Abstract: A method for providing multicast frames in a Multi-Dwelling Unit (MDU) is provided herein. An Access Point (AP) can receive a join request from a first client device. The AP can generate a Group Master Key (GMK) from the Pre-Shared Key (PSK) associated with a Basic Service Set (BSS) that includes the first client device. The AP can then derive a Group Transient Key (GTK) from the GMK. The AP may then send the GTK to the first client device. Thereinafter, the AP can send multicast frames to the first client device encrypted by the GTK. The first client device can decrypt the multicast frames with the GTK. However, a second client device, that does not share the PSK, may receive the multicast frame but cannot decrypt the multicast frames.

Abstract: A system for facilitating efficient command management in a network interface controller (NIC) is provided. During operation, the system can determine, at the NIC, a trigger condition and a location in a command queue for a set of commands corresponding to the trigger condition. The command queue can be external to the NIC. The location can correspond to an end of the set of commands in the command queue. The system can then determine, at the NIC, whether the trigger condition has been satisfied. If the trigger condition is satisfied, the system can fetch a respective command of the set of commands from the command queue and issuing the command from the NIC until the location is reached, thereby bypassing locally storing the set of commands prior to the trigger condition being satisfied.

Abstract: Systems and methods are provided for monitoring traffic flow using a trained machine learning (ML) model. For example, in order to maintain a stable level of connectivity and network experience for the devices in a network, the ML model can monitor the data flow of each device and label each data flow based on its behavior and properties. The system can take various actions based on the labeled data flow, including generate an alert, automatically change network settings, or otherwise adjust the data flow from the device.

Abstract: A network monitoring engine uses the routing and interface data of a monitored network to enrich received flow records with exit information. The routing data of the same network device at which the flow record is received is used to determine a next hop based upon the destination IP address of the flow record. In addition, interface data of the other devices is used to determine an egress device and interface of the network used to transmit traffic to the identified next hop. The flow record is enriched with exit information indicating an interface of the network the data packets of the flow record are expected to exit the network. By enriching the flow records as they are received, the exit information reflects how traffic is routed through the network at that time, even if the routing or interface information of the network later changes.

Abstract: Embodiments of the present disclosure include methods, performed by a first node in an integrated access backhaul (IAB) network, for flow control of data transmission from a base station to a plurality of user equipment (UEs) via the IAB network. Such embodiments can include detecting a reduction in data transmission throughput in the first node, and determining that the reduction in data transmission throughput is due to congestion in one or more particular downstream nodes in the IAB network. Such embodiments can also include sending a flow-control message to an upstream node in the IAB network, wherein the flow-control message identifies one or more nodes, in the IAB network, for which a flow-control operation is requested in relation to data transmitted from the upstream node. Other embodiments include complementary methods performed by a second node (e.g., upstream from the first node) and IAB nodes configured to perform such methods.

Abstract: Techniques are described for learning an unknown virtual network information, such as an virtual Internet Protocol (IP) address, of a pod in a virtual network. In some examples, a virtual router executing at a computing device may receive an Address Resolution Protocol (ARP) packet from a virtual execution element in the virtual network, the virtual execution element executing at the computing device. The virtual router may determine, based at least in part on the ARP packet, whether virtual network information for the virtual execution element in a virtual network is known to the virtual router. The virtual router may, in response to determining that the virtual network information of the virtual execution element in the virtual network is not known to the virtual router, perform learning of the virtual network information for the virtual execution element.

Abstract: A first network device associated with a network may establish an Internet protocol version 6 Multiprotocol BGP session with a second network device associated with the network. The first network device and second network device are both capable of forwarding both IPv4 and IPv6 packets with only an IPv6 address configured on the interface of both the first network device and second network device. The first network device may exchange Multiprotocol Reachability capability with second network device for corresponding 2-tuple Address Family Identifier/Subsequent Address Family Identifier. The first network device may advertise Internet protocol version 4 network layer reachability information and may advertise Internet protocol version 6 network layer reachability information with IPv6 extended next hop encoding using Internet Assigned Numbering Authority assigned capability code value 5 to second network device.

