A label switch router (LSR) in a label-switched path (LSP) may receive, from an ingress edge LSR, a Multi-Protocol Label Switching (MPLS) echo request, where the LSP includes a tunnel having details that are hidden by a Nil Forward Equivalency Class (FEC). The LSR may determine whether the LSR is an egress node for the tunnel in the LSP based at least in part on one or more labels in the MPLS echo request. The LSR may, in response to determining that the LSR is the egress node for the tunnel in the LSP, send an MPLS echo reply that indicates the LSR as being the egress node for the tunnel in the LSP.

Various example embodiments for supporting security for communications may be configured to support security for communications of communication protocols at various communication layers. For example, various example embodiments for supporting security for communications may be configured to support security for communications of communication protocols operating above Layer 2 using a Layer 2 network security protocol. For example, various example embodiments for supporting security for communications may be configured to support security for communications of communication protocols operating at Layer 2.5 (e.g., Multiprotocol Label Switching (MPLS) protocols or other Layer 2.5 protocols) using a Layer 2 network security protocol. For example, various example embodiments for supporting security for communications may be configured to support security for communications of communication protocols operating at Layer 3 (e.g., Internet Protocol (IP), such as IP version 4 (IPv4) or IP version 6 (IPv6), or other Layer 3 protocols) using a Layer 2 network security protocol.

Disclosed is a mechanism that provides the extensions of PCEP message and the objects to support PCECC with P2MP capability in downloading the labels for branch node of P2MP TE LSPs. In one implementation, various embodiments provide an apparatus, a system, a node and a method that receives a PCLabelUpd message with all the extensions and the objects to support PCECC with P2MP capability, detects the object and identifies that the label download is for P2MP TE LSP and for this LSP. In those embodiments, the apparatus/the system/the node acts as a branch node, and thereby the apparatus/the system/the node downloads all the labels specified in the object to data plane with respect to any existing branch node download mechanism for a P2MP TE LSP.

A route recursion control method includes a first network device that receives Border Gateway Protocol (BGP) routing information from a second network device. The BGP routing information includes a destination address, a next-hop address for the destination address, and attribute information. The attribute information indicates a manner of performing route recursion on the next-hop address by the first network device. The first network device determines, based on the attribute information, the manner of performing the route recursion on the next-hop address.

Some examples relate to identifying a dynamic network parameter probe interval in an SD-WAN. In an example, a controller may define a probe profile of an uplink in the SD-WAN. The probe profile of the uplink may include a static probe interval and a probe retry value. The controller may determine the value of the network parameter for the uplink, prior to expiration of a static probe timer interval. If the value of the network parameter is in negative deviation with a baseline value of the network parameter, the controller may identify a dynamic probe interval for each successive determination of the value of the network parameter. The identification of the dynamic probe interval for a given successive determination may depend on at least one previously determined value of the network parameter. The controller may initiate duplicate network traffic on a secondary uplink in the SD-WAN.

A disclosed method may include (1) receiving, at a node within a network, an MPLS echo request from an additional node adjacent to the node, (2) determining that a FEC query is included in a FEC stack of the MPLS echo request and then, in response to determining that the FEC query is included in the FEC stack of the MPLS echo request, (3) determining at least one FEC that corresponds to a label included in a label stack of the MPLS echo request, and then (4) notifying the additional node of the FEC that corresponds to the label included in the label stack by sending, to the additional node, an MPLS echo reply that identifies the FEC that corresponds to the label. Various other systems, methods, and computer-readable media are also disclosed.

Provided is a method and device for implementing Virtual Private Network (VPN) cross-domain, and a border node. The method includes that: a border node receives a advertisement message which carries VPN route information and is sent by a first node to a second node, wherein the border node supports Internet Protocol Version 6 Segment Routing (SRv6) capability, and the first node and the second node belong to different domains; and the border node assigns VPN identity information to a VPN route corresponding to the VPN route information, adds the VPN identity information into the advertisement message and sends the advertisement message to the second node, wherein the VPN identity information includes at least one of: a VPN Segment ID (SID) and a VPN label.

A packet forwarding method includes obtaining, by a network device, a first tunnel identifier of a first packet. When the first tunnel identifier is a first value, and forwarding, by the network device, the first packet based on a first routing group in a virtual routing and forwarding (VRF) table. The first routing group consists of one or more local routes, and each next-hop outbound interface of the one or more local routes is a local outbound interface. The network device forwards the packet based on a local routing group including only a local route in the VRF table such that the packet is forwarded to a local virtual machine for processing, and is not forwarded to another tunnel endpoint device during packet forwarding.

A solution that provides for increased high-frequency, record exports giving real-time insight of traffic patterns, by splitting a conventional monolithic template into a static template and a dynamic template. Static flow records are sent only at the beginning of a flow, or when ‘almost static’ information elements change. Dynamic records are sent very frequently, and only when there is a dynamic information element change.

Techniques for initiator-based data-plane validation of segment routed, multiprotocol label switched (MPLS) networks are described herein. In examples, an initiating node may determine to validate data-plane connectivity associated with a network path of the MPLS network. The initiating node may store validation data in a local memory of the initiating node. In examples, the initiating node may send a probe message that includes a request for identification data associated with a terminating node. The terminating node may send a probe reply message that includes the identification data, as well as, in some examples, a code that instructs the initiating node to perform validation. In examples, the initiating node may use the validation data stored in memory to compare to the identification data received from the terminating node to validate data-plane connectivity. In some examples, the initiating node may indicate a positive or negative response after performing the validation.