Methods are directed towards initializing a path maximum transmission unit value for two gateways in communication via a network tunnel (e.g., VPN environment). The initialized path maximum transmission unit value is used in establishing the network tunnel of the two gateways. Methods are also directed towards synchronizing path maximum transmission unit values for the two gateways after the network tunnel has been established. These methods minimize the occurrence of dropped data packets arising from mismatched path maximum transmission unit value between the gateways.

The present disclosure provides a method for forwarding to a Transport Control Protocol (TCP) receiver a TCP transmission sent from a TCP sender. The method includes: determining Time Division Duplex (TDD) reconfiguration time required for a TDD reconfiguration; comparing the TDD reconfiguration time with a predetermined threshold; suspending the forwarding of the TCP transmission to the TCP receiver during the TDD reconfiguration time if the TDD reconfiguration time is larger than the predetermined threshold; and resuming the suspended forwarding of the TCP transmission after the TDD reconfiguration time has lapsed. The present disclosure also provides a method for transmitting a TCP transmission to a TCP receiver, a base station and a user equipment.

In general, techniques are described in which packet replicators of a network device cooperate to generate a distributed hierarchical forwarding structure that the packet replicators then use to replicate and forward multicast packets to multiple output interfaces. For example, packet forwarding engines (PFEs) of a router each receive a new list of interfaces for a multicast packet stream. The PFEs individually construct a hierarchical forwarding structure based on the interface list. The hierarchical forwarding structure specifies interrelationships among the PFEs, which occupy nodes within the hierarchy. Each child PFE determines from the hierarchical forwarding structure the identity of a parent PFE and issues a token, constituting forwarding state for the distributed hierarchical forwarding structure, to the parent PFE. The parent PFE uses the token to identify packets of the multicast traffic to the child PFE during replication and forwarding of multicast packets proceeding according to the hierarchical forwarding structure.

A method, system and apparatus for an OpenFlow hybrid architecture network device. In one embodiment, a hybrid approach is enabled by a network device that brackets an OpenFlow forwarding plane with conventional forwarding planes. Interfaces between the OpenFlow forwarding plane is provided via logical ports that pass packets along with associated metadata.

A guarantee value setting unit stores therein a guarantee value of data send/receive performance with respect to a predetermined volume in a plurality of volumes held by a storage device. A bandwidth management unit calculates an interim target value on the basis of a comparison result between the guarantee value and an actual measurement value of the data send/receive performance with respect to the predetermined volume, allocates, on the basis of the interim target value, a bandwidth that compensates a difference between the guarantee value and the actual measurement value with respect to the predetermined storage area, and determines band distribution with respect to each of the volumes, and instructs the storage device to adjust the bandwidth in accordance with the determined band distribution.

In exemplary embodiments of the present invention, a router determines whether or not to establish a stateful routing session based on the suitability of one or more candidate return path interfaces. This determination is typically made at the time a first packet for a new session arrives at the router on a given ingress interface. In some cases, the router may be configured to require that the ingress interface be used for the return path of the session, in which case the router may evaluate whether the ingress interface is suitable for the return path and may drop the session if the ingress interface is deemed by the router to be unsuitable for the return path. In other cases, the router may be configured to not require that the ingress interface be used for the return path, in which case the router may evaluate whether at least one interface is suitable for the return path and drop the session if no interface is deemed by the router to be suitable for the return path.

Technologies for fabric security include one or more managed network devices coupled to one or more computing nodes via high-speed fabric links. A managed network device enables a port and, while enabling the port, securely determines the node type of the link partner coupled to the port. If the link partner is a computing node, management access is not allowed at the port. The managed network device may allow management access at certain predefined ports, which may be connected to one of more management nodes. Management access may be allowed for additional ports in response to management messages received from the management nodes. The managed network device may check and verify data packet headers received from a compute node at each port. The managed network device may rate-limit management messages received from a compute node at each port. Other embodiments are described and claimed.

An SDN controller used in a network constructed with an SDN, the SDN controller causes a computer to function as an address information specifying processing unit which specifies, based on a global address of an illegal attack server received from a threat detection system, communication with the received global address among communication in the network, and specifies a local address of a communication partner of the global address in the specified communication, a terminal identification information specifying processing unit which specifies terminal identification information on a client terminal to which the specified local address is assigned, and a security processing unit which passes to an edge network device, based on the specified terminal identification information, a control instruction to perform predetermined control processing to communication of the client terminal.

Aspects of the present disclosure are directed to dynamically adjusting control plane policing throughput of low (or lower) priority control plane traffic to permit higher throughput. The drop rate for low or lower priority control plane traffic can be determined to be above a threshold value. The processor utilization can be determined to be operating under normal utilization (or at a utilization within a threshold utilization value). The control plane policing for control plane traffic for the low or lower class of service can be increased (or decreased) to permit lower class of service control traffic to be transmitted using higher class of service resources without adjusting the priority levels for the lower class of service control traffic.

Some embodiments provide a method for a network controller that manages a flow-based managed forwarding element (MFE). The method receives multiple sets of service rules for implementation by the MFE. The sets of service rules have a priority order and the rules in each set of service rules have separate priority orders. The method organizes the service rules in all of the sets of service rules into a single ordered list of service rules. The method assigns priority values within a space-constrained set of priority values to the service rules in the list in a manner designed to minimize re-assignment when changes to the sets of service rules are received. The method uses the assigned priority values to generate flow entries for the MFE to use to implement the service rules.