Abstract: An information processing apparatus, when a mirroring setting request of a virtual machine is received, transmits by broadcasting a detection packet to detect a monitoring node, when a response packet to respond to the detection packet is received from the monitoring node, determines a state of whether a reception port is a local port or an uplink port, based on a node identifier of the monitoring node, node identifier information, and state information, determines a connection relationship over a network between the information processing apparatus and the monitoring node, based on a presence/absence of the response packet and the determined state of the reception port, and performs a setting for transmitting a mirror packet obtained by copying a communication packet of the virtual machine to the monitoring node, for at least one switch of a plurality of switches, based on the determined connection relationship.

Abstract: Techniques are described for avoiding traffic black-holing in a multi-homed Ethernet virtual private networks (EVPNs) in which a customer device (CE) is multi-homed to a plurality of multi-homing provider edge devices (PEs) via respective links of an Ethernet segment. An overlay network is created over the Ethernet segment, and the multi-homing PEs of the EVPN are configured with a common anycast IP address for respective virtual network interfaces. Upon election as active designated forwarder (DF) for the EVPN, the DF PE of the multi-homing PEs advertises toward the customer network an IGP metric for the anycast IP address that is lower than the IGP metric(s) advertised by any of the non-DF standby PE routers segment to direct the CE to forward network packets from the customer network to the DF PE over the respective link of the Ethernet segment.

Abstract: Some embodiments establish for an entity a virtual network over several public clouds of several public cloud providers and/or in several regions. In some embodiments, the virtual network is an overlay network that spans across several public clouds to interconnect one or more private networks (e.g., networks within branches, divisions, departments of the entity or their associated datacenters), mobile users, and SaaS (Software as a Service) provider machines, and other web applications of the entity. The virtual network in some embodiments can be configured to optimize the routing of the entity's data messages to their destinations for best end-to-end performance, reliability and security, while trying to minimize the routing of this traffic through the Internet. Also, the virtual network in some embodiments can be configured to optimize the layer 4 processing of the data message flows passing through the network.

Abstract: A network slice management method, a management unit, and a system, where the method includes receiving, by a first management unit, a first management request, where the first management request carries requirement information of a network slice or indication information, and the indication information is used to obtain the requirement information of the network slice. The method further includes determining, by the first management unit, requirement information of a subnet that forms the network slice. According to the method, the first management unit can determine the corresponding requirement information of the subnet based on the requirement information of the network slice. This way, the network slice can be automatically deployed based on the requirement information of the network slice.

Abstract: The present disclosure involves systems and methods for managing a trie routing table for a networking device of a communication or computer network. In one implementation, the networking device may utilize a dynamic algorithm for associating hashing functions with pivot tiles of the routing table to improve hash utilization and avoid hash collisions. Further, route prefixes may be relocated from pivot tiles in an attempt to free the tiles for reallocation to other prefix base width or may be relocated to other possible pivot tiles or to a general storage space when a hash collision is detected. This provides for even distribution of pivots within tiles which have base widths in range of a pivot route. The above implementations may occur together or separately to improve the operation of the networking device and provide faster route lookup.

Abstract: Radio frequency communication method for wirelessly transmitting data packets between two communication nodes of a communication network, the method comprising the steps of generating a data packet including payload data and a first data check value a, transmitting the data packet from the first node to a second node; and determine whether the data packet is transmitted correctly by calculating a second data check value based on the received payload data and comparing the second data check value to the first data check value to; if the data packet is received correctly, transmitting from the second node to the first node an acknowledgement packet including a first acknowledgement check value wherein the first acknowledgement check value provides stronger assurances about data integrity of the received payload data than the first and second data check values; and at the first node, calculating a second acknowledgement check value based on the original payload data, and determining whether the data received at

Abstract: A method for plug and play routing is described. The method includes maintaining, at a central routing server(CRS) coupled to one or more network devices through an out-of-band (OOB) network, routing tables for the one or more network devices; receiving, at the CRS, a message pertaining to a network change event from at least one of the one or more network devices; updating, at the CRS, routing tables of all network devices that would be affected by the network change event; and transmitting, using the CRS, said updated routing tables to the respective affected network devices. The one or more network devices can form an autonomous system (AS). The central routing server is elaborated upon.

