Abstract: An apparatus having logic elements to receive an incoming packet associated with a first service function chain; identify a next hop service function for the incoming packet as a non-reactive service function; create a duplicate packet; forward the duplicate packet to the non-reactive service function; and forward the incoming packet to a next reactive service function. An apparatus having logic to receive an incoming packet associated with a first service function chain (SFC), having a first service path identifier (SPI); determine that the incoming packet has a first service index (SI), and that a next-hop SI identifies a non-reactive service function (NRSF); receive a duplicate packet of the incoming packet; rewrite a service header of the duplicate packet to identify a second SFC having a second SPI; and alter the first SI of the incoming packet to identify a next reactive service function in the first SFC.

Abstract: In one embodiment, a service function classifier device determines a classification of a packet using one or more packet classification rules. The device selects a service function path based on the classification of the packet. The device determines one or more traffic flow characteristics based on the classification of the packet. The device generates a service function chaining (SFC) header that identifies the selected service function path and the determined one or more traffic flow characteristics. The SFC header is configured to cause a device along the service function path to forward the encapsulated packet based on the identified service function path and the determined one or more traffic flow characteristics. The device sends the packet along the selected service function path as an encapsulated packet that includes the generated SFC header.

Abstract: In one embodiment, a device in a network receives a packet that includes a forwarding label for a service in a service chain. The packet encapsulates a service chain header for the service chain. The device swaps the forwarding label for the service in the packet for a reserved label that identifies the packet as encapsulating the service chain header. The device forwards the packet with the reserved label to the service.

Abstract: Embodiments of the present disclosure are directed to augmenting a Network Service Header (NSH) metadata of a data packet with a virtual routing and forwarding identifier (VRF-ID) and forgoing augmenting a virtual private network (VPN) label into a multiprotocol label switched (MPLS) metadata of the data packet. A provider edge router can use the VRF-ID to identify a next hop for the data packet as a service to be applied prior to forwarding the data packet to a VPN site.

Abstract: A method of establishing an end-to-end tunnel for a virtual network extending across multiple domains using a first network controller element managing a first domain is provided. The method includes receiving a request from a second network controller element managing the first network controller element for an intra-domain locally-learned tunnel identifier (LLTI), sending an instruction to an egress network element of the first domain to generate the intra-domain LLTI in accordance with the request, receiving the intra-domain LLTI from the egress network element in accordance with the instruction, and sending the intra-domain LLTI to an ingress network element of the first domain. A method of establishing an end-to-end tunnel for a virtual network extending across multiple domains using an inter-domain LLTI is provided.

Abstract: There is disclosed an apparatus having logic elements to: receive an incoming packet associated with a first service function chain; identify a next hop service function for the incoming packet as a non-reactive service function; create a duplicate packet; forward the duplicate packet to the non-reactive service function; and forward the incoming packet to a next reactive service function.

Abstract: In one embodiment, a device in a network receives a packet that includes one or more forwarding labels and a service function chaining (SFC) header. The device removes the one or more forwarding labels from the packet. The device inserts an indication of the one or more forwarding labels into metadata of the SFC header. The device forwards the packet with the inserted indication of the one or more forwarding labels to a service function.

Abstract: Aspects of the embodiments are directed to augmenting a control packet with an interface identifier, the interface identifier identifying an interface at a physical network forwarding element; and transmitting the control packet with the interface identifier to the physical network forwarding element. The interface identifier can be included in metadata of a network service header (NSH). The NSH is encapsulated with the control packet, which is transmitted with the control packet. The NSH can be extracted and the interface identifier used to identify a user interface (or a presenting interface) based on a metadata lookup.

Abstract: A method for load balancing based on metadata in a network service header. The method includes receiving a packet or frame of a traffic flow, wherein the packet or frame has a payload and the network service header including metadata and service path information for the traffic flow identifying the service path, and the metadata comprises classification information of the packet or frame, extracting, by a service header processor of the load balancer, the classification information of the metadata from the packet or frame, and applying, by a load balancing function of the load balancer, a load balancing policy on the packet or frame based on the classification information of the metadata.

Abstract: A method for applying network services to data traffic forwarded between virtual private network (VPN) sites includes: receiving a data packet addressed to a target site associated with the VPN, determining services to be applied to the data packet according to a service chain, where the determining is a function of at least one of the VPN, the origin site or the target site, adding an indication of a VPN forwarding context onto the data packet, encapsulating the data packet with Network Service Header encapsulation, where a header for the encapsulated data packet indicates at least the service chain; forwarding the encapsulated data packet in accordance with the service chain, receiving the encapsulated data packet at the end of the service chain, terminating the service chain, removing the encapsulation, and forwarding the data packet to a target destination per the indication of a VPN forwarding context.

