This application discloses a packet processing method, apparatus, and system, and belongs to the communications field. In the packet processing method, a first device receives a first packet sent by a second device. The first packet includes identifier information and first authentication information of an Ethernet ring. The first device is an edge device of the Ethernet ring, and the second device is a device outside the Ethernet ring. The first device verifies the validity of the first packet based on the identifier information and the first authentication information. The first device processes the first packet after verifying that the first packet is valid. This method improves the security of Ethernet ring networks.

Methods and systems are provided for providing a secure connection to a medical device for remote servicing of the medical device. In one embodiment, a computing device is in communication with a medical device, the computing device comprising non-transitory memory including executable instructions for: communicating with the medical device via a first protocol; and communicating with a remote computing device via an encrypted, second protocol. The computing device also includes a processor for executing said executable instructions.

An example includes a manager gateway of a gateway cluster, comprising processing circuitry and a memory including instructions that cause the gateway to generate a virtual IP address for each gateway of the gateway cluster. The instructions further cause the gateway to receive an indication that a client device has joined a LAN. The instructions further cause the gateway to determine an anchor gateway to which the client device is to be anchored. The instructions further cause the gateway to transmit a first message anchoring the client device to the anchor gateway. The instructions further cause the gateway to transmit a second message offering an address to the client device.

Via a tunnel configured on a Virtual eXtensible Local Area Network (VXLAN) Tunnel End Point (VTEP), a notification message is received from a peer VTEP over the tunnel. The received notification message contains VXLAN Network Identifiers (VNIs) of VXLANs currently configured on the peer VTEP. For each of VXLANs currently configured on the VTEP, when the same VXLAN as the VXLAN configured on the VTEP exists in the VXLANs indicated by the VNIs contained in the received notification message and when the VXLAN configured on the VTEP has not been associated with the tunnel, the VXLAN configured on the VTEP is associated with the tunnel.

A source Medium Access Control (MAC) address is learned upon receiving a data message from a local network, and a learned local MAC address entry is added to a MAC address forwarding table. A source MAC address is not learned upon receiving a data message from a tunnel. When a local MAC address entry in the MAC address forwarding table changes, a synchronization message is sent via each tunnel associated with a Virtual Extensible Local Area Network (VXLAN) in the changed local MAC address entry, and is saved into a database corresponding to the tunnel. Each tunnel corresponds to one database.

A system that enables end-user devices that operate within different enterprise networks to exchange data with one another. In particular, the disclosed system uses unique IP addresses that are dedicated solely to supporting a predefined communication service between enterprise computer networks, in order to identify and route each data packet according to the communications service. As part of the communications service, the data packets are transmitted, for example, from a first local service provider network hosting a first enterprise network, through a participating backbone service provider network on the public Internet and based on deterministic routing, and to a second local service provider network hosting a second enterprise network. In handling the data packets in this way, the disclosed system creates an Internet wide-area-network (WAN): the data packets are transmitted over the Internet and conceivably over a large geographic distance between enterprise networks.

An example includes a manager gateway of a gateway cluster, comprising processing circuitry and a memory including instructions that cause the gateway to generate a virtual IP address for each gateway of the gateway cluster. The instructions further cause the gateway to receive an indication that a client device has joined a LAN. The instructions further cause the gateway to determine an anchor gateway to which the client device is to be anchored. The instructions further cause the gateway to transmit a first message anchoring the client device to the anchor gateway. The instructions further cause the gateway to transmit a second message offering an address to the client device.

In general, this disclosure describes techniques for coordinating, with a cloud exchange, automated cloud-based disaster recovery across containers from a failed cloud service to a backup cloud service. In some examples, an orchestration engine for a cloud exchange is configured to: detect an indication of a disruption in a first cloud service provided by a first cloud service provider network coupled to the cloud exchange to send and receive data packets via the cloud exchange; provision, in response to detecting the indication of the disruption in the first cloud service, disaster recovery infrastructure layers in containers of a second cloud service provided by a second cloud service provider network coupled to the cloud exchange; obtain code and state from containers of the first cloud service; and communicate the code and state to the disaster recovery infrastructure layers in the containers of the second cloud service.

An Ethernet switch for a vehicle, a method of controlling the Ethernet switch are provided. The method includes detecting a first connection between a connector of the diagnostic device and a first port of the Ethernet switch and establishing a second connection with the diagnostic device by referring to a virtual local area network identifier (VLAN ID) table. A third connection is established between the controller and an electronic control unit (ECU) of the vehicle by referring to the VLAN ID table. A certificate-based secure access procedure is performed between the diagnostic device and the controller. A mode of the Ethernet switch is switched from a lock mode to an unlock mode and a fourth connection is established between the diagnostic device and the ECU by referring to the VLAN ID table.

Techniques for a hub node, provisioned in a site of a hub and spoke overlay network, to receive, store, and/or forward network routing information associated with a spoke, and send packets directly to spoke(s) that are remote from the hub node. A first hub node may receive a network advertisement including a border gateway protocol (BGP) large community string from a first spoke local to the first hub node. The first hub node may send the BGP large community string to a second hub node remote from the first hub node. The second hub node may decode network routing information from the BGP large community string and store the network routing information locally. The second hub node may send a packet from a second spoke local to the second hub node directly to the first spoke without the data packet being routed via the first hub node.