The present invention relates to a software defined networking in a wide area network (SD-WAN) device, comprising a network monitor which observes and gathers network parameters reflecting network conditions and stores them to a database; a metrics collector which receives and gathers node parameters reflecting node status stores them to the database, a traffic manager which performs a traffic evaluation on the network parameters or node parameters to identify if a network traffic level is within a performance range, and a policy engine which performs a mitigation evaluation on the analysis done by the traffic manager to determine if a mitigation strategy must be initiated. If a mitigation strategy must be initiated, the policy engine determines a target node to receive the mitigation strategy and translates the mitigation strategy into a format understandable to the target node and pushes a mitigation command containing the mitigation strategy to the target node.

Provided is a data processing system which links a plurality of types of processing each of which configured to implement a function. The data processing system includes: a gateway for inputting data; and a server for inputting data output from the gateway. The gateway applies first processing including one or more types of processing to the input data in accordance with information included in first flow information and outputs the processed data to the server. The server applies second processing to the data input from the gateway in accordance with the information included in the first flow information and thereafter applies third processing including one or more types of processing, specifies the second processing, generates, from the first flow information, second flow information including information for applying the third processing to the data input by the server from the gateway, and generates, from the first flow information, the second flow information including information for applying the first processing to the data input by the gateway and thereafter applying the second processing.

This application discloses a QoS control method, device, and system, to implement QoS control when a 5G core network or another future network is accessed through a network such as, for example, a fixed network. The method, performed by an access gateway function entity, includes: obtaining a correspondence between a QoS file and a virtual local area network (VLAN) priority, where the correspondence between the QoS file and the VLAN priority includes a correspondence between a first QoS file and a first VLAN priority; sending a first message to a terminal, where the first message includes the correspondence between the QoS file and the VLAN priority; receiving an uplink data packet from the terminal, where a QoS file corresponding to the uplink data packet is the first QoS file, and the uplink data packet carries the first VLAN priority; and performing QoS control on the uplink data packet based on the first VLAN priority.

Embodiments of the present disclosure automatically set a maximum burst size in a policer to optimize the flow of traffic in a network. In one embodiment, a method includes receiving a policer rate set by a first policy, a maximum rate corresponding to one or more communications channels, and maximum burst time for performing at data burst. A maximum burst size is determined automatically based on the received policer rate, maximum rate, and maximum burst time. A policer in a network device is configured to limit traffic received at the one or more communications channels based on the maximum burst size.

A method of controlling Quality of Service (QoS) of an application includes: determining a main type of traffic of the application; determining a QoS control policy to be applied to each of a plurality of flows generated by execution of the application according to the determined main type of traffic; obtaining performance information about traffic of the application using traffic transmitted and received through the plurality of flows; and changing a QoS control policy to be applied to at least one of the plurality of flows, based on the obtained performance information about the traffic.

Embodiments include methods, systems, and computer program products for routing mode selection in a switched fabric network. A fabric login request including a fabric login payload is received at a network device to establish communication parameters with a switched fabric network. The network device can determine whether the fabric login payload includes an extension for routing policy support and whether a current routing policy of the network device is compatible with a routing mode defined in the fabric login payload based on the extension for routing policy support. The fabric login request can be rejected based on determining that the current routing policy of the network device is incompatible with the routing mode defined in the fabric login payload. The fabric login request is completed based on determining that the current routing policy of the network device is compatible with the routing mode defined in the fabric login payload.

An example method includes determining, by a network controller, based on a high-level data model, vendor-agnostic device information for a first network device, translating the vendor-agnostic device information into vendor-specific device information, sending, to the first network device, first configuration information included in the vendor-specific device information to cause the first network device to switch into a maintenance mode and enable diversion of network traffic from the first network device to a second network device, responsive to verifying that the first network device has diverted the traffic, initiating maintenance procedures on the first network device while the first network device is in the maintenance mode, and sending, to the first network device, second configuration information included in the vendor-specific device information to cause the first network device to switch out of the maintenance mode and enable reversion of network traffic from the second device to the first network device.

Disclosed are systems and methods for providing policy selection in a software defined network. An example method includes registering, by an enterprise controller on an enterprise domain, in a shared mapping system on a service provider domain, one or more entries specifying one or more services for one or more classes of traffic to yield registered entries, reading, by a service provider controller, from the shared mapping system, the registered entries, posting, by the service provider controller, the one or more entries to one or more routing tables at a software-defined wide area network of the service provider domain and receiving a request, by a mobile node on the enterprise domain, of a specific service for a particular class of packets according to a classification of the particular class of packets based on a particular label defined in the registered entries for the specific service.

The embodiments of the disclosure provide a policy mapping method and device and user equipment (UE). The method includes that: UE maps all policies or part of policies used in a first mobile communication system to a policy used in a second mobile communication system, the policies used in the first system including at least one of an access network discovery and selection policy (ANDSP) and a UE route selection policy (URSP).

A method provides for receiving network traffic from a host having a host IP address and operating in a data center, and analyzing a malware tracker for IP addresses of hosts having been infected by a malware to yield an analysis. When the analysis indicates that the host IP address has been used to communicate with an external host infected by the malware to yield an indication, the method includes assigning a reputation score, based on the indication, to the host. The method can further include applying a conditional policy associated with using the host based on the reputation score. The reputation score can include a reduced reputation score from a previous reputation score for the host.