Abstract: Described in this document, among other things, is an overload protection system that can protect data sinks from overload by controlling the volume of data sent to those data sinks in a fine-grained manner. The protection system preferably sits in between edge servers, or other producers of data, and data sinks that will receive some or all of the data. Preferably, each data sink owner defines a policy to control how and when overload protection will be applied. Each policy can include definitions of how to monitor the stream of data for overload and specify one or more conditions upon which throttling actions are necessary. In embodiments, a policy can contain a multi-part specification to identify the class(es) of traffic to monitor to see if the conditions have been triggered.

Abstract: An application transaction comprised in a payload section of at least one data unit is identifying. In response to identifying the application transaction, allocation of radio resources for transmission of the at least one data unit on a radio link is controlled.

Abstract: A system and method for scattering network traffic across a number of disparate hosts is provided. Each gateway located along a real transmission pathway between a real point of origin and a real point of destination is identified. A network and a sub-network for each gateway is identified. At least one host along the real transmission pathway is used to observe network traffic for a number of illusionary hosts, each having network addresses appearing to be plausibly located along the real transmission pathway. A host having aggregate network traffic data deviating the most from a mean value for all hosts is selected. The network address for the selected host is used as the source address of an outgoing IP datagram.

Abstract: Techniques are described in which a centralized controller, such as a software defined networking (SDN) controller, constructs a service chain that includes a physical network function (PNF) between a bare metal server (BMS) and a virtual execution element (e.g., virtual machine or container), or in some instances a remote BMS, or vice-versa. In accordance with the techniques disclosed herein, the controller may construct an inter-network service chain that includes PNFs, or a combination of PNFs and virtualized network functions (VNFs). The controller may construct an inter-network service chain to steer traffic between a BMS and a virtual execution element or remote BMS through an inter-network service chain using Virtual Extensible Local Area Network (VXLAN) as an underlying transport technology through the service chain.

Abstract: In an authentication method, a first controller generates a first group key, executes first mutual authentication with devices within a group, and shares the first group key with devices that have succeeded in the first mutual authentication. When a second controller joins the group, the first controller decides which coordinator manages a group key used in common. The first controller executes second mutual authentication with the coordinator, and shares the first group key with the coordinator when the second mutual authentication is successful. The coordinator performs encrypted communication within the group using the first group key, generates a second group key when the first group key valid time runs out and before updating the first group key, executes third mutual authentication with the devices and a third controller, and updates the first group key of the devices and the third controller that have succeeded in the third authentication.

Abstract: A method and apparatus for establishing a fast-forwarding table are provided. The method comprises: when a communication packet is received, determining, according to matching rules of services set in a packet processing policy, a target service matching the communication packet; if a fast-forwarding table corresponding to the communication packet is not stored locally, obtaining a preset target priority of the target service, and determining a target resource utilization threshold corresponding to the target priority according to a preset correspondence between priorities and resource utilization thresholds; determining whether a current resource utilization is greater than the target resource utilization threshold; and establishing a fast-forwarding table corresponding to the communication packet if the current resource utilization is not greater than the target resource utilization threshold.

Abstract: Embodiments herein relate to a method performed by a transmitting device (12) for transferring background user data to a receiving device (10) in a communication network (1). The transmitting device (12) intercepts a packet, which packet comprises foreground user data in a payload field of the packet. The transmitting device (12) determines that the packet is intended for the receiving device (10). The transmitting device (12) establishes an available amount of data in the payload field of the packet. The transmitting device (12) adds the background user data for the receiving device (10) to the established available amount of data in the payload field. The transmitting device (12) transmits the packet with the foreground user data and the background user data to the receiving device (10).

Abstract: Disclosed is the generation of a bit-indexed forwarding table (BIFT) that can include a plurality of entries, each such entry corresponding to a bit position of a plurality of bit positions, where each such bit position represents an egress network node of a plurality of egress network nodes, and the generating configures the BIFT to be used in forwarding a packet to one or more of the plurality of egress network nodes, based at least in part on a bit string in the packet. The generating includes selecting a bit position of the plurality of bit positions as a selected bit position, creating an entry of the plurality of entries (where the entry corresponds to the selected bit position), identifying a neighbor node associated with the selected bit position, and updating one or more fields of the entry with neighbor information regarding the neighbor node.

