A system for dynamically activating a virtual network is provided. During operation, the system can operate a switch as a tunnel endpoint of a tunnel in conjunction with a remote switch. The tunnel can facilitate a virtual private network (VPN) spanning the switch and the remote switch. The system can maintain an inactive state for a virtual local area network (VLAN) and a corresponding tunnel network identifier identifying the VLAN for the tunnel. If a notification indicating the activation of the VLAN at a downstream switch is received by the switch, the system can activate the VLAN at the switch. The system can then activate the tunnel network identifier in a routing process of the VPN, thereby enabling sharing of a media access control (MAC) address associated with the VLAN via the tunnel.

A system for dynamically activating a virtual network is provided. During operation, the system can operate a switch as a tunnel endpoint of a tunnel in conjunction with a remote switch. The tunnel can facilitate a virtual private network (VPN) spanning the switch and the remote switch. The system can maintain an inactive state for a virtual local area network (VLAN) and a corresponding tunnel network identifier identifying the VLAN for the tunnel. If a notification indicating the activation of the VLAN at a downstream switch is received by the switch, the system can activate the VLAN at the switch. The system can then activate the tunnel network identifier in a routing process of the VPN, thereby enabling sharing of a media access control (MAC) address associated with the VLAN via the tunnel.

A switch includes a port and a processor to receive an event associated with unblocking of the port. In response to the event associated with the unblocking of the port, the processor is to wait a specified amount of time that is based on a loop detect time interval used by a loop protect process for detecting a loop in a network. After waiting the specified amount of time, the processor is to determine whether the port remains unblocked.

Methods and apparatuses for a 5G System (5GS) (20) support Dynamic VLAN configuration for a logical Ethernet bridge (24) provided by the 5GS. In at least one embodiment, a User Plane Function (UPF) (22) runs, on a conditional basis, for example, Multiple VLAN Registration Protocol (MVRP) for a User Equipment (UE) (12) establishing or modifying an Ethernet Protocol Data Unit (PDU) session. Running MVRP allows the UPF to learn the VLAN's associated with the UE and correspondingly dynamically configure bridging services. In one or more embodiments. UEs that act as trunk ports are assigned a predefined VLAN ID, e.g., via an Application Function (AF) (32), and, for a UE establishing or modifying a session, a Session Management Function (SMF) (26) indicates the predefined VLAN ID to the UPF, triggering the UPF to run MVRP for the UE.

Various embodiments establish a virtual private network (VPN) between a remote network and a private network. In one embodiment, a first system in the remote network establishes a connection with a central system through a public network. The central system is situated between the first system and a second system in the private network. The first system receives, from the central system and based on establishing the connection, a set of VPN information associated with at least the second system. The first system disconnects from the central system and establishes a VPN directly with the second system through the public network based on the set of VPN information.

The present disclosure provides uplink data packet forwarding method and apparatus, and downlink as well. A kernel network interface is provided with an interface attribute including an interface name and an interface type, the interface type including a local area network interface and a wide area network interface; when it is a local area network interface, the kernel network interface has an interface tag including an interface name and an interface serial number; the method includes: receiving, by the kernel network interface that is a local area network interface, a to-be-forwarded data packet; judging, according to the interface serial number of the kernel network interface, whether the kernel network interface is in a binding state; and if yes, adding the interface tag to the to-be-forwarded data packet, and forwarding the to-be-forwarded data packet with the interface tag to the kernel network interface that is a wide area network interface.

In one embodiment, a method includes detecting a change in network topology and broadcasting a transient unconditional unpruning message to multiple nodes in the network. The message is configured to instruct each of the nodes receiving the message to start a phase timer in response to the broadcast message; unprune its operational ports; and, upon expiration of the phase timer, prune its ports in accordance with the results of a pruning protocol.

Various embodiments establish a virtual private network (VPN) between a remote network and a private network. In one embodiment, a first system in the remote network establishes a connection with a central system through a public network. The central system is situated between the first system and a second system in the private network. The first system receives, from the central system and based on establishing the connection, a set of VPN information associated with at least the second system. The first system disconnects from the central system and establishes a VPN directly with the second system through the public network based on the set of VPN information.

A method for sending a Transparent Interconnection of Lots of Links (TRILL) data frame, comprising acquiring a user virtual local area network (VLAN) or a combination of a user VLAN and a user multicast medium access control (MAC) address in a first protocol packet, and a first port identifier; storing a correspondence there-between in a forwarding table; searching, according to the user VLAN or the combination of the user VLAN and the user multicast MAC address in a TRILL data frame received, the forwarding table for a second port identifier corresponding to the VLAN or the combination of the user VLAN and the user multicast MAC address in the TRILL data frame, and forwarding the TRILL data frame from a pseudo wire (PW) port corresponding to the second port identifier.

Various embodiments establish a virtual private network (VPN) between a remote network and a private network. In one embodiment, a first system in the remote network establishes a connection with a central system through a public network. The central system is situated between the first system and a second system in the private network. The first system receives, from the central system and based on establishing the connection, a set of VPN information associated with at least the second system. The first system disconnects from the central system and establishes a VPN directly with the second system through the public network based on the set of VPN information.