A communication method is provided. The method includes transmitting a network address assignment request to the network address translation entity after establishing a general packet radio service (GPRS) tunneling protocol (GTP) tunnel between the first user-plane function entity and the second user-plane function entity, such that the network address translation entity assigns a network address to the GTP tunnel, notifying the network address assigned by the network address translation entity to the GTP tunnel to the central data network, controlling a data packet to be transmitted by the edge service node to the central data network to be transmitted through the GTP tunnel, the network address translation entity replacing a source address of the data packet with the network address, and transmitting the data packet to the central data network after the data packet arrives at the network address translation entity.

A communication method is provided. The method includes transmitting a network address assignment request to the network address translation entity after establishing a general packet radio service (GPRS) tunneling protocol (GTP) tunnel between the first user-plane function entity and the second user-plane function entity, such that the network address translation entity assigns a network address to the GTP tunnel, notifying the network address assigned by the network address translation entity to the GTP tunnel to the central data network, controlling a data packet to be transmitted by the edge service node to the central data network to be transmitted through the GTP tunnel, the network address translation entity replacing a source address of the data packet with the network address, and transmitting the data packet to the central data network after the data packet arrives at the network address translation entity.

A method for establishing a segment routing (SR) tunnel based on an Internet Protocol version 6 (IPv6) data plane using a Path Computation Element Communication Protocol (PCEP) includes generating, by a path computation element (PCE), a first PCEP message, wherein the first PCEP message comprises indicating information and segment identifier (SID), and wherein the indicating information indicates that the SID is an IPv6 prefix of a node in a tunnel; receiving, by a first path computation client (PCC), the first PCEP message from the PCE; and establishing, by the first PCC, a Segment Routing over IPv6 (SRv6) tunnel from the first PCC to a second PCC.

A method for establishing a segment routing (SR) tunnel based on an Internet Protocol version 6 (IPv6) data plane using a Path Computation Element Communication Protocol (PCEP) includes generating, by a path computation element (PCE), a first PCEP message, wherein the first PCEP message comprises indicating information and segment identifier (SID), and wherein the indicating information indicates that the SID is an IPv6 prefix of a node in a tunnel; receiving, by a first path computation client (PCC), the first PCEP message from the PCE; and establishing, by the first PCC, a Segment Routing over IPv6 (SRv6) tunnel from the first PCC to a second PCC.

An example network device receives an encapsulated network packet via a network tunnel; extracts IPv6 header information from the encapsulated network packet; extracts IPv4 header information from the encapsulated network packet; determines that the encapsulated network packet is a spoofed network packet based on the IPv6 header information and the IPv4 header information; and in response to detecting the spoofed network packet, transmits a message to a Tunnel Entry Point (TEP) device, the message including data representing the IPv6 header information and IPv4 header information. A tunnel entry point (TEP) device may receive the message and use the message to detect spoofed IPv6 traffic, e.g., when an IPv6 header and an IPv4 header of an encapsulated packet matches the IPv6 header and the IPv4 header specified in the message. In this manner, the TEP device may block, rate limit, or redirect spoofed network traffic.

An example network device receives an encapsulated network packet via a network tunnel; extracts IPv6 header information from the encapsulated network packet; extracts IPv4 header information from the encapsulated network packet; determines that the encapsulated network packet is a spoofed network packet based on the IPv6 header information and the IPv4 header information; and in response to detecting the spoofed network packet, transmits a message to a Tunnel Entry Point (TEP) device, the message including data representing the IPv6 header information and IPv4 header information. A tunnel entry point (TEP) device may receive the message and use the message to detect spoofed IPv6 traffic, e.g., when an IPv6 header and an IPv4 header of an encapsulated packet matches the IPv6 header and the IPv4 header specified in the message. In this manner, the TEP device may block, rate limit, or redirect spoofed network traffic.

Techniques are described for extending a cellular quality of service bearer through an enterprise fabric network. In one example, a method obtaining, by a first switch of a network, a packet to be delivered to a client connected to the network via a cellular access point; identifying quality of service (QoS) bearer information associated with the packet, wherein the QoS bearer information is associated with a radio access bearer for the client and the QoS bearer information comprises a bearer indicator and a QoS class identifier; providing a fabric tunnel encapsulation for the packet, wherein the bearer indicator and the QoS class identifier are included within the fabric tunnel encapsulation of the packet; and forwarding the packet within the fabric tunnel encapsulation toward a second switch of the network via a fabric tunnel, wherein the cellular access point is connected to the network via the second switch.

Techniques are described for extending a cellular quality of service bearer through an enterprise fabric network. In one example, a method obtaining, by a first switch of a network, a packet to be delivered to a client connected to the network via a cellular access point; identifying quality of service (QoS) bearer information associated with the packet, wherein the QoS bearer information is associated with a radio access bearer for the client and the QoS bearer information comprises a bearer indicator and a QoS class identifier; providing a fabric tunnel encapsulation for the packet, wherein the bearer indicator and the QoS class identifier are included within the fabric tunnel encapsulation of the packet; and forwarding the packet within the fabric tunnel encapsulation toward a second switch of the network via a fabric tunnel, wherein the cellular access point is connected to the network via the second switch.

Described herein are systems, methods, and software to manage secure tunnel communications in multi-edge gateway computing environments. In one implementation, a control system identifies an edge gateway from a plurality of edge gateways to support a private network tunnel. The control system further identifies addressing attributes associated with communications directed over the private network tunnel and configures the plurality of edge gateways to forward packets associated with the addressing attributes to the identified edge gateway, wherein the edge gateway can process and forward the packets over the private network tunnel.

Described herein are systems, methods, and software to manage secure tunnel communications in multi-edge gateway computing environments. In one implementation, a control system identifies an edge gateway from a plurality of edge gateways to support a private network tunnel. The control system further identifies addressing attributes associated with communications directed over the private network tunnel and configures the plurality of edge gateways to forward packets associated with the addressing attributes to the identified edge gateway, wherein the edge gateway can process and forward the packets over the private network tunnel.