Abstract: Some embodiments of the invention provide a method for cloning a set of one or more applications implemented by a first set of machines connected through a first logical network that defines a virtual private cloud in a set of one or more datacenters. The method instantiates a cloned, second set of machines that is a replicated copy of the first set of machines. The method identifies a set of network configuration data that configures a set of logical forwarding elements (LFEs) of the first logical network. The method uses the identified set of network configuration data to define a cloned, second logical network to connect the cloned, second set of machines.

Abstract: A method includes: setting up, by a first network device, a MACSec channel to a second network device according to the MACSec protocol; and sending, by the first network device, an ACP packet to the second network device by using the MACSec channel, where the ACP packet is carried in a MACSec frame, and a frame header of the MACSec frame carries identification information used to identify the ACP packet. By means of the packet transmission method, MACSec channel is set up between adjacent nodes in a self-organizing network according to the MACSec protocol, and an ACP packet is transmitted between the adjacent nodes by using the MACSec channel and processed.

Abstract: The present disclosure provides a data transmission method for Mesh network, a data transmission apparatus for Mesh network, a gateway and a storage medium, belonging to technical field of wireless communications. The method includes: parsing data to be transmitted sent from a source device to obtain an identifier of a target device of the data to be transmitted; querying, according to the identifier of the target device, an optimal path from the gateway to the target device from the preset routing table; and sending the data to be transmitted and the optimal path to a relay device connected to the gateway on the optimal path.

Abstract: A network device includes processing circuitry and multiple ports. The multiple ports are configured to connect to a communication network. The processing circuitry is configured to select a first port among the multiple ports to serve as an egress port for a packet, and to forward the packet to the first port, irrespective of whether or not the first port is usable as the egress port. The processing circuitry is further configured to, when the first port is usable as the egress port, transmit the packet to the communication network via the first port, and when the first port is unusable as the egress port, forward the packet from the first port to a second port among the multiple ports and transmit the packet to the communication network via the second port.

Abstract: A method for processing a request for anonymisation of a source IP address of an IP packet is described, the IP packet being transmitted by a transmitting device to a recipient device via a communications network, the transmitting device being connected to the network via a network terminal apparatus. The method is carried out by an anonymisation device positioned for cutting the flow between the network terminal apparatus and the recipient device, and comprises receiving the packet; establishing whether the source IP address has to be anonymised or not; if a result of the verification is negative, routing the packet to the recipient device; if the result of the verification is positive and if the anonymisation device has an address translation function: replacing the source IP address with an IP address of the anonymisation device; and.

Abstract: Systems, methods, and computer-readable media for communicating policy changes in a Locator/ID Separation Protocol (LISP) based network deployment include receiving, at a first routing device, a first notification from a map server, the first notification indicating a change in a policy for LISP based communication between at least a first endpoint device and at least a second endpoint device, the first endpoint device being connected to a network fabric through the first routing device and the second endpoint device being connected to the network fabric through a second routing device. The first routing device forwards a second notification to the second routing device if one or more entries of a first map cache implemented by the first routing device are affected by the policy change, the second notification indicating a set of one or more endpoints connected to the second routing device that are affected by the policy change.

Abstract: In an embodiment, a data processing method comprises receiving, at a BIER replicator node that is programmed to implement Bit Index Explicit Replication (BIER) protocol, from a data source, a multicast stream packet identifying a service-level multicast group address; using the BIER replicator node, replicating the multicast stream packet according to BIER protocol and transmitting two or more replicated packet streams to two or more BIER receiver nodes that are programmed to implement BIER; using the two or more BIER receiver nodes, transmitting the two or more replicated packet streams to two or more receivers. Other embodiments may use modified iOAM (In-situ Operations, Administration, and Maintenance) techniques.

