In one embodiment, a method is performed. A device may include an interface in communication with a network. The device may determine whether an all-active multi-homed ethernet segment (ES) associated with the interface is enabled. On a condition that an all-active multi-homed ES is enabled, the device may determine an ethernet virtual private network (EVPN) designated forwarder (DF) state of the all-active multi-homed ES. If the all-active multi-homed ES is enabled and has an ethernet virtual private network (EVPN) designated forwarder (DF) state, the device may enter a protocol independent multicast (PIM) designated router (DR) state. If an all-active multi-homed ES is enabled and does not have an EVPN DF state, the device may enter a PIM non-DR state.

Provided are an information transmission method and apparatus, and a communication device. The method comprises: a first device entity acquiring header information of an Ethernet data packet from a second device entity, wherein the header information of the Ethernet data packet comprises first indication information, and the first indication information is used for indicating whether the header information of the Ethernet data packet includes a target information domain.

Methods, systems, and devices map an arbitrary number of Virtual Routing and Forwarding (VRF) instances to an Ethernet Virtual Private Network (EVPN) instance (EVI) of a leaf and spine network. For example, a spine network device executes a primary EVI to provide an EVPN to a plurality of leaf network devices, each leaf network device executing a secondary EVI to provide a plurality of network virtualization overlays to tenants of the network. The primary EVI is associated with a primary VRF instance, and each secondary EVI of the plurality of secondary EVIs is associated with a secondary VRF instance of a plurality of secondary VRF instances. The spine network device defines mappings between routes within the primary VRF instance and routes within each secondary VRF instance. The spine network device translates, based on the one or more mappings, network traffic between the primary EVI and the plurality of secondary EVIs.

Methods and systems for automated ad hoc customer premise equipment (CPE) bi-directional vulnerability scanning. A method includes an auto provisioning server receiving CPE information for a designated CPE to initiate a bi-directional vulnerability scan, obtaining telemetry data from a cable modem termination system (CMTS) based on the CPE information, configuring switches to form a virtual local area network channel between a LAN scanner and the designated CPE using the CPE information, provisioning the LAN scanner to obtain a LAN side Internet Protocol (IP) address from the designated CPE, initiating vulnerability scans at a wide area network (WAN) scanner and the LAN scanner using a stored WAN side IP address and a stored LAN side IP address, respectively, and generating a vulnerability scan report based on results from the WAN scanner and the LAN scanner. At least one network device can be configured based on the report.

In one embodiment, a method is performed. A device may include an interface in communication with a network. The device may determine whether an all-active multi-homed ethernet segment (ES) associated with the interface is enabled. On a condition that an all-active multi-homed ES is enabled, the device may determine an ethernet virtual private network (EVPN) designated forwarder (DF) state of the all-active multi-homed ES. If the all-active multi-homed ES is enabled and has an ethernet virtual private network (EVPN) designated forwarder (DF) state, the device may enter a protocol independent multicast (PIM) designated router (DR) state. If an all-active multi-homed ES is enabled and does not have an EVPN DF state, the device may enter a PIM non-DR state.

Example data transmission methods and apparatus are described. In one example method, a data distribution point obtains a first correspondence between a first virtual extensible local area network identifier (VXLAN ID) and an address of a first terminal. The data distribution point receives a first VXLAN packet based on a tunnel of a first VXLAN, where the first VXLAN packet includes the first VXLAN ID and first data. The address of the first terminal is determined based on the first VXLAN ID carried in the first VXLAN packet and the first correspondence. The first distribution point sends the first data to the first terminal based on the address of the first terminal.

Network interface provisioning of containerized instances based on tenant policies. A network interface assignment process (NIAP) receives a first request to assign a network interface to a first containerized instance comprising at least one container. The NIAP determines that a first tenant of a plurality of different tenants is associated with the first containerized instance. The NIAP accesses a first network assignment tenant policy (NATP) that corresponds to the first tenant. Based on the first NATP, the NIAP assigns, to the first containerized instance, a first network interface via which the first containerized instance can communicate with other containerized instances associated with the first tenant.

The present systems and methods enable Internet service providers and managed service providers to deploy a segmented network for multiple subscribers on a shared active Ethernet distribution medium, where each subscriber can be associated with one or more unique public IP addresses, and each subscriber also has control of their own gateway configuration. The system leverages the per-subscriber dynamic 802.1q VLAN approach enforced through compatible wireless and wireline distribution equipment in combination with optional multiple PSK zero-touch LAN onboarding and public IP WAN address assignment mechanisms, along with an onboard multi-tenant subscriber portal. The result is a network architecture that incorporates per-subscriber segmentation and security features, while simultaneously providing centralized radio resource management, property-wide roaming, instantaneous onboarding, and the like.

The present application is directed to a computer readable medium. The computer readable medium contains program instructions for managing traffic in a network that, when executed by a processor, causes the processor to determine, from among plural users, information of a user in the network. The program instructions also include reviewing selection criteria of plural, dynamic, virtual private network (VPN) cloud servers in the network. The program instructions also include ranking efficiency of the plural, dynamic, virtual VPN cloud servers in the network. The program instructions further include controlling content displayed on a graphical user interface (GUI) including a dynamically changing list of users from the plural users matched with respective VPN cloud servers. The program instructions yet even further include matching the user with one of the plural, dynamic VPN cloud servers based on the ranked efficiency and the determined information of the user. The program instructions even further including communicating with the matched dynamic VPN cloud server to continue an active session of the user until a predetermined condition is met.

Some embodiments establish for an entity a virtual network over several public clouds of several public cloud providers and/or in several regions. In some embodiments, the virtual network is an overlay network that spans across several public clouds to interconnect one or more private networks (e.g., networks within branches, divisions, departments of the entity or their associated datacenters), mobile users, and SaaS (Software as a Service) provider machines, and other web applications of the entity. The virtual network in some embodiments can be configured to optimize the routing of the entity's data messages to their destinations for best end-to-end performance, reliability and security, while trying to minimize the routing of this traffic through the Internet. Also, the virtual network in some embodiments can be configured to optimize the layer 4 processing of the data message flows passing through the network.