A method includes, at a node associated with a multiprotocol label switching system (MPLS) network, identifying information associated with an application flow based on one or more unencapsulated packet headers of the application flow or based on an ingress data stream that includes the application flow. The method further includes, in response to identifying the information, and based on stored data that maps application flows with psuedowires, determining a number of pseudowires corresponding to paths through the MPLS network, where the stored data indicates, for a sending device application, a distributed mapping of the application flow via at least one of the number of psuedowires, and communicating data related to the sending device application via at least one of the number of pseudowires.

Techniques are described for providing logical networking functionality for managed computer networks, such as for virtual computer networks provided on behalf of users or other entities. In some situations, a user may configure or otherwise specify a network topology for a virtual computer network, such as a logical network topology that separates multiple computing nodes of the virtual computer network into multiple logical sub-networks and/or that specifies one or more logical networking devices for the virtual computer network. After a network topology is specified for a virtual computer network, logical networking functionality corresponding to the network topology may be provided in various manners, such as without physically implementing the network topology for the virtual computer network. In some situations, the computing nodes may include virtual machine nodes hosted on one or more physical computing machines or systems, such as by or on behalf of one or more users.

A transit/egress node in a communication network uses a performance measured flow (PMF) identifier for statistics collection for a given PMF. The PMF identifier is carried in the piggy backed information without the use of separate SR label. The Piggy backed information carries the node information role of the node used by the transit egress node to collect statistics for a given PM segment. The node collects the statistics for multiple segments and multiple PM types using a metadata present in single received packet

Described embodiments provide systems and methods for inferring a network type and network conditions. The system includes a packet capturing engine configured to capture a plurality of network packets from a plurality of TCP network connections. The system includes a packet analyzer configured to analyze the plurality of network packets to generate a plurality of metrics. The system includes a network classifier configured to infer network types of the plurality of TCP connections based on the plurality of metrics and at least one classification model. The system also includes a conditions ranking engine configured to estimate a level of network congestion for each TCP connection based on the plurality of metrics and the network types.

Examples include techniques to meet quality of service (QoS) requirements for a fabric point to point connection. Examples include an application hosted by a compute node coupled with a fabric requesting bandwidth for a point to point connection through the fabric and the request being granted or not granted based at least partially on whether bandwidth is available for allocation to meet one or more QoS requirements.

Techniques are described for advertising constraint-based path computation (e.g., flexible-algorithm) through a constrained network topology. For example, a network device comprises a memory and one or more programmable processors operably coupled to the memory, wherein the one or more programmable processors are configured to generate a packet including a segment identifier (SID) offset, wherein the SID offset is an offset value associated with the flexible-algorithm. The one or more programmable processors of the network device are also configured to send, to at least one other network device of the plurality of network devices, the SID offset to enable the at least one other network device to derive a node segment identifier for the at least one other network device to participate in the flexible-algorithm.

A method for routing communication traffic in a network includes detecting that a link in a parallel link configuration has failed and, in response, adjusting one or more metrics associated with other links in the parallel link configuration to indicate that none of the links in the parallel configuration are available. A router connected to a direct link in a parallel link configuration including one or more other routers connected to one or more indirect links, respectively, includes a memory storing configuration parameters specifying a minimum number of links required to be operational in the parallel link configuration and an artificially high cost, and a link metric adjustment module operable to set a metric of the direct link to the artificially high cost until the minimum number of required links are operational after startup of the router or failure and reactivation of the direct link.

The present disclosure involves systems and methods for managing a trie routing table for a networking device of a communication or computer network. In one implementation, the networking device may utilize a dynamic algorithm for associating hashing functions with pivot tiles of the routing table to improve hash utilization and avoid hash collisions. Further, route prefixes may be relocated from pivot tiles in an attempt to free the tiles for reallocation to other prefix base width or may be relocated to other possible pivot tiles or to a general storage space when a hash collision is detected. This provides for even distribution of pivots within tiles which have base widths in range of a pivot route. The above implementations may occur together or separately to improve the operation of the networking device and provide faster route lookup.

An end-to-end security communication method includes, when receiving a security key generation request packet from a first host, generating, by a communication controller, a security key for end-to-end security communication between the first host and a second host, transmitting the generated security key to each of the first host and the second host, and setting a forwarding rule for transmission of a packet destined for a Media Access Control (MAC) address of the first host or a MAC address of the second host to a first switch and a second switch connected respectively to the first host and the second host. According to the end-to-end security communication method, the communication controller performs the process of generating a security key that will be shared between hosts using Software Defined-Networking (SDN), so that MAC security communication technology can be applied to communication between hosts belonging to different networks.

A digital data communications network that supports efficient, scalable routing of data and use of network resources by combining a recursive division of the network into hierarchical sub-networks with repeating parameterized general purpose link communication protocols and an addressing methodology that reflects the physical structure of the underlying network hardware. The sub-division of the network enhances security by reducing the amount of the network visible to an attack and by insulating the network hardware itself from attack. The fixed bandwidth range at each sub-network level allows quality of service to be assured and controlled. The routing of data is aided by a topological addressing scheme that allows data packets to be forwarded towards their destination based on only local knowledge of the network structure, with automatic support for mobility and multicasting. The repeating structures in the network greatly simplify network management and reduce the effort to engineer new network capabilities.