A packet sending method includes generating, by a network device, a first packet, and sending the first packet. The first packet includes a first packet header, a second packet header, and protected data. The first packet header includes an indication field. The indication field indicates that the first packet includes the second packet header. The second packet header includes a type field. The type field indicates a first protection protocol. The protected data is protected by using the first protection protocol.

Embodiments of this application relate to the field of communications technologies, and disclose a flow control method and apparatus, to resolve a prior-art problem such as packet loss, packet accumulation, or network congestion that occurs after a packet is switched between priority queues. A specific solution is as follows: A first device receives a first packet sent by a second device, where the first packet carries a first field and a second field, the first field carries a first priority, and the second field carries a second priority; the first device performs flow control based on the first priority in the first packet; and the first device performs queue scheduling on the first packet based on the second priority in the first packet.

Systems and methods for connecting devices via a virtual global network are disclosed. In one embodiment the network system may comprise an endpoint device including a tunnel manager and a first virtual interface, an access point server including at least one tunnel listener and a second virtual interface. One or more tunnels are formed connecting the tunnel managers and tunnel listeners. The virtual interfaces provide a logical point of access to the one or more tunnels.

In general, techniques are described for forwarding L2 BUM traffic within an Ethernet Virtual Private Network (EVPN) by implementing a forwarding preference for local interfaces of a PE device for broadcast domains in the EVPN. For example, a method includes receiving, by a first provider edge (PE) device of a plurality of PE devices configured with an EVPN instance comprising one or more broadcast domains reachable by a plurality of Ethernet segments connecting the plurality of PE devices to a plurality of customer edge (CE) devices, first EVPN routes; and configuring, by the first PE device in response to determining the first EVPN routes indicate the first PE device has a local interface for each of the plurality of Ethernet segments, forwarding information of the first PE device to cause the first PE device to perform local-bias forwarding of layer 2 (L2) packets for the EVPN instance.

Access control systems and methods herein successfully overcome ACL group width limitations of existing designs by splitting an ACL group across different units, e.g., to create two ACL groups that each has a relatively smaller width. In embodiments, availability of ACL space is increased by hierarchically splitting an ACL table to fit into different two coupled devices and modifying certain fields carrying metadata in packets that are exchanged between the devices, such that one chipset may carry information about the lookup of another. In embodiments, an ACL group for a port extender is created by selectively creating a sub-group with qualifiers that fit within an available group width, and moving the remaining qualifiers to a controlling bridge to achieve the desired functionality.

The present technology pertains to a system and method for extending enterprise networks' trusted policy frameworks to cloud-native applications. The present technology comprises sending, by an enterprise network controller, a first communication to a service mesh orchestrator for a service mesh, wherein the first communication informs the service mesh orchestrator of traffic segmentation policies to be applied to traffic originating at an enterprise network and of layer 7 extension headers which correspond to the enterprise network traffic segmentation policies.

The present disclosure pertains to systems and methods of monitoring communication devices and communication links in a software-defined network (SDN). Network packets may be colored or tagged for routing to a packet analyzer. A VLAN bitmask may be added to a packet to identify the packet for inspection and, optionally, provide origin information identify a switch and/or port of origin. Port mirroring may be utilized and/or eventual routing of network packets to their original destination may ensure that network traffic is not disrupted. In one example, a most significant bit of a VLAN bitmask may be used by a match rule to identify packets intended for a packet analyzer without regard to original packet routing instructions and/or packet content.

Systems and methods for managing a global virtual network connection between an endpoint device and an access point server are disclosed. In one embodiment the network system may include an endpoint device, an access point server, and a control server. The endpoint device and the access point server may be connected with a first tunnel. The access point server and the control server may be connected with a second tunnel.

Embodiments of the present invention include systems and methods for transmitting data in a fibre channel (FC) network. The system includes a gateway that has: a port at which a plurality of data frames that are transmitted from a plurality of virtual node (VN) ports in a server are received, where data frames from at least two of the plurality of VN ports are related to different virtual fabrics (vfabrics) of a FC network.

A request to establish an encrypted VPN connection between a network external to a provider network connected to the provider network via a dedicated direct physical link and a set of resources of the provider network is received. A new isolated virtual network (IVN) is established to implement an encryption virtual private gateway to be used for the connection. One or more protocol processing engines (PPEs) are instantiated within the IVN, address information of the one or more PPEs is exchanged with the external network and a respective encrypted VPN tunnel is configured between each of the PPEs and the external network. Routing information pertaining to the set of resources is provided to the external network via at least one of the encrypted VPN tunnels, enabling routing of customer data to the set of resources within the provider network from the external network via an encrypted VPN tunnel implemented over a dedicated direct physical link between the external network and the provider network.