A classifier network element in a service function chain system receives a classification policy and an access policy from a controller of the service function chain system. The classification policy identifies which service function path network traffic flows will traverse through the service function chain system. The access policy defines criteria for determining whether network traffic flows will be sent along a service function path of the service function chain system. The classifier network element receives an initial packet of a network traffic flow from a source endpoint directed to a destination endpoint. Responsive to a determination that the initial packet of the network traffic flow satisfies the criteria of the access policy, the classifier network element applies the access policy to the network traffic flow.

A decoder deployed in one or more terminals, includes a computer readable storage medium storing program instructions, and a processor executing the program instructions, the processor configured to receiving a noisy message and a noisy hash from the network, searching for a pair of matching candidates for the hash and message from two row spaces of noisy message vectors using a shared secret with an encoder, and outputting, by the decoder, a decoded message if the searching is successful.

Some embodiments provide a method for a network controller that manages a flow-based managed forwarding element (MFE). The method receives multiple sets of service rules for implementation by the MFE. The sets of service rules have a priority order and the rules in each set of service rules have separate priority orders. The method organizes the service rules in all of the sets of service rules into a single ordered list of service rules. The method assigns priority values within a space-constrained set of priority values to the service rules in the list in a manner designed to minimize re-assignment when changes to the sets of service rules are received. The method uses the assigned priority values to generate flow entries for the MFE to use to implement the service rules.

A method including: receiving, at a video conferencing device, a packet of a video conferencing media stream, the video conferencing device including a processor; determining, by the video conferencing device, whether a length of the packet is sufficiently long to contain media; sending a request to a Look-up Table memory using the media stream ID as an input value while in parallel determining, with the processor, whether the packet is a valid media packet; in response to receiving a destination address in a media processing network from the Look-up Table memory and determining that the packet is a valid media packet, modifying, by the video conferencing device, a header of the packet with the destination address received from the Look-up Table memory; and transmitting, by the video conferencing device, the packet to the modified destination address.

Methods and techniques for flooding packets on a per-virtual-network basis are described. Some embodiments provide a method (e.g., a switch) which determines an internal virtual network identifier based on one or more fields in a packet's header. Next, the method performs a forwarding lookup operation based on the internal virtual network identifier. If the forwarding lookup operation succeeds, the method can process and forward the packet accordingly. However, if the forwarding lookup operation fails, the method can determine a set of egress ports based on the internal virtual network identifier. Next, for each egress port in the set of egress ports, the method can flood the packet if a virtual network identifier in the packet's header is associated with the egress port. Flooding packets on a per-virtual-network basis can substantially reduce the amount of resources required to flood the packet when a forwarding lookup operation fails.

Techniques for multi-path routing of packets to a destination node based on multiple routing tables of a router device. In an embodiment, a router device includes port groups which each correspond to a different respective network path to the same destination node. In another embodiment, each routing engine of multiple routing engines in a router device routes packets to the destination node based on a different respective one of multiple routing tables. The routing tables may include respective entry sets which, at least with respect to routing packets to the destination node, dedicate each routing engine to a respective one of the port groups.

An autonomous network and a corresponding routing method include determining routing paths by a controller, and providing the determined routing paths to a data packet processor located remotely from the controller. The data packet processor routes outgoing data packets, based on information from the controller, through a plurality of switches remotely from the data packet processor. Each switch includes a plurality of network interfaces. For an outgoing data packet, the data packet processor determines a network interface over which to transmit the data packet, and adds an indication of the determined network interface in a header of the data packet. The data packet processor forwards the modified data packet to the switch including the determined network interface. The switch identifies the network interface based on the indication, and transmits the outgoing data packet over the identified network interface.

Various systems and methods for performing bit indexed explicit replication (BIER). For example, one method involves receiving a packet at a node. The packet includes a bit string. The node traverses the bit string and selects an entry in a bit indexed forwarding table (BIFT). The entry includes a forwarding bit mask. Based on the forwarding bit mask and the bit string, the node forwards the packet.

One embodiment of the present invention provides a switch in a network of interconnected switches. The switch includes a storage device, a hardware management apparatus, and a layer-2 management apparatus. The storage device stores a forwarding table, which includes an entry comprising a MAC address and an egress port for the MAC address. The hardware management apparatus determines whether a destination MAC address of a frame is present in a hardware table in memory of the switch. The layer-2 management apparatus, in response to a determination that the destination MAC address is not present in the hardware table, looks up a first entry comprising the destination MAC address in the forwarding table, and creates a second entry comprising the destination MAC address in the hardware table based on the first entry.

One embodiment of the present invention provides a computing system. The computing system includes processing circuitry, one or more ports, a persistent storage module, and a management module. The persistent storage module stores a plurality of persistent storage instances associated with a plurality of switch groups. A respective persistent storage instance stores configuration information associated with a switch group in a data structure. The management module identifies at least two switch groups, which are associated with a logical network, from the plurality of switch groups and configures a respective virtual network representing the logical network in a respective identified switch group. The management module also maintains a mapping between a respective virtual network and the logical network.