Abstract: The present disclosure relates to a method for anchoring an edge cloud to a central cloud, the method being performed in a cloud environment comprising a central cloud and an edge cloud, the method comprising obtaining (S238, S310), by a connectivity controller of an edge cloud, an address of an anchoring registry of a central cloud; sending (S240, S312), by the connectivity controller, to the anchoring registry, information about networking configuration of the edge cloud; setting up (S246, S314), by an orchestrator of the central cloud, a virtual private network, VPN, service in the central cloud; requesting (S248, S316), by the orchestrator of the central cloud, edge VPN configuration information from the central VPN service, based on the information about networking configuration of the edge cloud; sending (S252, S318), by the anchoring registry, the edge VPN configuration information, to an orchestrator of the edge cloud; creating (S258, S320), by an orchestrator of the edge cloud, an edge VPN service, b

Abstract: It is presented a method for configuring a network path. The method is performed in a routing control device of a software defined network and comprises the steps of: receiving a first node packet originating from a first node of the software defined network, the first node packet forming part of an ARP exchange between an ARP requester and an ARP responder, the first node packet comprising a request for network properties encoded in a first address; determining a network path through the software defined network; changing a source address of a packet to the ARP requester to be a second address; configuring all switches forming part of the network path, to route packets in accordance with the network path; and configuring an edge switch to replace, for all packets having a destination address being equal to the second address, the destination address with an address of the ARP responder.

Abstract: The present disclosure relates to a method for anchoring an edge cloud to a central cloud, the method being performed in a cloud environment comprising a central cloud and an edge cloud, the method comprising obtaining (S238, S310), by a connectivity controller of an edge cloud, an address of an anchoring registry of a central cloud; sending (S240, S312), by the connectivity controller, to the anchoring registry, information about networking configuration of the edge cloud; setting up (S246, S314), by an orchestrator of the central cloud, a virtual private network, VPN, service in the central cloud; requesting (S248, S316), by the orchestrator of the central cloud, edge VPN configuration information from the central VPN service, based on the information about networking configuration of the edge cloud; sending (S252, S318), by the anchoring registry, the edge VPN configuration information, to an orchestrator of the edge cloud; creating (S258, S320), by an orchestrator of the edge cloud, an edge VPN service, b

Abstract: A method for operating a system hosted on a mobile entity is disclosed, wherein the system is operable to connect to a communication network. The method, performed by a controller of the system, comprises seeking to establish a trust relationship with a cooperating system hosted on a mobile entity, and, if a trust relationship with the cooperating system is established, performing at least one of: initiating use of a resource provided by the cooperating system, or initiating provision of a resource for use by the cooperating system. Also disclosed is a method for operating a function comprising a digital representative of a system hosted on a mobile entity, wherein the system is operable to connect to a communication network.

Abstract: Embodiments herein relate to a method performed by a network controller node (130) in a data processing network (100) for enabling routing of data flows to or from a service (150) in the data processing network (100). The network controller node (130) receives information indicating network requirements on the data processing network (100) by a service (150) to be initiated in the data processing network (100). Also, the network controller node (130) determines a network identifier for the service (150) in the data processing network (100) based on the obtained network requirements. Embodiments herein also relate to a method performed by a resource controller node (140) in a data processing network (100) for enabling routing of data flows to or from a service (150) in the data processing network (100). The resource controller node (140) obtains information indicating network requirements on the data processing network (100) by a service (150) to be initiated in the data processing network (100).

Abstract: There is provided mechanisms for handling access to a service in a network. A method is performed by a network controller. The method comprises obtaining an indication of the service is accessible in the network. The indication is received from a network switch operatively connecting a server of the service to the network. The indication causes a timer to start. The method comprises obtaining an indication of a client requesting to access the service. The indication is received from the network switch. The method comprises recording, only when the timer has not yet expired, identity information of the client in an access control list. The method comprises providing the access control list at least to the network switch upon expiration of the timer.

Abstract: Using an authentication server to program network elements, such as a network node, in accordance with software-defined networking techniques in order to establish a traffic flow rule for a communication device or user of the communication device. After successfully authenticating a communication device or user, the authentication server and/or network node may use an identifier received at the authentication server in connection with the authentication procedure in order to obtain a traffic flow rule for the communication device. The traffic flow rule may be established at the network node or forwarded to a second network node configured to receive network packets from the communication device. The first identifier may be any one of a user identifier identifying a user, an application identifier identifying an application, and a device identifier unique to the communication device.

Abstract: There is provided mechanisms for updating a private key of a host entity. The private key is based on parameters negotiated between the host entity and a key issuer. The host entity further has a group public key that is generated by the key issuer and associated with the private key. A method is performed by the host entity. The method comprises obtaining a need to acquire a new private key. The method comprises, in response thereto, performing a private key update procedure with the key issuer using the public key and the current private key, wherein parameters for the new private key are negotiated with the key issuer. The method comprises generating the new private key using the negotiated parameters.

Abstract: There is provided mechanisms for handling access to a service in a network. A method is performed by a network controller. The method comprises obtaining an indication of the service is accessible in the network. The indication is received from a network switch operatively connecting a server of the service to the network. The indication causes a timer to start. The method comprises obtaining an indication of a client requesting to access the service. The indication is received from the network switch. The method comprises recording, only when the timer has not yet expired, identity information of the client in an access control list. The method comprises providing the access control list at least to the network switch upon expiration of the timer.

