Abstract: A network device implements a method for providing a service chain in a network by instantiating services on demand using a lightning module. The lightning module provides the services as applications executed by a unikernel where the unikernel is supported by a hypervisor. The method further includes receiving authentication, administration and accounting (AAA) service authentication of a user by the lightning module, instantiating a special unikernel to monitor a session for packets from the user, and instantiating service chain unikernels identified in at least one unikernel configuration file, in response to receiving a packet from the user.

Abstract: A method is implemented by a computing device to monitor the performance of packet processing in an in-line service chain. The computing device is in communication with a plurality of network devices forming a software defined network (SDN) and the in-line service chain. The SDN includes a controller implemented by the computing device to configure the plurality of network devices. The plurality of devices includes a set of switches monitoring packets traversing the in-line service chain including at least one service.

Abstract: A system and method for chaining one or more services in a service provider network. A service chaining policy and associated Service Path Identifier (SPID) are determined at an ingress node with respect to a particular data packet flow. If the service chaining policy involves one or more service nodes to be traversed by the data packet flow, each service node's EIDs and RLOCs are determined. A sequential data exchange process with the service nodes is effectuated using encapsulation of data packets based on the EIDs and RLOCs for obtaining services in accordance with the order of services set forth in the chaining policy.

Abstract: Embodiments of the present disclosure include methods and apparatuses for enabling data path selection. In an EPG, ILNP mobility signaling is received. The ILNP signaling may include a destination locator for a BNG. A signaling message is sent to the BNG in response to the received ILNP signaling. An acknowledgement is received from the BNG. Traffic is tunneled between a mobile device and a RGW over a LTE interface. In a BNG, a signaling message is received. A message is sent to a SDN controller. A notification is received from the SDN controller that configuration of a RGW to tunnel traffic over a LTE interface is complete. An acknowledgement is sent to an EPG. In a RGW, a message is received from a SDN controller. Traffic is tunneled between a NAS and an EPG over a LTE interface based on the message received from the SDN controller.

Abstract: A method is implemented by a network device to monitor the performance of packet processing in an in-line service chain, the network device one of a plurality of network devices forming a software defined network (SDN) and the in-line service chain. The SDN includes a controller to configure the plurality of network devices. The method includes receiving a sequence of packets of a data flow traversing the in-line service chain, applying a hash function to the sequence of packets of the data flow to generate a set of hash values for the sequence of packets, and sending the set of hash values and a set of timestamps for the sequence of packets to the controller to determine delay and loss across a service of the in-line service chain.

Abstract: A network device implements a method for providing a service chain in a network by instantiating services on demand using a lightning module. The lightning module provides the services as applications executed by a unikernel where the unikernel is supported by a hypervisor. The method further includes receiving authentication, administration and accounting (AAA) service authentication of a user by the lightning module, instantiating a special unikernel to monitor a session for packets from the user, and instantiating service chain unikernels identified in at least one unikernel configuration file, in response to receiving a packet from the user.

Abstract: A system and method for chaining one or more services in a service provider network. A service chaining policy and associated Service Path Identifier (SPID) are determined at an ingress node with respect to a particular data packet flow. If the service chaining policy involves one or more service nodes to be traversed by the data packet flow, each service node's EIDs and RLOCs are determined. A sequential data exchange process with the service nodes is effectuated using encapsulation of data packets based on the EIDs and RLOCs for obtaining services in accordance with the order of services set forth in the chaining policy.

Abstract: A method implemented by a computing device to optimize resource usage of service function chains (SFCs) in a network using machine learning. The method includes obtaining, from an autoscale machine learning (ML) system associated with a virtual network function (vNF), a suggested adjustment to an amount of resources provisioned for the vNF. The autoscale ML system is trained online using machine learning to predict an amount of resources to be utilized by the vNF. The autoscale ML system is configured to receive as input an amount of resources currently utilized by the vNF and an amount of resources currently available to the vNF, determine using machine learning the suggested adjustment to the amount of resources provisioned for the vNF based on the input, and output the suggested adjustment. The method further includes providing the suggested adjustment to a resource re-allocator component.

Abstract: A system and method for chaining one or more services in a service provider network. A service chaining policy and associated Service Path Identifier (SPID) are determined at an ingress node with respect to a particular data packet flow. If the service chaining policy involves one or more service nodes to be traversed by the data packet flow, each service node's EIDs and RLOCs are determined. A sequential data exchange process with the service nodes is effectuated using encapsulation of data packets based on the EIDs and RLOCs for obtaining services in accordance with the order of services set forth in the chaining policy.

Abstract: A method is implemented by a computing device in communication with a network having a plurality of switches. The method performs path correctness testing where the path defines a service chain associated with a flow of data. The method configures the plurality of switches using a flow control protocol. The method includes the steps of selecting a switch from the path to configure path correctness testing, sending a configuration request to the selected switch to instate at least one rule for testing path correctness, receiving copies of flow packets from at least one switch in the path, and comparing the copies of flow packets with a service chain configuration of the flow to confirm path correctness.

Abstract: A method for setting up a new path for carrying traffic between border nodes of a client communications network through a server communications network. The method comprises, at a border node of the client communications network: receiving a request for reservation of resources from a first client node of the client communications network; determining that the border node does not have a path for carrying traffic through the server communications network having sufficient resources to meet the request; and, in response, initiating set up of a new path for carrying traffic between border nodes of the client communications network through the server communications network.