Abstract: A first network device may receive an advertisement that includes a prefix for a second network device, wherein the advertisement is destined for a third network device. The first network device may determine, based on a network topology, whether a next hop is one hop away or multiple hops away. The first network device may selectively modify the advertisement to include a first segment identifier, based on the next hop being one hop away and to generate a first modified advertisement, or may modify the advertisement to include a second segment identifier, based on the next hop being multiple hops away and to generate a second modified advertisement. The first network device may forward the first modified advertisement or the second modified advertisement toward the third network device.

Abstract: The present disclosure relates to a communication technique for converging IoT technology with a 5G communication system for supporting a higher data transfer rate beyond a 4G system, and a system therefor. The present disclosure can be applied to intelligent services (e.g., smart homes, smart buildings, smart cities, smart or connected cars, health care, digital education, retail business, and services associated with security and safety) on the basis of 5G communication technology and IoT-related technology. Disclosed are a method and an apparatus for configuring an efficient hierarchical layer 2 architecture and main functions thereof in a next-generation mobile communication system.

Abstract: A method, an apparatus, a system, and a computer program product for resource isolation in wireless communication systems. A communication network in a plurality of communication networks of a wireless communications system is identified. Each communication network in the plurality of communication networks has one or more communication components logically isolated from one or more communication components of another communication network in the plurality of communication networks. The identified communication network is selected for transmission of data associated with a user device. Data associated with the user device is transmitted using the identified communication network.

Abstract: An expander I/O module discovery/management system includes a secondary system chassis housing an expander I/O module coupled to a server device. The server device identifies the secondary system chassis and an expander I/O module port utilized by that server device, and then generates and transmits an expander I/O module reporting communication identifying the secondary system chassis and the expander I/O module port. A primary system chassis houses a switching I/O module coupled to the expander I/O module. The switching I/O module receives the expander I/O module reporting communication and determines that the secondary system chassis identified in the expander I/O module reporting communication is different than the primary system chassis. In response, the switching I/O module assigns a virtual slot to the expander I/O module, and assigns a virtual port associated with the virtual slot to the expander I/O module port identified in the expander I/O module reporting communication.

Abstract: A method for enabling secure communication. The method includes providing a first virtual network function (“VNF”) at a first network location and providing a second VNF at a second network location. A first Layer 3 virtual private network (“L3 VPN”) tunnel is constructed by the first VNF and the second VNF between the first network location and the second network location, and a first local area network (“LAN”) at the first network location and a second LAN at the second network location are connected by the first L3 VPN tunnel. Further provided is a method for establishing a secure communication environment.

Abstract: Technologies for an accelerator interface over Ethernet are disclosed. In the illustrative embodiment, a network interface controller of a compute device may receive a data packet. If the network interface controller determines that the data packet should be pre-processed (e.g., decrypted) with a remote accelerator device, the network interface controller may encapsulate the data packet in an encapsulating network packet and send the encapsulating network packet to a remote accelerator device on a remote compute device. The remote accelerator device may pre-process the data packet (e.g., decrypt the data packet) and send it back to the network interface controller. The network interface controller may then send the pre-processed packet to a processor of the compute device.

Abstract: In general, techniques are described for reducing traversal when performing consistent hashing for packet flow load balancing. A computing device comprising a memory and a processor may be configured to perform the techniques. The memory may store a hash ring that includes a plurality of buckets, where a non-zero subset of the plurality of buckets each includes a different output value of a plurality of output values, and a remaining subset of the plurality of buckets each includes an empty value. The processor may prepopulate the remaining subset of the plurality of buckets with the respective different output value of the plurality of output values. The processor may receive a key value, and apply a hash function to the key value to identify a bucket of the plurality of buckets. The processor may next output the output value associated with the identified bucket.

Abstract: Transaction handling computing elements comprise a network core that processes transaction requests into a blockchain, wherein a data block is a collection of transactions, and wherein an Unspent Transaction Output (UTXO) supporting the blockchain is an output from a finalized transaction. The elements interoperate with a transaction signing mechanism that associates a set of addresses on the blockchain with a delegate address, the delegate address having a set of signing public keys corresponding to one or more signing private keys used to sign UTXOs. In association with a new transaction being processed by the set of transaction handling components, a signing public key for an associated UXTO is located by following an address chain that includes an address in the set of addresses together with the delegate address. The signing public key is retrieved from a location associated with the delegate address and then used to sign (unlock) the associated UXTO.

