The disclosure is directed towards systems and methods for performing service tag switching. A device intermediary to a client and a server receives a packet including a virtual network device identifier tag that identifies a list of functions to be performed on the packet. The device tags the packet with a first service tag identifying a first functional entity of the device to which to route the packet. The device routes the packet to the first functional entity configured to perform a first function. Responsive to the first function being performed, the device selects a subsequent service tag identifying a subsequent functional entity to route the packet. The device tags the packet with the subsequent service tag and routes the packet to the subsequent functional entity. Once all of the list of functions to be performed on the packet have been performed, the device forwards the packet to its destination.

Aspects of the subject disclosure may include, for example, identifying a packet data protocol session that supports a first data exchange between a mobile application of a first mobile device and a first recipient device, wherein the first exchange of data comprises a directing of the first exchange of data through a network device. A second recipient device is determined, and a second data exchange is facilitated between the mobile application and the second recipient device by way of the packet data protocol session, wherein the second exchange of data also comprises a directing of the second exchange of data through the network device without modifying the first data exchange. Other embodiments are disclosed.

Accelerating monitoring of network traffic by: configuring a first network chip of a non-accelerated line card with a VOQ associated with an internal interface that is connected to a second network chip of a first accelerated line card; receiving, at the first network chip, a data unit; selecting, by the first network chip, the data unit based on a traffic sampling rate; adding information identifying the data unit as having been selected for sampling to obtain a selected data unit; and sending the selected data unit from the first network chip to the second network chip using the VOQ and the internal interface. The second network chip identifies the selected data unit and, based on the identification, appends a sampling header to the data unit to obtain a sampled data unit, and transmits the sampled data unit to the sampling engine of the first accelerated line card.

Various examples and schemes pertaining to simple Ethernet header compression are described. A first network node transmits a first packet with a full header to a second network node. The first network node determines whether a header compression context for the full header has been established by the second network node. In response to determining that the header compression context for the full header has been established by the second network node, the first network node transmits a second packet with a compressed header to the second network node. In response to determining that the header compression context for the full header has not been established by the second network node, the first network node transmits the second packet or a third packet with the full header to the second network node.

Aspects of the disclosure involve systems and methods for utilizing Virtual Local Area Network separation in a connection, which may be a single connection, between a customer to a telecommunications network and a cloud environment to allow the customer to access multiple instances within the cloud through the connection. A customer may purchase multiple cloud resource instances from a public cloud environment and, utilizing the telecommunications network, connect to the multiple instances through a communication port or connection to the cloud environment. To utilize the single connection or port, communication packets intended for the cloud environment may be tagged with a VLAN tag that indicates to which cloud instance the packet is intended. The telecommunications network may route the packet to the intended cloud environment and configure one or more aspects of the cloud environment to analyze the attached VLAN tag to transmit the packet to the intended instance.

Some embodiments provide a method for providing a layer 2 (L2) bump-in-the-wire service at a gateway device (e.g., a layer 3 (L3) gateway device) at the edge of a logical network. The method, in some embodiments, establishes a connection from a first interface of the gateway device to a service node that provides the L2 service. The method also establishes a connection from a second interface of the gateway device to the L2 service node. The method then sends data messages received by the gateway device that require the L2 service to the service node using the first interface. Some embodiments provide a method for applying different policies at the service node for different tenants of a datacenter. Data messages received for a particular tenant that require the L2 service are encapsulated or marked as belonging to the tenant before being sent to the service node. Based on the encapsulation or marking, the service node provides the service according to policies defined for the tenant.

Systems and methods of Service Function Chaining (SFC) fault detection and fault isolation include injecting a first frame with a first Virtual Local Area Network (VLAN) Identifier (ID) tag at an input to the SFC, wherein the first VLAN ID is dedicated to fault detection and a plurality of classifiers in the SFC are configured to pass the first frame with the first VLAN ID through the SFC; detecting the first frame with the first VLAN ID tag at an output of the SFC; and determining connectivity of the SFC based on the detecting. The systems and methods can further include injecting a second frame with a second VLAN ID tag through a plurality of services of the SFC; detecting the second frame at each output of each of the plurality of services; and determining a location of the fault based on the detecting the second frame.

Techniques are disclosed for a unified control plane in a nested cluster environment. In one example, an underlay orchestrator for a virtualized computing infrastructure is configured to provision, in an underlay cluster of one or more servers, an overlay cluster of one or more overlay nodes. Each of the overlay nodes is a workload of one of the servers and has a virtual network interface. Further, each server executes a virtual router and a virtual router agent for the virtual router for routing packets among virtual network interfaces of the overlay nodes executed by the server. A network controller is configured to configure virtual network sub-interfaces for workloads of the overlay nodes to enable communications among workloads executing in different overlay nodes. Each of the sub-interfaces is a virtual network sub-interface of one of the virtual network interfaces.

A packet relay apparatus, which is configured to transmit from a mirror port a mirror packet copied from one of a packet to be received and a packet to be transmitted, the packet relay apparatus comprising: a packet receiving module configured to receive a packet from an input port; a security judgment module configured to judge whether or not the packet is possibly one of an attack and an attack sign; a mirror processing module configured to generate, when it is judged that the packet is possibly one of an attack and an attack sign, a replica of the packet as the mirror packet; and a transmitting module configured to transmit the mirror packet from the mirror port.

A logical router includes disaggregated network elements that function as a single router and that are not coupled to a common backplane. The logical router includes spine elements and leaf elements implementing a network fabric with front panel ports being defined by leaf elements. Control plane elements program the spine units and leaf to function a logical router. The control plane may define operating system interfaces mapped to front panel ports of the leaf elements and referenced by tags associated with packets traversing the logical router. Redundancy and checkpoints may be implemented for a route database implemented by the control plane elements. The logical router may include a standalone fabric and may implement label tables that are used to label packets according to egress port and path through the fabric.