Described herein are methods and devices (e.g., routers) for performing segment routing over a multiprotocol label switching (MPLS) network. A method can include a router of the MPLS network receiving a packet, and the router modifying the packet by adding a segment routing header (SRH) type MPLS extension header. The SRH type MPLS extension header includes one or more segment identifiers (SIDs) that collectively provide a SID list for use in segment routing. The method further comprises the router copying one of the one or more SIDs in the SRH type MPLS extension header to a top of an MPLS label stack, and the router forwarding the packet as modified to another router of the MPLS network based on the one of the one or more SIDs included in a label stack entry at the top of the MPLS label stack.

A traffic controller device for distributing or otherwise controlling the distribution of routing information may be included in a telecommunications network. The traffic controller may receive routing tables from a plurality of network devices, such as one or more provider edge devices of the network. The traffic controller, upon receiving the routing information from the provider edge devices, may generate a routing table associated with each device providing the routing information. The traffic controller may also provide updates to one or more of the networking devices associated with the controller. The traffic controller may alter or update, at the traffic controller, the routing table associated with the target provider edge device based on the network policy. The routing information in the routing table for that device and maintained by the traffic controller may be updated with a new route or new local preferred parameter value.

A first network device may receive first traffic of a session that involves a service. The first network device may identify that the service is configured for distributed node processing. The first network device may identify a second network device that is configured for distributed node processing. The first network device may identify a state machine that is associated with the service. The first network device may determine, based on the state machine, a first function and a second function, wherein the first function is identified by a first label and the second function is identified by a second label. The first network device may process the first traffic based on the first function. The first network device may provide, to the second network device, the first traffic and the second label to permit the second network device to process second traffic in association with the second function.

First and second egress nodes are each multi-homed to a customer edge (CE) that participates in virtual routing and forwarding (VRF). First forwarding information is configured on the first egress node. The first information includes VRF labels and defines forwarding of traffic based on the VRF labels and a status of a primary path to the CE. The VRF labels include a per-VRF label for the VRF and a per-CE label for the CE. Second forwarding information is configured on the second egress node. The second forwarding information includes the per-VRF label and the per-CE label, and defines traffic forwarding based on the VRF labels. Upon receiving traffic for the CE that carries the per-VRF label, the first egress node determines the status of the primary path, and forwards the traffic to either the CE over the primary path or to the second egress node, depending on the status.

A path computation method and a related device are disclosed. The method includes: a second network device receives path requirement information and a recomputation condition that are sent by a first network device; the second network device first obtains by means of computation a path meeting a requirement according to the path requirement information, and sends description information of the path meeting the requirement to the first network device; then the second network device constantly determines whether the recomputation condition is met; and when the recomputation condition is met, the second network device performs path recomputation, and sends description information of a path obtained by means of recomputation to the first network device. Therefore sensitivity for triggering path recomputation can be improved and a quantity of communication messages between network devices can be reduced.

In various embodiments, a method and apparatus are configured to receive information associated with a path from a first node to a second node; and generate a set of one or more segment identifiers at least one of which is in an address space having a span in a current region in which the first node resides, and is configured for use in identifying a next region, wherein the set of one or more segment identifiers encodes the path.

A method provides for receiving network traffic from a host having a host IP address and operating in a data center, and analyzing a malware tracker for IP addresses of hosts having been infected by a malware to yield an analysis. When the analysis indicates that the host IP address has been used to communicate with an external host infected by the malware to yield an indication, the method includes assigning a reputation score, based on the indication, to the host. The method can further include applying a conditional policy associated with using the host based on the reputation score. The reputation score can include a reduced reputation score from a previous reputation score for the host.

Various implementations disclosed herein enable malleable routing for data packets. For example, in various implementations, a method of routing a type of data packets is performed by a device. In some implementations, the device includes a non-transitory memory and one or more processors coupled with the non-transitory memory. In some implementations, the method includes determining a routing criterion to transmit a set of data packets across a network. In some implementations, the method includes identifying network nodes and communication links in the network that satisfy the routing criterion. In some implementations, the method includes determining a route for the set of data packets through the network nodes and the communication links that satisfy the routing criterion. In some implementations, the method includes configuring the network nodes that are on the route with configuration information that allows the set of data packets to propagate along the route.

A data packet processing method includes cloud management platform sends virtual private cloud (VPC) network information of a computing instance running on a host to a network processing device, a virtual switch receives a data packet from the computing instance using a virtual port of the computing instance, and the data packet carries a network address of the computing instance and a virtual local area network (VLAN) identifier of the virtual port sending the data packet, the virtual switch sends the data packet according to the VLAN identifier, and routes the data packet to the network processing device, the network processing device determines the VPC network information of the computing instance according to the network address of the computing instance, and performs network function processing on the data packet. Therefore, a VPC network feature of a computing instance can be adjusted according to a requirement, thereby improving management efficiency.

The present disclosure is directed to enabling transparency for network traffic through an off-net site using the concept of static Pseudo-Wire (PW) of arriving data packets at a Network Interface Device (NID). In one aspect, a method of providing transparent Ethernet private line service includes receiving, at a network interface device of an enterprise network, a packet, the enterprise network being configured to receive the Ethernet private line service from a service provider; determining, by the network interface device, whether the packet is a raw data packet or a statically pseudo-wired packet; and performing, by the network interface device, a pseudo-wire encapsulation process if the packet is the raw data packet or a pseudo-wire de-capsulation process if the packet is the statically pseudo-wired packet, prior to delivering the packet to a corresponding destination.