Abstract: Methods and systems are provided for latency-oriented router. An incoming packet is received on a first interface. The type of the incoming packet is determined. Upon the detection that the incoming packet belongs to latency-critical traffic, the incoming packet is duplicated into one or more copies. Subsequently, the duplicated copies are sent to a second interface in a delayed fashion where the duplicated copies are spread over a time period. The duplicated copies are received and processed at the second interface.

Abstract: Presented herein are embodiments that provide mobile edge computing (MEC) with low latency traffic segregation within a packet data network (PDN) using dedicated bearers. Techniques are provided that are performed at an edge user plane entity and a control plane entity to coordinate the directing of low latency traffic over a dedicated bearer broken out at the edge, and to communicate normal latency traffic over a default bearer that is centrally broken out.

Abstract: A switch device for relaying data in an on-vehicle network, being equipped with a switch section and a processing section for performing the relay processing via the switch section, wherein, in the case that a plurality of frames to be subjected to the relay processing is present in the processing section, the processing section performs adjustment processing so that the output rates of the respective frames to the switch section in the case that the transmission source addresses of the respective frames are different are made smaller than the output rate in the case that the transmission source addresses of the respective frames are the same.

Abstract: A Wi-Fi controller identifies a mismatch between a first prefix of a first IPv6 address for a data packet corresponding to a first VLAN on which the data packet was sent from the station to the access point, and a prefix of a second IPv6 address for a second VLAN from which the data packet was transmitted from the access point to the Wi-Fi controller. Responsive to the VLAN mismatch identification, the Wi-Fi controller transmits a DHCP reconfiguration packet to the station using the first VLAN. The DHCP reconfiguration packet causes the station to transmit a rebind packet to the DHCP server. The rebind packet causes the DHCP server to transmit an ACK frame on the first VLAN setting the valid lifetime for the first IPv6 address to zero.

Abstract: In some embodiments, a method includes sending a first data unit, received from a source device, to a destination device via a first data unit path. The first data unit path includes (1) a first virtual machine and a second virtual machine that are included in a first network, and (2) a third virtual machine that is included in a second network. Furthermore, the first data unit path includes the first virtual machine, the second virtual machine, and the third virtual machine in a first order. The method includes sending a second data unit, received from the source device, to the destination device via a second data unit path from the source device to the destination device. The second data unit path includes each of the first virtual machine, the second virtual machine, and the third virtual machine in a second order different from the first order.

Abstract: This application discloses a packet processing method that is applied to an EVPN, where the EVPN includes a first network device and a second network device. The method includes: receiving, by the first network device, a VXLAN packet sent by the second network device, where the VXLAN packet includes a path identifier and a service packet, the path identifier indicates a path from the first network device to a VNF device through an IPU, and the service packet includes a destination IP address; determining, by the first network device based on the path identifier, first routing information; and forwarding, by the first network device, the service packet to the VNF device via the IPU based on the first routing information and the destination IP address.

Abstract: In one embodiment, an apparatus includes one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors. The one or more computer-readable non-transitory storage media include instructions that, when executed by the one or more processors, cause the apparatus to perform operations including receiving a user credential from a remote access client within a network and communicating the user credential to an authentication, authorization and accounting (AAA) server within the network. The operations also include receiving a user attribute from the AAA server and generating a contextual label based on the user attribute. The contextual label includes routing instructions associated with traffic behavior within the network. The operations further include advertising a control message, which includes the contextual label, to the remote access client.