Abstract: Systems and methods for resolving names in a data network. A data network includes an information-centric network layer, ICN-layer, with multiple routers, and a name resolution layer with multiple name resolvers. Each router receives an interest packet announcement describing data objects provided by a data producer. Each router determines a first name resolver of the name resolution layer closest to the data producer and sends a name of the provided data object and geo-location of the data producer to the first name resolver. The first name resolver transmits the name of the data object and geo-location of the data producer to other name resolvers. Each router receives an interest packet request describing a data object requested by a data consumer. Each router transmits the interest packet request to a second name resolver spatially closest to the data consumer. Each name resolver provides the geo-location of the requested data object to the data consumer.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprising a computing device, which provides Efficient Data-In-Transit Protection Techniques for Handheld Devices (EDITH) to protect data-in-transit. An end user device (EUD) may generate a multicast data packet. The EDITH module of the EUD encapsulates the data packet in a GRE packet and directs the GRE packet to a unicast destination address of an EDITH Multicast Router included in an infrastructure. The EDITH module on the EUD double compresses and double encrypts the GRE packet. The EDITH module on the infrastructure decrypts and decompresses the double compressed and double encrypted GRE packet to recreate the GRE packet. The EDITH module on the infrastructure decapsulates the GRE packet to derive the original multicast data packet, and distributes the original multicast data packet to the multiple group member based on the multicast destination address included in the original multicast data packet.

Abstract: Techniques for using traceroute with tunnels and cloud-based systems for determining measures of network performance are presented. Systems and methods include requesting a trace to a destination with a signature inserted into a trace packet; receiving a response to the trace packet; when the response does not include tunnel info, providing details in the response to a service where the details include parameters associated with a service path between the client and the destination; and, when the response includes tunnel info, segmenting the service path into a plurality of legs, causing a trace for each of the plurality of legs, and aggregating details for each of the plurality of legs based on the causing.

Abstract: A switch that can report unavailability in a label-switched network is provided. During operation, the switch can determine that a label-switched path is unavailable for forwarding a packet. The switch can then generate a notification message for collecting unavailability information at a respective upstream hop of the label-switched path. The notification message includes a depth indicator indicating the depth of collected unavailability information and an ingress label of the packet at the switch. If the switch is an intermediate switch on the label-switched path, the switch can forward the notification message to an upstream switch on the label-switched path, thereby allowing the upstream switch to collect further unavailability information in the notification message.

Abstract: Methods and systems are described for compressing a tree structure associating network packet signatures with network packet metadata, the tree structure comprising a plurality of non-leaf nodes of single bit test nodes and a plurality of leaf nodes comprising network packet metadata, the method comprising determining whether the sub-portion of the tree structure is to be compressed. If determination is made that the sub-portion of the tree structure is to be compressed, generating a compressed node data structure, the compressed node data structure comprising a path of the sub-portion of the tree structure, the path comprising a sequence of bits formed by a concatenation of the single bits associated with each one of the consecutive non-leaf nodes of the sub-portion of the tree structure, the number of bits of the sequence being equal or greater than the compression threshold.

Abstract: The method includes: generating, by a first device, a first packet including a BIER header, where the BIER header includes entropy, and the entropy includes a first part and a second part; determining, by the first device based on the first packet, that there are a plurality of forwarding entries used to forward the first packet; selecting, by the first device, one forwarding entry from the plurality of forwarding entries based on the first part, where the selected forwarding entry includes an address of a second device, and the second device is a next-hop device of the first device; and sending, by the first device, the first packet to the second device, where the second part is used by the second device to select, from a plurality of forwarding entries used to forward the first packet, a forwarding entry used by the second device to forward the first packet.

