Embodiments of the present invention relate to the communications field, and provide an access control apparatus, system, and method. The method includes: receiving a first service chain forwarding rule sent by a controller; receiving a first packet sent by a classifier; and when a service chain identifier carried in the first packet matches a first service chain identifier in the first service chain forwarding rule, forwarding the first packet to a first access network element according to a first identifier.

A non-transitory computer readable medium storing instructions which, when executed by one or more hardware processors, causes performance of operations including: determining a location associated with a client device, assigning a priority to packets, received from the client device or targeted for the client device, based at least on the location associated with the client device, and processing packets based on the priority assigned to the packets.

A software-defined network (SDN) may include a controller that causes data an flow to be routed at least partially based on an application associated with the flow. The controller may identify an application associated with a flow and may determine desired transmission characteristics associated with the application. The controller may then dynamically identify an appropriate path for the flow data based on the desired transmission characteristics. The controller may further identify a quality of service value associated with a source or destination device associated with the flow data and may adjust the quality of service value based on the desired transmission characteristics associated with the application.

A network device receives a packet is received from a network, and determines at least one port, among a plurality of ports of the network device, via which the packet is to be transmitted. The network device also determines an amount of free buffer space in a buffer memory of the network device, and dynamically determines, based at least in part on the amount of free buffer space, respective thresholds for triggering ones of multiple traffic management operations to be performed based on the packet. Using the respective thresholds, the network device determines whether or not to trigger ones of the multiple traffic management operations with respect to the packet. The network device performs one or more of the traffic management operations with respect to the packet determined to be triggered based on the corresponding one of the respective thresholds.

Data packets being communicated through a communications network can be prioritized. For example, a processor can receive a data packet via the communications network. The data packet can be formed according to a communications protocol and have a header field with an initial value. The processor can determine an updated value for the header field of the data packet based on the initial value from the header field and a user account associated with the data packet. The processor can update the header field to have the updated value. The processor can then prioritize the data packet with respect to at least one other data packet based on the updated value of the header field.

A method for operating a network includes implementing at least one service function chain (SFC) including several service functions (SFs) for providing traffic steering; encoding traffic steering information related to the at least one SFC; and using redundant information in an addressing scheme of network hosts for addressing the SFs.

A packet is received at a network device. The packet is processed by the network device to determine at least one egress port via which to transmit the packet, and to perform egress classification of the packet based at least in part on information determined for the packet during processing of the packet. Egress classification includes determining whether the packet should not be transmitted by the network device. When it is not determined that the packet should not be transmitted by the network device, a copy of the packet is generated for mirroring of the packet to a destination other than the determined at least one egress port, and the packet is enqueued in an egress queue corresponding to the determined at least one egress port. The packet is subsequently transferred to the determined at least one egress port for transmission of the packet.

Embodiments provide an SDN, an SDN configuration method, an SDN-based data transmission method, and a network controller. A data packet combination function and a data packet split function are separately configured on nodes in the SDN. Therefore, when data packets of a first service are received, multiple small data packets of the first service may be combined into one large data packet. In comparison with transmission of the multiple small data packets, transmission efficiency of the SDN can be improved by transmitting the combined data packet.

A data packet extraction method and apparatus is disclosed. Two hash values calculated based on quintuple information of different data packets of a same session are the same, that is, two calculated remainders are also the same at a same sampling ratio. When one remainder of the two calculated remainders is a preset sampling remainder, all the data packets in a network that belong to the session are extracted, so as to implement data packet extraction based on a session. When the quintuple information of the different data packets of the same session matches a first mapping table, either all the data packets of the same session can match the first mapping table, or none of the data packets of the same session can match the first mapping table, so as to implement data packet extraction based on a session.

A method for analyzing traffic in a communications network includes sampling data packets at a plurality of network interconnection points, wherein sampling the data packets includes generating a plurality of sampled packet data in one or more standardized formats, converting the sampled packet data from the one or more standardized formats into a neutral format, and aggregating the sampled packet data in the neutral format from the plurality of network interconnection points. A system includes a communications node operable to sample data packets flowing through and generate sample packet data in a specified format, a collector node operable to convert the sampled packet data into a neutral format, the collector node further operable to map IP addresses of the sampled packet data to corresponding prefixes in a routing table; and an aggregator node operable to aggregate neutrally formatted sampled packet data from a plurality of collector nodes.