Abstract: A method provided in one embodiment includes receiving, at a first network element, a first data packet of a data flow, wherein the data flow is associated with a subscriber. The method further includes receiving subscriber information associated with the subscriber, and encapsulating the subscriber information with the first data packet to form an encapsulated data packet. The method still further includes determining a service chain including one or more services to which the encapsulated data packet is to be forwarded, and forwarding the encapsulated data packet to the service chain.

Abstract: An example method is provided in one example embodiment and may include receiving a packet for a subscriber at a gateway, wherein the gateway includes a local policy anchor for interfacing with one or more policy servers and one or more classifiers for interfacing with one or more service chains, each service chain including one or more services accessible by the gateway; determining a service chain to receive the subscriber's packet; appending the subscriber's packet with a header, wherein the header includes, at least in part, identification information for the subscriber and an Internet Protocol (IP) address for the local policy anchor; and injecting the packet including the header into the service chain determined for the subscriber.

Abstract: A first virtual machine is established in a virtual private service chain to provide a first network service to virtual private service chain traffic. A second virtual machine is also established the virtual private service chain to provide a second network service to the virtual private service chain traffic. The virtual private service chain traffic is encrypted for transmission within the virtual private service chain from the first virtual machine to the second virtual machine, wherein the encryption uses a key shared by the first and second virtual machines.

Abstract: An example method is provided in one example embodiment and includes receiving a packet of a session from a previous hop router at a service zone of a service chain; recording the previous hop router for the session; determining an appliance to service the packet in the service zone using load balancing; recording an appliance identity for servicing the session in the service zone; determining a next hop router in the service chain for the packet using load balancing; and recording the next hop router for the session.

Abstract: A method for load balancing based on metadata in a network service header. The method includes receiving a packet or frame of a traffic flow, wherein the packet or frame has a payload and the network service header including metadata and service path information for the traffic flow identifying the service path, and the metadata comprises classification information of the packet or frame, extracting, by a service header processor of the load balancer, the classification information of the metadata from the packet or frame, and applying, by a load balancing function of the load balancer, a load balancing policy on the packet or frame based on the classification information of the metadata.

Abstract: An example method for network address translation (NAT) offload to network infrastructure for service chains in a network environment is provided and includes receiving a packet at a network infrastructure in a network comprising a plurality of service nodes interconnected through the network infrastructure, each service node executing at least one service function, identifying the packet as belonging to a first flow based on a cookie in a network service header of the packet that indicates a service chain that includes a sequence of service functions to be executed on the packet at the service nodes, determining that a service function in the service chain is to be offloaded from one of the service nodes to the network infrastructure for subsequent packets of the first flow, and executing the offloaded service function at the network infrastructure for subsequent packets of the first flow.

Abstract: An example method for service node originated service chains in a network environment is provided and includes receiving a packet at a service node in a network environment that includes a plurality of service nodes and a central classifier, analyzing the packet for a service chain modification or a service chain initiation, classifying the packet at the service node to a new service chain based on the analysis, initiating the new service chain at the service node if the analysis indicates service chain initiation, and modifying an existing service chain for the packet to the new service chain if the analysis indicates service chain modification. In specific embodiments, the analysis includes applying classification logic specific to the service node. Some embodiments, service node attributes and order of service nodes in substantially all service chains configured in the network may be received from a central controller.

Abstract: A method provided in one embodiment includes receiving a first data packet of a data flow at a first classifier in which the first data packet includes a first identifier. The method further includes determining a second classifier associated with the first identifier in which the second classifier is further associated with at least one service chain of a service chain environment. The method still further includes forwarding the first data packet to the second classifier. The second classifier is configured to receive the first data packet, determine a particular service chain of the at least one service chain to which the first data packet is to be forwarded, and forward the first data packet to the particular service chain.

Abstract: A method provided in one embodiment includes receiving, at a first network element, a first data packet of a data flow, wherein the data flow is associated with a subscriber. The method further includes receiving subscriber information associated with the subscriber, and encapsulating the subscriber information with the first data packet to form an encapsulated data packet. The method still further includes determining a service chain including one or more services to which the encapsulated data packet is to be forwarded, and forwarding the encapsulated data packet to the service chain.

Abstract: An example method is provided in one example embodiment and may include receiving a packet for a subscriber at a gateway, wherein the gateway includes a local policy anchor for interfacing with one or more policy servers and one or more classifiers for interfacing with one or more service chains, each service chain including one or more services accessible by the gateway; determining a service chain to receive the subscriber's packet; appending the subscriber's packet with a header, wherein the header includes, at least in part, identification information for the subscriber and an Internet Protocol (IP) address for the local policy anchor; and injecting the packet including the header into the service chain determined for the subscriber.

Abstract: An example method is provided in one example embodiment and may include receiving a packet for a subscriber at a gateway, wherein the gateway includes a local policy anchor for interfacing with one or more policy servers and one or more classifiers for interfacing with one or more service chains, each service chain including one or more services accessible by the gateway; determining a service chain to receive the subscriber's packet; appending the subscriber's packet with a header, wherein the header includes, at least in part, identification information for the subscriber and an Internet Protocol (IP) address for the local policy anchor; and injecting the packet including the header into the service chain determined for the subscriber.