Abstract: Example methods are provided a network device to perform service insertion in a public cloud environment that includes a first virtual network and a second virtual network. In one example method, in response to receiving a first encapsulated packet from a first virtualized computing instance located in the first virtual network, the network device may generate a decapsulated packet by performing decapsulation to remove, from the first encapsulated packet. The method may also comprise identifying a service path specified by a service insertion rule, and sending the decapsulated packet to the service path to cause the service path to process the decapsulated packet according to one or more services. The method may further comprise: in response to the network device receiving the decapsulated packet processed by the service path, sending the decapsulated packet, or generating and sending a second encapsulated packet, towards a destination address.

Abstract: Techniques are disclosed for capturing network traffic in a computing environment comprising a plurality of computing devices. A data capture definition defines a network element of interest and data traffic that is to be captured for the network element. The network element to selectively identifies the data packets to be captured. The identified packets are encapsulated within a VXLAN session and sent to a storage service.

Abstract: The present application relates to communications between a partner network and a wide area network (WAN). The partner network and WAN may exchange representations of the respective networks including a delay profile for the partner network. The WAN receives a network delay profile for multiple virtual network entities within the partner network. The multiple virtual network entities include at least a plurality of peering locations with the WAN. The WAN determines a path from the partner network through the WAN via a selected peering location of the plurality of peering locations with the WAN to a destination based on at least the network delay profile. The WAN deploys a policy for an agent within the partner network. The policy identifies traffic for the destination to route through the WAN via the selected peering location. The WAN routes traffic from the selected peering location to the destination along the path.

Abstract: Methods and devices for providing routing path and transit delay time data to a device running traceroute on an IP network comprising routing tunnels are described herein. In examples, a tunnel entrance device may copy a hop limit value associated with a traceroute probe into a hop limit field of a tunneled IP header. In other examples, the tunnel entrance device may perform address spoofing to generate an error message with a source address corresponding to an intermediate device disposed within a routing tunnel. In this way, a device executing traceroute may be able to receive network addresses corresponding to intermediate devices in a routing tunnel in order to perform network diagnostics, construct routing tables, determine more efficient routing paths, and so on.

Abstract: Various example embodiments relate generally to supporting path compression in routing of source routed packets in communication networks. Various example embodiments for supporting path compression in routing of source routed packets may be configured to support path compression in routing of source routed packets based on use of various source routing protocols which may be based on various underlying communication protocols. Various example embodiments for supporting path compression in routing of source routed packets may be configured to support path compression in routing of source routed packets based on encoding of a set of hops within a header of a source routed packet using a path identifier (e.g., a path label, a path address, or the like) representing the set of hops (e.g., a set of hops providing a segment of the path, a set of hops providing a protection path configured to protect a portion of the path, or the like).

Abstract: A routing system can provide a Dynamic-Hybrid Forwarding Information Base (DHFIB). A control component of the routing system can build a routing table that includes routing information (e.g., prefixes, addresses, etc.) for use by a first routing component. The routing table can be ordered or ranked based on traffic information from the first routing component. Then, the control component can create the DHFIB from the routing table, wherein the DHFIB is a portion of the routing table and related to the first routing component. As such, the portion of the routing table selected for the DHFIB can be the set of prefixes in the routing table that represent the most frequently routed or most important prefixes in the routing table. Finally, the control component can forward the DHFIB to the first routing component to allow the routing component to route communications.

Abstract: A system and method that allows for information relating to data and communication resource usage to be gathered and analyzed such that particular data transactions and usage of network accessible software applications can be classified based on purpose and/or type. Further, the system and method provide reporting based on amount of usage and/or purpose or type of usage so that associated costs and usage can be calculated applied and allocated to particular accounts, divisions, groups or individuals within and outside of a company or entity. Further, the system may disable features of or access to network accessible software applications based on lack or use, limited use or other metrics that fall outside of threshold ranges or values.

Abstract: A wireless repeater device and a configuration method for the same are provided. The wireless repeater device is configured to: connect to a target network provided by a DHCP server; send a detection packet to the target network to confirm transmission modes supported by the DHCP server; confirm whether a request for dynamically obtaining an IP address from a client device is received; forward a request packet to the DHCP server, which instructs the DHCP server to respond in a first transmission mode; receive a response to the request from the DHCP server and forward it to the client device; confirm whether the request from the client device is still received, if so, modify the request packet and forward it to the DHCP server, and the request packet is modified to instruct the DHCP server to respond in a second transmission mode.