Abstract: A source host device masks the hardware address of a hosted container from a network device to mitigate the use of resources in the network device. A virtual switch on the source host receives a frame from a hosted container. The frame includes a source hardware address of the hardware address corresponding to the hosted container. The frame also includes a source network address of the network address corresponding to the hosted container. The virtual switch replaces the source hardware address of the frame with the hardware address associated with the source host, and send the frame to the network device. The frame sent to the network device includes the host hardware address as the source hardware address and the container network address as the source network address.

Abstract: In an example, a first Internet Protocol (IP) address is assigned to a first service. The first service includes a plurality of pods and is to operate on a first port. A first node on which the first IP address is to be configured is selected from among a plurality of nodes based on a number of IP addresses configured on each of the plurality of nodes. Further, the first IP address is configured on the first node. The first IP address is assigned to a second service as well. The second service comprises a plurality of pods and is to operate on a second port.

Abstract: A data storage device that includes a memory operable to store a data table and an indexing engine implemented by a processor. The indexing engine is configured to receive data and to store the data in the data table. The indexing engine is further configured to determine an index key and data location information for the stored data and to determine a set of index table references based on the index key. Each index table reference identifies an index table that links index keys with data location information. The indexing engine is further configured to identify a set of index tables corresponding with the set of index table references and to store the index key and the data location information for the stored data in one or more index tables from the set of index tables.

Abstract: The disclosed computer-implemented method may include (1) receiving, at a network device, a route update for one or more routes that direct traffic within a network that supports BGP, (2) identifying, within the route update, a BGP prefix and a plurality of protocol next-hop addresses that (A) identify a plurality of neighbors of the network device and (B) each correspond to the BGP prefix, (3) maintaining a single copy of the BGP prefix and each of the protocol next-hop addresses, (4) receiving a packet destined for a computing device that is reachable via at least one of the neighbors of the network device, and then (5) forwarding the packet to the one of the neighbors of the network device in accordance with the BGP prefix and the protocol next-hop address that identifies the one of the neighbors. Various other methods, systems, and apparatuses are also disclosed.

Abstract: A route priority configuration method, a device, and a controller. The controller receives an interface creation request for creating a layer 3 interface on a target device, where the interface creation request carries an IP address and a subnet mask. The controller generates a direct route of the layer 3 interface based on the interface creation request; allocates a route priority to the direct route according to a preset allocation rule; and sends the direct route and the route priority corresponding to the direct route to the target device. According to the embodiments, direct routes generated based on a same IP address can correspond to different route priorities, to avoid a case in which direct routes advertised by different distributed gateways form ECMP, and improve route priority configuration efficiency.

Abstract: A communication system includes multiple Point-of-Presence (POP) interfaces distributed in a Wide-Area Network (WAN), and one or more processors coupled to the POP interfaces. The processors are configured to assign to an initiator in the communication system a client Internet Protocol (IP) address, including embedding in the client IP address an affiliation of the initiator with a group of initiators, to assign to a responder in the communication system a service IP address, including embedding in the service IP address an affiliation of the service with a group of responders, and to route traffic between the initiator and the responder, over the WAN via one or more of the POP interfaces, in a stateless manner, based on the affiliation of the initiator and the affiliation of the service, as embedded in the client and service IP addresses.

Abstract: A method, an apparatus, and a system for real-time multimedia communications using a software-defined network (SDN) are provided. The method includes receiving, by a processor, a path metric indicative of transmission capacity between directly-connected service nodes in the SDN, determining, by the processor based on the path metric, a cascade network topology comprising an optimal path between a first edge node and a second edge node, wherein the optimal path has the lowest transmission latency among data transmission paths in the SDN between the first edge node and the second edge node, and based on a determination that multimedia data is to be transmitted between the first edge node and the second edge node, transmitting the multimedia data between the first edge node and the second edge node in accordance with the optimal path.