Abstract: An example method for network address translation (NAT) offload to network infrastructure for service chains in a network environment is provided and includes receiving a packet at a network infrastructure in a network comprising a plurality of service nodes interconnected through the network infrastructure, each service node executing at least one service function, identifying the packet as belonging to a first flow based on a cookie in a network service header of the packet that indicates a service chain that includes a sequence of service functions to be executed on the packet at the service nodes, determining that a service function in the service chain is to be offloaded from one of the service nodes to the network infrastructure for subsequent packets of the first flow, and executing the offloaded service function at the network infrastructure for subsequent packets of the first flow.

Abstract: An example method for service node originated service chains in a network environment is provided and includes receiving a packet at a service node in a network environment that includes a plurality of service nodes and a central classifier, analyzing the packet for a service chain modification or a service chain initiation, classifying the packet at the service node to a new service chain based on the analysis, initiating the new service chain at the service node if the analysis indicates service chain initiation, and modifying an existing service chain for the packet to the new service chain if the analysis indicates service chain modification. In specific embodiments, the analysis includes applying classification logic specific to the service node. Some embodiments, service node attributes and order of service nodes in substantially all service chains configured in the network may be received from a central controller.

Abstract: An example method is provided in one example embodiment and includes receiving a packet of a session from a previous hop router at a service zone of a service chain; recording the previous hop router for the session; determining an appliance to service the packet in the service zone using load balancing; recording an appliance identity for servicing the session in the service zone; determining a next hop router in the service chain for the packet using load balancing; and recording the next hop router for the session.

Abstract: An example method for load balancing in a network environment is provided and includes receiving a packet from a first stage load-balancer in a network environment, where the packet is forwarded from the first stage load-balancer to one of a plurality of second stage load-balancers in the network according to a hash based forwarding scheme, and routing the packet from the second stage load-balancer to one of a plurality of servers in the network according to a per-session routing scheme. The per-session routing scheme includes retrieving a session routing state from a distributed hash table in the network. In a specific embodiment, the hash based forwarding scheme includes equal cost multi path routing. The session routing state can include an association between a next hop for the packet and the packet's 5-tuple representing a session to which the packet belongs.

Abstract: A computer system includes functionality enabling a provider edge router to determine whether network data such as VRF information is properly associated with a corresponding virtual private network. A first node through which the network data is transmitted generates a signature value uniquely associated with the virtual private network. The first node forwards the signature value along with the network data to a second node of the physical network. The second node, in turn, verifies that the network data (such as VRF information) is properly associated with the second node (and virtual network) based on its own generation of a signature value, which is compared with the signature value received from the first node.

Abstract: In one example embodiment, a system and method is illustrated that includes receiving connectivity data for at least one network device, the connectivity data describing a connection to the at least one network device within an area. The system and method further includes processing the connectivity data to obtain a routing update for distribution to another network device outside the area. Additionally, the system and method includes a routing summary in the routing update, the routing summary including an address prefix. Further, the system and method includes reachability information in the routing update, the reachability information including an address for the at least one network device.

Abstract: A pseudowire verification framework gathers and maintains status of individual pseudowires by aggregating the state of the individual node hops defining the pseudowire. The framework provides complete assessment of a network by gathering status feedback from network nodes (forwarding entities) that are inaccessible directly from a requesting node by employing an intermediate forwarding entity as a proxy for inquiring on behalf of the requesting node. Therefore, status regarding inaccessible pseudowires is obtainable indirectly from nodes able to “see” the particular pseudowire. Configurations further assess multihop pseudowires including a plurality of network segments; in which each segment defines a pseudowire hop including forwarding entities along the pseudowire path. In this manner, pseudowire health and status is gathered and interrogated for nodes (forwarding) entities unable to directly query the subject pseudowire via intermediate forwarding entities.

Abstract: A method, apparatus and computer program product for routing data within a packet-switched network using a PW wherein the PW is terminated directly on the layer-3 routing device such that certain services and applications can be utilized is presented. The method, apparatus and computer program product receives an encapsulated layer-2 Protocol Data Unit (PDU) from a pseudowire emulating a service. The encapsulation is removed from the encapsulated layer-2 PDU and a layer-2 circuit associated with the pseudowire is terminated. The circuit is treated as an interface and the PDU is forwarded based on upper layer protocol information within the PDU.

Abstract: A mechanism for ASBRs to identify the originating node, or router, in an LSP conversant autonomous system (AS), such as an MPLS VPN environment, maintains the identity of the originating node and successive nodes in subsequent autonomous systems along the path to the node to be pinged. The identity of the transporting nodes is stored in a stack or other object associated with the ping request (ping), such that the pinged node may employ the stored identity as a set of return path routing information. Successive ASBRs store their identity on the stack, in an ordered manner, along the path to the destination. Upon reaching the destination (ping) node, the destination node employs the identity of the first node on the stack to send the acknowledgment, or ping response. Each successive ASBR, therefore, pops (retrieves) the next node identity from the stack and redirects (sends) the ping response to the retrieved node.