Abstract: Methods and systems are provided for automatically capturing network data for a detected anomaly. In some examples, a network node establishes a baseline usage by applying at least one baselining rule to network traffic to generate baseline statistics, detects an anomaly usage by applying at least one anomaly rule to network traffic and generating an anomaly event, and captures network data according to an anomaly event by triggering at least one capturing rule to be applied to network traffic when an associated anomaly event is generated.

Abstract: Provided are methods and systems for providing a fault resilient virtual broadband gateway. A fault resilient virtual broadband gateway system may include a primary network node, at least one secondary node, and a controller. The primary network node may establish a first data traffic channel with customer premises equipment. The primary network node may collect customer policy data of the customer premises equipment and continuously provide the collected customer policy data to the controller. The at least one secondary network node may determine that the primary network node is no longer available to serve the customer premises equipment and may establish a second data traffic channel with the customer premises equipment. The at least one secondary network node may receive, on demand, the customer policy data from the controller. The at least one secondary network node may serve the customer premises equipment based on the received customer policy data.

Abstract: Provided are methods and systems for network access control. A method for network access control may commence with determining whether a client device is a trusted source or an untrusted source. The determination may be performed using a SYN packet received from the client device. The SYN packet may include identifying information for the client device. When it is determined that the client device is neither the trusted source nor the untrusted source, the method may continue with transmitting a SYN/ACK packet to the client device. The SYN/ACK packet may include a SYN cookie and identifying information for a network device. The method may further include receiving an ACK packet from the client device that may include the identifying information for the client device, identifying information for the network device, and the SYN cookie. The method may continue with establishing a connection with a network for the client device.

Abstract: Provided are methods and systems for recognizing network devices as trusted. A system for recognizing network devices as trusted may include a network module, a storage device, and a processor. The network module may be configured to receive a request from a network device to establish a data connection between the network device and a server based on a determination that the network device is trusted. The storage device may be configured to store a whitelist associated with a plurality of trusted network devices. The processor may be configured to determine that the network device is trusted. Based on the determination, the processor may associate the network device with the whitelist for a predetermined period of time.

Abstract: Provided are methods and systems for distributing application traffic. A method for distributing application traffic may commence with relaying a first service request for a first service session from a service gateway to a server. The first service request may be received from a host and may be associated with a service request time. The method may further include receiving, from the server, a service response. The service response may be associated with a service response time. The method may continue with calculating a service processing time based on the service request time and the service response time and comparing the service processing time with an expected service processing time. The method may further include receiving, from the host, a second service request for a second service session. The method may continue with selectively relaying the second server request to the server based on the service processing time.

Abstract: The processing of data packets sent over a communication session between a host and a server by a service gateway includes processing a data packet using a current hybrid-stateful or hybrid-stateless processing method. The processing then checks whether a hybrid-stateless or hybrid-stateful condition is satisfied. When one of the sets of conditions is satisfied, the process includes changing from a hybrid-stateful to a hybrid-stateless processing method, or vice versa, for a subsequently received data packet. If the conditions are not satisfied, the process continues as originally structured.

Abstract: Provided are methods and systems for balancing servers based on a server load status. A method for balancing servers based on a server load status may commence with receiving, from a server of a plurality of servers, a service response to a service request. The service response may include a computing load of the server. The method may continue with receiving a next service request from a host. The method may further include determining, based on the computing load of the server, whether the server is available to process the next service request. The method may include selectively sending the next service request to the server based on the determination that the server is available to process the next service request.

Abstract: Provided are methods and systems for recognizing network devices as trusted. A system for recognizing network devices as trusted may include a network module, a storage device, and a processor. The network module may be configured to receive a request from a network device to establish a data connection between the network device and a server based on a determination that the network device is trusted. The storage device may be configured to store a whitelist associated with a plurality of trusted network devices. The processor may be configured to determine that the network device is trusted. Based on the determination, the processor may associate the network device with the whitelist for a predetermined period of time.

Abstract: Provided are methods and systems for distributing application traffic. A method for distributing application traffic may commence with relaying a first service request for a first service session from a service gateway to a server. The first service request may be received from a host and may be associated with a service request time. The method may further include receiving, from the server, a service response. The service response may be associated with a service response time. The method may continue with calculating a service processing time based on the service request time and the service response time and comparing the service processing time with an expected service processing time. The method may further include receiving, from the host, a second service request for a second service session. The method may continue with selectively relaying the second server request to the server based on the service processing time.

Abstract: Provided are methods and systems for distributing application traffic. A method for distributing application traffic may commence with receiving, from a host, a first service request for a first service session. The first service request may be associated with a service request time. The method may continue with relaying the first service request from a service gateway to a server. The method may further include receiving, from the server, a service response. The service response may be associated with a service response time. The method may continue with calculating a service processing time for the first service request based on the service request time and the service response time. The method may further include receiving, from the host, a second service request for a second service session. The method may continue with selectively relaying the second server request to the server based on the service processing time.

