Provided are a method and a device for forwarding a video-on-demand flow, which may be applied to a network with virtualization of network functions. In an example of the method, for a Virtual Broadband Remote Access Server (vBRAS) Service Orchestrator (vBRASSO) managing at least one vBRAS in a vBRAS resource pool in the network with virtualization of network functions, if a particular vBRAS completes user authentication, the vBRASSO determines a Point Of Presence (POP) switch for forwarding a video-on-demand flow to the user based on the user information from the vBRAS, and notifies the POP switch of a route for forwarding the video-on-demand flow to the user in such a way that the POP switch advertises the route to a core router configured to receive the video-on-demand flow from a video-playing source in the network with virtualization of network functions.

Provided is a system and method for a multi-tenant datacenter with layer 2 cloud interconnection and cloud storage. More specifically, the datacenter providing cloud storage, includes a plurality of Client Systems coupled to a first datacenter each Client System having a set of infrastructure resources and an initial networking configuration; and a first cloud computing environment established in the first datacenter, and coupled to the Client Systems by OSI Layer 2 as a data link layer for the transfer of data frames, each frame having a plurality of OSI Layer 2 tags, the first cloud computing environment providing storage resources for allocation to at least two Client Systems, the plurality of OSI Layer 2 tags permitting the at least two Client Systems to have overlapping network configurations. An associated method of providing a multi-tenant datacenter with layer 2 cloud interconnection and cloud storage is also provided.

A logical router includes disaggregated network elements that function as a single router and that are not coupled to a common backplane. The logical router includes spine elements and leaf elements implementing a network fabric with front panel ports being defined by leaf elements. Control plane elements program the spine units and leaf to function a logical router. The control plane may define operating system interfaces mapped to front panel ports of the leaf elements and referenced by tags associated with packets traversing the logical router. Redundancy and checkpoints may be implemented for a route database implemented by the control plane elements. The logical router may include a standalone fabric and may implement label tables that are used to label packets according to egress port and path through the fabric.

A network sanitization technology for enforcing a network edge and enforcing particular communication functions for untrusted dedicated-function devices such as Internet Protocol (IP) cameras. An untrusted network device is isolated from a network by a network sanitization system such that it cannot communicate with the network. Communications from the untrusted device are intercepted by the system and only allowed communications are used. Allowed communications are used to create new communications according to an allowed framework. Sanitization device may be in small two-port package with visual indicia indicating the untrusted device and the network side. The device may use and provide Power over Ethernet (PoE) to device. Abstract is not to be considered limiting.

Provided is a system and method for a multi-tenant datacenter with layer 2 cloud interconnection and cloud storage. More specifically, the datacenter providing cloud storage, includes a plurality of Client Systems coupled to a first datacenter each Client System having a set of infrastructure resources and an initial networking configuration; and a first cloud computing environment established in the first datacenter, and coupled to the Client Systems by OSI Layer 2 as a data link layer for the transfer of data frames, each frame having a plurality of OSI Layer 2 tags, the first cloud computing environment providing storage resources for allocation to at least two Client Systems, the plurality of OSI Layer 2 tags permitting the at least two Client Systems to have overlapping network configurations. An associated method of providing a multi-tenant datacenter with layer 2 cloud interconnection and cloud storage is also provided.

A packet sending method includes generating, by a network device, a first packet, and sending the first packet. The first packet includes a first packet header, a second packet header, and protected data. The first packet header includes an indication field. The indication field indicates that the first packet includes the second packet header. The second packet header includes a type field. The type field indicates a first protection protocol. The protected data is protected by using the first protection protocol.

A logical router includes disaggregated network elements that function as a single router and that are not coupled to a common backplane. The logical router includes spine elements and leaf elements implementing a network fabric with front panel ports being defined by leaf elements. Control plane elements program the spine units and leaf to function a logical router. The control plane may define operating system interfaces mapped to front panel ports of the leaf elements and referenced by tags associated with packets traversing the logical router. Redundancy and checkpoints may be implemented for a route database implemented by the control plane elements. The logical router may include a standalone fabric and may implement label tables that are used to label packets according to egress port and path through the fabric.

A node includes: a communication circuit; a processor operatively connected to the communication circuit; and a memory operatively connected to the processor and storing a target application and an access control application, wherein the memory stores instructions that when executed by the processor, cause the node to: detect a network access event of the target application to a destination network through the access control application, identify whether a tunnel corresponding to identification information of the target application and the destination network and authorized by an external server exists, transmit a data packet of the target application through the authorized tunnel using the communication circuit, when the authorized tunnel exists, and drop the data packet of the target application, when the authorized tunnel does not exist.

A Virtual eXtensible Local Area Network (VXLAN) method comprises obtaining, by a network device, a mapping from a virtual local area network identifier VLAN ID to a VXLAN network identifier VNI; receiving, by the network device through a port, an Ethernet frame forwarded by an access device, where a VLAN tag field in the Ethernet frame includes the VLAN ID; adding, by the network device, a VXLAN header to the Ethernet frame based on the VLAN ID and the mapping to obtain a VXLAN packet, where a VNI field in the VXLAN header includes the VNI; and sending, by the network device, the VXLAN packet.

A logical router includes disaggregated network elements that function as a single router and that are not coupled to a common backplane. The logical router includes spine elements and leaf elements implementing a network fabric with front panel ports being defined by leaf elements. Control plane elements program the spine units and leaf to function a logical router. The control plane may define operating system interfaces mapped to front panel ports of the leaf elements and referenced by tags associated with packets traversing the logical router. Redundancy and checkpoints may be implemented for a route database implemented by the control plane elements. The logical router may include a standalone fabric and may implement label tables that are used to label packets according to egress port and path through the fabric.