Abstract: A system comprising a gateway for interfacing external data sources with one or more accelerators. The gateway comprises a plurality of virtual gateways, each of which is configured to stream data from the external data sources to one or more associated accelerators. The plurality of virtual gateways are each configured to stream data from external data sources so that the data is received at an associated accelerator in response to a synchronisation point being obtained by a synchronisation zone. Each of the virtual gateways is assigned a virtual ID so that when data is received at the gateway, data can be delivered to the appropriate gateway.

Abstract: Methods and apparatus for implementing a low-pin count architecture with priority message arbitration and delivery. The architecture includes a hardware-based message arbitration unit (MAU) including a plurality of priority queues, each having a respective priority level, implemented on a first component, such as a processor and/or System on a Chip (SoC). The first component is communicatively coupled to a second component via a low-pin count link such as an I2C bus. The MAU receives prioritized messages from clients and enqueues the messages in priority queues based on their priority levels. An arbiter selects messages to transmit over the low-pin count link from the priority queues. The MAU further may abort transmission of a message in favor of transmission of a higher-priority message to guarantee a transmit latency.

Abstract: A method may include (1) identifying a set of prefixes that (A) facilitate forwarding traffic within a network and (B) are organized as a tree data structure in connection with a table stored on a network device, (2) identifying, in the set of prefixes organized as the tree data structure, a parent prefix and a child prefix that corresponds to the parent prefix, (3) determining that the parent prefix and the child prefix share a certain number of most-significant bits in common with one another, (4) determining that the parent prefix and the child prefix share a forwarding behavior in common with one another and then, in response to determining that the parent prefix and the child prefix share the certain number of most-significant bits and the forwarding behavior in common with one another, (5) compressing the table stored on the network device by merging the child prefix with the parent prefix within the table. Various other apparatuses, systems, and methods are also disclosed.

Abstract: An apparatus includes a virtual switch hosted at a first network device. The virtual switch is configured to receive a data packet from a first virtual resource hosted at the first network device to be sent to a second virtual resource hosted at a second network device. The virtual switch is configured to encapsulate the data packet to define an encapsulated data packet using a tunnel header, which has a first portion associated with the first and second network devices, and a second portion associated with a data flow between the first and second virtual resources when the data packet is sent from the first network device to the second network device. An Internet Protocol network can use the second portion of the tunnel header to load balance the data packet with respect to other data packets sent from the first network device to the second network device.

Abstract: A system and method for cryptographically securing data communications between a group of networked devices establishes and maintains an overlay network at the Application Layer, on top of a unicast routing service provided at the Internetworking Layer. The overlay network provides first, the routes that are used to deliver multicast datagrams and second, the cryptographic keys used to secure multicast datagrams. A common cryptographic key is established between all members of each group, and end-to-end encryption ensures that multicast datagrams can be accessed only by authorized group members. In other embodiments, keys are established between pairs of adjacent devices in the overlay network, and hop-by-hop encryption ensures that multicast datagrams can be accessed only by overlay network members.

Abstract: An example network device includes a primary node and a standby node. The primary node engages in a routing session with a peer network device via a connected socket. The standby node includes one or more processors implemented in circuitry and configured to execute a backup replication module to receive, from the primary node, data to be written to a backup socket for the connected socket, and, in response to a switchover, to send a representation of the data to the peer network device via the backup socket.

Abstract: A central controller in a data network can maintain a set of access control list (ACL) rules that represent traffic and data policies of the data network. The controller can autonomously propagate the set of ACL rules to switches in the data network. Each switch that receives the set of ACL rules can selectively install rules from the set based on criteria such as whether or not a given rule in the set is close to the source and device class.

Abstract: Apparatus adapted for exascale computers are disclosed. The apparatus includes, but is not limited to at least one of: a system, data processor chip (DPC), Landing module (LM), chips including LM, anticipator chips, simultaneous multi-processor (SMP) cores, SMP channel (SMPC) cores, channels, bundles of channels, printed circuit boards (PCB) including bundles, floating point adders, accumulation managers, QUAD Link Anticipating Memory (QUADLAM), communication networks extended by coupling links of QUADLAM, log2 calculators, exp2 calculators, logALU, Non-Linear Accelerator (NLA), and stairways. Methods of algorithm and program development, verification and debugging are also disclosed. Collectively, embodiments of these elements disclose a class of supercomputers that obsolete Amdahl's Law, providing cabinets of petaflop performance and systems that may meet or exceed an exaflop of performance for Block LU Decomposition (Linpack).

