Abstract: Using the ALTO Service, networking applications can request through the ALTO protocol information about the underlying network topology from the ISP or Content Provider. The ALTO Service provides information such as preferences of network resources with the goal of modifying network resource consumption patterns while maintaining or improving application performance. This document describes, in one example, an ALTO server that implements enhancements to the ALTO service to enable initiating incremental updates of network and cost maps to ALTO clients upon receiving status information from a content delivery network (CDN) node.

Abstract: A source network address and port translation (NAPT) mechanism is described that reduces or eliminates the need to log any NAT translations. As described herein, a mapping between a subscriber's private address to a public address and port range is determined algorithmically. Given a particular mapping rule, as specified by the service provider, a subscriber is repeatedly and deterministically mapped to the same public network address and a specific port range for that network address. Once the public address and port range for a subscriber are computed, the particular ports for each session for that subscriber are allocated dynamically within the computed NAT port range on per session basis.

Abstract: A method for applying network services to data traffic forwarded between virtual private network (VPN) sites includes: receiving a data packet addressed to a target site associated with the VPN, determining services to be applied to the data packet according to a service chain, where the determining is a function of at least one of the VPN, the origin site or the target site, adding an indication of a VPN forwarding context onto the data packet, encapsulating the data packet with Network Service Header encapsulation, where a header for the encapsulated data packet indicates at least the service chain; forwarding the encapsulated data packet in accordance with the service chain, receiving the encapsulated data packet at the end of the service chain, terminating the service chain, removing the encapsulation, and forwarding the data packet to a target destination per the indication of a VPN forwarding context.

Abstract: A node is configured to receive, from a second node, a request to establish a session; perform, in response to the request, a network address translation (NAT) operation to establish the session, the NAT operation causing a first port block to be allocated to the session, the first port block including a first set of ports via which traffic, associated with the session, is transported; determine that the set of ports are no longer available for the session; determine whether a quantity of times that the first port block has been allocated to the session is greater than a threshold; and retain the first port block, for the session, when the quantity of times that the first port block has been allocated to the session is not greater than the threshold.

Abstract: A network device may receive a request from a local device to establish a connection with a another device. The request may include an internal network identifier of the local device. The network device may evaluate a plurality of external network identifiers, associated with the network device based on selected criteria. The network device may also, or alternatively, evaluate the external network identifiers by identifying an external network identifier that is already mapped to, or paired with, the internal network identifier. The network device may select an external network identifier, of the plurality of external network identifiers, based on the evaluation and establish the connection requested by the local device using the internal network identifier and the external network identifier.

Abstract: Stateless deterministic network address translation (NAT) within a service provider network is described. A plurality of customer premise equipment (CPEs) positioned within customer networks and a NAT device positioned within a service provider network operate as ingress and egress for tunnels having network packets of a first network transport protocol that encapsulate inner network packets of a second network transport protocol. The NAT device stores a mapping table that maps, for each of the CPEs, a public network address of the first transport protocol to a public network address and restricted port range of the second transport protocol. The NAT device outputs control messages to communicate the respective restricted port range to each of the CPEs, and the CPEs provide network address translation within the customer networks at the ingress of the tunnels based on the restricted port range received from the NAT device of the service provider network.

Abstract: A node is configured to receive, from a second node, a request to establish a session; perform, in response to the request, a network address translation (NAT) operation to establish the session, the NAT operation causing a first port block to be allocated to the session, the first port block including a first set of ports via which traffic, associated with the session, is transported; determine that the set of ports are no longer available for the session; determine whether a quantity of times that the first port block has been allocated to the session is greater than a threshold; and retain the first port block, for the session, when the quantity of times that the first port block has been allocated to the session is not greater than the threshold.

Abstract: A source network address and port translation (NAPT) mechanism is described that reduces or eliminates the need to log any NAT translations. As described herein, a mapping between a subscriber's private address to a public address and port range is determined algorithmically. Given a particular mapping rule, as specified by the service provider, a subscriber is repeatedly and deterministically mapped to the same public network address and a specific port range for that network address. Once the public address and port range for a subscriber are computed, the particular ports for each session for that subscriber are allocated dynamically within the computed NAT port range on per session basis.

Abstract: A node is configured to receive, from a second node, a request to establish a session; perform, in response to the request, a network address translation (NAT) operation to establish the session, the NAT operation causing a first port block to be allocated to the session, the first port block including a first set of ports via which traffic, associated with the session, is transported; determine that the set of ports are no longer available for the session; determine whether a quantity of times that the first port block has been allocated to the session is greater than a threshold; and retain the first port block, for the session, when the quantity of times that the first port block has been allocated to the session is not greater than the threshold.

Abstract: Using the ALTO Service, networking applications can request through the ALTO protocol information about the underlying network topology from the ISP or Content Provider. The ALTO Service provides information such as network resource preferences with the goal of modifying network resource consumption patterns while maintaining or improving application performance. This document describes, in one example, an ALTO server that implements enhancements to the ALTO service to assign a PID-type attribute to each of a set of one or more PIDs each associated with a subset of one or more endpoints of a network, wherein a PID-type attribute specifies a type for the subset of endpoints associated with the PID. The ALTO server generates an ALTO network map that includes a PID entry to describe each of the PIDs, wherein each PID entry includes a PID-type field that stores the assigned PID-type attribute for the PID described by the PID entry.