Abstract: Systems and methods for locating server nodes for edge devices using latency-based georouting. At least one cloud platform including at least one cloud platform router and a node database is in network communication with at least one edge device and a plurality of server nodes. The at least one cloud platform receives an initial hypertext transfer protocol (HTTP) request from the at least one edge device. The node database is queried using the at least one cloud platform router and node data is fetched from the plurality of server nodes using an object-oriented function. A query result is returned indicating a nearest node from the plurality of server nodes. The HTTP request is responded to with a unique hypertext markup language (HTML) web page, and the HTTP request is executed using the nearest node.

Abstract: A method for managing routing tables and data packet forwarding is disclosed. The method comprises obtaining, at a networking device, a first outgoing label associated with one or more output port identifiers of the networking device. The first outgoing label identifies a first destination node. The one or more output port identifiers identify one or more of a plurality of output ports. The method further comprises determining whether or not the one or more output port identifiers are also associated with a second outgoing label. The second outgoing label identifies a second destination node different from the first destination node. The method further comprises merging, into a next hop table allocated in a non-transitory memory, the first outgoing label with the second outgoing label in response to determining that the one or more output port identifiers are also associated with the second outgoing label.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprising a computing device, which provides Efficient Data-In-Transit Protection Techniques for Handheld Devices (EDITH) to protect data-in-transit. An end user device (EUD) may generate a multicast data packet. The EDITH module of the EUD encapsulates the data packet in a GRE packet and directs the GRE packet to a unicast destination address of an EDITH Multicast Router included in an infrastructure. The EDITH module on the EUD double compresses and double encrypts the GRE packet. The EDITH module on the infrastructure decrypts and decompresses the double compressed and double encrypted GRE packet to recreate the GRE packet. The EDITH module on the infrastructure decapsulates the GRE packet to derive the original multicast data packet, and distributes the original multicast data packet to the multiple group member based on the multicast destination address included in the original multicast data packet.

Abstract: An intelligent network address translation system and methods for intelligent network address translation. In one embodiment, a network packet is received from a host device, and a stored record associated with the host device is identified. The stored record includes information relating to connection parameters associated with the host device. Using the stored record, a processor determines whether the network packet should be assigned a dedicated address. If so, then the network packet is transmitted using communication parameters including a dedicated IP address. If the packet should not be assigned a dedicated address, then the packet is transmitted using connection parameters including a default public IP address and a port number.

Abstract: Dynamic cluster host interconnectivity based on reachability characteristics is disclosed. A first host receives a request from a first container executing on the first host to send a communication to a second container on a second host. The first host determines that the first host can communicate with the second host via a layer two communications protocol or that the first host can communicate with the second host only via a layer three communications protocol. The first host identifies, in a host accessibility structure, whether the first host can communicate with the second host via the layer two communications protocol or the layer three communications protocol.

Abstract: Systems and methods presented herein provide for a software defined network (SDN) controller in a cable television system that virtualizes network elements in the cable television system to provide content delivery and data services through the virtualized network elements. In one embodiment, the SDN controller is operable in a cloud computing environment to balance data traffic through the virtualized network elements. For example, the SDN controller may abstract Layer 2 Control Protocol (L2CP) frame processing of the network elements into the cloud computing environment to relieve the network elements from the burdens of Ethernet frame processing. In this regard, the SDN controller comprises a L2CP decision module that determines how L2CP should be processed for the network elements in the cable television system.

Abstract: Concepts and technologies are disclosed herein for management of forwarding tables at edge routers. A processor that executes a software defined networking controller can select an edge router associated with a networking environment. The edge router can access or use a forwarding table. The processor can obtain routing information associated with the edge router. The routing information can include forwarding table contents associated with the forwarding table and next hop information that can indicate communication paths associated with the edge router. The processor can analyze the routing information to determine next hops associated with the edge router, generate a next hop graph that represents the next hops, and initiate updating of the forwarding table such that the forwarding table only includes data that corresponds to the next hops.

