Described herein are methods and devices (e.g., routers) that add in-network services to a multiprotocol label switching (MPLS) network. A method can include a router of the MPLS network receiving a packet and modifying the packet by adding one or more MPLS extension headers, adding a header of the extension header(s), and adding an indication within an MPLS label stack that one or more MPLS extension headers have been added to the packet. The method can also include the router forwarding the packet as modified to another router of the MPLS network. In certain embodiments, an extension header label (EHL) within a label value field of a label stack entry indicates that one or more MPLS extension headers have been added to the packet. In other embodiments, a forward equivalent class (FEC) indicates that one or more MPLS extension headers follow the MPLS label stack.

A node of a network configured to forward packets based on network programming instructions encoded in the packets, performs a method. The method includes generating a probe packet encoded with a replication network programming instruction. The replication network programming instruction is configured to validate equal-cost multi-path (ECMP) routing in the network from the node to a destination by remotely triggering transit nodes of the network, that are traversed by the probe packet, to each perform replicate-and-forward actions. The replicate-and-forward actions include: identifying ECMP paths toward the destination; generating, for the ECMP paths, replicated probe packets that each include the replication network programming instruction; and forwarding the replicated probe packets along the ECMP paths. The method further includes forwarding the probe packet toward the destination.

Some embodiments of the invention provide a method of facilitating routing through a software-defined wide area network (SD-WAN) defined for an entity. A first edge forwarding node located at a first multi-machine site of the entity, the first multi-machine site at a first physical location and including a first set of machines, serves as an edge forwarding node for the first set of machines by forwarding packets between the first set of machines and other machines associated with the entity via other forwarding nodes in the SD-WAN. The first edge forwarding node receives configuration data specifying for the first edge forwarding node to serve as a hub forwarding node for forwarding a set of packets from a second set of machines associated with the entity and operating at a second multi-machine site at a second physical location to a third set of machines associated with the entity and operating at a third multi-machine site at a third physical location. The first edge forwarding node serves as a hub forwarding node to forward the set of packets from the second set of machines to the third set of machines.

A system, a method, and a computer program for generating a dynamically configurable resolution route for transmitting a request object to one or more nodes in a network, comprising receiving a trigger signal from a first node, determining one or more destination nodes based on a resolution process, schema or scenario, determining a pathway to the one or more destination nodes, generating a resolution route for transmitting the request object in the network, iteratively transmitting the request object to the one or more destination nodes based on the resolution route, receiving a request object resolution signal from a final destination node, and transmitting the request object resolution signal to the first node based on the request object resolution signal.

A packet forwarding method is disclosed. The method includes: After an edge node in a trusted domain receives an SRv6 packet whose destination address is a BSID, the edge node may verify the packet based on a BSID in the packet and a destination field in an SRH of the packet. If the packet passes the verification, the edge node forwards the packet. If the packet fails the verification, the edge node discards the packet. Not only a node outside the trusted domain is required to access the trusted domain by using the BSID, but also the packet entering the trusted domain needs to be verified with reference to the target field in the segment routing header.

Embodiments of this application describe an in-situ flow detection-based packet processing method. After receiving a first packet encapsulated by using a first bearer protocol, a first node may obtain, based on the first packet, a second packet encapsulated by using a second bearer protocol. A first packet header of the first packet includes first in-situ flow detection information, and a packet header of the second packet also includes the first in-situ flow detection information. It can be learned that, when re-encapsulating the first packet by using the second bearer protocol, the first node does not remove the first in-situ flow detection information, but adds the first in-situ flow detection information to the packet encapsulated by using the second bearer protocol. Therefore, even if the first bearer protocol and the second bearer protocol are deployed in a detection domain, the first in-situ flow detection information is not removed due to re-encapsulation of the packet, and may be transmitted across the entire detection domain.

A solution for route selection includes receiving, by a network repository, from a first network function (NF), a query related to a target NF; querying, by the network repository, a route selection node for a shortest path to the target NF; receiving, by the network repository, from the route selection node, an indication of the shortest path to the target NF; and based on at least receiving the indication of the shortest path to the target NF, transmitting, by the network repository, to the first NF, a route to the target NF. In some examples, the shortest path has at least one of: a minimum number of hops, a minimum latency, a minimum jitter, and a minimum weighted transport score. In some examples, the route selection node is co-located with the network repository, which may be a network repository function (NRF).

A method and an apparatus for routing data packets. The solution in a communication network including a set of nodes, storing information regarding nodes of the network; and when transmitting a data packet to a destination node in the network, determining and including in the data packet the recipient identification; determining and including in the data packet the direction of the destination node in the network; determining and including in the data packet a hop count indicator indicating the number of node-to-node hops to the destination node; setting in the data packet the transmission direction indicator equal to a value corresponding to direction down and transmitting the packet.

The disclosure provides an approach for pre-filtering traffic in a logical network. One method includes receiving, by a hypervisor, a packet from a virtual computing instance (VCI) and determining a service path for the packet based on a service table. The method further includes setting, by the hypervisor, a pre-filter component as a next hop for the packet based on the service path. The method further includes receiving, by the pre-filter component, the packet. The method further includes making a determination, by the pre-filter component, of whether the packet requires processing by the security component. The method further includes performing, by the pre-filter component, based on the determination, one of: forwarding the packet to its destination and bypassing the security component; or forwarding the packet to the security component.

Mesh device communication is provided. A dictionary of indexes corresponding to different messages is stored to a cache memory of an access device. A message is received via a transceiver of the access device. The cache memory is accessed to look up the message to identify an index corresponding to the message. The message is propagated, via the transceiver, to a wireless access device mesh network including a plurality of other access devices by broadcasting the index of the message.