A novel design of a gateway that handles traffic in and out of a network by using a datapath pipeline is provided. The datapath pipeline includes multiple stages for performing various data-plane packet-processing operations at the edge of the network. The processing stages include centralized routing stages and distributed routing stages. The processing stages can include service-providing stages such as NAT and firewall. The gateway caches the result previous packet operations and reapplies the result to subsequent packets that meet certain criteria. For packets that do not have applicable or valid result from previous packet processing operations, the gateway datapath daemon executes the pipelined packet processing stages and records a set of data from each stage of the pipeline and synthesizes those data into a cache entry for subsequent packets.

A method of utilizing the same hardware network interface card (NIC) in a gateway of a datacenter to communicate datacenter tenant packet traffic and packet traffic for a set of applications that execute in the user space of the gateway and utilize a network stack in the kernel space of the gateway. The method sends and receives packets for the datacenter tenant packet traffic through a packet datapath in the user space. The method sends incoming packets from the NIC to the set of applications through the datapath in the user space, a user-kernel transport driver connecting the kernel network stack to the datapath in the user space, and the kernel network stack. The method receives outgoing packets at the NIC from the set of applications through the kernel network stack, the user-kernel transport driver, and the data path in the user space.

A method of utilizing the same hardware network interface card (NIC) in a gateway of a datacenter to communicate datacenter tenant packet traffic and packet traffic for a set of applications that execute in the user space of the gateway and utilize a network stack in the kernel space of the gateway. The method sends and receives packets for the datacenter tenant packet traffic through a packet datapath in the user space. The method sends incoming packets from the NIC to the set of applications through the datapath in the user space, a user-kernel transport driver connecting the kernel network stack to the datapath in the user space, and the kernel network stack. The method receives outgoing packets at the NIC from the set of applications through the kernel network stack, the user-kernel transport driver, and the data path in the user space.

Techniques are described for providing aliasing in an active-active multi-homed Provider Backbone Bridging Ethernet Virtual Private Network (PBB-EVPN) network. For example, PE devices of a multi-homed Ethernet segment may send packets received from the PBB-EVPN core network over the Ethernet segment to the customer device even if the receiving PE device has not learned the source MAC address of the CE device. In particular, the PE devices coupled to the multi-homed Ethernet segment may apply aliasing techniques in which a PE device performs a lookup of a BMAC address and the Customer Virtual Local Area Network (C-VLAN), instead of a lookup of a destination MAC address, to determine the path to send the data traffic.

A novel design of a gateway that handles traffic in and out of a network by using a datapath daemon is provided. The datapath daemon is a run-to-completion process that performs various data-plane packet-processing operations at the edge of the network. The datapath daemon dispatches packets to other processes or processing threads outside of the daemon by utilizing a user space network stack.

A novel design of a gateway that handles traffic in and out of a network by using a datapath pipeline is provided. The datapath pipeline includes multiple stages for performing various data-plane packet-processing operations at the edge of the network. The processing stages include centralized routing stages and distributed routing stages. The processing stages can include service-providing stages such as NAT and firewall. The gateway caches the result previous packet operations and reapplies the result to subsequent packets that meet certain criteria. For packets that do not have applicable or valid result from previous packet processing operations, the gateway datapath daemon executes the pipelined packet processing stages and records a set of data from each stage of the pipeline and synthesizes those data into a cache entry for subsequent packets.

An NFV cloud for providing a vCPE service by using a single Internet line may comprise: a vCPE service having a virtual LAN interface, a virtual WAN interface, and a virtual management interface; a virtual LAN network, a virtual WAN network, and a virtual management network connected to the virtual LAN interface, the virtual WAN interface, and the virtual management interface, respectively; a physical LAN interface for providing customer traffic to the virtual LAN network; a physical WAN interface for connecting the virtual management network to the outside in order to output, to the outside, traffic which has been output from the virtual WAN network and passed through the vCPE service, or to provide a management function for the vCPE service or the NFV cloud; and an interface agent for controlling a connection between the physical WAN interface and the virtual WAN network or the virtual management network.

The present invention is applicable to the field of communications and provides a session establishment method and apparatus. The method includes: acquiring an infrastructure virtual circuit IVC corresponding to a user equipment UE; sending a virtual local area network VLAN label corresponding to the IVC to a customer location function set, so that the customer location function set adds the VLAN label to a packet of the UE, where the VLAN label is configured by an L2 session control functional entity for the IVC; and notifying an L2 forwarding functional entity of the VLAN label, so that the L2 forwarding functional entity forwards, to the IVC, the packet sent by the customer location function set and added with the VLAN label. In the present invention, a case in which the L2 forwarding functional entity needs to store a large MAC table is avoided, and packet forwarding efficiency is improved.

A novel design of a gateway that handles traffic in and out of a network by using a datapath daemon is provided. The datapath daemon is a run-to-completion process that performs various data-plane packet-processing operations at the edge of the network. In some embodiments, the datapath daemon dispatches packets to other processes or processing threads outside of the daemon. In some embodiments, the datapath daemon dispatches packets to a kernel network stack in order to support packet traffic monitoring.

A novel design of a gateway that handles traffic in and out of a network by using a datapath pipeline is provided. The datapath pipeline includes multiple stages for performing various data-plane packet-processing operations at the edge of the network. The processing stages include centralized routing stages and distributed routing stages. The processing stages can include service-providing stages such as NAT and firewall. The gateway caches the result previous packet operations and reapplies the result to subsequent packets that meet certain criteria. For packets that do not have applicable or valid result from previous packet processing operations, the gateway datapath daemon executes the pipelined packet processing stages and records a set of data from each stage of the pipeline and synthesizes those data into a cache entry for subsequent packets.