Abstract: A satellite communication system may be configured to establish multiple different tunnels between a first satellite modem and a second satellite modem in accordance with a protocol. The first satellite modem may receive a packet via a tunnel established in accordance with a different protocol, determine an endpoint identifier corresponding to the tunnel based on information from one or more headers included in the packet, identify one of the multiple different tunnels that corresponds to the tunnel, generate a corresponding packet omitting at least a portion of the information from the one or more headers and comprising at least a portion of data included in a payload of the packet and an information block comprising a tunnel index corresponding to the identified one of the multiple different tunnels, and transmit the corresponding packet to the second satellite modem via the identified one of the multiple different tunnels.

Abstract: A method performed by a switch device including receiving, from a source host node, a frame including a MAC address of the source host node as a source MAC address; a MAC address of a destination host node as a destination MAC address, and information indicating a type of frame as a request frame; sending the frame towards the destination host node; generating a first reply frame including the MAC address of the source host node and information indicating a type of frame as a reply frame, the information indicating in a source MAC address field of the first reply frame including a switch ID, a sequence number equal to 0, a hop number equal to 1, and incoming port information that the switch device uses to forward at least one frame towards the source host node; and sending the generated first reply frame towards the source host node.

Abstract: A message sending method, a binding relationship advertising method, a message sending apparatus, a binding relationship advertising apparatus, a storage medium and an electronic device are provided. The message sending method includes: receiving a first message on a first node subjected to route aggregation; in a case where the first message matches a first Incoming Label Map (ILM) table entry preset on the first node, swapping a label of the first message into an outgoing label corresponding to a detailed Forwarding Equivalence Class (FEC) to obtain a second message; and forwarding the second message to a downstream node according to a Label Switched Path (LSP) corresponding to the detailed FEC.

Abstract: Systems and methods are provided for monitoring traffic flow using a trained machine learning (ML) model. For example, in order to maintain a stable level of connectivity and network experience for the devices in a network, the ML model can monitor the data flow of each device and label each data flow based on its behavior and properties. The system can take various actions based on the labeled data flow, including generate an alert, automatically change network settings, or otherwise adjust the data flow from the device.

Abstract: A system for facilitating efficient command management in a network interface controller (NIC) is provided. During operation, the system can determine, at the NIC, a trigger condition and a location in a command queue for a set of commands corresponding to the trigger condition. The command queue can be external to the NIC. The location can correspond to an end of the set of commands in the command queue. The system can then determine, at the NIC, whether the trigger condition has been satisfied. If the trigger condition is satisfied, the system can fetch a respective command of the set of commands from the command queue and issuing the command from the NIC until the location is reached, thereby bypassing locally storing the set of commands prior to the trigger condition being satisfied.

Abstract: A method for providing multicast frames in a Multi-Dwelling Unit (MDU) is provided herein. An Access Point (AP) can receive a join request from a first client device. The AP can generate a Group Master Key (GMK) from the Pre-Shared Key (PSK) associated with a Basic Service Set (BSS) that includes the first client device. The AP can then derive a Group Transient Key (GTK) from the GMK. The AP may then send the GTK to the first client device. Thereinafter, the AP can send multicast frames to the first client device encrypted by the GTK. The first client device can decrypt the multicast frames with the GTK. However, a second client device, that does not share the PSK, may receive the multicast frame but cannot decrypt the multicast frames.