Abstract: A method is implemented by a network device to monitor the performance of packet processing in an in-line service chain, the network device one of a plurality of network devices forming a software defined network (SDN) and the in-line service chain. The SDN includes a controller to configure the plurality of network devices. The method includes receiving a sequence of packets of a data flow traversing the in-line service chain, applying a hash function to the sequence of packets of the data flow to generate a set of hash values for the sequence of packets, and sending the set of hash values and a set of timestamps for the sequence of packets to the controller to determine delay and loss across a service of the in-line service chain.

Abstract: A method is implemented by a computing device to monitor the performance of packet processing in an in-line service chain. The computing device is in communication with a plurality of network devices forming a software defined network (SDN) and the in-line service chain. The SDN includes a controller implemented by the computing device to configure the plurality of network devices. The plurality of devices includes a set of switches monitoring packets traversing the in-line service chain including at least one service.

Abstract: A network element and process determines and configures capabilities of network element components. The network element components include a set of control elements where the set of control elements determine capabilities of each of a set of forwarding elements. The method includes initiating communication with a forwarding element in the set of forwarding elements by a control element. The control element requests that the forwarding element to provide a set of logical function block identifiers of supported logical function blocks for the forwarding element. The set of logical function block identifiers is then received from the forwarding element in response to the request. The set of logical function block identifiers are matched with known forwarding element capabilities to determine capabilities of the forwarding element. A forwarding element capability model is then updated with the capabilities of the forwarding element.

Abstract: A method is implemented by a computing device in communication with a network having a plurality of switches. The method performs path correctness testing where the path defines a service chain associated with a flow of data. The method configures the plurality of switches using a flow control protocol. The method includes the steps of selecting a switch from the path to configure path correctness testing, sending a configuration request to the selected switch to instate at least one rule for testing path correctness, receiving copies of flow packets from at least one switch in the path, and comparing the copies of flow packets with a service chain configuration of the flow to confirm path correctness.

Abstract: A method is provided for preventing denial-of-service attacks on hosts attached to a subnet, where the attacks are initiated by a remote node over an external network. The method is performed by a router which forwards packets between the external network and the subnet. The router receives a packet for forwarding to a destination address in an address space of the subnet according to the IPv6 protocol and looks up the destination address in a Neighbor Discovery (ND) table. The ND table is populated by operations on the subnet that were completed prior to receipt of the packet. Entries in the ND table store address information of the hosts that have been verified by the router to be active. The router forwards the packet to the destination address if the destination address is stored in the ND table. Otherwise, the packet is discarded.

Abstract: A method implemented by a network topology design system, the network topology design system including a processing device. The method to determine placement of a controller within a network with a split architecture where control plane components of the split architecture network are executed by a controller and the control plane components are separate from data plane components of the split architecture network. The placement of the controller is selected to minimize disruption of the split architecture network caused by a link failure, a switch failure or a connectivity loss between the controller and the data plane components.

Abstract: A process is performed by a controller in a split-architecture network. The controller monitors congestion of traffic groups across the split-architecture network and executes the process to provide delay based data rate control to alleviate congestion of the traffic groups. The process includes configuring an ingress switch and egress switch for each traffic group to collect delay measurement data for data packets of each traffic group as they arrive at the ingress switch and egress switch. The delay measurement data is received from the ingress switch and egress switch of each traffic group. A check is made whether a minimum data packet delay for any traffic group exceeds a defined threshold value. At least one traffic group is then identified in the split-architecture network to discard in response to the threshold value being exceeded.

Abstract: Systems are provided including at least one identifier locator network protocol (ILNP) enabled mobile node running Internet protocol version 6 (IPv6). The mobile node is attached to an IPv6 network in an IPv6 domain. The system includes a virtual root server configured to receive a binding identifiers create (BIC) message from a domain name system 64 (DNS64) server associated with the IPv6 network. The BIC message includes an ILNP address of the mobile node running IPv6, a fake ILNP address of a destination device running IPv4 assigned by the DNS64 server and an ILNP address of the DNS64 server. The fake ILNP address includes a full real address of the destination device. The virtual root server is further configures to create a binding between the ILNP address of the mobile node and the fake ILNP address of the destination device; store the binding; and send a binding identifier acknowledgement (BIA) message to the DNS64 server.

Abstract: A method performed by a slave network edge node (e.g., a Broadband Network Gateway BNG2) for enhancing a Long Term Evolution (LTE) backup channel in the event of a failure of a master network edge node (e.g., BNG1) in a wireline network. When BNG2 detects the failure of BNG1, BNG2 sends a failure update message to a Packet Data Network Gateway (PDN GW) of an LTE network. The PDN GW provides a backup channel for the CPE to reach the wide area network over a mobile tunnel. Before the failure the mobile tunnel has an end point at BNG1, and the failure update message notifies the PDN GW that the end point of the mobile tunnel has changed from BNG1 to BNG2. After BNG2 receives a failure acknowledgement message from the PDN GW, BNG2 routes the traffic from the PDN GW over the mobile tunnel to the wide area network.