A software defined networking (SDN)-based distributed denial of service (DDoS) attack prevention method, an apparatus, and a system, where a controller delivers a traffic statistics collection instruction to a first packet forwarding device. The traffic statistics collection instruction instructs the first packet forwarding device to perform traffic statistics collection, and carries a destination Internet Protocol (IP) address. The controller collects statistical data reported by the first packet forwarding device, obtains, according to the statistical data, a statistical value of global traffic flowing to the destination IP address, and delivers a DDoS prevention policy to a second packet forwarding device based on a determining result that the statistical value of the global traffic exceeds the preset threshold. Correspondingly, the second packet forwarding device receives the DDoS prevention policy from the controller, and performs, according to the DDoS prevention policy, prevention process on the traffic flowing to the destination IP address.

A network management system can include multiple network interfaces. For example, the network management system can include a first network interface that can receive a stream of network packets associated with users. The network management system can include a second network interface for transmitting the received stream of network packets. The network management system can shape the stream of network packets before transmission. The network management system can assign the network packets into classes. The classes may have a configured hierarchical relationship. The classes may also have an operational hierarchy based on bandwidth usage during operation. The network management system can shape the stream of network packets based on operational hierarchy of classes and configured hierarchical relationship.

Multicast and unicast communication among computing devices across different local area networks (LANs) and without static IP addresses is supported by assigning an instant-share (InS) address to an individual computing device. The InS address is recognizable by a dedicated router located in the Internet and enables the dedicated router to communicate with the individual computing device. The individual computing device embeds an InS address of a destination computing device in a data message to form an extended data message, and sends the extended data message to the dedicated router. The dedicated router then forwards the extended data message to the destination computing device. A group member contact synchronization among different computing devices in a group without Internet connectivity is also supported. Local lists of group members from different computing devices are collected. The most-recent one is used to update the local list of group members of a computing device.

A routing structure is defined for provider edge (PE) routers that will create the ability to recompute best paths based on application criteria. The routing structure may include the use of a network controller which is connected with the internet to receive requests from applications to trigger path re-computation. The controller will peer with PEs to send re-computation information used by the PE to construct an application-aware BGP table and forwarding instance. The PE also defines a new BGP and packet filter to replicate specific BGP paths into the application-aware table. The application-aware BGP and forwarding instance is unique to the requesting application. Thus, each request with a different source/destination combination obtains a discrete table providing separation. When a packet enters the PE from customer edge (CE) or core interface the packet traverses a packet filter that when matched against source/destination is redirected to the appropriate application-aware forwarding table. Once in the application-aware table the packet is then forwarded along the application-aware path achieving the objective. The instantiation of the application-aware BGP and forwarding table is be done based on BGP updates learned from the controller.

The invention relates to a central control entity (200) configured to control a data plane flow of a stream of data packages in a radio access network part of a mobile communications network. The central control entity (200) comprises an information detecting unit (210), configured to detect information about data plane applications (41-44) attached to forwarding elements (120-124; 131-134) of the radio access network part and configured to detect information about at least one data plane application (41-44) that is to be applied to said data plane flow. Furthermore, the central control entity (200) comprises a control unit (230), configured to determine a path of the data plane flow through the forwarding elements (120-24; 131-134) of the radio access network part, wherein the control unit (230) is configured to determine the path taking into account said at least one data plane application (41-44) to be applied to said data plane flow, the control unit (230) being further configured to instruct the forwarding element in the path, to which said at least one data place application is attached, to pass the data plane flow through said at least one data plane application (41-44).

Tunnels are established between nodes along a packet transfer route in a communication network so that a packet is transferred from a first relay node to a second relay node via one or more intermediate relay nodes using the established tunnels. An intermediate relay node receives, from an adjacent downstream relay node, a reply message storing relay-node addresses identifying the downstream relay node and at least one intermediate relay node between the downstream relay node and the first relay node. The intermediate relay node establishes a tunnel to the downstream relay node in association with the relay-node address of the downstream relay node, updates the reply message by removing the relay-node address of the down stream relay node from the reply message, and transfers the updated reply message to an adjacent upstream relay node along the packet transfer route.

In one embodiment, an autonomous system border router (ASBR) advertises a same forwarding label for received advertised routes of a merging context that were advertised with a same forwarding label for the ASBR to use when sending corresponding packets. An ASBR receives via a routing protocol from a particular router in the same autonomous system, a plurality of same-labeled received routes advertised with a same first forwarding label within a merging context. In response to each of the plurality of same-labeled received routes having the same first forwarding label to use to forward packets to the particular router and being in the same merging context, the ASBR determines a merged forwarding label and advertises to a peer ASBR in another autonomous system (AS) each of the plurality of same-labeled received routes with the merged forwarding label for the peer ASBR to use to forward packets to the ASBR.

A control method executed by an information processing device including a memory configured to store information on a plurality of temporary routes set for each kind of service, the control method includes receiving a routing request from a switch among a plurality of switches; extracting, from the memory, a temporary route corresponding to a service related to the routing request when it is determined that processing congestion of the information processing device occurs; setting the extracted temporary route for one or more related switches among the plurality of switches; determining a route corresponding to the service, based on a predetermined condition of the service, when it is determined that the processing congestion of the information processing device has subsided; and setting the determined route for the one or more related switches among the plurality of switches.

A computing system in data communication with a plurality of nodes that make up a distributed computing cluster can detect an absence of communication from a node of the plurality of nodes over a time period that exceeds a predefined threshold time period. The computing system can query an instance of a central topology manager for the plurality of nodes regarding liveness of the node from which the absence of communication was detected and can attempting to re-initiate communication with the node when the instance of the central topology manager indicates that the node is live.

Embodiments of the present invention provide a cluster that includes a first node and a second node, and the first node and the second node are configured to cooperatively perform a forwarding service on a first packet, where the first node is configured to receive the first packet by using an inbound interface and determine the inbound interface; and the second node is configured to determine an outbound interface according to a forwarding table corresponding to the forwarding service and forward the first packet by using the outbound interface of the second node. In addition, the embodiments of the present invention further provide other clusters and forwarding methods. The foregoing technical solutions help to reduce software and hardware resources occupied by a cluster.