Systems and methods are provided herein for a mechanism for faster convergence of network traffic after a network device's link is interrupted by leveraging the withdrawal of the ethernet virtual private network (EVPN) auto discovery (AD) route. This may be accomplished by a first device checking an ethernet segment identifier (ESI) status flag before generating an entry in the first device's forwarding table, where the entry is based on an IP route for a host received by a second network device. In response to receiving a withdrawal of an EVPN AD route from the second device, the first device may update the ESI status flag to indicate that the host on the ethernet segment (ES) is reachable only via the third device and update the entry that was based on the IP route for the host received by the second network device to prevent sending traffic to the host via the second device.

Various embodiments provide methods for Internet Protocol (IP) packet handling. Various embodiments may enable downlink (DL) data prioritization of IP packets for time-sensitive applications, for example by using differentiated services code point (DSCP) indications or type-of-service (TOS) indications in headers of the IP packets to distinguish prioritized IP packets from non-prioritized IP packets. In various embodiments, IP packets that are prioritized IP packets may be sent to another processor of a wireless device using a prioritized traffic handling configuration that has a lower latency than a default traffic handling configuration used for sending non-prioritized IP packets. Various embodiments may further enable uplink (UL) data prioritization of IP packets.

In various embodiments systems and methods for managing a network switch, such as for a VLAN is disclosed. In one example, a method includes responsive to a restart of a port of a network switch, obtaining by the network switch a current policy applied to the port, determining based on a parameter associated with the current policy, to apply a default policy to the port, determining a new policy for the port by: obtaining an identifier for a device associated with the port, obtaining a key based on the identifier, the key associated with a plurality of devices of the same type as the device, and determining the new policy for the port using an association between the key and the new policy stored locally at the network switch, and applying the new policy to the port.

The present application is directed a computer-implemented technique for enhancing security and preventing cyber-attacks on a network. The technique includes receiving information from user equipment, selecting a first VPN server from a VPN service provider based upon a traffic-type of the user equipment, creating a policy to prevent cyber-attacks such that traffic associated with the received information of the user equipment is routed to the first VPN server, provisioning the first VPN server to last a predetermined amount of time based on the policy, coordinating the policy with a router on the network, with the traffic being sent to the VPN server via the router, and sending, after a predetermined condition is met, a request to the VPN service provider to transmit a second VPN server, and where the first VPN server terminates.

In an embodiment, a computer-implemented method for a MAC addresses synchronization mechanism for a bridge port failover is disclosed. In an embodiment, the method comprises: upon detecting a failover of a previously active bridge node, a standby bridge node performing: detecting a failover of a previously active bridge node; sending a request to one or more hosts to cause the one or more hosts to remove, from one or more corresponding forwarding tables, one or more MAC addresses, of one or more virtual machines, that the one or more hosts learned based on communications tunnels established with the previously active bridge node; for each MAC address stored in a MAC-SYNC table maintained by the standby bridge node: generating a first-type reverse address resolution protocol (“RARP”) packet having a source MAC address retrieved from the MAC-SYNC table; broadcasting the first RARP message to a virtual extensible LAN (“VXLAN”) switch via a bridge port of the VXLAN switch for the VXLAN switch to register the MAC address on the bridge port; storing an association of the MAC address and an identifier of the bridge port in a forwarding table maintained by the standby bridge node; for each MAC address that is stored in the forwarding table, but not in the MAC-SYNC table: generating a second-type RARP packet with such a MAC address to be the source MAC address; broadcasting the second RARP message from the VXLAN switch to a VLAN switch causing a physical switch to update a forwarding table maintained by the physical switch; and starting to forward traffic, via the bridge port, as an active bridge node.

Techniques are disclosed for redirecting network traffic of virtualized application workload to a host-based firewall. For example, a system comprises a software defined networking (SDN) controller of a multi-tenant virtualized data center configured to: receive a security policy expressed as one or more tags to redirect traffic of a virtualized application workload to a host-based firewall (HBF) of the multi-tenant virtualized data center; configure network connectivity to the HBF in accordance with the security policy; a security controller that manages the HBF configured to: obtain the one or more tags from the SDN controller; receive one or more firewall policies expressed in terms of the one or more tags, wherein each of the one or more firewall policies specifies a function of the HBF; and configure the function of the HBF in accordance with the one or more firewall policies.

Provided is a method and apparatus for searching for a Maintenance End Point (MEP), and a storage medium. The method includes that: a chip of the MEP parses an obtained packet; the chip of the MEP determines whether a field of the parsed packet matches a field in a combination of a port and a Virtual Local Area Network (VLAN); and in a case where the field of the parsed packet matches the field in the combination of the port and the VLAN, the chip of the MEP determines that the MEP is found successfully.

This application provides a data transmission method, a device, and a network system. The method is applied to a backbone device, and the backbone device is connected to at least two access devices. After obtaining first data that needs to be sent to a first user device, the backbone device determines a first tunnel interface identifier corresponding to the first user device. The first user device is a single-homing user device. The backbone device sends, based on the first tunnel interface identifier, a first data packet including the first data to a first access device of the at least two access devices. The first access device is configured with the first tunnel interface identifier. This can optimize a data forwarding path, implement traffic optimization for the single-homing user device, and reduce traffic pressure of the network system.

A network controller provides proactive notification of a wireless client device's address rotation to layer 2 (L2) and/or layer 3 (L3) devices. Traditional methods of device address discovery rely on broadcasting of address queries across a plurality of links until a path to a device having the queried address responds. As device address changes become more frequent in an effort to improve user privacy, traditional methods of address discovery impose a large burden on networks, reducing their performance and efficiency. By proactively propagating address changes to upstream devices, the need for broadcast oriented address discovery techniques is reduced, resulting in improved network performance.

Techniques for configuring a logical network switch in label-switched networks are provided. In some embodiments, a first network device in a label-switched network is configured with a network address. A second network device in the label-switched network is configured with the same network address. The first network device is configured to use a set of labels for a set of virtual local area networks (VLANs). The second network device is configured to use the same set of labels for the same set of VLANs. The configured first and second network devices appear as a logical network device from the perspective of other network devices in the label-switched network.