Abstract: A hybrid dynamic database schema is described. The schema is a hybrid of both horizontal and vertical database schema, in that, while a vertical schema has only one dimension—dimension value pair per table/record, the hybrid schema of the present invention provides for multiple dimension—dimension value pairs per table/record. The schema provides for additional fields, so called “DimSet” fields, with each additional field comprising one and typically multiple dimension—dimension value pairs. Thus, while a vertical database schema can only perform aggregation/segregation using one isolated dimension—dimension pair, the hybrid schema of the present invention is capable of performing multiple aggregations/segregation processes simultaneously (i.e., in parallel) using the multiple dimension fields. The dynamic nature of the database schema is realized by the ability of the schema to support various different additional fields (i.e.

Abstract: The method includes: receiving, by a first device, a first packet from a second device, where the first packet includes a primary scheduling identifier, and the primary scheduling identifier is used to identify that the second device has permission to select a path; determining, by the first device, a first path used to transmit the first packet; sending, by the first device, a second packet to the second device by using the first path, where the second packet includes a following identifier, and the following identifier is used to identify that the first device sends the packet by using a transmission path selected by a device other than the first device. This can ensure that a same path is used for bidirectional packet transmission between two communication parties while ensuring service quality, in a complex SD-WAN path selection scenario.

Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed herein to enable data aggregation and pattern adaptation in hardware acceleration subsystems. In some examples, a hardware acceleration subsystem includes a first scheduler, a first hardware accelerator coupled to the first scheduler to process at least a first data element and a second data element, and a first load store engine coupled to the first hardware accelerator, the first load store engine configured to communicate with the first scheduler at a superblock level by sending a done signal to the first scheduler in response to determining that a block count is equal to a first BPR value and aggregate the first data element and the second data element based on the first BPR value to generate a first aggregated data element.

Abstract: A gateway (1), arranged for providing cloud connectivity to a network of communicatively interconnected network nodes. The gateway (1) comprises a backend function (2)and a plurality of physical frontend devices (3), for deployment in the network. The frontend devices (3) communicatively connect(4)to the backend function (2) for exchanging messages between a network node and the backend function (2). The backend function (2) is common to the plurality of frontend devices (3) and arranged in a at least one server of a plurality of operatively connected servers, that may form part of the cloud, thereby providing for ‘cloud processing’ or ‘virtual processing’ of the messages for exchange thereof with the cloud. The physical frontend devices (3) may be designed to comprise transceiver functionality.

Abstract: Methods and apparatuses for acquisition of an Address Resolution Protocol (ARP)/IPv6 neighbour cache at a user plane function (UPF) entity without performing deep packet inspection for every packet that traverses a network. The ARP broadcast/Internet Control Message Protocol version 6 (ICMPv6) neighbour solicitation multicast from any Ethernet client (a user equipment (UE) or clients behind the UE or clients in a data network (DN)) is responded to by the UPF entity itself, by looking up the ARP/IPv6 Neighbour cache built in the UPF entity, irrespective of whether the UPF entity acts as the core Ethernet switch or whether the core Ethernet switch is in the DN. The solution is simplified to always intercept ARP at the UPF entity and respond to it based on a local ARP/IPv6 Neighbour cache.

Abstract: A method of communicating messages between modules in a system on a vehicle, each module configured as a publisher node and/or subscriber node, the publisher nodes and the subscriber nodes collectively forming a plurality of nodes that communicate in the operation of the vehicle. One method includes communicating, by a subscriber node, with a registry for information to determine if a new message associated with a first topic is available for reading, determining, by each subscriber node, if a new message associated with the first topic is available for reading, in response to determining a new message associated with the first topic is available for reading, reading from the registry location information indicating where the first message is stored in a first message buffer, and reading, by each subscriber node the first message from the first message buffer using the location information.