Abstract: Provided are methods and systems for network access control. A method for network access control may commence with determining whether a client device is a trusted source or an untrusted source. The determination may be performed using a SYN packet received from the client device. The SYN packet may include identifying information for the client device. When it is determined that the client device is neither the trusted source nor the untrusted source, the method may continue with transmitting a SYN/ACK packet to the client device. The SYN/ACK packet may include a SYN cookie and identifying information for a network device. The method may further include receiving an ACK packet from the client device that may include the identifying information for the client device, identifying information for the network device, and the SYN cookie. The method may continue with establishing a connection with a network for the client device.

Abstract: Provided are methods and systems for mitigating a denial of service attack. A system for mitigating a denial of service attack may include a network module, a storage module, and a processor module. The network module may be operable to receive a request from a network device to establish a data connection between the network device and a server based on a determination that the network device is trusted. The storage module may be operable to store a whitelist associated with a plurality of trusted network devices. The processor module may be operable to determine that the network device is trusted. Based on the determination, the processor module may associate the network device with the whitelist for a predetermined period of time.

Abstract: Network access control systems and methods are provided herein. A method includes receiving at a network device a SYN packet from a client device over a network, determining if the client device is a trusted source for the network using the SYN packet, if the client device is a trusted resource, receiving an acknowledgement (ACK) packet from the client device that includes identifying information for the client device plus an additional value, and identifying information for the network device, and establishing a connection with the network for the client device.

Abstract: Provided are methods and systems for providing a fault resilient virtual broadband gateway. A fault resilient virtual broadband gateway system may include a primary network node, at least one secondary node, and a controller. The primary network node may establish a first data traffic channel with customer premises equipment. The primary network node may collect customer policy data of the customer premises equipment and continuously provide the collected customer policy data to the controller. The at least one secondary network node may determine that the primary network node is no longer available to serve the customer premises equipment and may establish a second data traffic channel with the customer premises equipment. The at least one secondary network node may receive, on demand, the customer policy data from the controller. The at least one secondary network node may serve the customer premises equipment based on the received customer policy data.

Abstract: Provided are methods and systems for balancing servers based on a server load status. A method for balancing servers based on a server load status may commence with receiving, from a server of a plurality of servers, a service response to a service request. The service response may include a computing load of the server. The method may continue with receiving a next service request from a host. The method may further include determining, based on the computing load of the server, whether the server is available to process the next service request. The method may include selectively sending the next service request to the server based on the determination that the server is available to process the next service request.

Abstract: Provided are methods and systems for distributing application traffic. A method for distributing application traffic may commence with receiving, from a host, a first service request for a first service session. The first service request may be associated with a service request time. The method may continue with relaying the first service request from a service gateway to a server. The method may further include receiving, from the server, a service response. The service response may be associated with a service response time. The method may continue with calculating a service processing time for the first service request based on the service request time and the service response time. The method may further include receiving, from the host, a second service request for a second service session. The method may continue with selectively relaying the second server request to the server based on the service processing time.

Abstract: The processing of data packets sent over a communication session between a host and a server by a service gateway includes processing a data packet using a current hybrid-stateful or hybrid-stateless processing method. The processing then checks whether a hybrid-stateless or hybrid-stateful condition is satisfied. When one of the sets of conditions is satisfied, the process includes changing from a hybrid-stateful to a hybrid-stateless processing method, or vice versa, for a subsequently received data packet. If the conditions are not satisfied, the process continues as originally structured.

Abstract: A service gateway processes a service request received from a host based on a dynamic service response time of a server. In an exemplary embodiment, the service gateway relays a service request to a server over a service session between the service gateway and the server; receives a service response from the server; calculates a dynamic service processing time for the service request from a service request time and a service response time; compares the dynamic service processing time with an expected service processing time; updates a server busy indicator for the server in response to the comparing, where the server busy indicator is maintained at the service gateway; and processes future service requests in accordance with the server busy indicator at the service gateway.

Abstract: Provided is a method and system for TCP SYN cookie validation. The method includes receiving a session SYN packet by a TCP session setup module of a host server, generating a transition cookie including a time value representing the actual time, sending a session SYN/ACK packet, including the transition cookie, in response to the received session SYN packet, receiving a session ACK packet, and determining whether a candidate transition cookie in the received session ACK packet comprises a time value representing a time within a predetermined time interval from the time the session ACK packet is received.

Abstract: Provided is a method and system for TCP SYN cookie validation. The method includes receiving a session SYN packet by a TCP session setup module of a host server, generating a transition cookie including a time value representing the actual time, sending a session SYN/ACK packet, including the transition cookie, in response to the received session SYN packet, receiving a session ACK packet, and determining whether a candidate transition cookie in the received session ACK packet comprises a time value representing a time within a predetermined time interval from the time the session ACK packet is received.