A method and network device for overlay tunnel termination and mirroring spanning datacenters. Specifically, the method and network device disclosed herein entail the traversal of mirrored network traffic from datacenters lacking traffic analysis tools to other datacenters including the sought after traffic analysis tools. Further, the aforementioned traversal of mirrored network traffic may utilize virtual network layer overlay domain tunnels.

A logical router includes disaggregated network elements that function as a single router and that are not coupled to a common backplane. The logical router includes spine elements and leaf elements implementing a network fabric with front panel ports being defined by leaf elements. Control plane elements program the spine units and leaf to function a logical router. The control plane may define operating system interfaces mapped to front panel ports of the leaf elements and referenced by tags associated with packets traversing the logical router. Redundancy and checkpoints may be implemented for a route database implemented by the control plane elements. The logical router may include a standalone fabric and may implement label tables that are used to label packets according to egress port and path through the fabric.

Disclosed by embodiments of the present application are a network access method used for an edge router and an edge router. One specific embodiment of the method comprises: receiving a first request message sent by a first tenant network edge device among at least one tenant network edge device; on the basis of port information of a port connected to the first tenant network edge device, obtaining a first request identification corresponding to the first tenant network edge device, wherein the first request identification is used to identify the first tenant network edge device; adding the first request identification to the first request message so as to generate a processed first request message; and on the basis of a stored routing table, forwarding the processed first request message to a cloud gateway.

In one embodiment, a particular device in a deterministic network performs classification of one or more packets of a traffic flow between a source and a destination in the deterministic network. The particular device determines, based on the classification of the one or more packets, a requirement of the traffic flow. The particular device performs, based on the requirement, a packet operation on at least one packet of the traffic flow. The particular device sends packets of the traffic flow towards the destination via two or more paths in the deterministic network.

The disclosure is directed towards systems and methods for performing service tag switching. A device intermediary to a client and a server receives a packet including a virtual network device identifier tag that identifies a list of functions to be performed on the packet. The device tags the packet with a first service tag identifying a first functional entity of the device to which to route the packet. The device routes the packet to the first functional entity configured to perform a first function. Responsive to the first function being performed, the device selects a subsequent service tag identifying a subsequent functional entity to route the packet. The device tags the packet with the subsequent service tag and routes the packet to the subsequent functional entity. Once all of the list of functions to be performed on the packet have been performed, the device forwards the packet to its destination.

Aspects of the subject disclosure may include, for example, identifying a packet data protocol session that supports a first data exchange between a mobile application of a first mobile device and a first recipient device, wherein the first exchange of data comprises a directing of the first exchange of data through a network device. A second recipient device is determined, and a second data exchange is facilitated between the mobile application and the second recipient device by way of the packet data protocol session, wherein the second exchange of data also comprises a directing of the second exchange of data through the network device without modifying the first data exchange. Other embodiments are disclosed.

Aspects of the disclosure involve systems and methods for utilizing Virtual Local Area Network separation in a connection, which may be a single connection, between a customer to a telecommunications network and a cloud environment to allow the customer to access multiple instances within the cloud through the connection. A customer may purchase multiple cloud resource instances from a public cloud environment and, utilizing the telecommunications network, connect to the multiple instances through a communication port or connection to the cloud environment. To utilize the single connection or port, communication packets intended for the cloud environment may be tagged with a VLAN tag that indicates to which cloud instance the packet is intended. The telecommunications network may route the packet to the intended cloud environment and configure one or more aspects of the cloud environment to analyze the attached VLAN tag to transmit the packet to the intended instance.

Systems and methods for detecting physical loops in both native and non-native VLANs are provided. According to one embodiment, a processing resource of a network switch detects a physical loop in a non-native Virtual Local Area Network (VLAN) by configuring a set of one or more network chips (e.g., an ASIC) associated with an interface associated with the non-native VLAN of multiple interfaces of the network switch to provide an indication (e.g., a Media Access Control (MAC) address or a packet) regarding a MAC move event detected on the interface. Responsive to receipt of the indication, it is determined whether a number of MAC move events for the interface meets an event count threshold within each unit of time (e.g., one or more seconds) of multiple consecutive units of time. When the determination is affirmative, the existence of the physical loop is identified.

A method for programming a MAC address table by a first leaf node in a network comprising a plurality of leaf nodes is provided. Each leaf node comprises one or more Virtual Tunnel End Points (VTEPs) and instantiates a plurality of Virtual Routing and Forwarding elements (VRFs), with a corresponding Bridge Domain (BD) assigned to each VRF. The method includes obtaining information indicating one or more VTEP Affinity Groups (VAGs), each VAG comprising an identification of one VTEP per leaf node, obtaining information indicating assignment of each VRF to one of the VAGs, assigning each VAG to a unique Filtering Identifier (FID), thereby generating one or more FIDs, and programming the MAC address table, using FIDs instead of BDs, by populating the MAC address table with a plurality of entries, each entry comprising a unique combination of a FID and a MAC address of a leaf node.

A server, includes a virtual machine identifier assigning section to assign an identifier of a virtual machine operating on the server; and a network interface to transmit a packet including a Layer 2 header information which includes the identifier of the virtual machine and a first packet field for a VLAN-Tag, wherein the network interface transmits the packet to a packet encapsulate section which encapsulates a second packet field including the Layer 2 header information with a virtual network identifier representing a virtual network to which the virtual machine belongs.