Abstract: A communications method includes receiving, by a first provider edge (PE) device, a data packet from a second PE device and avoiding, by the first PE device, sending the data packet to the second PE device in response to determining that a source address of the data packet is the same as an address of the second PE device in an entry. The source address of the data packet is the same as the address of the second PE in the entry stored in the first PE device. A customer edge (CE) device is multi-homed to the first PE device and the second PE device in an all-active mode. The CE device is connected to the first PE device through a first connection and the second PE device through a second connection. The first connection and the second connection belonging to a same Ethernet segment.

Abstract: This disclosure describes techniques that include determining, at an egress node in an SRm6 network, how to process a packet that may arrive without a segment routing header and/or a compressed routing header. In one example, this disclosure describes a method that includes receiving, by an egress node of a segment routing network, segment routing advertisements; configuring, by the egress node and based on the segment routing advertisements, information enabling the egress node to recognize encapsulated packets arriving at the egress node without a compressed routing header; receiving, by the egress node, a packet that does not have a compressed routing header; and de-encapsulating, by the egress node and based on the stored information, the packet.

Abstract: A quality of service adjusting method based on application categories is configured to adjust a Quality of Service (QoS) of a communication device. A network session processing step is performed to drive a hardware accelerator to process a plurality of network sessions. A packet receiving step is performed to drive a processing unit to receive a first packet group of each of the network sessions. A packet analyzing step is performed to execute a packet inspecting module to analyze a plurality of packet data of the first packet group of each of the network sessions, and to classify an application corresponding to each of the network sessions. A list establishing step is performed to establish a priority list. A bandwidth distributing step is performed to distribute a network bandwidth to a second packet group of each of the network sessions according to the priority list.

Abstract: A system of nodes configured to form a network comprising virtual links in an overlay network provisioned over an underlay network including servers of a public network. The system includes virtual routers (VRs) at each node. Each VR is coupled to the network and to a tenant of the node, and configured to form in the network a set of virtual links corresponding to the tenant. One or more VRs includes a feedback control system comprising an objective function that characterizes the network. The VR is configured to receive link state data of the set of virtual links and control routing of a tenant traffic flow of each tenant according to a best route of the network determined by the objective function using the link state data.

Abstract: A BRAS system-based packet encapsulation method includes obtaining user access information when receiving a user access protocol packet and performing VXLAN GPE encapsulation on the user access protocol packet based on the user access information. The encapsulation structure includes a user information header that is used to store the user access information, and a quantity of bytes occupied by the user information header is less than or equal to 12. In this application, the foregoing encapsulation structure is used to encapsulate a packet.

Abstract: Functionality for creating a bit routing table for use in a bit-indexed explicit replication (“BIER”) environment in disclosed herein. In one embodiment, this functionality includes receiving information from a host, and determining whether the information comprises a MAC address that is a bit-indexed explicit replication (“BIER”) MAC address. In response to determining that the information comprises a BIER MAC address, this functionality creates an entry corresponding to the MAC address in a bit routing table. This functionality also analyzes the information to determine a bit position that is associated with the host, and also determines a port via which the host is reachable. The functionality updates the bit routing table by storing information identifying the bit position and the port in the entry, such that the bit position and the port both correspond to the MAC address. This functionality can be used to route packets in a BIER environment.

Abstract: A virtual network interface controller (NIC) associated with a virtual machine in a cloud computing network is configured to support one or more network containers that encapsulate networking configuration data and policies that are applicable to a specific discrete computing workload to thereby enable the virtual machine to simultaneously belong to multiple virtual networks using the single NIC. The network containers supported by the NIC can be associated with a single tenant to enable additional flexibility such quickly switching between virtual networks and support pre-provisioning of additional computing resources with associated networking policies for rapid deployment. The network containers can also be respectively associated with different tenants so that the single NIC can support multi-tenant services on the same virtual machine.

Abstract: A visibility platform can be used to monitor traffic traversing private cloud infrastructures and/or public cloud infrastructures. In some instances, the traffic is provided to a set of network services that are accessible to the visibility platform. These network services can be provisioned in a serial or parallel fashion. Network service chaining can be used to ensure that traffic streams skip unnecessary network services and receive only those network services that are needed. For example, an email service chain can include virus, spam, and phishing detection, while a video streaming service chain can include traffic shaping policies to satisfy quality of service (QoS) guarantees. When the visibility platform is represented as a graph that makes use of action sets, network service chains can be readily created or destroyed on demand.

