A system that enables end-user devices that operate within different enterprise networks to exchange data with one another. In particular, the disclosed system uses unique IP addresses that are dedicated solely to supporting a predefined communication service between enterprise computer networks, in order to identify and route each data packet according to the communications service. As part of the communications service, the data packets are transmitted, for example, from a first local service provider network hosting a first enterprise network, through a participating backbone service provider network on the public Internet and based on deterministic routing, and to a second local service provider network hosting a second enterprise network. In handling the data packets in this way, the disclosed system creates an Internet wide-area-network (WAN): the data packets are transmitted over the Internet and conceivably over a large geographic distance between enterprise networks.

Systems and methods for connecting devices via a virtual global network are disclosed. In one embodiment the network system may comprise a first device in communication with a first endpoint device and a second device in communication with a second endpoint device. The first and second devices may be connected with a communication path. The communication path may comprise one or more intermediate tunnels connecting each endpoint device to one or more intermediate access point servers and one or more control servers.

A controller network device receives command input for providing services over a service provider network and receives a verification request to verify an initial output of a control communication sent to a forwarding network device by a second controller network device in a group of peer controller network devices. The controller network device receives, from other controller network devices in the group of peer controller network devices, results that are responsive to the verification request and based on the command input and identifies a majority output from the results. The controller network device compares the initial output from the second controller network device to the majority output to determine that the initial output failed a verification vote and determines when a threshold number of control communications from the second controller network device, including the initial output, have failed verification votes.

An embedded communications network of a vehicle is a deterministic switched Ethernet network using virtual links, including a set of subscribers and a set of switches. A first subscriber is connected to a first switch and a third switch, and a second subscriber is connected to a second switch and to a fourth switch. A first virtual link is formed from the first subscriber to at least the second subscriber via a first subset of switches, and a second virtual link is formed from the first subscriber to at least the second subscriber via a second subset of switches, the switches of the first subset of switches all being separate from the switches of the second subset of switches. The communications network includes at least one connection, used by a third virtual link, between a switch of the first subset and a switch of the second subset.

Systems, methods, and computer-readable media provide for collection of statistics relating to network traffic between virtual machines (VMs) in a network. In an example embodiment, a virtual switch hosted on a physical server provides network address information of VMs deployed on the physical server to a virtual switch controller. The controller collects this network address information from each virtual switch under its control, and distributes the aggregate address information to each switch. In this manner, the controller and each switch within the controller's domain can learn the network address information of each VM deployed on physical servers hosting switches under the controller's control. Each virtual switch can determine a classification of a frame passing through the switch (e.g., intra-server, inter-server and intra-domain, or inter-domain traffic), and statistics relating to the traffic. In an example embodiment, the virtual switch controller can collect the statistics from each switch within its domain.

Methods, computer program products, and systems are presented. The methods include, for instance: providing a distributed virtual gateway for Network Virtualization over Layer 3 (NVO3) network. A gateway stack having three or more nodes is implemented as a distributed virtual gateway, providing Layer 2 or Layer 3 gateway services in a fail-safe manner. Nodes of the gateway stack are configured to autonomously process and forward inbound NVO3 data packets with known destination addresses without engaging a master of the gateway stack.

A method of routing messages includes receiving a request message from an originating device to be forwarded to one of a plurality of target devices, the request message having a first network address as a source address identifying the originating device. The first network address of the request message is dynamically mapped to a second network address of a selected target device, and the first and second network addresses are stored in association with each other as address mapping information. The method also includes forwarding the selected target device using the second network address. The routing device receives from the target device an error message in relation to the request message, and identifies the originating device which originated the request message using the address mapping information and the second network address of the target device which issued the error message.

Systems and methods of mesh network communication enabling a relay node to autonomously select a packet propagation mechanism. Upon receiving a packet, which may carry an indication for flooding propagation as set by the edge node originating the packet, or carry no specification for any propagation mode, the relay node determines whether the packet is eligible for routing-propagation based on a number of factors, such as whether there is an existent valid route from the source node to the destination node, whether the packet is originated from a friend edge node, and whether a route discovery process has been initiated. Accordingly, the relay node may change the indication to routing propagation and forward it by routing-relaying. Thus, the packet can be propagated over the mesh network by routing propagation, despite the initial setting for flooding propagation as specified by the edge node or no setting by the edge node.

Systems, methods, and computer-readable media for improving the reliability of service function (SF) application in a service function chain (SFC) are provided. In some aspects, the subject technology facilitates automatic service function type validation by a service function forwarder (SFF), for example, by using a probe configured to query a function type of a SF module associated with the validating SFF.

In one embodiment, a device in a network receives traffic data associated with a particular communication channel between two or more nodes in the network. The device generates a mean map by employing kernel embedding of distributions to the traffic data. The device forms a representation of the communication channel by identifying a set of lattice points that approximate the mean map. The device generates a traffic classifier using the representation of the communication channel. The device uses machine learning to jointly identify the set of lattice points and one or more parameters of the traffic classifier. The device causes the traffic classifier to analyze network traffic sent via the communication channel.