Abstract: Using the ALTO Service, networking applications can request through the ALTO protocol information about the underlying network topology from the ISP or Content Provider. The ALTO Service provides information such as network resource preferences with the goal of modifying network resource consumption patterns while maintaining or improving application performance. This document describes, in one example, an ALTO server that implements enhancements to the ALTO service to assign a PID-type attribute to each of a set of one or more PIDs each associated with a subset of one or more endpoints of a network, wherein a PID-type attribute specifies a type for the subset of endpoints associated with the PID. The ALTO server generates an ALTO network map that includes a PID entry to describe each of the PIDs, wherein each PID entry includes a PID-type field that stores the assigned PID-type attribute for the PID described by the PID entry.

Abstract: In general, techniques are described for dynamically generating attributes from routing topology information and assigning dynamically generated attributes to network map entries to further characterize PIDs described therein. For example, a provider or other entity assigns, within a network device, endpoint types to one or more address prefixes for which the network device originates or forwards route advertisements. For each typed prefix, the network device adds an endpoint type identifier for the assigned endpoint type to route advertisements that traverse or originate with the network device and specify the prefix. An ALTO server peers with router advertisers to receive route advertisements. When the ALTO server receives a route advertisement that includes an endpoint type identifier, the ALTO server maps the endpoint type identifier to a PID attribute and assigns the PID attribute to a PID that includes a prefix identified in the route advertisement.

Abstract: Techniques are provided to programming network analytics processing in virtual and physical network devices, useful for software-defined networking (SDN). A controller, e.g., a so-called SDN controller, is configured to identify a control-plane or data-plane flow originating, terminating or transiting a physical or virtual network element. The controller generates one or more network analytics processing actions to be performed by the physical or virtual network element based on inspection of traffic by the physical or virtual network element. The controller forms or generates an inspect/apply-action message containing information identifying the control-plane or data-plane flow for inspection and the one or more network analytics processing actions to be performed. The inspect/apply-action message is sent to the physical or virtual network element.

Abstract: A network device may receive a request from a local device to establish a connection with a another device. The request may include an internal network identifier of the local device. The network device may evaluate a plurality of external network identifiers, associated with the network device based on selected criteria. The network device may also, or alternatively, evaluate the external network identifiers by identifying an external network identifier that is already mapped to, or paired with, the internal network identifier. The network device may select an external network identifier, of the plurality of external network identifiers, based on the evaluation and establish the connection requested by the local device using the internal network identifier and the external network identifier.

Abstract: A network device may receive a request from a local device to establish a connection with a another device. The request may include an internal network identifier of the local device. The network device may evaluate a plurality of external network identifiers, associated with the network device based on selected criteria. The network device may also, or alternatively, evaluate the external network identifiers by identifying an external network identifier that is already mapped to, or paired with, the internal network identifier. The network device may select an external network identifier, of the plurality of external network identifiers, based on the evaluation and establish the connection requested by the local device using the internal network identifier and the external network identifier.

Abstract: An example network device includes one or more network interface cards and a control unit. The network interface cards are configured to send and receive messages with a first network operating in accordance with a first network-layer protocol and a second network operating in accordance with a second network-layer protocol and a control unit. The control unit is configured to receive a message via the one or more network interface cards, transform the message from conforming to a first transitioning protocol to conforming to a second transitioning protocol, and forward the message via the second network.

Abstract: A network device may receive a packet from a user device; allocate a first port range to the user device; measure a period of time after allocating the first port range; and allocate a second port range to the user device when the measured period of time is equal to a particular period of time. The first port range may be associated with a first Internet Protocol (IP) address.

Abstract: Using the ALTO Service, networking applications can request through the ALTO protocol information about the underlying network topology from the ISP or Content Provider. The ALTO Service provides information such as preferences of network resources with the goal of modifying network resource consumption patterns while maintaining or improving application performance. This document describes, in one example, an ALTO server that intersects network and cost maps for a first network with network and cost maps for a second network to generate a master cost map that includes one or more master cost entries that each represent a cost to traverse a network from an endpoint in the first network to an endpoint in the second network. Using the master cost map, a redirector may select a preferred node in the first network with which to service a content request received from a host in the second network.

Abstract: Techniques are described for providing secure network address translation (NAT) in a NAT device that provides endpoint-independent mapping (EIM) and endpoint-independent filtering (EIF) operations.

Abstract: Using the ALTO Service, networking applications can request through the ALTO protocol information about the underlying network topology from the ISP or Content Provider. The ALTO Service provides information such as preferences of network resources with the goal of modifying network resource consumption patterns while maintaining or improving application performance. This document describes, in one example, an ALTO server that implements enhancements to the ALTO service to enable initiating incremental updates of network and cost maps to ALTO clients upon receiving status information from a content delivery network (CDN) node.