Abstract: Described in this document, among other things, is an overload protection system that can protect data sinks from overload by controlling the volume of data sent to those data sinks in a fine-grained manner. The protection system preferably sits in between edge servers, or other producers of data, and data sinks that will receive some or all of the data. Preferably, each data sink owner defines a policy to control how and when overload protection will be applied. Each policy can include definitions of how to monitor the stream of data for overload and specify one or more conditions upon which throttling actions are necessary. In embodiments, a policy can contain a multi-part specification to identify the class(es) of traffic to monitor to see if the conditions have been triggered.

Abstract: A first network device associated with a network may establish an Internet protocol version 6 Multiprotocol BGP session with a second network device associated with the network. The first network device and second network device are both capable of forwarding both IPv4 and IPv6 packets with only an IPv6 address configured on the interface of both the first network device and second network device. The first network device may exchange Multiprotocol Reachability capability with second network device for corresponding 2-tuple Address Family Identifier/Subsequent Address Family Identifier. The first network device may advertise Internet protocol version 4 network layer reachability information and may advertise Internet protocol version 6 network layer reachability information with IPv6 extended next hop encoding using Internet Assigned Numbering Authority assigned capability code value 5 to second network device.

Abstract: Techniques are described for learning an unknown virtual network information, such as an virtual Internet Protocol (IP) address, of a pod in a virtual network. In some examples, a virtual router executing at a computing device may receive an Address Resolution Protocol (ARP) packet from a virtual execution element in the virtual network, the virtual execution element executing at the computing device. The virtual router may determine, based at least in part on the ARP packet, whether virtual network information for the virtual execution element in a virtual network is known to the virtual router. The virtual router may, in response to determining that the virtual network information of the virtual execution element in the virtual network is not known to the virtual router, perform learning of the virtual network information for the virtual execution element.

Abstract: Embodiments of the present disclosure include methods, performed by a first node in an integrated access backhaul (IAB) network, for flow control of data transmission from a base station to a plurality of user equipment (UEs) via the IAB network. Such embodiments can include detecting a reduction in data transmission throughput in the first node, and determining that the reduction in data transmission throughput is due to congestion in one or more particular downstream nodes in the IAB network. Such embodiments can also include sending a flow-control message to an upstream node in the IAB network, wherein the flow-control message identifies one or more nodes, in the IAB network, for which a flow-control operation is requested in relation to data transmitted from the upstream node. Other embodiments include complementary methods performed by a second node (e.g., upstream from the first node) and IAB nodes configured to perform such methods.

Abstract: A network monitoring engine uses the routing and interface data of a monitored network to enrich received flow records with exit information. The routing data of the same network device at which the flow record is received is used to determine a next hop based upon the destination IP address of the flow record. In addition, interface data of the other devices is used to determine an egress device and interface of the network used to transmit traffic to the identified next hop. The flow record is enriched with exit information indicating an interface of the network the data packets of the flow record are expected to exit the network. By enriching the flow records as they are received, the exit information reflects how traffic is routed through the network at that time, even if the routing or interface information of the network later changes.

Abstract: An application transaction comprised in a payload section of at least one data unit is identifying. In response to identifying the application transaction, allocation of radio resources for transmission of the at least one data unit on a radio link is controlled.

Abstract: Techniques are described in which a centralized controller, such as a software defined networking (SDN) controller, constructs a service chain that includes a physical network function (PNF) between a bare metal server (BMS) and a virtual execution element (e.g., virtual machine or container), or in some instances a remote BMS, or vice-versa. In accordance with the techniques disclosed herein, the controller may construct an inter-network service chain that includes PNFs, or a combination of PNFs and virtualized network functions (VNFs). The controller may construct an inter-network service chain to steer traffic between a BMS and a virtual execution element or remote BMS through an inter-network service chain using Virtual Extensible Local Area Network (VXLAN) as an underlying transport technology through the service chain.

Abstract: A system and method for scattering network traffic across a number of disparate hosts is provided. Each gateway located along a real transmission pathway between a real point of origin and a real point of destination is identified. A network and a sub-network for each gateway is identified. At least one host along the real transmission pathway is used to observe network traffic for a number of illusionary hosts, each having network addresses appearing to be plausibly located along the real transmission pathway. A host having aggregate network traffic data deviating the most from a mean value for all hosts is selected. The network address for the selected host is used as the source address of an outgoing IP datagram.

