Aspects of the present disclosure provide techniques for enabling data traffic having security of different Purdue Enterprise Reference Architecture security levels to traverse a common network. Techniques disclosed herein maintain logical separation between the different data traffic types by assigning each to a discrete virtual LAN, and discretely encrypting each data traffic type.

Systems and methods for managing a global virtual network connection between an endpoint device and an access point server are disclosed. In one embodiment the network system may include an endpoint device, an access point server, and a control server. The endpoint device and the access point server may be connected with a first tunnel. The access point server and the control server may be connected with a second tunnel.

IEEE 802.1Q and Enhanced Transmission Selection provide only eight different traffic classes that may be used to control bandwidth in a particular physical connection (or link). Instead of relying only on these eight traffic classes to manage bandwidth, the embodiments discussed herein disclose using an Enhanced Transmission Selection scheduler that permits a network device to set the bandwidth for an individual virtual LAN. Allocating bandwidth in a port based on a virtual LAN ID permits a network device to allocate bandwidth to, e.g., millions of unique virtual LANs. Thus, this technique may increase the granular control of the network fabric and its performance.

Some embodiments establish for an entity a virtual network over several public clouds of several public cloud providers and/or in several regions. In some embodiments, the virtual network is an overlay network that spans across several public clouds to interconnect one or more private networks (e.g., networks within branches, divisions, departments of the entity or their associated datacenters), mobile users, and SaaS (Software as a Service) provider machines, and other web applications of the entity. The virtual network in some embodiments can be configured to optimize the routing of the entity's data messages to their destinations for best end-to-end performance, reliability and security, while trying to minimize the routing of this traffic through the Internet. Also, the virtual network in some embodiments can be configured to optimize the layer 4 processing of the data message flows passing through the network.

In one embodiment, network operations are improved by performing updating operations data in an operations data field associated with the header of a particular protocol during the processing of a different protocol. A particular multiple-protocol (MP) packet is received by a particular network node in a network. The particular MP packet includes multiple protocol headers, including a first protocol header associated with a first protocol and a second protocol header associated with a second protocol. Further, the second protocol header associated with a second operations data field. During protocol processing of the first protocol on the particular MP packet, the second operations data field updated with particular operations data. The particular MP packet is sent from the particular network node, with said sent particular MP packet including said updated second operations data field with particular operations data.

A VXLAN multi-tenant inter-networking device packet forwarding system includes a first aggregated networking device coupled to a first host device and a second aggregated networking device that is coupled to second host devices. The first aggregated networking device receives a data packet from the first host device and, in response, identifies a virtual network associated with the first host device. Based on a first and second portion of a virtual network identifier that identifies the virtual network, the first aggregated networking device generates respective first and second packet forwarding identifiers. The first aggregated networking device then provides the first and second packet forwarding identifiers in the data packet, and forwards the data packet to the second aggregated networking device. The second aggregated networking device may then forward the data packet to one of the second host devices based on the first and second packet forwarding identifiers in the data packet.

Systems and methods for incorporating a new channel-type value in the header of a Generic Associated Channel (G-ACh) for Connectivity Fault Management (CFM) Layer-2 packets over Multi-Protocol Label Switching (MPLS) networks are provided. The channel-type value of the G-ACh header may be used for identification of the network-generated CFM Layer-2 packets. In one implementation, a system may include a processing device and a memory device, where the memory device may be configured to store instructions that, when executed, cause the processing device to obtain a Connectivity Fault Management (CFM) packet, encapsulate the CFM packet with Pseudo-Wire (PW) and Label-Switched Path (LSP) labels to create an expanded packet, and incorporate a specific channel-type value in a G-ACh header of the expanded packet to uniquely identify the CFM packet.

A user equipment (UE) modem stores a route selection policy (URSP), the URSP associating each of a plurality of data network name (DNN) identifiers and a corresponding slice, wherein a first DNN identifier (ID) is associated with a first DNN and a first slice and a second DNN ID is associated with the first DNN and a second slice different than the first slice. The modem establishes a first protocol data unit (PDU) session with the first DNN and the first slice in response to receiving a first indication to start a first network interface associated with the first DNN ID. The modem establishes a second PDU session with the first DNN and the second slice in response to receiving a second indication to start a second network interface associated with the second DNN ID.

Provided are a method and apparatus for processing a frame header, and a communication device. The method comprises: determining at least one of the following pieces of information corresponding to each information domain of an Ethernet frame header portion: type information, the type information being used for indicating that the information domain is static or indicating that the information domain is changing; a target policy, the target policy being used for indicating a transmission rule of the information domain; and an initialization format, the initialization format being used for initializing the information domain.

The present disclosure intends to provide an optical signal from an ONU according to a desired service usage state without using the ONU and an OLT. A simulated signal light generation apparatus 10 according to the present disclosure is a simulated signal light generation apparatus 10 for simulating an uplink signal light generated in an optical network unit (ONU) in a passive optical network (PON), and the apparatus includes a usage state control unit 11 that sets a service usage state of the ONU, a signal generation unit 12 that generates an uplink signal frame according to the usage state set by the usage state control unit 11, and an electrical/optical conversion unit 13 that converts an electrical signal from the signal generation unit 12 into an optical signal, and the optical signal from the electrical/optical conversion unit 13 is repeatedly transmitted to an optical fiber core 22.