Abstract: Provided is that detection of a start byte of an access unit of media data can be performed fast and easily from a layer of a transmission packet. A transmission stream is transmitted in which a transmission packet is contiguously arranged having a multiplexed transport packet including the media data in an upper layer. Identification information is inserted for identifying whether or not a start byte of an access unit of the media data exists in the transmission packet, into the header of the transmission packet.

Abstract: Embodiments of this disclosure provide a session management method, an access management function device, and a session management device. The method carried out by an access and mobility management network element includes: obtaining subscription data of a terminal in a first communications network and subscription data of the terminal in a second communications network, where the subscription data of the terminal in the first communications network includes a DNN, and the subscription data of the terminal in the second communications network includes an APN corresponding to the DNN; allocating a bearer identifier to a bearer in a PDN connection corresponding to the APN; receiving a flow identifier that is of a flow in a PDU session corresponding to the DNN and that is sent by a session management network element; and sending the bearer identifier and the flow identifier to the terminal.

Abstract: A CT imaging system for imaging an object is provided. The CT imaging system includes a stationary component, a rotating component configured to rotate with respect to the stationary component, a first conductive line coupled to the stationary component, and a second conductive line coupled to the rotating component, wherein the first and second conductive lines are positioned proximate one another such that inductive crosstalk between the first and second conductive lines provides a contactless communication channel for communicating data between the stationary component and the rotating component.

Abstract: A firewall is described that is integrated in an input stage of a packet processing pipeline so that it recognizes and has access to internal information regarding the different services, such as conduit, intranet, Internet, local vs WAN, applications, and security zones, of a communication network, such as an adaptive private network (APN). The integrated firewall is able to dynamically access the service type, respond to the service type, and adjust the service type based on conditions in the network. Since application awareness and security functions are integrated, customers can set security policies on software applications. The integrated firewall also provides automatic detection of applications, classifies applications based on domain names, steers traffic to services according to software applications, reports on software applications in passthrough traffic, and provides analysis of traffic that does not match a software application so that a user can investigate and define custom applications.

Abstract: A system and method for management of communications for components in a global accelerator system is provided. The global accelerator system includes client devices communicating with a global access point via a public network to access various endpoints that can host services. In turn, a global access point communicates to various endpoints, which are organized into different data centers, via a private network. To facilitate exchanges on behalf of different client devices, the global access points can characterize groupings of endpoints into subgroups or braids. Individual braid communications can be encapsulated and are routed at the data center by a networking equipment using 5-tuple information in packets. The components within individual braids can broadcast or multi-cast state information via management messages to ensure failover or mitigate duplicative processing.

Abstract: Aspects of the present invention provide an approach for improving communications between a software-defined networking (SDN) controller and a hardware gateway in a SDN. In an embodiment, a SDN proxy gateway is installed. The SDN proxy gateway communicates with the SDN controller on behalf of the hardware gateway. To accomplish this, the SDN proxy gateway processes a communication sent from the SDN controller to the hardware gateway. This communication includes a request from a computing node to establish a network communication channel. The SDN proxy gateway translates these instructions (e.g., the logical network and endpoint information), which are in the native format of the SDN controller, into a standardized hardware gateway protocol. The translated information that the hardware gateway can use to establish the network connection is then pushed to the hardware gateway by the proxy gateway.

Abstract: A signaling attack prevention method and apparatus, where the method includes receiving a general packet radio service (GPRS) Tunneling Protocol (GTP-C) message from a serving gateway (SGW), determining whether the GTP-C message is received from an eighth data interface (S8), determining whether a first characteristic parameter of the GTP-C message is valid when the GTP-C message is received from the S8 interface, where the first characteristic parameter includes at least one of an international mobile subscriber identity (IMSI) of a user, or an identifier of a message source end of the GTP-C message, and discarding the GTP-C message or returning, to the SGW, a GTP-C response message carrying an error code cause value when the first characteristic parameter of the GTP-C message is invalid.

