Embodiments of the present invention relate to a Lookup and Decision Engine (LDE) for generating lookup keys for input tokens and modifying the input tokens based on contents of lookup results. The input tokens are parsed from network packet headers by a Parser, and the tokens are then modified by the LDE. The modified tokens guide how corresponding network packets will be modified or forwarded by other components in a software-defined networking (SDN) system. The design of the LDE is highly flexible and protocol independent. Conditions and rules for generating lookup keys and for modifying tokens are fully programmable such that the LDE can perform a wide variety of reconfigurable network features and protocols in the SDN system.

Methods and systems for routing a user request for a service to a version of the service in a geographical region associated with the user are described herein. The service may be deployed in multiple geographical regions, and the service may have multiple versions in each of the geographical regions. A user device may send a request for a service to a first server in a geographical region. The first server may determine whether the user is associated with the geographical region. Responsive to determining that the user is not associated with the geographical region, the first server may ask one or more servers in other geographical regions whether the user is associated with any of the other geographical regions.

Techniques are described for providing logical networking functionality for managed computer networks, such as for virtual computer networks provided on behalf of users or other entities. In some situations, a user may configure or otherwise specify a network topology for a virtual computer network, such as a logical network topology that separates multiple computing nodes of the virtual computer network into multiple logical sub-networks and/or that specifies one or more logical networking devices for the virtual computer network. After a network topology is specified for a virtual computer network, logical networking functionality corresponding to the network topology may be provided in various manners, such as without physically implementing the network topology for the virtual computer network. In some situations, the computing nodes may include virtual machine nodes hosted on one or more physical computing machines or systems, such as by or on behalf of one or more users.

A system and method for determining whether a gateway device, having two different network interfaces, is able to successfully operate as a Pseudo-Bridge. The gateway device transmits a message to a known network service entity on each of its network interfaces. For example, the gateway device may transmit a DHCP request on both its network interfaces. Alternatively, the gateway device transmits a message to an application server. If the network service entity on each network responds with the same IP address, a network loop is assumed to exist. In this case, the gateway may operate as a traditional router. If the network service entities on the two networks respond with different IP addresses, the gateway device operates as a Pseudo-Bridge. In this way, the network operates correctly in all scenarios.

A method is disclosed for optimizing packet transmission paths in a mobile communication network (400) in which packets are transmitted and received between mobile stations (10-14) or between a mobile station and a fixed network (120) by way of a plurality of packet transmission device (60-64, 70-72, 80, and 81) and radio base stations (50-57). When a mobile station uses a service that is provided by a fixed network (300), imposed are applied on the packet transmission path such that packets pass by way of specific packet transmission devices (80 and 81) depending on the fixed network (external network) 300. When the mobile station uses a service that is provided by the mobile communication network (400), on the other hand, no restrictions are imposed on the packet transmission path, and the packet transmission path is thus set such that the link costs are a minimum.

A method is disclosed for optimizing packet transmission paths in a mobile communication network (400) in which packets are transmitted and received between mobile stations (10-14) or between a mobile station and a fixed network (120) by way of a plurality of packet transmission device (60-64, 70-72, 80, and 81) and radio base stations (50-57). When a mobile station uses a service that is provided by a fixed network (300), imposed are applied on the packet transmission path such that packets pass by way of specific packet transmission devices (80 and 81) depending on the fixed network (external network) 300. When the mobile station uses a service that is provided by the mobile communication network (400), on the other hand, no restrictions are imposed on the packet transmission path, and the packet transmission path is thus set such that the link costs are a minimum.

A method is disclosed for optimizing packet transmission paths in a mobile communication network (400) in which packets are transmitted and received between mobile stations (10-14) or between a mobile station and a fixed network (120) by way of a plurality of packet transmission device (60-64, 70-72, 80, and 81) and radio base stations (50-57). When a mobile station uses a service that is provided by a fixed network (300), imposed are applied on the packet transmission path such that packets pass by way of specific packet transmission devices (80 and 81) depending on the fixed network (external network) 300. When the mobile station uses a service that is provided by the mobile communication network (400), on the other hand, no restrictions are imposed on the packet transmission path, and the packet transmission path is thus set such that the link costs are a minimum.

A packet type corresponding to a packet received by a network device is determined. Based on the packet type, one or more header fields to be extracted from a header of the packet are identified. Identifying the one or more header fields includes extracting, from a memory based on the packet type, respective indicators of locations of the one or more header fields and respective indicators of sizes of the one or more header fields. The one or more identified header fields from the header of the packet, based on the respective indicators of locations of the one or more header fields and respective indicators of sizes of the one or more header fields. The packet is then processed based on the one or more header fields extracted from the header. The processing includes deter mining at least one port to which to forward the packet.

A network management (NM) computing system generates a first work zone associated with a first remote network and a second work zone associated with a second remote network. Each work zone includes a respective virtual firewall and a respective virtual jump host. The NM computing system establishes a first and second communication path between the first virtual jump host and the first remote network via a multiprotocol layer switching network system, receives a data packet including a firewall identifier associated with the first virtual firewall and a local address associated with a destination device within the first remote network, routes the data packet through the first firewall to the first virtual jump host based on the firewall identifier, and transmits, by the first virtual jump host, the data packet to the first remote network using the first communication path and/or the second communication path.

A method includes, at a node associated with a multiprotocol label switching system (MPLS) network, identifying information associated with an application flow based on one or more unencapsulated packet headers of the application flow or based on an ingress data stream that includes the application flow. The method further includes, in response to identifying the information, and based on stored data that maps application flows with pseudowires, determining a number of pseudowires corresponding to paths through the MPLS network, where the stored data indicates, for a sending device application, a distributed mapping of the application flow via at least one of the number of pseudowires, and communicating data related to the sending device application via at least one of the number of pseudowires.