An encapsulation address of a first switching device is set so as to be different only in a mask bit in comparison with that of a second switching device. A learning information control unit of a third switching device does not learn the correspondence relation between a source customer address and a source encapsulation address in a first case and a second case. The first case corresponds to a case in which an encapsulated frame is received at an upper-link port and an encapsulation address corresponding to the source customer address is acquired from an address table. The second case corresponds to a case in which a difference between the source encapsulation address and the encapsulation address acquired from the address table lies only in the mask bit.

Techniques are described for utilizing Protocol Independent Multicast Sparse Mode (PIM-SM) to transport BUM (broadcast, unknown unicast, and multicast) traffic in a Virtual Extensible LAN (VXLAN) underlay of a data center, where the BUM traffic is received on active-active, multi-homed Ethernet virtual private network (EVPN) interconnects between multiple physical data centers. For example, the techniques may readily be applied to support usage of PIM-SM where provider edge (PE) routers of the EVPN operate as gateways between the EVPN and the VXLAN spanning the data center interconnect.

One embodiment of the present invention provides a switch in a network of interconnected switches. The switch includes a network extension module, which maintains a mapping between a first virtual local area network (VLAN) identifier and a first global VLAN identifier of a network extension group. The network extension group is represented by a range of global VLAN identifiers for a tenant. A global VLAN identifier is persistent in a respective switch of the network and represents a virtual forwarding domain in the network. During operation, the network extension module includes the global VLAN identifier in a packet belonging to the first VLAN.

A novel design of a gateway that handles traffic in and out of a network by using a datapath pipeline is provided. The datapath pipeline includes multiple stages for performing various data-plane packet-processing operations at the edge of the network. The processing stages include centralized routing stages and distributed routing stages. The processing stages can include service-providing stages such as NAT and firewall. The gateway caches the result previous packet operations and reapplies the result to subsequent packets that meet certain criteria. For packets that do not have applicable or valid result from previous packet processing operations, the gateway datapath daemon executes the pipelined packet processing stages and records a set of data from each stage of the pipeline and synthesizes those data into a cache entry for subsequent packets.

A system and method for provisioning Internet access services to guests of a facility (e.g., one or more hotel chains). Equipment and devices for access service are installed throughout the facility. Each device that supports the Internet access services has a unique identifier. Zones representing various public and private areas within each facility are defined and one or more devices are associated with each zone. Service offerings for wired and wireless connections are defined and associated with one or more zones. Service offerings are also paired with pricing plans that provide various payment options and amounts. A web-based administration application allows an administrator to define and manage service offerings associated with the zones. The application also allows the administrator to define and manage the pricing plans. The ability to customize offerings in each facility allows development of consistent offerings, regardless of the size or layout of the facility.

A system may provide connectivity service in a multi-tenant network. A first node in the multi-tenant network can receive data packets, each of the data packets identifying one of a plurality of tenant devices. The first node can determine an Internet Protocol (IP) address associated with each of the data packets. The first node can determine a Virtual Local Area Network Identifier (VLAN ID) based on the IP address, the VLAN ID being a unique identifier of a respective one of the tenants. The first node can add the VLAN ID of a corresponding one of the tenants into a header of each of the data packets. The first node can transport the data packets to a second node in the multi-tenant network via a multi-tenant network tunnel protocol.

A system and method for provisioning Internet access services to guests of a facility (e.g., one or more hotel chains). Equipment and devices for access service are installed throughout the facility. Each device that supports the Internet access services has a unique identifier. Zones representing various public and private areas within each facility are defined and one or more devices are associated with each zone. Service offerings for wired and wireless connections are defined and associated with one or more zones. Service offerings are also paired with pricing plans that provide various payment options and amounts. A web-based administration application allows an administrator to define and manage service offerings associated with the zones. The application also allows the administrator to define and manage the pricing plans. The ability to customize offerings in each facility allows development of consistent offerings, regardless of the size or layout of the facility.

Methods, systems, and computer readable media for modeling packet technology services using a packet virtual network (PVN) are provided. In some aspects, and at a computing platform, a method includes providing a plurality of flow interface objects. Each flow interface object can be associated with a physical device. The method further includes configuring the flow interface objects into a PVN, wherein the flow interface objects represent network devices or device sub-interfaces. The method further includes displaying the PVN for visually modeling an Ethernet and/or a non-Ethernet packet technology service. An exemplary system includes a computing platform having at least one processor and a memory, the computing platform being configured to access a plurality of flow interface objects stored in the memory and a PVN)-modeling module (PVN-MM) for grouping the flow interface objects into a PVN for modeling a service.

A method of communications at an encapsulating bridge includes receiving a packet having an unencapsulated-DA (destination address) and an associated encapsulation identifier. The unencapsulated-DA and the associated encapsulation identifier are used to determine a TxPort-unencapsulated network (unencapsulated network side transmit port) or an encapsulated-DA for the packet. This method reduces latency of processing by reducing lookups, thereby also increasing transmission bandwidth of the communications network. The invention also facilitates embodiments with reduced memory and processing requirements, as compared to conventional implementations. This method is particularly useful for MAC-in-MAC encapsulation.

A service provider network supports multiple tenants by having a virtual local area network for each enterprise, and a router connected to enterprise networks of the multiple tenants including a virtual router for each enterprise. The virtual router has a distinct routing table for each enterprise, for routing traffic between the desktops hosted on the plurality of host machines and the computer resources on the enterprise networks.