Abstract: Techniques are disclosed for scalable virtualization of tenants and subtenants on a virtualized computing infrastructure. In one example, a first controller for the virtualized computing infrastructure configures underlay network segments in the virtualized computing infrastructure by configuring respective Virtual Extensible Local Area Network (VXLAN) segments of a plurality of VXLAN segments of a VXLAN in a switch fabric comprising network switches. Each VXLAN segment provides underlay network connectivity among a different subset of host computing devices of the virtualized computing infrastructure to enable orchestration of multiple tenants in the VXLAN. A second controller for a first subset of the host computing devices has underlay network connectivity through operation of a first VXLAN segment. The second controller configures overlay networks in the first subset of the host computing devices to enable orchestration of multiple subtenants in the first subset of the host computing devices.

Abstract: Examples relate to organizing and storing network communications. In one example, a programmable hardware processor may: receive a first set of network packets; identify, for each network packet included in the first set, a network flow, each network flow including at least one related packet; store each network packet included in a subset of the first set in a first data storage device; for each network packet included in the subset, organize the network packet according to the network flow identified for the network packet; identify, from the network flows, a set of network flows that each have at least one characteristic of interest; and store, in a second data storage device, each network packet included in each network flow of the set of network flows.

Abstract: A Network Address Translation (NAT) method, apparatus and device are provided. Based on the method, a target IP address and its reference port are obtained from a NAT resource pool, wherein the reference port is a port in a consecutive port range of the target IP address; a first five-tuple corresponding to a packet is generated based on the target IP address, the reference port and an original five-tuple of the packet, and a second five-tuple is obtained by masking first-class bits of two classes of ports of the first five-tuple respectively; a target five-tuple is determined in a plurality of consecutive hash buckets of a hash table based on a hash result of the second five-tuple; and the target five-tuple and the original five-tuple are recorded in the hash table and a corresponding result table, and the packet is NAT-processed based on the target five-tuple.

Abstract: A method is executed by a network device implementing a control-client to configure a session- sender to perform a test to determine whether differentiated services code point (DSCP) and explicit congestion notification (ECN) are modified in a single test session in a forward direction and a reverse direction between the session-sender and a session-reflector. Multiple DSCP and ECN are tested using the single test session. The method includes receiving a server greeting message from a server including characteristics of the session-reflector, determining whether the session-reflector supports use of multiple DSCP in the single test session, setting a set-up- response message to indicate DSCP and ECN testing, and determining whether the session- reflector supports DSCP and ECN monitoring.

Abstract: This application provides a pseudo wire load sharing method and apparatus, applied to a scenario in which a first provider edge PE device is separately connected to at least one second PE device by using at least two PWs. The method comprises receiving, by the first PE device, a data flow from a customer edge CE device, and forwarding the data flow to a PW trunk interface, where the PW trunk interface is associated with at least two active PWs; and performing, by the first PE device, load sharing processing on the data flow, and forwarding the data flow by using the at least two active PWs. This is beneficial to transmission of large data traffic by using the PW.

Abstract: A computer system receives digital content for communication to a user. Digital fingerprints are calculated from the digital content. The fingerprints are compared to identify redundant digital content. Digital identifications associated with the digital fingerprints are communicated to a user device to determine whether the digital content exists in local storage.

Abstract: A method of analyzing protocol message sequence communicated over a network, involves receiving one or more protocol messages associated with a real-time communication session between a first network node and a second network node in the network. A set of packet attributes corresponding to the one or more protocol messages associated with the real-time communication session may be extracted. Each one of the set of packet attributes may be compared with a plurality of baseline attributes. At least one error condition in at least one protocol message received from the first network node may be determined based on the comparison. A corrective measure on the first network node may be performed based on the at least one error condition in the at least one protocol message received from the first network node.