Abstract: A method and system for application-driven proactive multi-stratum resource monitoring in software defined networks (SDN). A Cross-Stratum Optimization (CSO) service orchestrator obtains a service intent, a notification subscription, and a programmable performance rule specified by an application. The CSO service orchestrator collects streaming performance data in a network based on the notification subscription, evaluates performance of the network using the collected data and the programmable performance rule, and allocates one or more of storage, computer, and network resources based on the evaluation to ensure quality of service for the application.

Abstract: In one embodiment, a service function classifier device determines a classification of a packet using one or more packet classification rules. The device selects a service function path based on the classification of the packet. The device determines one or more traffic flow characteristics based on the classification of the packet. The device generates a service function chaining (SFC) header that identifies the selected service function path and the determined one or more traffic flow characteristics. The SFC header is configured to cause a device along the service function path to forward the encapsulated packet based on the identified service function path and the determined one or more traffic flow characteristics. The device sends the packet along the selected service function path as an encapsulated packet that includes the generated SFC header.

Abstract: A first virtual machine is established in a virtual private service chain to provide a first network service to virtual private service chain traffic. A second virtual machine is also established the virtual private service chain to provide a second network service to the virtual private service chain traffic. The virtual private service chain traffic is encrypted for transmission within the virtual private service chain from the first virtual machine to the second virtual machine, wherein the encryption uses a key shared by the first and second virtual machines.

Abstract: In one embodiment, a service function classifier device determines a classification of a packet using one or more packet classification rules. The device selects a service function path based on the classification of the packet. The device determines one or more traffic flow characteristics based on the classification of the packet. The device generates a service function chaining (SFC) header that identifies the selected service function path and the determined one or more traffic flow characteristics. The SFC header is configured to cause a device along the service function path to forward the encapsulated packet based on the identified service function path and the determined one or more traffic flow characteristics. The device sends the packet along the selected service function path as an encapsulated packet that includes the generated SFC header.

Abstract: A method for applying network services to data traffic forwarded between virtual private network (VPN) sites includes: receiving a data packet addressed to a target site associated with the VPN, determining services to be applied to the data packet according to a service chain, where the determining is a function of at least one of the VPN, the origin site or the target site, adding an indication of a VPN forwarding context onto the data packet, encapsulating the data packet with Network Service Header encapsulation, where a header for the encapsulated data packet indicates at least the service chain; forwarding the encapsulated data packet in accordance with the service chain, receiving the encapsulated data packet at the end of the service chain, terminating the service chain, removing the encapsulation, and forwarding the data packet to a target destination per the indication of a VPN forwarding context.

Abstract: A system comprising a plurality of service nodes, a controller and a network device in communication with the controller. Each of the plurality of service nodes is configured to support one or more service functions to establish a service function chain that includes a plurality of service functions to be performed by routing traffic among the plurality of service nodes. The controller is configured to generate provisioning information for the service function chain. The provisioning information includes at least one condition upon which a service function reclassification or branching operation is to be performed by at least one service node. The network device is in communication with the controller, and is configured to distribute the provisioning information for the service function chain to the plurality of service nodes using a distributed routing protocol.

Abstract: A method for applying network services to data traffic forwarded between virtual private network (VPN) sites includes: receiving a data packet addressed to a target site associated with the VPN, determining services to be applied to the data packet according to a service chain, where the determining is a function of at least one of the VPN, the origin site or the target site, adding an indication of a VPN forwarding context onto the data packet, encapsulating the data packet with Network Service Header encapsulation, where a header for the encapsulated data packet indicates at least the service chain; forwarding the encapsulated data packet in accordance with the service chain, receiving the encapsulated data packet at the end of the service chain, terminating the service chain, removing the encapsulation, and forwarding the data packet to a target destination per the indication of a VPN forwarding context.

Abstract: Aspects of the embodiments are directed to augmenting a control packet with an interface identifier, the interface identifier identifying an interface at a physical network forwarding element; and transmitting the control packet with the interface identifier to the physical network forwarding element. The interface identifier can be included in metadata of a network service header (NSH). The NSH is encapsulated with the control packet, which is transmitted with the control packet. The NSH can be extracted and the interface identifier used to identify a user interface (or a presenting interface) based on a metadata lookup.

Abstract: In one embodiment, a device in a network receives a packet that includes a forwarding label for a service in a service chain. The packet encapsulates a service chain header for the service chain. The device swaps the forwarding label for the service in the packet for a reserved label that identifies the packet as encapsulating the service chain header. The device forwards the packet with the reserved label to the service.

Abstract: Embodiments of the present disclosure are directed to augmenting a Network Service Header (NSH) metadata of a data packet with a virtual routing and forwarding identifier (VRF-ID) and forgoing augmenting a virtual private network (VPN) label into a multiprotocol label switched (MPLS) metadata of the data packet. A provider edge router can use the VRF-ID to identify a next hop for the data packet as a service to be applied prior to forwarding the data packet to a VPN site.