Abstract: It is presented a method for configuring a network path. The method is performed in a routing control device of a software defined network and comprises the steps of: receiving a first node packet originating from a first node of the software defined network, the first node packet forming part of an ARP exchange between an ARP requester and an ARP responder, the first node packet comprising a request for network properties encoded in a first address; determining a network path through the software defined network; changing a source address of a packet to the ARP requester to be a second address; configuring all switches forming part of the network path, to route packets in accordance with the network path; and configuring an edge switch to replace, for all packets having a destination address being equal to the second address, the destination address with an address of the ARP responder.

Abstract: There is provided mechanisms for updating a private key of a host entity. The private key is based on parameters negotiated between the host entity and a key issuer. The host entity further has a group public key that is generated by the key issuer and associated with the private key. A method is performed by the host entity. The method comprises obtaining a need to acquire a new private key. The method comprises, in response thereto, performing a private key update procedure with the key issuer using the public key and the current private key, wherein parameters for the new private key are negotiated with the key issuer. The method comprises generating the new private key using the negotiated parameters.

Abstract: A method in a network node of a communication network configured to manage command messages from at least one Machine Type Communication, MTC, device manager intended for an MTC device, comprises receiving command messages from the at least one MTC device manager, step (201). One or more command messages are merged into an MTC device message that comprises at least one command message, step (203). Originator information is associated with each command message in the MTC device message, step (205). The MTC device message is sent to an MTC device. The network node may further perform the steps of receiving an MTC device message from an MTC device, the MTC device message comprising at least one response message, step (301).

Abstract: Embodiments herein relate to a method performed by a network controller node (130) in a data processing network (100) for enabling routing of data flows to or from a service (150) in the data processing network (100). The network controller node (130) receives information indicating network requirements on the data processing network (100) by a service (150) to be initiated in the data processing network (100). Also, the network controller node (130) determines a network identifier for the service (150) in the data processing network (100) based on the obtained network requirements. Embodiments herein also relate to a method performed by a resource controller node (140) in a data processing network (100) for enabling routing of data flows to or from a service (150) in the data processing network (100). The resource controller node (140) obtains information indicating network requirements on the data processing network (100) by a service (150) to be initiated in the data processing network (100).

Abstract: A method performed by a machine-to-machine, M2M, server for managing communication with a M2M device is disclosed. The method comprising configuring the M2M device with a finite number of predetermined states and predetermined transitions for moving the M2M device into one of its predetermined states, and sending a message to the M2M device for executing at least one of the predetermined transitions.

Abstract: A relay module (30) for use in a lightweight machine to machine (LWM2M) communication network comprises a first interface module (31) for interfacing with one or more server devices, and a second interface module (33) for interfacing with a plurality of client devices. A processing unit (35) is adapted to establish at least one group object instance, wherein each group object instance is used to control communication between a server device and a group of client devices.

Abstract: The disclosure relates to a method for access control of a data flow in a software defined networking system. The method includes receiving a first packet associated with a first data flow between a client node and a server node, verifying authentication of the first packet, repeating the receiving and verifying for a number of subsequent packets of the first data flow, wherein the number of subsequent packets is set based on type of protocol used for the first data flow and/or a policy set in the controller device, and sending, to an intermediate node along a path of the first data flow, a respective verification message for each successfully verified authentication of the first packet and any subsequent packets, allowing the first packet and any subsequent packets of the first data flow for forwarding.

Abstract: Embodiments are directed to using an authentication server (140) to program and reprogram network elements, such as a network node (150), in accordance with software-defined networking techniques in order to establish a traffic flow rule for a communication device (110) or user of the communication device (110). After successfully authenticating a communication device (110) or user, the authentication server (140) and/or network node (150) may use an identifier received at the authentication server (140) in connection with the authentication procedure in order to obtain a traffic flow rule for the communication device (110). The traffic flow rule may be established at the network node (140) or forwarded to a second network node configured to receive network packets from the communication device (110). The first identifier may be any one of a user identifier identifying a user, an application identifier identifying an application, and a device identifier unique to the communication device (110).

Abstract: A method performed by a machine-to-machine, M2M, server for managing communication with a M2M device is disclosed. The method comprising configuring the M2M device with a finite number of predetermined states and predetermined transitions for moving the M2M device into one of its predetermined states, and sending a message to the M2M device for executing at least one of the predetermined transitions.

Abstract: The disclosure relates to a method for access control of a data flow in a software defined networking system. The method includes is performed in a controller device and comprises: receiving a first packet associated with a first data flow between a client node and a server node, verifying, based on flow attributes authentication of the first packet, repeating the receiving and verifying for a number of subsequent packets of the first data flow, wherein the number of subsequent packets is set based on type of protocol used for the first data flow and/or a policy set in the controller device, and sending, to an intermediate node along a path of the first data flow, a respective verification message for each successfully verified authentication of the first packet and any subsequent packets, allowing the first packet and any subsequent packets of the first data flow for forwarding.

Abstract: A method in a network node of a communication network configured to manage command messages from at least one Machine Type Communication, MTC, device manager intended for an MTC device, comprises receiving command messages from the at least one MTC device manager, step (201). One or more command messages are merged into an MTC device message that comprises at least one command message, step (203). Originator information is associated with each command message in the MTC device message, step (205). The MTC device message is sent to an MTC device. The network node may further perform the steps of receiving an MTC device message from an MTC device, the MTC device message comprising at least one response message, step (301).