Abstract: A fabric for container virtual machines (CM) has cross fabric spine switches coupled to spine switches, each spine switch coupled to has a leaf switches, each leaf switch coupled to servers hosting CVM processes. Each of the leaf switches has an uplink port coupled to a spine switch leaf port configured in a mesh. The spine switches have a plurality of uplink ports for coupling to a plurality of cross fabric spine (CFS) ports into a mesh. The cross fabric spine switches keep a CF-NHCIB table of entries containing capabilities, and also a CF-FIB slice table which maintains entries for assignment of CVMs to new spine switches, such as GTID range, MAC Range, IP range associated with a spine port and spine address (MAC and/or IP) for transferring packets through the fabric.

Abstract: Systems and methods include obtaining a table having a plurality of addresses each having a plurality of attributes and classifications; responsive to a requirement to reduce a size of the table, reducing a number of the plurality of addresses based on one or more reduction approaches that use any of the plurality of attributes and classifications; and obtaining an output table having some or all of the plurality of addresses for a table receiver. The table can be obtained via control plane components including one or more of Interior Gateway Protocol (IGP) and Border Gateway Protocol (BGP). The requirement to reduce the size is based on a size of the table and a size of memory associated with the table receiver.

Abstract: Techniques for cross-domain routing using a fractionated cross-domain solution (F-CDS) are disclosed. A first intermediate node operating in a first physical device in an assured pipeline of the F-CDS receives a data item originating at a source node in a first security domain. The first intermediate node applies a first data filter to determine that the data item complies with a data security requirement of the F-CDS. The first intermediate node transmits the data item to a second intermediate node operating in a second physical device in the assured pipeline of the F-CDS. The second intermediate node applies a second data filter to redundantly determine that first data item complies with the data security requirement of the F-CDS. The second intermediate node transmits the data item to a recipient node in a second security domain via the assured pipeline.

Abstract: A network device has an input configured to receive a message relating to a given device attempting to forward one or more packets across a computer network. The message has given device information relating to the given device. In addition, the routing device also has a selector, operatively coupled with the input, configured to select (after receiving the given data) a given group routing policy from a plurality of group routing policies. Preferably, the selector is configured to select the given group routing policy as a function of the given device information. The routing device also has an output operatively coupled with the selector. The output is configured to cause routing of device communication across the network using link-layer routes specified by the given group routing policy.

Abstract: Technologies for load balancing a storage network include a system. The system includes circuitry to adjust routing rules in a network interface controller to deliver a packet from one of multiple uplinks to one of any physical functions, circuitry to remap, in response to a failure of a switch, a port from one physical function to another physical function, and circuitry to communicate control data between a software defined network controller and one or more agents in one or more host endpoints with a hierarchical distributed hashing table.

Abstract: Each switch unit in a networking system shares its local state information among other switch units in the networking system, collectively referred to as the shared forwarding state. Each switch unit creates a respective set of output queues that correspond to ports on other switch unites based on the shared forwarding state. A received packet on an ingress switch unit operating in accordance with a first routing protocol instance can be enqueued on an output queue in the ingress switch; the packet is subsequently processed by the egress switch unit, operating in accordance with a second routing protocol instance that corresponds to the output queue.

Abstract: A data writing and reading method and apparatus, and a cloud storage system. The data writing method includes an access node receiving a data write request, identifying domain identification information contained in the data write request when failing to obtain an available management node, and querying a pre-saved index according to the domain identification information, wherein the index includes a correspondence between a resource pool and domain identification information, identifying a target resource pool that matches the domain identification information, each resource pool including at least one storage server, determining, from at least one storage server included in the target resource pool, one of the storage servers as a target storage server, and writing data to be written into the target storage server, to ensure that the cloud storage system operates normally without additional cost when all management nodes are at fault or the management node cluster network is abnormal.