A software-defined network (SDN) rule modification counter system provides counters that track all changes and edits to rules at SDN controllers and SDN switches on an SDN. The system compares counters at the SDN controller and SDN switch to determine if they match. If the counters do not match, a change has been made to the rules. With the addition of rule edit statistics the SDN controller will now have visibility that a rule modification was performed. The SDN controller then verifies that the state of the device is the same as its expected state as a secondary integrity check. Based on the rule modification notification, changes to a central rules table at the SDN controller and changes to rule settings at the SDN switch are made according to pre-programmed logic.

A software-defined network (SDN) rule modification counter system provides counters that track all changes and edits to rules at SDN controllers and SDN switches on an SDN. The system compares counters at the SDN controller and SDN switch to determine if they match. If the counters do not match, a change has been made to the rules. With the addition of rule edit statistics the SDN controller will now have visibility that a rule modification was performed. The SDN controller then verifies that the state of the device is the same as its expected state as a secondary integrity check. Based on the rule modification notification, changes to a central rules table at the SDN controller and changes to rule settings at the SDN switch are made according to pre-programmed logic.

This application provides a packet transmission method, apparatus, and system, and relates to the field of network technologies. The method is applied to a network architecture including a user terminal, a first forwarding device and a second forwarding device. A tunnel is disposed between the first forwarding device and the second forwarding device. The method includes: The first forwarding device receives packets forwarded by the user terminal in the load balancing mode, where the packets include a keepalive packet, and the first forwarding device is a standby forwarding device corresponding to the user terminal. The first forwarding device forwards the keepalive packet to the second forwarding device through the tunnel, where the second forwarding device is an active forwarding device corresponding to the user terminal.

A method for reverse path forwarding (RPF) selection by a network device connected to a network includes receiving an advertisement message from each of a plurality of neighbor devices within the network, parsing the advertisement message to determine a color identification (ID) of each of the neighbor devices, and selecting, from among the neighbor devices, a RPF device based on the color ID of each of the neighbor devices.

Examples described herein relate to a network interface device that includes circuitry that is to: receive a packet; replicate the packet based on a multicast configuration; and determine a number of replicate packets that differ from the received packet. In some examples, circuitry is to receive hash value that comprises a hash of a portion of the packet and circuitry is to determine a hash value of the replicated packet.

Examples described herein relate to a network interface device that includes circuitry that is to: receive a packet; replicate the packet based on a multicast configuration; and determine a number of replicate packets that differ from the received packet. In some examples, circuitry is to receive hash value that comprises a hash of a portion of the packet and circuitry is to determine a hash value of the replicated packet.

Systems and methods are provided to use a custom tuple definition to route packets of network traffic. Each packet can correspond to a different custom tuple definition based on the custom tuple definitions provided. Each custom tuple definition may be applied to a subset of network traffic based on certain parameters. A stateful network routing service may intercept packets and determine a tuple value for the packet based on a corresponding tuple definition and information from the packet. The stateful network routing service may route the packet based on the tuple value of the packet to a network appliance. Further, subsequent packets associated with the same tuple value may be routed to the same network appliance. In some embodiments, the custom tuple definition may be used to determine multiple tuple values for a subset of network traffic.

Systems and methods are provided to use a custom tuple definition to route packets of network traffic. Each packet can correspond to a different custom tuple definition based on the custom tuple definitions provided. Each custom tuple definition may be applied to a subset of network traffic based on certain parameters. A stateful network routing service may intercept packets and determine a tuple value for the packet based on a corresponding tuple definition and information from the packet. The stateful network routing service may route the packet based on the tuple value of the packet to a network appliance. Further, subsequent packets associated with the same tuple value may be routed to the same network appliance. In some embodiments, the custom tuple definition may be used to determine multiple tuple values for a subset of network traffic.

A load distribution apparatus connected, via a network, to a plurality of relay apparatuses that relay communication performed by a terminal, and to the terminal, including: storage means configured to store relay apparatus identifiers that identify each of the plurality of relay apparatuses, installation site information that indicates installation sites of each of the plurality of relay apparatuses, and load information that indicates loads of each of the plurality of relay apparatuses; load management means configured to collect the load information from each of the plurality of relay apparatuses to store the load information in the storage means; selection means configured, when receiving a request from the terminal, to select a relay apparatus for relaying communication performed by the terminal from among the plurality of relay apparatuses based on the installation site information or the load information; and transmission means configured to transmit, to the terminal that transmits the request, a relay apparatus identifier of the relay apparatus selected by the selection means.

A data packet transmission method and a border routing bridge device, where the method includes receiving, by a first border routing bridge device of a first area, a first data packet sent by a border routing bridge device of a second area to the first area, determining, a device identifier group of the second area according to the first data packet, determining, from the device identifier group of the second area, according to the first data packet, a device identifier of a border routing bridge device used to forward a return data packet sent by the target device to the source device, and sending, by the first border routing bridge device, a second data packet carrying the determined device identifier to the target device, where the determined device identifier is used as a source routing bridge device identifier of the second data packet.