In some examples, a network device of a network comprises a first component configured to store a plurality of next hop instructions corresponding to respective logical or physical network structures of the network. The network device also comprises a second component configured to send, to the first component, a message that identifies an association of the plurality of next hop instructions, wherein the first component is further configured to modify, in response to receiving the message, each of the plurality of next hop instructions.

Dynamic advertisement routing is disclosed. For example, a plurality of internet protocol (“IP”) addresses associated with respective plurality of target nodes is stored in a routing pool. Each IP address in the routing pool is pinged through each of first and second load balancer network interfaces. Network routes associated with target nodes are updated based on a first plurality of ping responses. Communications sessions are established with target nodes through respective network routes. IP addresses are pinged and respective latencies in a latency cache are updated based on a second plurality of ping responses. A first request directed to the plurality of target nodes is received and is determined to be sent to a first target node based on the latency cache forwarded to the first target node via the first network route.

Methods and apparatus that allow clients to connect resource instances to virtual networks in provider network environments via private IP. Via private IP linking methods and apparatus, a client of a provider network can establish private IP communications between the client's resource instances on the provider network and the client's resource instances provisioned in the client's virtual network via links from the private IP address space of the virtual network to the private IP address space of the provider network. The provider network client resource instances remain part of the client's provider network implementation and may thus also communicate with other resource instances on the provider network and/or with entities on external networks via public IP while communicating with the virtual network resource instances via private IP.

According to one embodiment, a method includes receiving, by a first edge device at a first site, a first site overlay control plane message including control plane information. The first edge device translates the first site overlay control plane message into a core overlay control plane message. The first edge device sends the core overlay control plane message over a core network to a second edge device at a second site.

The system includes a vehicle and a remote centre, which manages traveling information of a plurality of vehicles. The remote centre transmits a message containing a collection condition to the in-vehicle communication set by wireless communication. The message has a header and a plurality of frames. The header identifies the in-vehicle communication set as the destination. Each frame has three fields. The Destination ECU is not used in the message from the remote centre to the communication set. A destination information conversion unit in the in-vehicle communication set fills in this field before sending the frame over the vehicle network. An information collection control device collects vehicle data from control devices connected to the vehicle network according to the collection condition and returns collected vehicle data to the remote centre.

Apparatuses, methods and storage medium associated with routing data in a switch are provided. In embodiments, the switch may include route lookup circuitry determine a first set of output ports that are available to send a data packet to a destination node. The lookup circuitry may further select, based on respective congestion levels associated with the first set of output ports, a plurality of output ports for a second set of output ports from the first set of output ports. An input queue of the switch may buffer the data packet and route information associated with the second set of output ports. The switch may further include route selection circuitry to select a destination output port from the second set of output ports, based on updated congestion levels associated with the output ports of the second set of output ports. Other embodiments may be described and/or claimed.

The disclosed computer-implemented method may include (1) creating, at a proxy node within an IP network, a proxy group that includes a plurality of network nodes within a subnet of the IP network that are represented by a pseudo MAC address, (2) receiving a neighbor solicitation from a network node included in the proxy group, (3) identifying, within the neighbor solicitation, a link-layer address of the network node that sent the neighbor solicitation, (4) modifying the neighbor solicitation by replacing the link-layer address of the network node with the pseudo MAC address of the proxy group, and then (5) forwarding the modified neighbor solicitation to another network node included in the proxy group to facilitate completion of an NDP process in which the other network node responds to the modified neighbor solicitation with a neighbor advertisement proxied by the proxy node. Various other methods, systems, and apparatuses are also disclosed.

The present invention discloses a method for controlling transmission security of an industrial communication flow based on an SDN architecture. The method comprises: designing a flow security control module in a management controller, performing in-depth parsing on industrial communication flow data, matching the parsing result with each preset industrial rule policy, and executing a control processing operation of the industrial rule policy, to implement transmission control of an industrial communication flow. The management controller comprises an industrial rule policy database used for storing all industrial rule policies set by a user. An SDN switch maintains a structure of a flow table, and an industrial communication flow is forwarded according to the flow table. The flow table comprises a security control identifier used for indicating whether security transmission of this communication flow needs to be controlled. The present invention can detect the legality of an industrial communication data flow, to control access of industrial communication that does not conform to an industrial rule policy, so that the security and reliability of industrial control systems based on an SDN architecture are guaranteed.

Graceful restart in routers having redundant routing facilities may be accomplished by replicating network (state/topology) information.

The present invention is directed towards a method for using a listening policy for a virtual server on an intermediary device. An intermediary device establishes for a first virtual server a first listening policy with an expression for evaluating packets received by the intermediary device to determine whether the packet may access the first virtual server. The intermediary device listens for packets at a first internet protocol (IP) address and a first port specified for the first virtual server. Then, the intermediary device evaluates the expression of the first listening policy to a first packet received at the first IP address and first port and determines whether to provide the first packet to the first virtual server based on a result of the evaluation.