Abstract: Some embodiments provide a method for a network forwarding integrated circuit (IC). The method receives packet data with an instruction to copy a portion of the packet data to a temporary storage of the network forwarding IC. The portion is larger than a maximum entry size of the temporary storage. The method generates a header for each of multiple packet data sections for storage in entries of the temporary storage, with each packet data section including a sub-portion of the packet data portion. The method sends the packet data sections with the generated headers to the temporary storage for storage in multiple separate temporary storage entries.

Abstract: By deploying a user-side translator at the access point of the user terminal with a first-type Internet, deploying a plurality of core translators between multiple uplink lines of the first-type Internet and a second-type Internet, and allowing the user to select a corresponding core translator to process message according to the usage state of the uplink line, the traffic scheduling and processing method, the user-side translator, the core translator and the traffic scheduling system provided by the embodiments of the present application allow the user to dynamically adjust the use of uplink lines. The solution is capable of achieving the function of software-defined wide area network SD-WAN with the first-type Internet protocol/second-type Internet protocol translation technology, which is of great significance for reducing the network running cost and improving the network performance experience of the user.

Abstract: Methods, systems, and computer programs for generating cryptographic function parameters are described. In some examples, source code that defines seed information and a pseudorandom function is accessed. A parameter for a cryptographic function by operation of one or more data processors is generated. The parameter is generated from the seed information and the pseudorandom function. The parameter has a larger size in memory than the source code that defines the seed information and the pseudorandom function.

Abstract: A device may receive first information associated with a set of security rules. The first information may identify a set of security actions a device is to implement when the set of security rules applies to traffic. The device may determine a manner in which the set of security rules is to apply using the first information. The device may determine whether the manner in which the set of security rules is to apply and an intent of a network security policy or a manner in which a set of previously defined security rules is to apply match to determine whether the set of security rules conflicts with the network security policy or whether the set of security rules and the set of previously defined security rules are related. The device may perform an action.

Abstract: Method and apparatus for per-agent control and quality of service of shared resources in a chip multiprocessor platform is described herein. One embodiment of a system includes: a plurality of core and non-core requestors of shared resources, the shared resources to be provided by one or more resource providers, each of the plurality of core and non-core requestors to be associated with a resource-monitoring tag and a resource-control tag; a mapping table to store the resource monitoring and control tags associated with each non-core requestor; and a tagging circuitry to receive a resource request sent from a non-core requestor to a resource provider, the tagging circuitry to responsively modify the resource request to include the resource-monitoring and resource-control tags associated with the non-core requestor in accordance to the mapping table and send the modified resource request to the resource provider.

Abstract: A method for performing power saving control in memory device, the associated memory device and memory controller thereof, and the associated electronic device are provided, where the method is applicable to the memory controller, and the memory device includes the memory controller and a non-volatile (NV) memory. The method may include: during transmitting to a host device, sending end of burst (EOB)-related symbols to the host device, in order to notify the host device of EOB; controlling a physical layer (PHY) circuit to turn off a clock source within the PHY circuit, in order to save power, wherein the PHY circuit is positioned in a transmission interface circuit within the memory controller, and the transmission interface circuit is arranged to perform communications with the host device for the memory device; and when receiving a trigger signal from the host device, utilizing the PHY circuit to turn on the clock source.

Abstract: In one aspect, a computerized method includes the step of providing process monitor in a Gateway. The method includes the step of, with the process monitor, launching a Gateway. Daemon (GWD). The GWD runs a GWD process that implements a Network Address Translation (NAT) process. The NAT process includes receiving a set of data packets from one or more Edge devices and forwarding the set of data packets to a public Internet. The method includes the step of receiving another set of data packets from the public Internet and forwarding the other set of data packets to the one or more Edge devices. The method includes the step of launching a Network Address Translation daemon (NATD). The method includes the step of detecting that the GWD process is interrupted; moving the NAT process to the NATD.

