A networking system may include a first network such as a private cloud network and a second network such as a public cloud network. The first network may include a switch coupled to a computing resource. To facilitate a robust and flexible inter-network connection, the networking system may include network connector circuitry having a connector endpoint at the first network and a network connector coupling the connector endpoint to a network element at the second network. A controller for the first network may provide control signals and configuration data to the network connector circuitry to form the connection to the second network and may configure the switch to forward external network traffic to and from the connector endpoint via a switch port directly coupled to the connector endpoint.

A system for efficient routing of an (OAM) frame in an Ethernet switch receives an OAM frame at a first port; building a first classification key dependent on an OAM frame header; classifies in a context of the first port to create a first classification; resolves action dependent on the first classification; modifies the first classification key to create a second classification key; classifies the frame in a context of the second port to create a second classification; sends the second classification key to an OAM engine coupled to the Ethernet switch for modification into a third classification key; receives the third classification key from the OAM engine; modifies the third classification key into a final classification key; modifies the header of the OAM frame with the final classification key; and sends the modified OAM frame to a switching fabric of the Ethernet switch.

A novel algorithm for packet classification that is based on a novel search structure for packet classification rules is provided. Addresses from all the containers are merged and maintained in a single Trie. Each entry in the Trie has additional information that can be traced back to the container from where the address originated. This information is used to keep the Trie in sync with the containers when the container definition dynamically changes.

Described are platforms, systems, and methods for resource fairness enforcement. In one aspect, a programmable input output (IO) device comprises a memory unit, the memory unit having instructions stored thereon which, when executed by the programmable IO device, cause the programmable IO device to perform operations comprising: receiving an input from a logical interface (LIF); determining, by at least one meter, a metric regarding at least one resource used during a processing of the input through a programmable pipeline; and regulating additional input received from the LIF based on the metric and a threshold for the at least one resource.

A method provides an information centric network with a software defined network based on an information centric networking protocol on top of a physical network based on an internet protocol. A controller in the software defined network receives a first packet of an object request in the information centric network. The controller encodes a message ID indicating an object source of the object request into a header of the first packet. The controller installs forwarding rules on forwarding elements in the physical network such that further packets of the object request are forwarded according to the installed forwarding rules by the forwarding elements rewriting headers of the further packets.

A stateful packet processing system includes: a first stateful stage including a first state table and a first finite state machine (“FSM”) table; and a second stateful stage including a second state table and a second FSM table. The system performs a distribution operation defining when a flow is processed by the first and/or the second stateful stage. The first and/or second FSM table is extended with states and transitions that support the distribution operation. The first and/or second stateful stage executes an evaluation operation that executes the distribution operation. The evaluation operation provides a criterion for moving a particular flow from one of the first or second stateful stage to the other stateful stage. The first and second stateful stages are included in a software-defined networking (“SDN”) switch. The distribution operation operates within defined capabilities of a software and/or hardware pipeline of the SDN switch.

Systems, methods, and computer-readable media for requesting a cellular IP address by initiating a call with a modem, establishing data packet network connectivity with the cellular IP address, assigning the cellular IP address to a virtual L2-bridge interface, wherein the virtual L2-bridge interface includes a MAC address, mapping a MAC address of a virtual machine with the MAC address of the virtual L2-bridge interface, detecting a change in the cellular IP address, and updating the virtual L2-bridge interface with a different cellular IP address while maintaining the data packet network connectivity.

A router includes a memory configured to store a plurality of label spaces for each label space type used in a communication system. The plurality of label spaces store labels that identify virtual links between nodes of the communication system. The router also includes a processor configured to allocate a plurality of label space identifiers to the plurality of label spaces and to route packets based on labels and label space identifiers included in the packets. The router further includes a transceiver configured to transmit or receive the packets including the labels and the label space identifiers.

A novel design of a gateway that handles traffic in and out of a network by using a datapath pipeline is provided. The datapath pipeline includes multiple stages for performing various data-plane packet-processing operations at the edge of the network. The processing stages include centralized routing stages and distributed routing stages. The processing stages can include service-providing stages such as NAT and firewall. The gateway caches the result previous packet operations and reapplies the result to subsequent packets that meet certain criteria. For packets that do not have applicable or valid result from previous packet processing operations, the gateway datapath daemon executes the pipelined packet processing stages and records a set of data from each stage of the pipeline and synthesizes those data into a cache entry for subsequent packets.

Improved network traffic flow processing techniques are described. In a network device providing multiple processing planes, each processing plane comprising multiple processing units, techniques are described that take advantage of flow affinity/locality principles such that the same processing component of a processing plane, which previously performed processing for a network flow, is used for performing subsequent processing for the same network flow. This enables faster processing of network traffic flows by the network device. In certain implementations, the techniques described herein can be implemented in a network virtualization device (NVD) that is configured to perform network virtualization functions.