Provided is a relay device including: a relay unit configured to perform a relay process for a frame transmitted and received between a plurality of function units; and a relay management unit. The relay unit receives, from a function unit, a target frame which is transmitted and received according to a predetermined communication protocol and includes information with which a request source of a service is identifiable and information with which a content of the requested service is identifiable, and the relay unit outputs the received target frame to the relay management unit. The relay management unit performs determination regarding setting change in the relay process of the relay unit, on the basis of the information included in the target frame received from the relay unit, and outputs the target frame to the relay unit or discards the target frame, according to a result of the determination.

A packet transmission method includes a first virtual extensible local area network tunnel endpoint (VTEP) receiving a first packet from a first host and sending a second packet to a third VTEP based on a first IP address corresponding to the first host, where the second packet is obtained by the first VTEP by encapsulating the first packet, where the first host is multi-homed to a second VTEP and the first VTEP, where the second VTEP is configured to send a packet from the first host to the third VTEP based on a second Internet Protocol (IP) address corresponding to the first host, and where the first IP address is the same as the second IP address.

A method includes: (a) transmitting, by the control device, control data containing one of the plurality of second parameters to the relay device; (b) determining, by at least one of the control device or the relay device, whether the one of the plurality of second parameters matches one of the plurality of first parameters; and (c) transmitting, by the relay device, the control data received from the control device in (a), using one of the plurality of interfaces of the relay device for which the one of the plurality of second parameters is set if it is determined in the determining that the one of the plurality of first parameters matches the one of the plurality of second parameters.

Provided is a virtual circuit-based data packet processing method, which includes that: identification information of a next-hop Provider Edge (PE) node of a routing packet and identification information of an Original PE (OPE) node of the routing packet are determined according to the routing packet corresponding to a Virtual Private Network (VPN) service instance; a context virtual circuit is determined, wherein nodes at both ends of the context virtual circuit are respectively the current PE node and the OPE node; a virtual circuit label of the context virtual circuit is determined; a final data packet to be forwarded is obtained by carrying a VPN label of the routing packet and the virtual circuit label with an initial data packet of the VPN service instance; and the final data packet to be forwarded is forwarded to the next-hop PE node.

The system determines a first source MAC associated with a switch. The system updates a MAC address table by mapping the first source MAC to a first tag which indicates a source role corresponding to a network infrastructure. A processor associated with the switch generates a first packet which indicates the first source MAC. The system performs a first search in the MAC address table based on the indicated first source MAC to obtain the first tag, and performs a second search in a policy table based on the first tag for a policy which indicates an action to be applied to the first packet. If the second search is not successful, the system modifies a header of the first packet by adding the first tag. If the second search is successful, the system determines that the indicated action comprises allowing the first packet and transmits the first packet.

A first electronic device communicates over a wide area network by establishing a MACSec session with a second electronic device over the wide area network. The MACSec session is thereafter torn down in response to the first electronic device sensing a fault in the MACSec session. Then, one or more keep alive probes are transmitted to the second electronic device over the wide area network. A response to the keep alive probe is thereafter received. The MACSec session may then be automatically reestablished in response to receiving the probe.

Cloud delivered access may be provided. A network device may provide a client device with a pre-authentication virtual network and a pre-authentication address. Next, a policy may be received in response to the client device authenticating. The client device may then be moved to a post-authentication virtual network based on the policy. A post-authentication address may then be obtained for the client device in response to moving the client device to a post-authentication virtual network. Traffic for the client device may then be translated to the post-authentication address.

A packet is received via a first network interface of a first network device in an underlay network, the packet having been originated by a first endpoint device and including a first network address indicating a destination of the first packet. The first network device, without analyzing the first network address in the first packet, adds, to the first packet, a second network address corresponding to a cloud edge network device implemented at the cloud edge and information identifying the first network interface via which the first packet was received by the first network device. The first network device transmits the packet, via an overlay network layered over the underlay network, to the cloud edge network device to enable forwarding of the packet to the destination of the packet, based on the first network address included in the packet, by the cloud edge network device

Example methods and systems for logical overlay tunnel selection are described. One example may involve a first computer system generating and sending probe packets over multiple logical overlay tunnels and configuring routing information associated with a destination based on a comparison between tunnel state information measured using the probe packets and a desired state. In response to detecting an egress packet that is destined for the destination, the first computer system may select a first logical overlay tunnel that satisfies the desired state over a second logical overlay tunnel that does not satisfy the desired state. An encapsulated packet is then generated and sent over the first logical overlay tunnel to reach the destination. The encapsulated packet may include the egress packet and an outer header that is addressed from a first virtual tunnel endpoint (VTEP) on the first computer system and a second VTEP on a second computer system.

A virtualized network service deployment method and apparatus are provided in which a network service descriptor NSD file is improved. For example, when at least two virtualized network function VNFs included in a to-be-deployed network service NS are connected through layer 3 links, layer 2 links, and a routing device configured to connect the layer 3 links, a network service virtual link descriptor VLD file corresponding to the NS includes information about the routing device. In this way, a connection relationship of a virtual network between the at least two VNFs is more accurate, and therefore successful deployment of the NS can be ensured.