Abstract: A method, a computer program product and a computer system are provided. Attribute value information contains at least a minimum value representing a smallest value of a first attribute and a maximum value representing a largest value of the first attribute, thereby defining a first range of values of the first attribute. A received query against a data table requests one or more values of at least the first attribute that are covered by the first range of values. The attribute value information may be used for selecting a data block of the data table as a candidate potentially including at least part of the requested one or more values and scanning the data block. In response to determining that the data block does not include the one or more requested values, the attribute value information may be updated accordingly.

Abstract: Aspects of the subject matter described in this disclosure can be implemented in electronic medical devices, wireless gateway devices, and remote database systems in a network environment where wireless connections are made between at least an electronic device and a wireless gateway device, and between the wireless gateway device or an access point and a remote database system. The electronic medical device, the wireless gateway device, or the remote database system may be configured to identify a data communication loss based on at least a mismatch of a confirmation acknowledgement attribute between two or more nodes in the network environment. Upon identifying the data communication loss, a notification can be provided to an entity such as a user so that data communication can be restored.

Abstract: In accordance with various implementations, a method is performed at a data plane node with one or more processors, non-transitory memory, and a control interface between a network function module associated with the data plane node and a switch associated with the data plane node. The method includes determining whether an offload capability is available for a data flow received at an ingress network interface of the data plane node. The method also includes determining whether the data flow satisfies offload criteria in response to determining that the offload capability is available. The method includes bypassing the network function module associated with the data plane node and providing the data flow to at least one of the switch associated with the data plane node or an egress network interface associated with the data plane node in response to determining the offload capability is available and the offload criteria is satisfied.

Abstract: A packet processing method, including receiving a first packet from a first switch, where the first packet belongs to a service flow that flows from a first device to a second device, determining a service chain through which the service flow passes, determining a forwarding path of the service flow according to the service chain through which the service flow passes, modifying the first packet to obtain a second packet, where the second packet belongs to the service flow, and a valid payload of the second packet includes a valid payload of the first packet and forwarding path indication information, generating a first flow table according to the forwarding path of the service flow, controlling a communications interface to send the first flow table to the first switch, and sending the second packet to the first switch.

Abstract: Systems and techniques are described for ensuring that policies are consistently applied to traffic across an overlay network. An application identifier associated with a forward traffic flow and a corresponding reverse traffic flow can be determined by a device that routes packets of both the forward traffic flow and the corresponding reverse traffic flow. Next, an overlay header can be added to each packet in the forward traffic flow and to each packet in the corresponding reverse traffic flow, wherein the overlay header comprises the application identifier, a policy identifier, and a policy action. Each device in the overlay network can then apply the policy action specified in the overlay header of each packet that it routes.

Abstract: Methods, systems, and computer programs are presented for distributing Ethernet packets at a Field Programmable Gate Array (FPGA). One programmable integrated circuit includes: an iNOC comprising iNOC rows and iNOC columns; a set of clusters coupled to the iNOC, each cluster comprising a vertical network access point (NAP) for iNOC column communications, a horizontal NAP for iNOC row communications, a valid signal, and programmable logic, where the vertical NAP is connected to the horizontal NAP when the valid signal is activated; and an Ethernet controller coupled to the iNOC, the Ethernet controller configurable to send Ethernet-packet segments to the vertical NAPs.

Abstract: Methods and apparatuses relating to a hashing accelerator having a frequency scaled message scheduler data path circuit are described.

Abstract: In one illustrative example, an interface between a user plane function (UPF) instance of a mobile network and a tunnel router endpoint of an enterprise software-defined wide area network (SD-WAN) fabric is provided. The UPF instance may be part of a network slice that is (uniquely) associated with an enterprise of the enterprise SD-WAN. A plurality of mappings between policies associated with different QoS flows via the UPF instance and SD-WAN policies associated with different virtual private networks (VPNs) of the SD-WAN fabric may be maintained. Each VPN of the SD-WAN fabric may be associated with a different underlying transport mechanism that satisfies characteristics of a specific SD-WAN policy. Communications for user equipment (UE) in the mobile network may be facilitated across the SD-WAN fabric based on the policy mappings.