interface to the internal communication channel, wherein the virtual router is configured to: receive a packet; in response to determining the packet is to be dropped, creating a modified dropped packet to include drop information associated with the packet; and provide the modified dropped packet to the drop interface to communicate the modified dropped packet via the internal communication channel to the process.