Abstract: Flow-based isolation can be provided in a service network that is implemented over a software-defined network, and particularly in a dynamic open-access network environment. End user premises devices can be configured with one or more service network isolation flows that apply to communications within the service network. Such service network isolation flows can define rules for dropping any outgoing communication that is destined for an IP address within the service network. Such service network isolation flows can also define rules for dropping any incoming communication that originated from an IP address within the service network.

Abstract: A dynamic open access software-defined network can be configured to enable an end user premises device to function like a controller so that there is no need to employ a controller within the network. As a result, a dynamic open access software-defined network can be efficiently and effectively scaled. An end user premises device can be configured with a virtual switch that implements a flow receiver for receiving flows directly from a flow communicator of a management server without utilizing a controller or the Openflow protocol. The virtual switch may also be configured to store flows in a configuration file that is persisted across reboots on the end user premises device to thereby enable the end user premises device to rebuild a flow table without communicating with an external component.

Abstract: Services can be isolated across a single physical network interface. A gateway that is installed at the user's premises can include a single inbound port over which multiple services can be provided to the premises. The gateway can evaluate all outbound frames that are received at the port to identify to which service they pertain and then tag the frames with an identifier assigned to the service. This tagging will enable the frames to be delivered to the intended service provider. When the gateway receives an inbound frame, it can strip the identifier from the frame and forward it over the single inbound port regardless of the service to which it pertains. In this way, multiple services that are provided to the user's premises can remain isolated on the wide area network even though they are provided over the same physical medium on the user's local area network.

Abstract: Authentication of devices to receive services provided by service providers over communications networks such as open access networks, wherein the provider of the network need not have access to secret information shared between the devices and the service providers. A request is received from a device to receive services from a service provider and is forwarded to the service provider. A challenge and an expected response is received from the service provider and the challenge is forwarded to the device. A response to the challenge is received from the device the device is authenticated to receive services from the service provider if the response received from the device matches the expected response provided by the service provider.

Abstract: Methods, systems, and devices for automatically and dynamically managing and coordinating network resources used by services between users over a data network having a network infrastructure. A network resources coordinator can include a knowledge store, rules library, rules engine, and orchestrator. The knowledge store can have a plurality of layered abstraction stores having stored thereon facts representative of a present state of the network. The rules library can include production rules representative of knowledge of the network and of users. The orchestrator can receive service requests from users and use the rules engine in conjunction with the production rules of the rules library and facts of the knowledge store to: determine network resources required and available for requested services, dynamically make automated decisions with respect to the network and users, detect and react to changes in the network in an automated fashion, and enforce constraints of the network.

Abstract: A system and method are supplied to provide multiple private networks. The system can include a Provider Backbone Bridge Traffic Engineering (PBB/TE) interface or interfaces configured to receive a plurality of data stream types each associated with an Instance Service Identifier (I-SID) from a Metropolitan Area Network (MAN) or public carrier Ethernet. A plurality of local area network (LAN) ports can be configured to communicate data to a plurality of LANs. A switching process is provided between the PBB/TE interface and the LAN ports. The switching process can be configured to bind individual data stream types from subdivided data streams each represented by an I-SID to each of the respective LAN ports.

Abstract: A system and method are supplied to provide multiple private networks. The system can include a Provider Backbone Bridge (PBB) interface or interfaces configured to receive a plurality of data stream types each associated with an Instance Service Identifier (I-SID) from a Metropolitan Area Network (MAN) or public carrier Ethernet. A plurality of local area network (LAN) ports can be configured to communicate data to a plurality of LANs. A switching process is provided between the PBB interface and the LAN ports. The switching process can be configured to bind individual data stream types from subdivided data streams each represented by an I-SID to each of the respective LAN ports. In addition, the switching process can communicate packets between the PBB interface and the bound LAN ports.

Abstract: A system and method are supplied to provide multiple private networks. The system can include a Provider Backbone Bridge (PBB) interface or interfaces configured to receive a plurality of data stream types each associated with an Instance Service Identifier (I-SID) from a Metropolitan Area Network (MAN) or public carrier Ethernet. A plurality of local area network (LAN) ports can be configured to communicate data to a plurality of LANs. A switching process is provided between the PBB interface and the LAN ports. The switching process can be configured to bind individual data stream types from subdivided data streams each represented by an I-SID to each of the respective LAN ports.

Abstract: A system and method are supplied to provide multiple private networks. The system can include a Provider Backbone Bridge Traffic Engineering (PBB/TE) interface or interfaces configured to receive a plurality of data stream types each associated with an Instance Service Identifier (I-SID) from a Metropolitan Area Network (MAN) or public carrier Ethernet. A plurality of local area network (LAN) ports can be configured to communicate data to a plurality of LANs. A switching process is provided between the PBB/TE interface and the LAN ports. The switching process can be configured to bind individual data stream types from subdivided data streams each represented by an I-SID to each of the respective LAN ports.

Abstract: A system and method are supplied to provide multiple private networks. The system can include an Multi-Protocol Label Switching (MPLS) interface configured to receive a plurality of data stream types from a packet switched network. A plurality of local area network ports can be configured to communicate data to local area networks. A switching process can be provided between the MPLS interface and the local area network ports. The switching process can be configured to map individual data stream types from the MPLS interface to each of the respective local area network ports. In addition, the switching process can communicate packets between the MPLS interface and the mapped local area network ports.

Abstract: A system and method are supplied to provide multiple private networks. The system can include an Multi-Protocol Label Switching (MPLS) interface configured to receive a plurality of data stream types from a packet switched network. A plurality of local area network ports can be configured to communicate data to local area networks. A switching process can be provided between the MPLS interface and the local area network ports. The switching process can be configured to map individual data stream types from the MPLS interface to each of the respective local area network ports. In addition, the switching process can communicate packets between the MPLS interface and the mapped local area network ports.

Abstract: A system and method are supplied to provide multiple private networks. The system can include an asynchronous transfer mode (ATM) interface configured to receive a plurality of data stream types from a cell switched network. A plurality of local area network ports can be configured to communicate data to local area networks. A switching process can be provided between the ATM interface and the local area network ports. The switching process can be configured to map individual data stream types from the ATM interface to each of the respective local area network ports. In addition, the switching process can communicate packets between the ATM interface and the mapped local area network ports.