A communication network is defended using a distributed infrastructure that leverages coordination across disparate abstraction levels. At each node computing device comprising a communication network, a stored event list is used to detect at least one node event which occurs at a machine code level and is known to have the potential to interfere directly with the internal operation of the node computing device. The at least one node event is one which is exclusive of an event within a network communication domain. In response to detecting the at least one node event at one of the plurality of network nodes, an optimal network-level defensive action is automatically selectively determined by the network. The network level defensive action will involve a plurality of network nodes comprising the communication network.

A method of processing one or more packets includes receiving, at a first processing unit, a first packet including first information bits. The first information bits indicate a first control parameter. The method also includes determining whether the first control parameter will be utilized to process the first packet in at least a second processing unit and, at least partially in response to determining that the first control parameter will not be utilized to process the first packet in at least the second processing unit, replacing one or more bits of the first information bits in the first packet with second information bits. The second information bits indicate a second control parameter. The method also includes providing the first packet including the second information bits to the second processing unit.

A method forwards data between secured computer systems in a computer network structure. Data packets are transmitted along a predetermined communication path structure from a source computer system to at least one target computer system by means of a group of task servers, wherein the communication path structure comprises a plurality of parallel sub-paths. Both the source computer system and the target computer system keep predetermined network ports closed such that no connection establishment from the exterior to the source computer system or to the target computer system is permitted, wherein, the source computer system or the target computer system can establish a connection to a respective broker computer system to store data packets in the broker computer system or to fetch them from there.

The invention relates to network nodes comprising: a first computing unit (CPU.sub.a); at least one second computing unit (CPU.sub.b); an internal switch (Sw.sub.i); and an external switch (Sw.sub.e), wherein the internal switch (Sw.sub.i) is connected to the first computing Nunit (CPU.sub.a), the at least second computing unit (CPU.sub.b) and to the external switch (Sw.sub.e) and wherein the external switch (Sw.sub.e) has at least one port for data originating from other network nodes. The invention also relates to a control module and an Ethernet ring.

In some examples, a network node receives a packet from an adjacent node in a packet-switched network. The receiving node can forward the packet to a destination node via a minimum cost forwarding node adjacent to the network node or to a non-minimum cost forwarding node adjacent to the network node based on routing criteria for the packet-switched network. The routing criteria can include whether the adjacent node that sent the packet to the receiving node is a non-minimum cost node between a source node and the destination node for the packet.

The present application discloses a method and an apparatus for implementing an OAM function. In this solution, a unified OAM management center processes, based on a unified OAM management data model, network OAM status information, but the unified OAM management data model is unrelated to a network technology used by a network entity.

This disclosure generally discloses a path search mechanism for determining mutually compatible paths within a network includes nodes and links. The path search mechanism for determining mutually compatible paths may be configured to determine a set of mutually compatible paths for a set of demands where the demands may include requests for paths between pairs of nodes of the network. The path search mechanism for determining mutually compatible paths may be configured to determine a set of mutually compatible paths for a set of demands where compatibility may be based on edge disjointness, node disjointness, or the like, as well as various combinations thereof. The path search mechanism for determining mutually compatible paths may be configured to determine a set of mutually compatible paths for a set of demands subject to an objective.

A service classifier network device receives a subflow and identifies that the subflow is one of at least two subflows in a multipath data flow. Related data packets are sent from a source node to a destination node in the multipath data flow. The service classifier generates a multipath flow identifier and encapsulates the subflow with a header to produce an encapsulated first subflow. The header identifies a service function path and includes metadata with the multipath flow identifier.

Methods and systems are provided for link health forecasting to determine potential link failures such that remedial action may be taken prior to any data loss or degradation. DDM/DOM information may be used in conjunction with OAM protocols to monitor and predict link health degradation for faster failovers or self healing.

Traffic recovery is supported at a switching node (20) of an OpenFlow network (5). The switching node (20) has a flow table (23) for storing flow entries (24) which determine forwarding of received packets between the ports. A switching node (20) installs (102) a flow entry for a back up path in the flow table (23). The switching node (20) renews (104, 105) the flow entry for the backup path based on at least one of: (i) an association between the flow entry for the backup path and a flow entry for a working path at the switching node, wherein the flow entry for the backup path is renewed when the flow entry for the working path is used to forward a received packet; (ii) receiving a flow entry renewal packet from another switching node on the backup path. A backup path can be configured for each of multiple points of failure in the working path.