Abstract: Embodiments herein relate to a method performed by a transmitting device (12) for transferring background user data to a receiving device (10) in a communication network (1). The transmitting device (12) intercepts a packet, which packet comprises foreground user data in a payload field of the packet. The transmitting device (12) determines that the packet is intended for the receiving device (10). The transmitting device (12) establishes an available amount of data in the payload field of the packet. The transmitting device (12) adds the background user data for the receiving device (10) to the established available amount of data in the payload field. The transmitting device (12) transmits the packet with the foreground user data and the background user data to the receiving device (10).

Abstract: A method and apparatus for establishing a fast-forwarding table are provided. The method comprises: when a communication packet is received, determining, according to matching rules of services set in a packet processing policy, a target service matching the communication packet; if a fast-forwarding table corresponding to the communication packet is not stored locally, obtaining a preset target priority of the target service, and determining a target resource utilization threshold corresponding to the target priority according to a preset correspondence between priorities and resource utilization thresholds; determining whether a current resource utilization is greater than the target resource utilization threshold; and establishing a fast-forwarding table corresponding to the communication packet if the current resource utilization is not greater than the target resource utilization threshold.

Abstract: In an authentication method, a first controller generates a first group key, executes first mutual authentication with devices within a group, and shares the first group key with devices that have succeeded in the first mutual authentication. When a second controller joins the group, the first controller decides which coordinator manages a group key used in common. The first controller executes second mutual authentication with the coordinator, and shares the first group key with the coordinator when the second mutual authentication is successful. The coordinator performs encrypted communication within the group using the first group key, generates a second group key when the first group key valid time runs out and before updating the first group key, executes third mutual authentication with the devices and a third controller, and updates the first group key of the devices and the third controller that have succeeded in the third authentication.

Abstract: Disclosed is the generation of a bit-indexed forwarding table (BIFT) that can include a plurality of entries, each such entry corresponding to a bit position of a plurality of bit positions, where each such bit position represents an egress network node of a plurality of egress network nodes, and the generating configures the BIFT to be used in forwarding a packet to one or more of the plurality of egress network nodes, based at least in part on a bit string in the packet. The generating includes selecting a bit position of the plurality of bit positions as a selected bit position, creating an entry of the plurality of entries (where the entry corresponds to the selected bit position), identifying a neighbor node associated with the selected bit position, and updating one or more fields of the entry with neighbor information regarding the neighbor node.

Abstract: Systems and methods for resolving names in a data network. A data network includes an information-centric network layer, ICN-layer, with multiple routers, and a name resolution layer with multiple name resolvers. Each router receives an interest packet announcement describing data objects provided by a data producer. Each router determines a first name resolver of the name resolution layer closest to the data producer and sends a name of the provided data object and geo-location of the data producer to the first name resolver. The first name resolver transmits the name of the data object and geo-location of the data producer to other name resolvers. Each router receives an interest packet request describing a data object requested by a data consumer. Each router transmits the interest packet request to a second name resolver spatially closest to the data consumer. Each name resolver provides the geo-location of the requested data object to the data consumer.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprising a computing device, which provides Efficient Data-In-Transit Protection Techniques for Handheld Devices (EDITH) to protect data-in-transit. An end user device (EUD) may generate a multicast data packet. The EDITH module of the EUD encapsulates the data packet in a GRE packet and directs the GRE packet to a unicast destination address of an EDITH Multicast Router included in an infrastructure. The EDITH module on the EUD double compresses and double encrypts the GRE packet. The EDITH module on the infrastructure decrypts and decompresses the double compressed and double encrypted GRE packet to recreate the GRE packet. The EDITH module on the infrastructure decapsulates the GRE packet to derive the original multicast data packet, and distributes the original multicast data packet to the multiple group member based on the multicast destination address included in the original multicast data packet.